[cifs-protocol] MS-SAMR SetUserInfo fails to backlink to RC4

Andrew Bartlett abartlet at samba.org
Mon Feb 19 02:29:34 UTC 2018


I was looking for a concise reference for the cryptography used in
SamrSetUserInfo2 for my security overview doc. 


https://msdn.microsoft.com/en-us/library/cc245793.aspx SamrSetInformationUser2 (Opnum 58) 

does not really fill in the details of the cryptographic operation. 

In https://msdn.microsoft.com/en-us/library/cc245798.aspx UserInternal4InformationNew

and https://msdn.microsoft.com/en-us/library/cc245797.aspx UserInternal4Information

it does say the server MUST update the clearTextPassword
attribute with the (decrypted) but it only makes sense if you search
the PDF for RC4 and find RC4 Cipher Usage, but even this
references different structure names.

I think this could be improved to link clearly back to the exact
cryptographic operations from the operation that uses it, rather than
just saying 'decrypted'.


Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT   

More information about the cifs-protocol mailing list