[cifs-protocol] [REG:110110481276509] Please include bitfield names in MS-NRPC LogonParameters

Bryan Burgin bburgin at microsoft.com
Fri Nov 5 15:51:22 MDT 2010


Hi Andrew.

Is the absence of the Windows-specific variable names blocking your development?  There may be push back to do so since this is in the normative section of the document.  I agree that it seems like a helpful suggestion.  Is there an argument I can present on your behalf to show a reason that doing so is required to implement the protocol.

As for adding the hex values, I'm prepared to make that request.
 
Bryan

-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org] 
Sent: Friday, November 05, 2010 1:57 PM
To: Bryan Burgin
Cc: cifs-protocol at samba.org; MSSolve Case Email
Subject: Re: [REG:110110481276509] Please include bitfield names in MS-NRPC LogonParameters

On Fri, 2010-11-05 at 17:53 +0000, Bryan Burgin wrote:
> Hi Andrew.
> 
> I can help you with this.
> 
> My understanding that this is a continuation of the issue you 
> discussed in the past where we would add the hex value of each bit 
> field to improve readability and make searching easier.  Is that 
> correct?  For example, the table entry for 2.2.1.4.15's 
> ParameterContol "Value A", "Clear text passwords can be transmitted 
> for this logon identity" would also list that its hex value as 
> 0x00000002.
> 
> If my understanding is correct, I'll proceed with making the documentation request.  If you are requesting a different outcome, please let me know.  The recommendation would add a new column as follows:

Almost, I also need name names from the referenced URL included. 

> A: 0x00000002: Clear text passwords can be transmitted for this logon identity.
> B: 0x00000004: Update the logon statistics for this account upon successful logon.
> C: 0x00000008: Return the user parameter list for this account upon successful logon.
> D: 0x00000010: Do not attempt to log this account on as a guest upon logon failure.
> E: 0x00000020: Allow this account to log on with the domain controller account.
> F: 0x00000040: Return the password expiration date and time upon successful logon.
> G: 0x00000080: Send a client challenge upon logon request.
> H: 0x00000100: Attempt logon as a guest for this account only.
> I: 0x00000200: Return the profile path upon successful logon.
> J: 0x00000400: Attempt logon to the specified domain only.
> K: 0x00000800: Allow this account to log on with the computer account.
> L: 0x00001000: Disable allowing fallback to guest account for this account.
> M: 0x00002000: Force the logon of this account as a guest if the password is incorrect.
> N: 0x00004000: This account has supplied a clear text password.
> O: 0x00010000: Allow NTLMv1 authentication ([MS-NLMP]) when only NTLMv2 ([NTLM]) is allowed.
> P: 0x00100000: Use sub-authentication ([MS-APDS] section 3.1.5.2.1). 
> Q-X: 0xFF000000: Encode the sub-authentication package identifier. Bits Q–X are used to encode the integer value of the sub-authentication package identifier (this is in little-endian order).

eg:

A: 0x00000002: MSV1_0_CLEARTEXT_PASSWORD_ALLOWED: Clear text passwords can be transmitted for this logon identity.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.


More information about the cifs-protocol mailing list