[cifs-protocol] [EXTERNAL] Re: [MS-SAMR] AEAD-AES-256-CBC-HMAC-SHA512 - TrackingID#2206210040006850
Jeff McCashland (He/him)
jeffm at microsoft.com
Fri Jul 8 17:38:46 UTC 2022
Hi Andreas,
This time, the AuthData that you sent does not match the AuthData calculated by the server. I've clarified the calculation below.
Passed AuthData:
8f b6 dd 6c 6f a9 9a f9-ff 89 39 c5 e9 e0 02 fb
fc c4 8c 03 71 ef 64 53-b8 41 ba 4f 7d a8 cc 9b
d0 8f bf 5a e8 7b bf 82-e3 1b c6 24 4c d5 3a 39
c5 ee a5 95 c3 9f ed a6-31 ed 8d a5 48 d2 da 93
Calculated AuthData:
b3 81 fc 86 e4 60 e0 91-3c 1d 97 6e 4d 51 e7 a3
a4 47 3f 90 f5 26 5a 29-8f d8 73 22 d7 0f 09 b8
93 77 85 f2 e7 dd f7 e1-cc 21 30 2a 33 97 11 84
fd 79 a3 e8 0c 4b 1f 43-dc 2a 7c cf cc 9d 3e 24
First, the MAC key is calculated using the formula:
mac_key ::= HMAC-SHA-512(CEK, SAM_AES256_MAC_KEY_STRING)
CEK = Session key:
c9 b2 f0 3f bb 33 d4 d2-50 0b 79 4c d2 81 f9 53
SAM_AES256_MAC_KEY_STRING:
"Microsoft SAM MAC key AEAD-AES-256-CBC-HMAC-SHA512 16"
Resulting mac_key:
11 76 94 44 e0 58 f1 a1-03 1f 8f 8e 8f 25 1e e1
10 c2 11 90 90 c3 71 97-86 7c 10 61 c1 58 c4 9b
79 53 11 0b fc 83 dd 90-12 dd ea 6d 92 7b 06 a7
a0 a4 6d 7b ba 2e 90 e6-37 7f 93 39 60 ed 00 2b
Then, the mac_key is used to hash a concatenation of elements::
AuthData ::= HMAC-SHA-512(mac_key, versionbyte + IV + Cipher + versionbyte_length)
Data to hash (all of the below in order, 0x222 bytes):
versionbyte:
01
Salt (IV):
0f 5e fb 7d 58 65 12 19 fb 77 23 d0 af 65 b7 2b
Cipher:
50 a6 1b e7 ed 61 9f 3a-8e c1 5f 7b bb 1f e4 85
17 17 93 e1 0d c2 b2 f4-4e 35 f1 2b 7b 66 9f fc
df 8f 50 e5 3c 5d 3d ad-41 cd f5 9d 84 61 9b 34
17 9c 31 8a 17 e7 cd 8f-90 3b dc 5c 2f 3b 69 32
1f 17 7a 87 a4 70 66 56-47 72 71 5f 55 09 1c 16
ac 71 c2 ad 83 77 9f 18-52 81 4b de ca 2c 6f b9
a6 9f 54 22 fe 50 00 94-a4 e4 a3 b2 ea ed 02 44
0e 38 73 d9 27 32 d4 f7-e7 5f 51 56 20 37 07 da
d4 a6 58 43 0b f9 7e 51-8f 3c 9e 0a 89 cc 96 ee
e3 60 26 a0 e7 e4 ae f6-4d e3 fe ad 67 58 2f 5c
d8 77 f9 58 8a 7b 69 2a-65 75 8d 45 b2 f1 9f b3
a4 4f c2 88 2c 50 64 2e-af 3d b2 e6 59 e4 20 fb
88 62 31 be d0 56 14 90-15 71 4f 2f 8d 44 da 65
c5 e2 67 9e 68 14 90 e7-83 3e 77 6c b3 4e 04 97
10 e1 88 2a 00 3d dc c1-26 9e fa ca e8 24 42 8f
1c f4 f5 7f d6 c6 d7 a4-ff cf 71 ad 0f 57 d8 af
47 35 33 43 e2 9b bf 8e-71 35 bd 37 79 e0 72 01
02 b9 80 1e 2d ba 86 82-c2 1a 67 03 fe e9 e5 45
ce 9b ac 75 a3 ed 71 69-31 43 84 cb 4d 4c 07 34
bf 91 77 dd aa ac bf 03-91 2a da 32 1a 1f 2c d5
fe 0b 7f fd 58 b0 6f cb-12 97 ee 8e 0e fe 43 3a
02 fb a1 72 a6 3b 96 a9-e6 70 2d a7 9e e1 5e 2f
9c a8 bf e6 02 24 e6 c2-b1 9a be 6a f7 98 78 1d
a8 47 2d c1 1c db ee 23-2e 2d 23 23 14 9b e8 a5
9d 91 75 9c 59 05 60 23-d4 90 f3 b7 fc 5e 11 b4
c1 5f 20 45 29 41 be a8-51 21 4f 04 0e 89 20 fa
d7 07 2e e1 75 dd 61 24-b9 a7 74 42 35 9c 07 08
ce 53 c3 dc b4 dd 14 67-77 d7 60 27 1b 2c 98 34
3b ac 35 42 52 7f 34 90-1b ed d1 29 bc 63 7a 51
8f 22 82 e5 da d4 50 5e-4c 6a 4d 11 f9 d4 19 ba
2f ba 3b ab f3 65 43 72-8f 61 a9 0d c6 4e 16 b5
89 be 2e 9b 34 2c c2 cb-50 23 60 85 ae 4b a2 cb
4b 39 0c 14 41 01 81 95-68 ec 53 42 3d a8 30 4c
versionbyte_length:
01
I hope that helps!
Best regards,
Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team
Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
Local country phone number found here: http://support.microsoft.com/globalenglish | Extension 1138300
-----Original Message-----
From: Andreas Schneider <asn at samba.org>
Sent: Thursday, July 7, 2022 9:49 AM
To: Jeff McCashland (He/him) <jeffm at microsoft.com>
Cc: cifs-protocol at lists.samba.org; Jeff McCashland <jeffm at microsoftsupport.com>; Obaid Farooqi <obaidf at microsoft.com>
Subject: Re: [EXTERNAL] Re: [MS-SAMR] AEAD-AES-256-CBC-HMAC-SHA512 - TrackingID#2206210040006850
On Thursday, July 7, 2022 5:48:26 PM CEST Jeff McCashland (He/him) wrote:
> Hi Andreas,
>
> Please use these credentials for further traces:
Hi Jeff,
I've uploaded new traces.
Thank you very much for your help!
Andreas
> Log in as: 2207060040005870_andreas at dtmxfer.onmicrosoft.com
> 1-time: 15jUOn1x
>
> Workspace link:
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsupp
> ort.microsoft.com%2Ffiles%3Fworkspace%3DeyJ0eXAiOiJKV1QiLCJhbGciOiJSU&
> amp;data=05%7C01%7Cjeffm%40microsoft.com%7C3f3b73b690cf494992d808da603
> 89ac8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637928093491367492%
> 7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik
> 1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2BgNWdzW1%2B3sXcCWTznA
> ATYbmEBCDIgcLOLe%2BI1l%2F3Gc%3D&reserved=0
> zI1NiJ9.eyJ3c2lkIjoiYTBkYWUxODMtMzE4MC00NzUxLWEwMGYtZmFlYTYxNjljMGJmIi
> wic3Ii
> OiIyMjA3MDYwMDQwMDA1ODcwIiwiYXBwaWQiOiI0ZTc2ODkxZC04NDUwLTRlNWUtYmUzOC
> 1lYTNi
> ZDZlZjIxZTUiLCJzdiI6InYxIiwicnMiOiJFeHRlcm5hbCIsInd0aWQiOiJlMmEwODJhMi
> 03NWVm
> LTRmMzYtYTVmOC0yNzRhY2VlZGFlZDIiLCJpc3MiOiJodHRwczovL2FwaS5kdG1uZWJ1bG
> EubWlj
> cm9zb2Z0LmNvbSIsImF1ZCI6Imh0dHA6Ly9zbWMiLCJleHAiOjE2NjQ5ODQ4MjAsIm5iZi
> I6MTY1
> NzIwODgyMH0.b0IenmkDjptFJ926X3UKUw_sKX4G6KRXehmJJH8jxjFDRdw8y8fUu9yPOi
> yB50hB
> dnyFh2OW8Bp7z8nJHVS3n6JLpwbdtutawAoujgFtCxQuFc6tlA4mN5lyfo_vzdl1WbTVv8
> Qy_oRW
> _stATR0155pLj5Dveuo8NTeIm9PzZRmfxqGTYl-hc1IOeWWthy7l-tsZcpYJPcajp_xSoK
> LpDhxp
> Vhsg7stsqrP1gkU09mCcyInu2F7Nvaci5iLGxYdL9S02TJ7b8eVOxUFDDHVDQFUgXoPTou
> kVswUJ
> Nz-Ch7FhSoQc9pi06LdGQXKtWRqp86BjWtrS1RLCg0TK-LddrQ&wid=a0dae183-3180-4
> 751-a0
> 0f-faea6169c0bf
>
> Best regards,
> Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft
> Protocol Open Specifications Team Phone: +1 (425) 703-8300 x38300 |
> Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
> Local country phone number found here:
> https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsuppo
> rt.microsoft.com%2Fglobalenglish&data=05%7C01%7Cjeffm%40microsoft.
> com%7C3f3b73b690cf494992d808da60389ac8%7C72f988bf86f141af91ab2d7cd011d
> b47%7C1%7C0%7C637928093491367492%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wL
> jAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&
> amp;sdata=lW6mcMnxLHormqurabvYFLNsQxmzRXv6BRh6%2FbYzGQ4%3D&reserve
> d=0 | Extension
> 1138300
>
> -----Original Message-----
> From: Andreas Schneider <asn at samba.org>
> Sent: Thursday, July 7, 2022 1:59 AM
> To: Jeff McCashland (He/him) <jeffm at microsoft.com>
> Cc: cifs-protocol at lists.samba.org; Jeff McCashland
> <jeffm at microsoftsupport.com>; Obaid Farooqi <obaidf at microsoft.com> Subject:
> Re: [EXTERNAL] Re: [MS-SAMR] AEAD-AES-256-CBC-HMAC-SHA512 -
> TrackingID#2206210040006850
> On Thursday, July 7, 2022 10:57:04 AM CEST Andreas Schneider wrote:
> > On Thursday, July 7, 2022 10:32:39 AM CEST Andreas Schneider wrote:
> > > On Tuesday, July 5, 2022 8:52:20 PM CEST Jeff McCashland (He/him) wrote:
> > > > Hi Andreas,
> > >
> > > Hi Jeff,
> > >
> > > > The server is returning STATUS_INVALID_PARAMETER because it
> > > > appears the 'Cipher' is missing from the encrypted password
> > > > structure. I see the AuthData and Salt, and cbCipher = 0x210,
> > > > and I see PBKDF2Iterations = 0x20000, but no Cipher. What are
> > > > you intending to send?> >
> > > I thought I found a bug, but there wasn't one. I was just lost in
> > > optimizations and debugger stepping.
> > >
> > > Checking the NDR output I see the cipher data and if I look at the
> > > wireshark network trace, I can see SetUserInfo2 call sends 640
> > > bytes
> > > (528 bytes of it being the the cipher data). So there is
> > > definitely cipher data being sent over the wire!
> > >
> > > Now the question is why don't you see the cipher on Windows (it is
> > > on the wire)?
> >
> > Hi,
> >
> > I found the issue, the cipher length should be a uint32 and I had a
> > uint64.
> > Because of this the cipher was NULL on Windows as it read the 0 byte
> > from the uint64 value. I fixed our IDL so it should be correct now.
> >
> > I'm still getting STATUS_INVALID_PARAMETER
> >
> > I've created new traces and uploaded it to the workspace.
>
> Actually, the upload failed and I can't upload files anymore :-(
>
> > Thanks for your help!
> >
> >
> > Cheers
> >
> > Andreas
> >
> > > Best regards
> > >
> > > Andreas
> > >
> > > > Best regards,
> > > > Jeff McCashland (He/him) | Senior Escalation Engineer |
> > > > Microsoft Protocol Open Specifications Team Phone: +1 (425)
> > > > 703-8300 x38300
> > > >
> > > > | Hours:
> > > > 9am-5pm
> > > >
> > > > Time zone: (UTC-08:00) Pacific Time (US and Canada) Local
> > > > country phone number found here:
> > > > https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2
> > > > Fs
> > > > upport.microsoft.com%2Fglobalenglish&data=05%7C01%7Cjeffm%40
> > > > mi
> > > > crosoft.com%7C198055d218f0450c6bbd08da5ff6f80a%7C72f988bf86f141a
> > > > f9
> > > > 1ab2d7cd011db47%7C1%7C0%7C637927811583654516%7CUnknown%7CTWFpbGZ
> > > > sb
> > > > 3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6M
> > > > n0
> > > > %3D%7C3000%7C%7C%7C&sdata=MoAicQeAh7xWT4jqXRwBmP4FhQ58wB0GpM
> > > > V2
> > > > 1XmMTnk%3D&reserved=0 | Extension
> > > > 1138300
> > > >
> > > > -----Original Message-----
> > > > From: Jeff McCashland (He/him)
> > > > Sent: Thursday, June 30, 2022 11:35 AM
> > > > To: 'Andreas Schneider' <asn at samba.org>
> > > > Cc: cifs-protocol at lists.samba.org; Jeff McCashland
> > > > <jeffm at microsoftsupport.com>; Obaid Farooqi
> > > > <obaidf at microsoft.com>
> > > > Subject:
> > > > RE: [EXTERNAL] Re: [MS-SAMR] AEAD-AES-256-CBC-HMAC-SHA512 -
> > > > TrackingID#2206210040006850
> > > >
> > > > Thank you for the traces, Andreas!
> > > >
> > > > I am analyzing them and sill let you know what I find.
> > > >
> > > > Best regards,
> > > > Jeff McCashland (He/him) | Senior Escalation Engineer |
> > > > Microsoft Protocol Open Specifications Team Phone: +1 (425)
> > > > 703-8300 x38300
> > > >
> > > > | Hours:
> > > > 9am-5pm
> > > >
> > > > Time zone: (UTC-08:00) Pacific Time (US and Canada) Local
> > > > country phone number found here:
> > > > https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2
> > > > Fs
> > > > upport.microsoft.com%2Fglobalenglish&data=05%7C01%7Cjeffm%40
> > > > mi
> > > > crosoft.com%7C198055d218f0450c6bbd08da5ff6f80a%7C72f988bf86f141a
> > > > f9
> > > > 1ab2d7cd011db47%7C1%7C0%7C637927811583654516%7CUnknown%7CTWFpbGZ
> > > > sb
> > > > 3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6M
> > > > n0
> > > > %3D%7C3000%7C%7C%7C&sdata=MoAicQeAh7xWT4jqXRwBmP4FhQ58wB0GpM
> > > > V2
> > > > 1XmMTnk%3D&reserved=0 | Extension
> > > > 1138300 We value your feedback. My manager is Stacy Gray
> > > > (stacygr), +1
> > > > (469) 775-4055
> > > >
> > > > -----Original Message-----
> > > > From: Andreas Schneider <asn at samba.org>
> > > > Sent: Wednesday, June 29, 2022 11:58 PM
> > > > To: Jeff McCashland (He/him) <jeffm at microsoft.com>
> > > > Cc: cifs-protocol at lists.samba.org; Jeff McCashland
> > > > <jeffm at microsoftsupport.com>; Obaid Farooqi
> > > > <obaidf at microsoft.com>
> > > > Subject:
> > > > Re: [EXTERNAL] Re: [MS-SAMR] AEAD-AES-256-CBC-HMAC-SHA512 -
> > > > TrackingID#2206210040006850
> > > >
> > > > On Wednesday, June 29, 2022 7:44:30 PM CEST Jeff McCashland
> > > > (He/him)
> >
> > wrote:
> > > > > Hi Andreas,
> > > >
> > > > Hi Jeff,
> > > >
> > > > > Thank you for the clarification. A better approach would be to
> > > > > determine why your Windows server is failing the operation. I
> > > > > would like to collect LSASS traces from your Windows Server
> > > > > for analysis. I think it would help if you use the test data
> > > > > for the trial run.
> > > > >
> > > > > I have created a File Transfer workspace to exchange files
> > > > > related to this issue (credentials and link below). If you
> > > > > still have the instructions and tools from when I requested
> > > > > LSASS traces in March, you can use those. Otherwise, you can
> > > > > find 'PartnerTTDRecorder_x86_x64.zip'
> > > > > on the
> > > > > workspace for download.
> > > >
> > > > I've created a time trace and a network capture and uploaded it
> > > > to the workspace.
> > > >
> > > > ./bin/rpcclient ncacn_np:earth.milkyway.site
> > > > -U'Administrator%Secret007!'
> > > > -c 'setuserinfo2 bob 31 Pa$$w0rd at 2'
> > > > result was NT_STATUS_INVALID_PARAMETER
> > > >
> > > >
> > > > Best regards
> > > >
> > > > Andreas
> > > >
> > > > > To collect the needed traces:
> > > > > 1. From an elevated command prompt, execute: tasklist /FI
> > > > >
> > > > > "IMAGENAME
> > > >
> > > > eq
> > > >
> > > > > lsass.exe" 2. Note the PID of the lsass process from the
> > > > > output of the above command. 3. Execute: C:\TTD\TTTracer.exe
> > > > > -attach PID, where PID is the number from above. 4. Wait for a
> > > > > little window to pop up in top left corner of your screen,
> > > > > titled "lsass01.run" 5. start a network trace on the Server
> > > > > side
> > > > >
> > > > > 6. Repro the attempted operation
> > > > > 7. Stop the network trace and save it
> > > > > 8. CAREFULLY: uncheck the checkbox next to "Tracing" in the
> > > > >
> > > > > small
> > > > >
> > > > > "lsass01.run" window. Do not close or exit the small window or
> > > > > you will need to reboot. 9. The TTTracer.exe process will
> > > > > generate a trace file, then print out the name and location of
> > > > > the file. Compress the *.run file into a .zip archive before
> > > > > uploading with the matching network trace.
> > > > >
> > > > > Log in as: 2206210040006850_andreas at dtmxfer.onmicrosoft.com
> > > > > 1-time: [KOGh3 at j
> > > > >
> > > > > Workspace link:
> > > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2
> > > > > F%
> > > > > 2Fsupp
> > > > > ort.microsoft.com%2Ffiles%3Fworkspace%3DeyJ0eXAiOiJKV1QiLCJhbG
> > > > > ci
> > > > > OiJSU&
> > > > > amp;data=05%7C01%7Cjeffm%40microsoft.com%7Cfa8e39bd37b6446ac5c
> > > > > d0
> > > > > 8da5a6
> > > > > 5e415%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C63792169091
> > > > > 96
> > > > > 06900%
> > > > > 7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLC
> > > > > JB
> > > > > TiI6Ik
> > > > > 1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=9TMTXc4f4tyHxWS
> > > > > Wc
> > > > > Mxxs%2
> > > > > F3k5Q1qy2mCH%2FulX%2F2Hmoc%3D&reserved=0
> > > > > zI1NiJ9.eyJ3c2lkIjoiM2I3YTRiZjUtMTVlNi00ZDQ3LWJlMzUtMzMyZGMwMj
> > > > > I0
> > > > > NWNjIi
> > > > > wic3Ii
> > > > > OiIyMjA2MjEwMDQwMDA2ODUwIiwiYXBwaWQiOiI0ZTc2ODkxZC04NDUwLTRlNW
> > > > > Ut
> > > > > YmUzOC
> > > > > 1lYTNi
> > > > > ZDZlZjIxZTUiLCJzdiI6InYxIiwicnMiOiJFeHRlcm5hbCIsInd0aWQiOiI5YW
> > > > > Zl
> > > > > NDk3Yi
> > > > > 01NzE1
> > > > > LTRiYWYtYmRkNS1mNTIzYzliODQ4ZmQiLCJpc3MiOiJodHRwczovL2FwaS5kdG
> > > > > 1u
> > > > > ZWJ1bG
> > > > > EubWlj
> > > > > cm9zb2Z0LmNvbSIsImF1ZCI6Imh0dHA6Ly9zbWMiLCJleHAiOjE2NjQzMDAyMj
> > > > > Us
> > > > > Im5iZi
> > > > > I6MTY1
> > > > > NjUyNDIyNX0.WUjcO-UT6NMWT3eR4TJkmmwzbiHQLyqeinUgX-DmvUuQo4UaiI
> > > > > PF
> > > > > rNPoTF
> > > > > N_czY2
> > > > > -ihGY3N3bwnIt5AcE5f4JaR2qyT81r691J79n-IZgo8TFkdJMW6XjtVoIUkgOG
> > > > > h-
> > > > > RkyDKC
> > > > > Ajhsj8
> > > > > p6ddgiL-7UbxX58a7RWvOH9Yu0NzQdW8KKnyEUcFgFGPo42Sqy1igpkqxqcyAV
> > > > > OK
> > > > > FYicPR
> > > > > f2ux39
> > > > > SdHeoa9ptL78XLFsIuvNFkh6c77U1iEoaV3eqjQSu1rNriwv73cyu3WRJ0-dEi
> > > > > ZD
> > > > > VpzHP7
> > > > > 1JfdCE
> > > > > lYBe8lDjmnEWPm0_99Iudoi4RjIgtclS4zdAS_X9efCBKkIeOA&wid=3b7a4bf
> > > > > 5-
> > > > > 15e6-4
> > > > > d47-be
> > > > > 35-332dc02245cc
> > > > >
> > > > > Best regards,
> > > > > Jeff McCashland (He/him) | Senior Escalation Engineer |
> > > > > Microsoft Protocol Open Specifications Team Phone: +1 (425)
> > > > > 703-8300 x38300 |
> > > > > Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and
> > > > > Canada) Local country phone number found here:
> > > > > https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F
> > > > > %2
> > > > > Fsuppo
> > > > > rt.microsoft.com%2Fglobalenglish&data=05%7C01%7Cjeffm%40mi
> > > > > crosof
> > > > > t.
> > > > > com%7Cfa8e39bd37b6446ac5cd08da5a65e415%7C72f988bf86f141af91ab2
> > > > > d7
> > > > > cd011d
> > > > > b47%7C1%7C0%7C637921690919606900%7CUnknown%7CTWFpbGZsb3d8eyJWI
> > > > > jo
> > > > > iMC4wL
> > > > > jAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7
> > > > > C%
> > > > > 7C%7C&
> > > > > amp;sdata=4fzxN9WyH8b16aKQOc7UbxtoMFPSo3CDa6JysWq%2BhKw%3D&
> > > > > ;r
> > > > > eserve
> > > > > d=0 | Extension
> > > > > 1138300 We value your feedback. My manager is Stacy Gray
> > > > > (stacygr),
> > > > > +1
> > > > > (469) 775-4055
> > > > >
> > > > > -----Original Message-----
> > > > > From: Andreas Schneider <asn at samba.org>
> > > > > Sent: Wednesday, June 29, 2022 7:24 AM
> > > > > To: Jeff McCashland (He/him) <jeffm at microsoft.com>
> > > > > Cc: cifs-protocol at lists.samba.org; Jeff McCashland
> > > > > <jeffm at microsoftsupport.com>; Obaid Farooqi
> > > > > <obaidf at microsoft.com>
> > > > > Subject:
> > > > > Re: [EXTERNAL] Re: [MS-SAMR] AEAD-AES-256-CBC-HMAC-SHA512 -
> > > > > TrackingID#2206210040006850
> > > > >
> > > > > On Tuesday, June 28, 2022 6:41:40 PM CEST Jeff McCashland
> > > > > (He/him)
> >
> > wrote:
> > > > > > Hi Andreas,
> > > > >
> > > > > Hi Jeff,
> > > > >
> > > > > > Can you not use the test data provided in the RFC [AEX-CBC]
> > > > > > that you originally referenced?
> > > > >
> > > > > I have an implementation of AEAD-AES-256-CBC-HMAC-SHA512 and
> > > > > implemented it in rpcclient, but it doesn't work against a
> > > > > Windows server. There are so many little details which can be
> > > > > different.
> > > > >
> > > > > ./bin/rpcclient ncacn_np:earth.milkyway.site
> > > > > -U'Administrator%Secret007!' -c
> > > > > 'setuserinfo2 bob 31 Pa$$w0rd at 2'
> > > > >
> > > > >
> > > > > From MS-SAMR 3.2.2.4 AES Cipher Usage
> > > > >
> > > > > ================
> > > > >
> > > > > The data MUST be encrypted and decrypted using
> > > > >
> > > > > AEAD-AES-256-CBC-HMAC-SHA512 as follows:
> > > > > Let IV be a random 16-byte number.
> > > > >
> > > > > Then the encryption is done as follows:
> > > > >
> > > > > Let enc_key ::= HMAC-SHA-512(CEK,
> > > > > SAM_AES256_ENC_KEY_STRING)
> > > > >
> > > > > Let mac_key ::= HMAC-SHA-512(CEK,
> > > > > SAM_AES256_MAC_KEY_STRING)
> > > > >
> > > > > Let Cipher ::= AES-CBC(enc_key, IV, secret_plaintext)
> > > > >
> > > > > Let AuthData ::= HMAC-SHA-512(mac_key, versionbyte + IV +
> > > > >
> > > > > Cipher +
> > > > >
> > > > > versionbyte_length)
> > > > >
> > > > > ================
> > > > >
> > > > > As my implementation doesn't work against Windows it can be
> > > > > that my size of SAM_AES256_ENC_KEY_STRING is wrong.
> > > > >
> > > > > 2.2.1.18 has:
> > > > > SAM_AES256_ENC_KEY_STRING_LENGTH
> > > > >
> > > > > sizeof(SAM_AES256_ENC_KEY_STRING)
> > > > >
> > > > > The sizeof() in C would include the \0 terminator of a string,
> > > > > however I think that actually strlen() is meant.
> > > > >
> > > > > Same for the mac key ...
> > > > >
> > > > > Also there is truncation of keys happening. Like the enc_key
> > > > > is truncated to
> > > > > 32 bytes.
> > > > >
> > > > > For calculating the authdata it isn't clear what data type
> > > > > versionbyte_length is. I would guess it is uint8_t but it
> > > > > could also be uint32_t ...
> > > > >
> > > > > Is the AuthData truncated to 32 byte? In the RFC it is, but in
> > > > > MS-SAMR
> > > > > 2.2.6.32 the struct member for AuthData is 64 bytes. If
> > > > > truncation is happening will the rest be filled with 0 bytes?
> > > > >
> > > > > Either I provide you the all unclear details and you figure it
> > > > > out for me.
> > > > > Or you provide the hexdumps and I figure it out and ask better
> > > > > questions
> > > > >
> > > > > :-)
> > > > >
> > > > > Here is some pseudo C code of my implementation:
> > > > >
> > > > > #define SAMR_AES_VERSION_BYTE 0x01 #define
> > > > > SAMR_AES_VERSION_BYTE_LEN 1
> > > > >
> > > > > #define SAMR_AES256_ENC_KEY_STRING \
> > > > >
> > > > > "Microsoft SAM encryption key AEAD-AES-256-CBC-HMAC-SHA512
> > > > > 16"
> > > > >
> > > > > #define SAMR_AES256_ENC_KEY_STRING_LEN 60
> > > > >
> > > > > #define SAMR_AES256_MAC_KEY_STRING \
> > > > >
> > > > > "Microsoft SAM MAC key AEAD-AES-256-CBC-HMAC-SHA512 16"
> > > > >
> > > > > #define SAMR_AES256_MAC_KEY_STRING_LEN 53
> > > > >
> > > > > uint8_t version_byte = SAMR_AES_VERSION_BYTE; /* 0x01 */
> > > > > uint8_t version_byte_len = SAMR_AES_VERSION_BYTE_LEN; /* 1 */
> > > > >
> > > > > uint8_t enc_key_data[64];
> > > > > uint8_t mac_key_data[64];
> > > > >
> > > > > /* Calculate encryption key */
> > > > > /* cek_key is just 16 bytes if a SMB session key is used? */
> > > > > rc = gnutls_hmac_fast(GNUTLS_MAC_SHA512,
> > > > >
> > > > > cek_key.data,
> > > > > cek_key.size,
> > > > > SAMR_AES256_ENC_KEY_STRING,
> > > > > SAMR_AES256_ENC_KEY_STRING_LEN,
> > > > > enc_key_data);
> > > > >
> > > > > enc_key.data = mac_key_data;
> > > > > enc_key.size = 32; /* truncation from 64 to 32 bytes */
> > > > >
> > > > > /* Encrypt plaintext */
> > > > > rc = gnutls_cipher_init(&cipher_hnd,
> > > > >
> > > > > GNUTLS_CIPHER_AES_256_CBC,
> > > > > &enc_key,
> > > > > &iv);
> > > > >
> > > > > rc = gnutls_cipher_encrypt2(cipher_hnd,
> > > > >
> > > > > secret->data,
> > > > > secret->length,
> > > > > ctext,
> > > > > ctext_len);
> > > > >
> > > > > /* Calculate mac key */
> > > > > rc = gnutls_hmac_fast(GNUTLS_MAC_SHA512,
> > > > >
> > > > > cek_key.data,
> > > > > cek_key.size,
> > > > > SAMR_AES256_MAC_KEY_STRING,
> > > > > SAMR_AES256_MAC_KEY_STRING_LEN,
> > > > > mac_key_data);
> > > > >
> > > > > mac_key.data = mac_key_data;
> > > > > mac_key.size = 32; /* truncation from 64 to 32 bytes */
> > > > >
> > > > > /* Generate auth tag */
> > > > > rc = gnutls_hmac_init(&hmac_hnd,
> > > > >
> > > > > GNUTLS_MAC_SHA512,
> > > > > mac_key.data,
> > > > > mac_key.size);
> > > > >
> > > > > rc = gnutls_hmac(hmac_hnd,
> > > > >
> > > > > &version_byte,
> > > > > sizeof(uint8_t));
> > > > >
> > > > > rc = gnutls_hmac(hmac_hnd,
> > > > >
> > > > > iv.data,
> > > > > iv.size);
> > > > >
> > > > > rc = gnutls_hmac(hmac_hnd,
> > > > >
> > > > > ctext,
> > > > > ctext_len);
> > > > >
> > > > > rc = gnutls_hmac(hmac_hnd,
> > > > >
> > > > > &version_byte_len,
> > > > > sizeof(uint8_t));
> > > > >
> > > > > gnutls_hmac_deinit(hmac_hnd, auth_data);
> > > > > /* Is auth_data truncated? */
> > > > >
> > > > >
> > > > > Best regards
> > > > >
> > > > > Andreas
> > > > >
> > > > > > It appears to have all or most of what you're looking for:
> > > > > > K (secret input key)
> > > > > > MAC_KEY
> > > > > > ENC_KEY
> > > > > > P (plaintext)
> > > > > > IV (initialization vector)
> > > > > > A (associated data)
> > > > > > PS (padding string)
> > > > > > AL (associated data length)
> > > > > > S (ciphertext - intermediate) T (authentication tag) C
> > > > > > (ciphertext)
> > > > > >
> > > > > > Best regards,
> > > > > > Jeff McCashland (He/him) | Senior Escalation Engineer |
> > > > > > Microsoft Protocol Open Specifications Team Phone: +1 (425)
> > > > > > 703-8300 x38300 |
> > > > > > Hours: 9am-5pm
> > > > > >
> > > > > > Time zone: (UTC-08:00) Pacific Time (US and Canada) Local
> > > > > > country phone number found here:
> > > > > > https://nam06.safelinks.protection.outlook.com/?url=http%3A%
> > > > > > 2F
> > > > > > %2Fsup
> > > > > > po
> > > > > > rt
> > > > > > .
> > > > > > microsoft.com%2Fglobalenglish&data=05%7C01%7Cjeffm%40mic
> > > > > > ro
> > > > > > soft.c
> > > > > > om%7C2
> > > > > > aef7356a401488aa28b08da59db101c%7C72f988bf86f141af91ab2d7cd0
> > > > > > 11
> > > > > > db47%7
> > > > > > C1%7C0
> > > > > > %7C637921094670609275%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLj
> > > > > > Aw
> > > > > > MDAiLC
> > > > > > JQIjoi
> > > > > > V2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&s
> > > > > > da
> > > > > > ta=3F5
> > > > > > A%2B2t
> > > > > > LvyvS8LOk%2FOx6BeqCckryLWLucxcaxKPNoCI%3D&reserved=0 |
> > > > > > Extension
> > > > > > 1138300 We value your feedback. My manager is Stacy Gray
> > > > > > (stacygr),
> > > > > > +1
> > > > > > (469) 775-4055
> > > > > >
> > > > > > -----Original Message-----
> > > > > > From: Jeff McCashland (He/him)
> > > > > > Sent: Monday, June 27, 2022 11:55 AM
> > > > > > To: Andreas Schneider <asn at samba.org>
> > > > > > Cc: cifs-protocol at lists.samba.org; Jeff McCashland
> > > > > > <jeffm at microsoftsupport.com>; Obaid Farooqi
> > > > > > <obaidf at microsoft.com>
> > > > > > Subject:
> > > > > > RE: [EXTERNAL] Re: [MS-SAMR] AEAD-AES-256-CBC-HMAC-SHA512 -
> > > > > > TrackingID#2206210040006850
> > > > > >
> > > > > > Hi Andreas,
> > > > > >
> > > > > > Our plan is to capture traffic where
> > > > > > AEAD-AES-256-CBC-HMAC-SHA512 is used.
> > > > > >
> > > > > > We're working on setting up a Windows repro. However,
> > > > > > Windows uses LDAP instead of SAMR, so we're working out how
> > > > > > to configure it to use SAMR.
> > > > > >
> > > > > > I'll keep you posted.
> > > > > >
> > > > > > Best regards,
> > > > > > Jeff McCashland (He/him) | Senior Escalation Engineer |
> > > > > > Microsoft Protocol Open Specifications Team Phone: +1 (425)
> > > > > > 703-8300 x38300 |
> > > > > > Hours: 9am-5pm
> > > > > >
> > > > > > Time zone: (UTC-08:00) Pacific Time (US and Canada) Local
> > > > > > country phone number found here:
> > > > > > https://nam06.safelinks.protection.outlook.com/?url=http%3A%
> > > > > > 2F
> > > > > > %2Fsup
> > > > > > po
> > > > > > rt
> > > > > > .
> > > > > > microsoft.com%2Fglobalenglish&data=05%7C01%7Cjeffm%40mic
> > > > > > ro
> > > > > > soft.c
> > > > > > om%7C2
> > > > > > aef7356a401488aa28b08da59db101c%7C72f988bf86f141af91ab2d7cd0
> > > > > > 11
> > > > > > db47%7
> > > > > > C1%7C0
> > > > > > %7C637921094670614268%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLj
> > > > > > Aw
> > > > > > MDAiLC
> > > > > > JQIjoi
> > > > > > V2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&s
> > > > > > da
> > > > > > ta=u4W
> > > > > > bTdU%2
> > > > > > F6GSFcjspR21MPDStD8Ag2dtpPeNJ5nEgFH8%3D&reserved=0 |
> > > > > > Extension
> > > > > > 1138300 We value your feedback. My manager is Stacy Gray
> > > > > > (stacygr),
> > > > > > +1 (469)
> > > > > > 775-4055
> > > > > >
> > > > > > -----Original Message-----
> > > > > > From: Andreas Schneider <asn at samba.org>
> > > > > > Sent: Monday, June 27, 2022 4:56 AM
> > > > > > To: Jeff McCashland (He/him) <jeffm at microsoft.com>
> > > > > > Cc: cifs-protocol at lists.samba.org; Jeff McCashland
> > > > > > <jeffm at microsoftsupport.com>; Obaid Farooqi
> > > > > > <obaidf at microsoft.com>
> > > > > > Subject:
> > > > > > [EXTERNAL] Re: [MS-SAMR] AEAD-AES-256-CBC-HMAC-SHA512 -
> > > > > > TrackingID#2206210040006850
> > > > > >
> > > > > > On Wednesday, June 22, 2022 8:09:34 PM CEST Jeff McCashland
> > > > > > (He/him)
> > > >
> > > > wrote:
> > > > > > > Hi Andreas,
> > > > > >
> > > > > > Hi Jeff,
> > > > > >
> > > > > > > I will research your question and see what we can come up
> > > > > > > with for test data.
> > > > > >
> > > > > > thank you very much. Looking forward to hear from you :-)
> > > > > >
> > > > > > Andreas
> > > > > >
> > > > > > > Best regards,
> > > > > > > Jeff McCashland (He/him) | Senior Escalation Engineer |
> > > > > > > Microsoft Protocol Open Specifications Team Phone: +1
> > > > > > > (425)
> > > > > > > 703-8300 x38300
> > > > > > >
> > > > > > > Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US
> > > > > > > and
> > > > > > > Canada) Local country phone number found here:
> > > > > > > https://nam06.safelinks.protection.outlook.com/?url=http%3
> > > > > > > A%
> > > > > > > 2F%2Fs
> > > > > > > uppo
> > > > > > > rt.microsoft.com%2Fglobalenglish&data=05%7C01%7Cjeffm%
> > > > > > > 40
> > > > > > > micros
> > > > > > > of
> > > > > > > t.
> > > > > > > com%7Cb133cf48cfa147d4956b08da5833fc38%7C72f988bf86f141af9
> > > > > > > 1a
> > > > > > > b2d7cd
> > > > > > > 011d
> > > > > > > b47%7C1%7C0%7C637919277699900369%7CUnknown%7CTWFpbGZsb3d8e
> > > > > > > yJ
> > > > > > > WIjoiM
> > > > > > > C4wL
> > > > > > > jAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C30
> > > > > > > 00
> > > > > > > %7C%7C
> > > > > > > %7C&
> > > > > > > amp;sdata=%2BJdN4TiV%2Bvqq4dqYGpq7mGhZ1vh3gQrrvgjqsBuBXbg%
> > > > > > > 3D
> > > > > > > &r
> > > > > > > eser
> > > > > > > ved=0 | Extension
> > > > > > > 1138300 We value your feedback. My manager is Stacy Gray
> > > > > > > (stacygr),
> > > > > > > +1
> > > > > > > (469) 775-4055
> > > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: Obaid Farooqi <obaidf at microsoft.com>
> > > > > > > Sent: Tuesday, June 21, 2022 9:08 AM
> > > > > > > To: Andreas Schneider <asn at samba.org>
> > > > > > > Cc: cifs-protocol at lists.samba.org; Obaid Farooqi
> > > > > > > <obaidf at microsoftsupport.com> Subject: [EXTERNAL]
> > > > > > > [MS-SAMR]
> > > > > > > AEAD-AES-256-CBC-HMAC-SHA512 - TrackingID#2206210040006850
> > > > > > >
> > > > > > > Hi Andreas:
> > > > > > > Thanks for contacting Microsoft. I have created a case to
> > > > > > > track this issue.
> > > > > > > A member of the open specifications team will be in touch soon.
> > > > > > >
> > > > > > > Regards,
> > > > > > > Obaid Farooqi
> > > > > > > Escalation Engineer | Microsoft
> > > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: Andreas Schneider <asn at samba.org>
> > > > > > > Sent: Tuesday, June 21, 2022 8:00 AM
> > > > > > > To: Interoperability Documentation Help
> > > > > > > <dochelp at microsoft.com>
> > > > > > > Cc: cifs-protocol at lists.samba.org
> > > > > > > Subject: [EXTERNAL] [MS-SAMR] AEAD-AES-256-CBC-HMAC-SHA512
> > > > > > >
> > > > > > > Hello Dochelp,
> > > > > > >
> > > > > > > I'm trying to implement support for
> > > > > > > AEAD-AES-256-CBC-HMAC-SHA512 from
> > > > > > > [MS- SAMR] 3.2.2.4 AES Cipher Usage.
> > > > > > >
> > > > > > > This is not really easy as there are some details unclear.
> > > > > > > I would love to write a unit test for
> > > > > > > AEAD-AES-256-CBC-HMAC-SHA512.
> > > > > > >
> > > > > > > Could you please provide hexdump of the buffers used in
> > > > > > > encryption from a
> > > > > > > SamrSetInformationUser2 level 31 from a test platform.
> > > > > > >
> > > > > > > When it performs the following:
> > > > > > >
> > > > > > > Let enc_key ::= HMAC-SHA-512(CEK,
> > > > > > > SAM_AES256_ENC_KEY_STRING) Let mac_key ::=
> > > > > > > HMAC-SHA-512(CEK, SAM_AES256_MAC_KEY_STRING) Let Cipher
> > > > > > >
> > > > > > > ::= AES-CBC(enc_key, IV, secret_plaintext) Let AuthData
> > > > > > > ::=
> > > > > > >
> > > > > > > HMAC-SHA-512(mac_key, versionbyte + IV + Cipher +
> > > > > > > versionbyte_length)
> > > > > > >
> > > > > > >
> > > > > > > I would like to have hexdumps of the following buffers:
> > > > > > >
> > > > > > > * cek (16byte sesssion key)
> > > > > > > * enc_key
> > > > > > > * mac_key
> > > > > > > * IV
> > > > > > > * secret_plaintext
> > > > > > > * cipher
> > > > > > > * authdata
> > > > > > >
> > > > > > > The RFC implementation provides something like that, see:
> > > > > > > https://nam06.safelinks.protection.outlook.com/?url=https%
> > > > > > > 3A
> > > > > > > %2F%2F
> > > > > > > tool
> > > > > > > s.ietf%2F&data=05%7C01%7Cjeffm%40microsoft.com%7Cb133c
> > > > > > > f4
> > > > > > > 8cfa14
> > > > > > > 7d49
> > > > > > > 56b08da5833fc38%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0
> > > > > > > %7
> > > > > > > C63791
> > > > > > > 9277
> > > > > > > 699900369%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQ
> > > > > > > Ij
> > > > > > > oiV2lu
> > > > > > > MzIi
> > > > > > > LCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=i
> > > > > > > hs
> > > > > > > J1PYjg
> > > > > > > 2cT7
> > > > > > > 4D3zmlfdDV3UEVNtpJeOX%2BPWQYmg%2FI%3D&reserved=0
> > > > > > > .org%2Fid%2Fdraft-mcgrew-aead-aes-cbc-hmac-sha2-03.html%23
> > > > > > > rf
> > > > > > > c.sect
> > > > > > > io
> > > > > > > n.
> > > > > > > 5.4&am
> > > > > > > p;data=05%7C01%7Cjeffm%40microsoft.com%7C382019859d9f4eb7c
> > > > > > > c1
> > > > > > > b08da5
> > > > > > > 3a03
> > > > > > > c24%7C
> > > > > > > 72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637914244951310
> > > > > > > 82
> > > > > > > 0%7CUn
> > > > > > > know
> > > > > > > n%7CTW
> > > > > > > FpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1h
> > > > > > > aW
> > > > > > > wiLCJX
> > > > > > > VCI6
> > > > > > > Mn0%3D
> > > > > > > %7C3000%7C%7C%7C&sdata=jzVMJ8GS%2BP30uF6pHSTfJf8ioOzDO
> > > > > > > K6
> > > > > > > 9Y%2By
> > > > > > > yFKD
> > > > > > > zpKo%3
> > > > > > > D&reserved=0
> > > > > > >
> > > > > > > This would allow me to write a unit test and figure out
> > > > > > > the details what in my implementation something goes
> > > > > > > wrong. I can then provide feedback to improve the documentation.
> > > > > > >
> > > > > > >
> > > > > > > Thank you very much!
> > > > > > >
> > > > > > >
> > > > > > > Best regards
> > > > > > >
> > > > > > > Andreas Schneider
> > > > > > >
> > > > > > > --
> > > > > > > Andreas Schneider asn at samba.org
> > > > > > > Samba Team
> > > > > > > https://nam06.safelinks.protection.outlook.com/?url=http%3
> > > > > > > A%
> > > > > > > 2F%2Fw
> > > > > > > ww.sam%2F&data=05%7C01%7Cjeffm%40microsoft.com%7Cfa8e3
> > > > > > > 9b
> > > > > > > d37b64
> > > > > > > 46ac5cd08da5a65e415%7C72f988bf86f141af91ab2d7cd011db47%7C1
> > > > > > > %7
> > > > > > > C0%7C6
> > > > > > > 37921690919606900%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAw
> > > > > > > MD
> > > > > > > AiLCJQ
> > > > > > > IjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C
> > > > > > > &a
> > > > > > > mp;sda
> > > > > > > ta=gf3Xowal5D7zYZ5e26Z78ZLQNoea1hoWed09vWMnkxA%3D&rese
> > > > > > > rv
> > > > > > > ed=0
> > > > > > > ba%2F&data=05%7C01%7Cjeffm%40microsoft.com%7C2aef7356a
> > > > > > > 40
> > > > > > > 1488aa
> > > > > > > 28b08d
> > > > > > > a59db101c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637
> > > > > > > 92
> > > > > > > 109467
> > > > > > > 061926
> > > > > > > 7%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2lu
> > > > > > > Mz
> > > > > > > IiLCJB
> > > > > > > TiI6Ik
> > > > > > > 1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=UWJ4c8%2BpO
> > > > > > > SJ
> > > > > > > 8UiaN%
> > > > > > > 2FeH7l
> > > > > > > marEwwyiVx1ECnPk03Awk4%3D&reserved=0
> > > > > > > %2F&data=05%7C01%7Cjeffm%40microsoft.com%7Cb133cf48cfa
> > > > > > > 14
> > > > > > > 7d4956
> > > > > > > b08da
> > > > > > > 583
> > > > > > > 3fc38%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C6379192
> > > > > > > 77
> > > > > > > 699900
> > > > > > > 369%7
> > > > > > > CUn
> > > > > > > known%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLC
> > > > > > > JB
> > > > > > > TiI6Ik
> > > > > > > 1haWw
> > > > > > > iLC
> > > > > > > JXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Q04le03I8jml11uEltl
> > > > > > > zI
> > > > > > > ssEEkp
> > > > > > > VMfFe
> > > > > > > HjD Ydw2cPIU%3D&reserved=0.
> > > > > > > org%2F&data=05%7C01%7Cjeffm%40microsoft.com%7C38201985
> > > > > > > 9d
> > > > > > > 9f4eb7
> > > > > > > cc1b
> > > > > > > 08da53
> > > > > > > a03c24%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637914
> > > > > > > 24
> > > > > > > 495131
> > > > > > > 0820
> > > > > > > %7CUnk
> > > > > > > nown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJ
> > > > > > > BT
> > > > > > > iI6Ik1
> > > > > > > haWw
> > > > > > > iLCJXV
> > > > > > > CI6Mn0%3D%7C3000%7C%7C%7C&sdata=0VU8ycMe9EFGOAEV7JROkm
> > > > > > > RR
> > > > > > > oQCDje
> > > > > > > 5N%2Fx
> > > > > > > AI
> > > > > > > bz qpbI4%3D&reserved=0 GPG-ID:
> > > > > > > 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D
--
Andreas Schneider asn at samba.org
Samba Team https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.samba.org%2F&data=05%7C01%7Cjeffm%40microsoft.com%7C3f3b73b690cf494992d808da60389ac8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637928093491367492%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=TFiigUS03Z7%2BUKiIZe%2BcClBUmuGvvrcNfUaQyhkDpUc%3D&reserved=0
GPG-ID: 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D
More information about the cifs-protocol
mailing list