[cifs-protocol] 119040819792359 [MS-SAMR] SamrSetInformationUser2 over an authenticated DCERPC connection

Mon Apr 8 22:32:16 UTC 2019

Hi Metze:
I'll help you with this issue and will be in touch as soon as I have an answer.

Regards,
Obaid Farooqi
Escalation Engineer | Microsoft

Exceeding your expectations is my highest priority.  If you would like to provide feedback on your case you may contact my manager at ramagane at Microsoft dot com

-----Original Message-----
From: Sreekanth Nadendla <srenaden at microsoft.com> 
Sent: Monday, April 8, 2019 8:48 AM
To: Stefan Metzmacher <metze at samba.org>; Andreas Schneider <asn at samba.org>
Cc: cifs-protocol <cifs-protocol at lists.samba.org>; MSSolve Case Email <casemail at microsoft.com>
Subject: 119040819792359 [cifs-protocol] [MS-SAMR] SamrSetInformationUser2 over an authenticated DCERPC connection

Casemail in Cc
Dochelp in Bcc

Hello Stefan,
Thank you for your inquiry. We have created incident # 119040819792359 to investigate this issue. One of the Open specifications team member will contact you shortly.

Regards,
Sreekanth Nadendla
Microsoft Windows Open Specifications

-----Original Message-----
From: Stefan Metzmacher <metze at samba.org>
Sent: Monday, April 8, 2019 7:16 AM
To: Andreas Schneider <asn at samba.org>; Interoperability Documentation Help <dochelp at microsoft.com>
Cc: cifs-protocol <cifs-protocol at lists.samba.org>
Subject: Re: [cifs-protocol] [MS-SAMR] SamrSetInformationUser2 over an authenticated DCERPC connection

Hi,

> I got the two scenarios authenticated DCERPC connection over SMB 
> (named pipe) and TCP/IP working with krb5, speneg or ntlmssp 
> authentication type and an authentication level set to PRIVACY (seal) 
> if I use the fixed string "SystemLibraryDTC" as the session key!
>
> Could you please update the documentation, it would also be great to 
> know if this is the case for all Windows versions.
>
> The code changes to get this correctly working with rpcclient (using 
> "SystemLibraryDTC" as the session key for sealed and authenticated 
> DCEPRC connections can be found here:
>
>     
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitl
> ab.com%2Fsamba-team%2Fsamba%2Fmerge_requests%2F361&data=02%7C01%7C
> obaidf%40microsoft.com%7C2aaa70f3b41c45bce0e708d6bc28c627%7C72f988bf86
> f141af91ab2d7cd011db47%7C1%7C0%7C636903280648013448&sdata=rsH1oLXm
> Yt5itJKF1f52aUfgP4BsUh%2FzL8OTonDeUsU%3D&reserved=0
>
>
> Thanks you very much for your assistance.

Something similar was discussed before here:
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.samba.org%2Farchive%2Fcifs-protocol%2F2012-June%2F002343.html&data=02%7C01%7Cobaidf%40microsoft.com%7C2aaa70f3b41c45bce0e708d6bc28c627%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636903280648023447&sdata=YXYLWz%2BtKHBqEeVfKdflzGcJMejNTEd9TCr6OzcVGjc%3D&reserved=0

And I'm pretty sure is that constant was present somewhere in the Window Protocols documentation, but I can't find it anymore.

So somethings has changed in the documentation and also the implementation over time.

It was also part of the discussion with Microsoft around CVE-2016-2118, but the Microsoft fixes for that CVE didn't include any change.

So I guess the changes happened after the CVE-2016-2118 changes.

metze