[cifs-protocol] [REG: 111052361876778] RE: userParameters attribute
Hongwei Sun
hongweis at microsoft.com
Mon Jun 20 14:14:32 MDT 2011
Metze/Andrew,
We updated the description of userParameters in MS-ADA3 and other related documents to clarify that it is not saved as utf16 or utf8 Unicode strings as below. They will appear in the next release of the open protocol documents.
MS-ADA3
Section 2.345 (Attribute userParameters)
-- The description of the userParameters attribute, which has been changed as follows:
Before:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
This attribute specifies parameters of the user. Points to a Unicode string that is set aside for use by applications. This string can be a null string, or it can have any number of characters before the terminating null character. Terminal servers use this attribute to store session configuration data for the user. For more information, see [MS-TSTS].
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
After:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
This attribute specifies parameters of the user and is set aside for use by applications. Terminal servers use this attribute to store session configuration data for the user. For more information, see [MS-TSTS].
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
MS-ADLS
Section 2.374 (Attribute userParameters)
-- The description of the userParameters attribute, which has been changed as follows:
Before:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
This attribute specifies the user's parameters. This attribute points to a Unicode string that is set aside for use by applications. This string can be a null string, or it can have any number of characters before the terminating null character. Microsoft products use this member to store user data that is
specific to the individual program.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
After:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
This attribute specifies the user's parameters and is set aside for use by applications. Microsoft products use this member to store user data that is specific to the individual program.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
MS-TSTS
Section 2.3.1 (userParameters)
-- The description of the userParameters attribute, which has been changed as follows:
Before:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
... This configuration data is returned in a USERCONFIG structure by the RpcGetConfigData method. Microsoft Terminal Services stores the user configuration data ... in the following format
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
After:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
... This configuration data is returned in a USERCONFIG structure by the RpcGetConfigData method. Microsoft Terminal Services does not use UTF-8 or UTF-16 encoding to store the configuration data in the userParameters attribute. Microsoft Terminal Services stores the user configuration data ... in
the following format
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
As far as the detailed layout of the userParameter, we documented the structure used by Microsoft Terminal Server in 2.3.1 of MS-TSTS last year, except the first 96 bytes of userParameter property(marked as reservedData) that is used by the RAS server. The following are preliminary technical details of the structure in the first 96 bytes of the property.
typedef struct {
WCHAR up_MACid; // This value would be 'm'
WCHAR up_PriGrp[20];
WCHAR up_MAC_Terminator;
WCHAR up_DIALid; // This value would be 'd'
WCHAR up_Privilege;
WCHAR up_CBNum[24];
} USER_PARMS;
When up_DIALid of USER_PARMS structure is set to ‘d’, the up_Privilege member contains any one of the following values.
Value Meaning
RASPRIV_NoCallback (0x01) The RAS server will not call back the user to establish a connection.
RASPRIV_AdminSetCallback (0x02) When the user calls, the RAS server hangs up and calls a preset call-back phone number stored in the user account database. The up_CBNum member of USER_PARMS structure contains the user's call-back phone number.
RASPRIV_CallerSetCallback (0x04) When the user calls, the RAS server provides the option of specifying a call-back phone number. The user can also choose to connect immediately without a call back. The up_CBNum member of USER_PARMS contains a default number that the user can override.
RASPRIV_DialinPrivilege (0x08) The user has permission to dial in to the RAS server.
We are still working on the process for adding this structure into one of the RAS-related documents. When the process is finished, I will send you the final version.
Combining MS-TSTS for the entire structure and the RAS document for the first 96 bytes, we will provide the complete documentation for userParameter attribute.
Thanks!
Hongwei
-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Sunday, May 29, 2011 6:24 PM
To: Hongwei Sun
Cc: Stefan (metze) Metzmacher; pfif at tridgell.net; cifs-protocol at samba.org; Obaid Farooqi; Michael Ströder
Subject: Re: [REG: 111052361876778] RE: userParameters attribute
On Fri, 2011-05-27 at 22:40 +0000, Hongwei Sun wrote:
> Metze,
>
> The UserParameters attribute was documented in 2.345 MS-ADA3. It is defined as a Unicode string as below:
>
> " This attribute specifies parameters of the user. Points to a
> Unicode string that is set aside for use by applications. This string
> can be a null string, or it can have any number of characters before
> the terminating null character. Terminal servers use this attribute to store session configuration data for the user. For more information, see [MS-TSTS]."
>
> As per MD-GLOS , throughout the protocol document, unless otherwise specified , an Unicode string follows the UTF-
> 16LE encoding scheme with no Byte Order Mark (BOM). so it is not documented as UTF8 Unicode string.
>
> But I am wondering if it matters what kind of Unicode encoding (utf8 vs utf16) is used. The structure layout of this attribute is documented in 2.3.1 MS-TSTS. It is just a BLOB interpreted by the Terminal Service , not a null terminated Unicode string. We may be not correct to define the attribute as a Unicode string (attributeSyntax: 2.5.5.12 ) in 2.345 MS-ADA3. I will file a request to check with the product team.
I thought it wasn't NULL terminated in the traditional sense, as the Terminal Services stuff has embedded NULLs, and was after a NULL that allowed it to be stuffed there in the first place.
The story I recall is that when Terminal services was first developed outside Microsoft, that the dialback string for RAS was the only parameter in the SAM that could be safely extended, and this was done after the initial terminating NULL (of the RAS dialback string).
We have had some real trouble dealing with this over time, with Samba3 domains hosting terminal services, and that's why we want to get this right, once and for all for Samba4. In particular, we are keen to ensure we know exactly the right transformations required between the LDAP and RPC representations. Even if it is a duplicate, it is a special enough case to warrant a clear, specific explanation or clarification.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the cifs-protocol
mailing list