[cifs-protocol] [EXTERNAL] Update of MS-PAC spec regarding November 2021 security updates - TrackingID#2111240040005432
Andrew Bartlett
abartlet at samba.org
Tue Nov 30 17:46:35 UTC 2021
Thanks for checking the math.
The idea was that this might extend, without changing the definition,
to a longer than 32 bit set of flags, that would just run on into the
next, currently unseen, uint32.
Andrew Bartlett
On Tue, 2021-11-30 at 17:36 +0000, Jeff McCashland (HE/HIM/THEY/THEM)
via cifs-protocol wrote:
> Hi Alexander and Metze,
>
> I would like to check your understanding of the formula and edge
> condition. Metze suggested the formula:
> ((int)(flags_length/32))+1
>
> By my calculation using this forumula, if there are 32 flags, the
> array would have 2 32-bit unsigned integers. I would expect only one
> UINT for 32 flags.
>
> Should it not be ((int)((flags_length -1)/32))+1? Also, I'm not sure
> what you are referring to as 'bit 33'. 32-bit values are usually
> designated bits 0-31.
>
> Best regards,
> Jeff McCashland | Senior Escalation Engineer | Microsoft Protocol
> Open Specifications Team
> Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-
> 08:00) Pacific Time (US and Canada)
> Local country phone number found here:
> http://support.microsoft.com/globalenglish | Extension 1138300
> We value your feedback. My manager is Natesha Morrison (namorri), +1
> (704) 430-4292
>
> -----Original Message-----
> From: Alexander Bokovoy <ab at samba.org>
> Sent: Monday, November 29, 2021 11:06 AM
> To: Jeff McCashland (HE/HIM/THEY/THEM) <jeffm at microsoft.com>
> Cc: metze <metze at samba.org>; cifs-protocol at lists.samba.org
> Subject: Re: [EXTERNAL] [cifs-protocol] Update of MS-PAC spec
> regarding November 2021 security updates -
> TrackingID#2111240040005432
>
> On ma, 29 marras 2021, Jeff McCashland (HE/HIM/THEY/THEM) wrote:
> > Hi Metze,
> >
> > How were you able to determine that the array size is
> > '((int)(flags_length/32))+1'? Do you have a trace or document
> > illustrating this?
> >
> > Also, it is expected that changes in the current Errata doc are not
> > included in the published document, but normally the changes would
> > be spelled out in the errata doc.
> >
> > Where did you find the Diff file with the changes? When I click the
> > link, I get a PDF download, but I can't tell where it's coming
> > from.
>
> You can download it from the MS-WINERRATA:
>
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fopenspecs%2Fwindows_protocols%2Fms-winerrata%2F314fe022-28ea-4bd9-93ac-7941ecf9ca10&data=04%7C01%7Cjeffm%40microsoft.com%7C64d8ce9cb0ed47229a7108d9b36b494d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637738097041964427%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=bTvMias2XtRmkwoGW%2FwGdIwDteTpu4S11g9ooyqaNfM%3D&reserved=0
>
> For example, choose 'MS-PAC':
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fopenspecs%2Fwindows_protocols%2Fms-winerrata%2F54e7d766-95ed-4e47-bae3-0904176b5958&data=04%7C01%7Cjeffm%40microsoft.com%7C64d8ce9cb0ed47229a7108d9b36b494d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637738097041964427%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=kuFim9bo%2FiYuNC8A6bmIOWikE8Q%2Bi4Njnf3qG2fTXxc%3D&reserved=0
>
> has a table with
>
> ------
> The following sections were changed or added. Please see the [diff
> document] for the details.
> ------
>
> [diff document] is a link to
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwinprotocoldoc.blob.core.windows.net%2Fproductionwindowsarchives%2FMS-PAC%2F%255bMS-PAC%255d-20211109-diff.pdf&data=04%7C01%7Cjeffm%40microsoft.com%7C64d8ce9cb0ed47229a7108d9b36b494d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637738097041964427%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=Y6JWQGsZCrxJBsxGi1qDEbHZgjWKfbHkF%2BkWOCYmwiM%3D&reserved=0
>
>
> Also, the same problem exists with [MS-KILE] spec, it also needs an
> update.
>
> Choose 'MS-KILE' in the list:
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fopenspecs%2Fwindows_protocols%2Fms-winerrata%2Fc982f6c4-2f70-4dc7-b252-09092e9f1eed&data=04%7C01%7Cjeffm%40microsoft.com%7C64d8ce9cb0ed47229a7108d9b36b494d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637738097041964427%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=pIOp6cLleryb3iHav27sSEYTApoZryBsRuJrm9FTj7A%3D&reserved=0
>
> then you'd see in the table
>
> ------
> The following sections were changed or
> added. Please see the [diff document] for the details.
> ------
>
> [diff document] is a link to
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwinprotocoldoc.blob.core.windows.net%2Fproductionwindowsarchives%2FMS-KILE%2F%255bMS-KILE%255d-20211109-diff.pdf&data=04%7C01%7Cjeffm%40microsoft.com%7C64d8ce9cb0ed47229a7108d9b36b494d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637738097041964427%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=e%2B9JkEZGn3fcdUb34P%2BWXNfr9GsHeFEhxnPrHLDpvXA%3D&reserved=0
>
>
>
> > Best regards,
> > Jeff McCashland | Senior Escalation Engineer | Microsoft Protocol
> > Open
> > Specifications Team
> > Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone:
> > (UTC-08:00) Pacific Time (US and Canada) Local country phone
> > number
> > found here:
> > https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsuppo
> > rt.microsoft.com%2Fglobalenglish&data=04%7C01%7Cjeffm%40microso
> > ft.
> > com%7C64d8ce9cb0ed47229a7108d9b36b494d%7C72f988bf86f141af91ab2d7cd0
> > 11d
> > b47%7C1%7C0%7C637738097041964427%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC
> > 4wL
> > jAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sd
> > ata
> > =WUK0paClsBukbVps6Tp13EqWLGzki9eU%2F9aFyFS2DMY%3D&reserved=0 |
> > Extension 1138300 We value your feedback. My manager is Natesha
> > Morrison (namorri), +1 (704) 430-4292
> >
> > -----Original Message-----
> > From: Jeff McCashland
> > Sent: Wednesday, November 24, 2021 9:18 AM
> > To: metze <metze at samba.org>; Alexander Bokovoy <ab at samba.org>
> > Cc: cifs-protocol at lists.samba.org
> > Subject: RE: [EXTERNAL] [cifs-protocol] Update of MS-PAC spec
> > regarding November 2021 security updates -
> > TrackingID#2111240040005432
> >
> > [Kristian to BCC]
> >
> > Hi Alexander and Metze,
> >
> > I will look into this and get back to you.
> >
> > Best regards,
> > Jeff McCashland | Senior Escalation Engineer | Microsoft Protocol
> > Open
> > Specifications Team
> > Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone:
> > (UTC-08:00) Pacific Time (US and Canada) Local country phone
> > number
> > found here:
> > https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsuppo
> > rt.microsoft.com%2Fglobalenglish&data=04%7C01%7Cjeffm%40microso
> > ft.
> > com%7C64d8ce9cb0ed47229a7108d9b36b494d%7C72f988bf86f141af91ab2d7cd0
> > 11d
> > b47%7C1%7C0%7C637738097041964427%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC
> > 4wL
> > jAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sd
> > ata
> > =WUK0paClsBukbVps6Tp13EqWLGzki9eU%2F9aFyFS2DMY%3D&reserved=0 |
> > Extension 1138300 We value your feedback. My manager is Natesha
> > Morrison (namorri), +1 (704) 430-4292
> >
> > -----Original Message-----
> > From: Kristian Smith <Kristian.Smith at microsoft.com>
> > Sent: Wednesday, November 24, 2021 8:40 AM
> > To: metze <metze at samba.org>; Alexander Bokovoy <ab at samba.org>
> > Cc: cifs-protocol at lists.samba.org
> > Subject: RE:[EXTERNAL] [cifs-protocol] Update of MS-PAC spec
> > regarding
> > November 2021 security updates - TrackingID#2111240040005432
> >
> > [DocHelp to Bcc]
> >
> > Hi Alexander and Metze,
> >
> > Thank you for your request. The case number 2111240040005432 has
> > been created for this inquiry. One of our team members will follow-
> > up with you soon.
> >
> > Regards,
> > Kristian
> >
> > Kristian Smith
> > Support Escalation Engineer
> > Windows Open Spec Protocols
> > Office: (425) 421-4442
> > krsmith at microsoftsupport.com
> >
> >
> >
> > -----Original Message-----
> > From: metze <metze at samba.org>
> > Sent: Wednesday, November 24, 2021 2:13 AM
> > To: Alexander Bokovoy <ab at samba.org>; Interoperability
> > Documentation
> > Help <dochelp at microsoft.com>
> > Cc: cifs-protocol at lists.samba.org
> > Subject: [EXTERNAL] Re: [cifs-protocol] Update of MS-PAC spec
> > regarding November 2021 security updates
> >
> >
> > Am 24.11.21 um 10:33 schrieb Alexander Bokovoy via cifs-protocol:
> > > Hello dochelp,
> > >
> > > I can see inconsistency in what is published on
> > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdo
> > > cs
> > > .microsoft.com%2Fen-us%2Fopenspecs%2Fwindows_protocols%2Fms-
> > > pac%2F&a
> > > mp
> > > ;data=04%7C01%7CKristian.Smith%40microsoft.com%7C976b8182b4b84582
> > > f4b
> > > d0
> > > 8d9af334186%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C63773345
> > > 695
> > > 97
> > > 45681%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzI
> > > iLC
> > > JB
> > > TiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=7gzSojo9ov6Uwx80K%2Fw
> > > OQG
> > > hB
> > > drb8oxqR%2F7yid5vn8tQ%3D&reserved=0
> > > with regards to the changes introduced as a part of the
> > > Microsoft
> > > Windows security update of November 2021. Could this
> > > inconsistency
> > > be clarified by publishing the new revision of the MS-PAC
> > > document?
> > >
> > > Errata document[1] talks about changes dated 2021/11/11 post
> > > V22.0
> > > but the rest of the linked documents are only V22.0.
> > >
> > > In particular, the errata document[1] is saying:
> > >
> > > -----
> > > The following sections were changed or added. Please see the
> > > diff
> > > document for the details.
> > >
> > > In section 2.10 UPN_DNS_INFO, added four new fields and a flag
> > > to
> > > the UPN_DNS_INFO structure.
> > >
> > > In section 2.14 PAC_ATTRIBUTES_INFO, added section.
> > >
> > > In section 2.15 PAC_REQUESTOR, added section.
> > > -----
> > >
> > > The document published, however, does not have these changes.
> > > The
> > > last section in chapter 2 is '14', there is no section 2.15.
> >
> > I'm seeing it here:
> > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwinp
> > rotocoldoc.blob.core.windows.net%2Fproductionwindowsarchives%2FMS-
> > PAC%
> > 2F%255bMS-PAC%255d-20211109-
> > diff.pdf&data=04%7C01%7Cjeffm%40micros
> > oft.com%7C64d8ce9cb0ed47229a7108d9b36b494d%7C72f988bf86f141af91ab2d
> > 7cd
> > 011db47%7C1%7C0%7C637738097041974427%7CUnknown%7CTWFpbGZsb3d8eyJWIj
> > oiM
> > C4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&am
> > p;s
> > data=HLuGYQaoS0rr6euFqjhik98CZry2AlUYYIfaKciLBNo%3D&reserved=0
> >
> > But for me the PAC_ATTRIBUTES_INFO documentation is a bit unclear:
> >
> > We have this in Samba:
> > typedef [bitmap32bit] bitmap {
> > PAC_ATTRIBUTE_FLAG_PAC_WAS_REQUESTED = 0x00000001,
> > PAC_ATTRIBUTE_FLAG_PAC_WAS_GIVEN_IMPLICITLY =
> > 0x00000002
> > } PAC_ATTRIBUTE_INFO_FLAGS;
> >
> > typedef struct {
> > uint32 flags_length; /* length in bits */
> > PAC_ATTRIBUTE_INFO_FLAGS flags;
> > } PAC_ATTRIBUTES_INFO;
> >
> > And the documentation has:
> >
> > FlagsLength (4 bytes): An unsigned 32-bit integer in little-
> > endian format that describes the length,
> > in bits, of the Flags field.
> >
> > Flags (variable): an array of 32-bit unsigned integers in little-
> > endian format that contains flag bits
> > describing the PAC.
> >
> > It's not really clear that the array size is
> > '((int)(flags_length/32))+1', for now it's seems to be just a
> > single
> > uint32 element with two defined flags. Unless bit 33 will be
> > defined
> > someday, it would be easier to have it as
> >
> > typedef struct {
> > uint32 number_of_valid_flags;
> > uint32 flags;
> > } PAC_ATTRIBUTES_INFO;
> >
> > which is basically what we currently have in Samba, but in theory
> > it
> > would have to be
> >
> > typedef struct {
> > uint32 number_of_valid_flags;
> > uint32 flags[(number_of_valid_flags/32)+1];
> > } PAC_ATTRIBUTES_INFO;
> >
> > metze
>
> --
> / Alexander Bokovoy
>
> _______________________________________________
> cifs-protocol mailing list
> cifs-protocol at lists.samba.org
> https://lists.samba.org/mailman/listinfo/cifs-protocol
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba
Samba Development and Support, Catalyst IT - Expert Open Source
Solutions
More information about the cifs-protocol
mailing list