[cifs-protocol] [EXTERNAL] Update of MS-PAC spec regarding November 2021 security updates - TrackingID#2111240040005432

Jeff McCashland (He/him) jeffm at microsoft.com
Thu Dec 2 20:22:23 UTC 2021


Hi All,

I have filed a request to update [MS-PAC] to clarify the flags fields in the PAC_ATTRIBUTES_INFO field. 

I made a couple of suggestions to clarify the descriptions, but it may take up to 60 days to complete the process. I'll let you know what we come up with when it's done. 

Best regards,
Jeff McCashland | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team 
Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
Local country phone number found here: http://support.microsoft.com/globalenglish | Extension 1138300
We value your feedback.  My manager is Natesha Morrison (namorri), +1 (704) 430-4292

-----Original Message-----
From: Jeff McCashland (HE/HIM/THEY/THEM) 
Sent: Tuesday, November 30, 2021 11:25 AM
To: Andrew Bartlett <abartlet at samba.org>; Alexander Bokovoy <ab at samba.org>; metze <metze at samba.org>
Cc: cifs-protocol at lists.samba.org
Subject: RE: [cifs-protocol] [EXTERNAL] Update of MS-PAC spec regarding November 2021 security updates - TrackingID#2111240040005432

Thanks Andrew. 

I'll look into it for both [MS-PAC] and [MS-KILE], as I think it would help to explicitly state how many flags each unsigned int would support.

In case it wasn't clear already, it is intended that the changes in the latest Errata document are not reflected in the current published document. The purpose of the Errata document is to detail changes that have not yet been published.  Once the document is republished, the errata document will be archived with the previous publication and a new errata doc started for subsequent changes. 

Best regards,
Jeff McCashland | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team
Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada) Local country phone number found here: http://support.microsoft.com/globalenglish | Extension 1138300 We value your feedback.  My manager is Natesha Morrison (namorri), +1 (704) 430-4292

-----Original Message-----
From: Andrew Bartlett <abartlet at samba.org>
Sent: Tuesday, November 30, 2021 9:47 AM
To: Jeff McCashland (HE/HIM/THEY/THEM) <jeffm at microsoft.com>; Alexander Bokovoy <ab at samba.org>; metze <metze at samba.org>
Cc: cifs-protocol at lists.samba.org
Subject: Re: [cifs-protocol] [EXTERNAL] Update of MS-PAC spec regarding November 2021 security updates - TrackingID#2111240040005432

Thanks for checking the math. 

The idea was that this might extend, without changing the definition, to a longer than 32 bit set of flags, that would just run on into the next, currently unseen, uint32.

Andrew Bartlett

On Tue, 2021-11-30 at 17:36 +0000, Jeff McCashland (HE/HIM/THEY/THEM) via cifs-protocol wrote:
> Hi Alexander and Metze,
> 
> I would like to check your understanding of the formula and edge 
> condition. Metze suggested the formula:
> ((int)(flags_length/32))+1
> 
> By my calculation using this forumula, if there are 32 flags, the 
> array would have 2 32-bit unsigned integers. I would expect only one 
> UINT for 32 flags.
> 
> Should it not be ((int)((flags_length -1)/32))+1? Also, I'm not sure 
> what you are referring to as 'bit 33'. 32-bit values are usually 
> designated bits 0-31.
> 
> Best regards,
> Jeff McCashland | Senior Escalation Engineer | Microsoft Protocol Open 
> Specifications Team
> Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-
> 08:00) Pacific Time (US and Canada)
> Local country phone number found here: 
> https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsuppo
> rt.microsoft.com%2Fglobalenglish&data=04%7C01%7Cjeffm%40microsoft.
> com%7Cb34d31f262d84209e2bd08d9b42960af%7C72f988bf86f141af91ab2d7cd011d
> b47%7C1%7C0%7C637738912809161506%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wL
> jAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata
> =7a3E%2FJWPoRbXRQeQmgaaz8izf%2BQcZ4X4F%2FtlhgzTir8%3D&reserved=0 | 
> Extension 1138300 We value your feedback.  My manager is Natesha 
> Morrison (namorri), +1
> (704) 430-4292
> 
> -----Original Message-----
> From: Alexander Bokovoy <ab at samba.org>
> Sent: Monday, November 29, 2021 11:06 AM
> To: Jeff McCashland (HE/HIM/THEY/THEM) <jeffm at microsoft.com>
> Cc: metze <metze at samba.org>; cifs-protocol at lists.samba.org
> Subject: Re: [EXTERNAL] [cifs-protocol] Update of MS-PAC spec 
> regarding November 2021 security updates -
> TrackingID#2111240040005432
> 
> On ma, 29 marras 2021, Jeff McCashland (HE/HIM/THEY/THEM) wrote:
> > Hi Metze,
> > 
> > How were you able to determine that the array size is 
> > '((int)(flags_length/32))+1'? Do you have a trace or document 
> > illustrating this?
> > 
> > Also, it is expected that changes in the current Errata doc are not 
> > included in the published document, but normally the changes would 
> > be spelled out in the errata doc.
> > 
> > Where did you find the Diff file with the changes? When I click the 
> > link, I get a PDF download, but I can't tell where it's coming from.
> 
> You can download it from the MS-WINERRATA:
> 
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs
> .microsoft.com%2Fen-us%2Fopenspecs%2Fwindows_protocols%2Fms-winerrata%
> 2F314fe022-28ea-4bd9-93ac-7941ecf9ca10&data=04%7C01%7Cjeffm%40micr
> osoft.com%7Cb34d31f262d84209e2bd08d9b42960af%7C72f988bf86f141af91ab2d7
> cd011db47%7C1%7C0%7C637738912809161506%7CUnknown%7CTWFpbGZsb3d8eyJWIjo
> iMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp
> ;sdata=oijKBS024kZ0FJ4ikR3evog1L05ODNjepULzLUgxLiM%3D&reserved=0
> 
> For example, choose 'MS-PAC':
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs
> .microsoft.com%2Fen-us%2Fopenspecs%2Fwindows_protocols%2Fms-winerrata%
> 2F54e7d766-95ed-4e47-bae3-0904176b5958&data=04%7C01%7Cjeffm%40micr
> osoft.com%7Cb34d31f262d84209e2bd08d9b42960af%7C72f988bf86f141af91ab2d7
> cd011db47%7C1%7C0%7C637738912809161506%7CUnknown%7CTWFpbGZsb3d8eyJWIjo
> iMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp
> ;sdata=o%2B7EFKygorcSTHV5BSjl43sMDtTlFhJayDOodsSvVIg%3D&reserved=0
> 
> has a table with
> 
> ------
> The following sections were changed or added. Please see the [diff 
> document] for the details.
> ------
> 
> [diff document] is a link to
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwinp
> rotocoldoc.blob.core.windows.net%2Fproductionwindowsarchives%2FMS-PAC%
> 2F%255bMS-PAC%255d-20211109-diff.pdf&data=04%7C01%7Cjeffm%40micros
> oft.com%7Cb34d31f262d84209e2bd08d9b42960af%7C72f988bf86f141af91ab2d7cd
> 011db47%7C1%7C0%7C637738912809161506%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiM
> C4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&s
> data=Fxqp%2FxBGnPZPfLRcnAzcKh1gwQdnM%2BZbedqL%2FQ5GMrs%3D&reserved
> =0
> 
> 
> Also, the same problem exists with [MS-KILE] spec, it also needs an 
> update.
> 
> Choose 'MS-KILE' in the list:
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs
> .microsoft.com%2Fen-us%2Fopenspecs%2Fwindows_protocols%2Fms-winerrata%
> 2Fc982f6c4-2f70-4dc7-b252-09092e9f1eed&data=04%7C01%7Cjeffm%40micr
> osoft.com%7Cb34d31f262d84209e2bd08d9b42960af%7C72f988bf86f141af91ab2d7
> cd011db47%7C1%7C0%7C637738912809161506%7CUnknown%7CTWFpbGZsb3d8eyJWIjo
> iMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp
> ;sdata=QCiHH6QE6CY2lry1XenJgG%2FqPK%2FhBL8QNWNS802uWj8%3D&reserved
> =0
> 
> then you'd see in the table
> 
> ------
> The following sections were changed or added. Please see the [diff 
> document] for the details.
> ------
> 
> [diff document] is a link to
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwinp
> rotocoldoc.blob.core.windows.net%2Fproductionwindowsarchives%2FMS-KILE
> %2F%255bMS-KILE%255d-20211109-diff.pdf&data=04%7C01%7Cjeffm%40micr
> osoft.com%7Cb34d31f262d84209e2bd08d9b42960af%7C72f988bf86f141af91ab2d7
> cd011db47%7C1%7C0%7C637738912809161506%7CUnknown%7CTWFpbGZsb3d8eyJWIjo
> iMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp
> ;sdata=enLwxEM%2Fz%2B8M2ri4y%2FWBJsVddvHFIueKAetKwV8%2BBf0%3D&rese
> rved=0
> 
> 
> 
> > Best regards,
> > Jeff McCashland | Senior Escalation Engineer | Microsoft Protocol 
> > Open Specifications Team
> > Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: 
> > (UTC-08:00) Pacific Time (US and Canada) Local country phone number 
> > found here:
> > https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsup
> > po
> > rt.microsoft.com%2Fglobalenglish&data=04%7C01%7Cjeffm%40microso
> > ft.
> > com%7C64d8ce9cb0ed47229a7108d9b36b494d%7C72f988bf86f141af91ab2d7cd0
> > 11d
> > b47%7C1%7C0%7C637738097041964427%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC
> > 4wL
> > jAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sd
> > ata
> > =WUK0paClsBukbVps6Tp13EqWLGzki9eU%2F9aFyFS2DMY%3D&reserved=0 | 
> > Extension 1138300 We value your feedback.  My manager is Natesha 
> > Morrison (namorri), +1 (704) 430-4292
> > 
> > -----Original Message-----
> > From: Jeff McCashland
> > Sent: Wednesday, November 24, 2021 9:18 AM
> > To: metze <metze at samba.org>; Alexander Bokovoy <ab at samba.org>
> > Cc: cifs-protocol at lists.samba.org
> > Subject: RE: [EXTERNAL] [cifs-protocol] Update of MS-PAC spec 
> > regarding November 2021 security updates -
> > TrackingID#2111240040005432
> > 
> > [Kristian to BCC]
> > 
> > Hi Alexander and Metze,
> > 
> > I will look into this and get back to you.
> > 
> > Best regards,
> > Jeff McCashland | Senior Escalation Engineer | Microsoft Protocol 
> > Open Specifications Team
> > Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: 
> > (UTC-08:00) Pacific Time (US and Canada) Local country phone number 
> > found here:
> > https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsup
> > po
> > rt.microsoft.com%2Fglobalenglish&data=04%7C01%7Cjeffm%40microso
> > ft.
> > com%7C64d8ce9cb0ed47229a7108d9b36b494d%7C72f988bf86f141af91ab2d7cd0
> > 11d
> > b47%7C1%7C0%7C637738097041964427%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC
> > 4wL
> > jAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sd
> > ata
> > =WUK0paClsBukbVps6Tp13EqWLGzki9eU%2F9aFyFS2DMY%3D&reserved=0 | 
> > Extension 1138300 We value your feedback.  My manager is Natesha 
> > Morrison (namorri), +1 (704) 430-4292
> > 
> > -----Original Message-----
> > From: Kristian Smith <Kristian.Smith at microsoft.com>
> > Sent: Wednesday, November 24, 2021 8:40 AM
> > To: metze <metze at samba.org>; Alexander Bokovoy <ab at samba.org>
> > Cc: cifs-protocol at lists.samba.org
> > Subject: RE:[EXTERNAL] [cifs-protocol] Update of MS-PAC spec 
> > regarding November 2021 security updates -
> > TrackingID#2111240040005432
> > 
> > [DocHelp to Bcc]
> > 
> > Hi Alexander and Metze,
> > 
> > Thank you for your request. The case number 2111240040005432 has 
> > been created for this inquiry. One of our team members will follow- 
> > up with you soon.
> > 
> > Regards,
> > Kristian
> > 
> > Kristian Smith
> > Support Escalation Engineer
> > Windows Open Spec Protocols
> > Office: (425) 421-4442
> > krsmith at microsoftsupport.com
> > 
> > 
> > 
> > -----Original Message-----
> > From: metze <metze at samba.org>
> > Sent: Wednesday, November 24, 2021 2:13 AM
> > To: Alexander Bokovoy <ab at samba.org>; Interoperability Documentation 
> > Help <dochelp at microsoft.com>
> > Cc: cifs-protocol at lists.samba.org
> > Subject: [EXTERNAL] Re: [cifs-protocol] Update of MS-PAC spec 
> > regarding November 2021 security updates
> > 
> > 
> > Am 24.11.21 um 10:33 schrieb Alexander Bokovoy via cifs-protocol:
> > > Hello dochelp,
> > > 
> > > I can see inconsistency in what is published on 
> > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2F
> > > do
> > > cs
> > > .microsoft.com%2Fen-us%2Fopenspecs%2Fwindows_protocols%2Fms-
> > > pac%2F&a
> > > mp
> > > ;data=04%7C01%7CKristian.Smith%40microsoft.com%7C976b8182b4b84582
> > > f4b
> > > d0
> > > 8d9af334186%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C63773345
> > > 695
> > > 97
> > > 45681%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzI
> > > iLC
> > > JB
> > > TiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=7gzSojo9ov6Uwx80K%2Fw
> > > OQG
> > > hB
> > > drb8oxqR%2F7yid5vn8tQ%3D&reserved=0
> > > with regards to the changes introduced as a part of the Microsoft 
> > > Windows security update of November 2021. Could this inconsistency 
> > > be clarified by publishing the new revision of the MS-PAC 
> > > document?
> > > 
> > > Errata document[1] talks about changes dated 2021/11/11 post
> > > V22.0
> > > but the rest of the linked documents are only V22.0.
> > > 
> > > In particular, the errata document[1] is saying:
> > > 
> > > -----
> > > The following sections were changed or added. Please see the diff 
> > > document for the details.
> > > 
> > > In section 2.10 UPN_DNS_INFO, added four new fields and a flag to 
> > > the UPN_DNS_INFO structure.
> > > 
> > > In section 2.14 PAC_ATTRIBUTES_INFO, added section.
> > > 
> > > In section 2.15 PAC_REQUESTOR, added section.
> > > -----
> > > 
> > > The document published, however, does not have these changes.
> > > The
> > > last section in chapter 2 is '14', there is no section 2.15.
> > 
> > I'm seeing it here:
> > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwi
> > np
> > rotocoldoc.blob.core.windows.net%2Fproductionwindowsarchives%2FMS-
> > PAC%
> > 2F%255bMS-PAC%255d-20211109-
> > diff.pdf&data=04%7C01%7Cjeffm%40micros
> > oft.com%7C64d8ce9cb0ed47229a7108d9b36b494d%7C72f988bf86f141af91ab2d
> > 7cd
> > 011db47%7C1%7C0%7C637738097041974427%7CUnknown%7CTWFpbGZsb3d8eyJWIj
> > oiM
> > C4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&am
> > p;s
> > data=HLuGYQaoS0rr6euFqjhik98CZry2AlUYYIfaKciLBNo%3D&reserved=0
> > 
> > But for me the PAC_ATTRIBUTES_INFO documentation is a bit unclear:
> > 
> > We have this in Samba:
> >         typedef [bitmap32bit] bitmap {
> >                 PAC_ATTRIBUTE_FLAG_PAC_WAS_REQUESTED = 0x00000001,
> >                 PAC_ATTRIBUTE_FLAG_PAC_WAS_GIVEN_IMPLICITLY =
> > 0x00000002
> >         } PAC_ATTRIBUTE_INFO_FLAGS;
> > 
> >         typedef struct {
> >                 uint32 flags_length; /* length in bits */
> >                 PAC_ATTRIBUTE_INFO_FLAGS flags;
> >         } PAC_ATTRIBUTES_INFO;
> > 
> > And the documentation has:
> > 
> >   FlagsLength (4 bytes): An unsigned 32-bit integer in little- 
> > endian format that describes the length,
> >                          in bits, of the Flags field.
> > 
> >   Flags (variable): an array of 32-bit unsigned integers in little- 
> > endian format that contains flag bits
> >                     describing the PAC.
> > 
> > It's not really clear that the array size is 
> > '((int)(flags_length/32))+1', for now it's seems to be just a single
> > uint32 element with two defined flags. Unless bit 33 will be defined 
> > someday, it would be easier to have it as
> > 
> > typedef struct {
> >   uint32 number_of_valid_flags;
> >   uint32 flags;
> > } PAC_ATTRIBUTES_INFO;
> > 
> > which is basically what we currently have in Samba, but in theory it 
> > would have to be
> > 
> > typedef struct {
> >   uint32 number_of_valid_flags;
> >   uint32 flags[(number_of_valid_flags/32)+1];
> > } PAC_ATTRIBUTES_INFO;
> > 
> > metze
> 
> --
> / Alexander Bokovoy
> 
> _______________________________________________
> cifs-protocol mailing list
> cifs-protocol at lists.samba.org
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist
> s.samba.org%2Fmailman%2Flistinfo%2Fcifs-protocol&data=04%7C01%7Cje
> ffm%40microsoft.com%7Cb34d31f262d84209e2bd08d9b42960af%7C72f988bf86f14
> 1af91ab2d7cd011db47%7C1%7C0%7C637738912809171502%7CUnknown%7CTWFpbGZsb
> 3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%
> 7C3000&sdata=Bm0lAUangDiZgBGiXdsTLsRyhUdugAKyVPEgRJ3kuLU%3D&re
> served=0
-- 
Andrew Bartlett (he/him)       https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsamba.org%2F~abartlet%2F&data=04%7C01%7Cjeffm%40microsoft.com%7Cb34d31f262d84209e2bd08d9b42960af%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637738912809171502%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=E9lD3k7qdzQ1QXMwy9J1raTKFxG6CQunauxUm1WMpC4%3D&reserved=0
Samba Team Member (since 2001) https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsamba.org%2F&data=04%7C01%7Cjeffm%40microsoft.com%7Cb34d31f262d84209e2bd08d9b42960af%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637738912809171502%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=t99fCLF6VdZ6puVgJsByOyRH80ESYTE2RNqL%2FJDeo2E%3D&reserved=0
Samba Team Lead, Catalyst IT   https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcatalyst.net.nz%2Fservices%2Fsamba&data=04%7C01%7Cjeffm%40microsoft.com%7Cb34d31f262d84209e2bd08d9b42960af%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637738912809171502%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=wSj5JEKrluQAXJtEdm7PJcgIENHae1bLavQV4yLbNLA%3D&reserved=0

Samba Development and Support, Catalyst IT - Expert Open Source Solutions




More information about the cifs-protocol mailing list