[cifs-protocol] [MS-SAMR] SamrSetInformationUser2 over an authenticated DCERPC connection

Stefan Metzmacher metze at samba.org
Mon Apr 8 11:15:53 UTC 2019


> I got the two scenarios authenticated DCERPC connection over SMB (named pipe) 
> and TCP/IP working with krb5, speneg or ntlmssp authentication type and an 
> authentication level set to PRIVACY (seal) if I use the fixed string 
> "SystemLibraryDTC" as the session key!
> Could you please update the documentation, it would also be great to know if 
> this is the case for all Windows versions.
> The code changes to get this correctly working with rpcclient (using 
> "SystemLibraryDTC" as the session key for sealed and authenticated DCEPRC 
> connections can be found here:
>     https://gitlab.com/samba-team/samba/merge_requests/361
> Thanks you very much for your assistance.

Something similar was discussed before here:

And I'm pretty sure is that constant was present somewhere in the Window
Protocols documentation, but I can't find it anymore.

So somethings has changed in the documentation and also the
implementation over time.

It was also part of the discussion with Microsoft around CVE-2016-2118,
but the Microsoft fixes for that CVE didn't include any change.

So I guess the changes happened after the CVE-2016-2118 changes.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20190408/01ffca0f/signature.sig>

More information about the cifs-protocol mailing list