[cifs-protocol] [EXTERNAL] Re: [MS-APDS] NETLOGON_TICKET_LOGON_INFO message - TrackingID#2405210040011397

Jo Sutton jsutton at samba.org
Tue Aug 6 05:06:18 UTC 2024


Hi Sreekanth,

Thank you. I couldn’t find IDL for NETLOGON_TICKET_LOGON_INFO, only a 
diagram in [MS-APDS] 2.2.2.1, so I could well be using wrong IDL. If 
it’s possible, it would be helpful to know which array couldn’t be 
unmarshalled and for what reason.

Cheers,
Jo (she/her)

On 6/08/24 4:30 pm, Sreekanth Nadendla wrote:
> Hello Jo, the error occurred during unmarshalling the data sent from 
> client. Specifically with Conformant Varying Array 
> (https://learn.microsoft.com/en-us/windows/win32/rpc/arrays-tfs 
> <https://learn.microsoft.com/en-us/windows/win32/rpc/arrays-tfs>)
> 
> Perhaps the client and server stubs don't match and that is why server 
> is unable to unmarshall the structure?  While I debug this further, can 
> you double check if your build used correct stubs generated from the 
> updated idl file?
> 
> Regards,
> 
> Sreekanth Nadendla
> 
> Microsoft Windows Open Specifications
> 
> 
> ------------------------------------------------------------------------
> *From:* Jo Sutton <jsutton at samba.org>
> *Sent:* Wednesday, July 31, 2024 10:41 PM
> *To:* Sreekanth Nadendla <srenaden at microsoft.com>; 
> cifs-protocol at lists.samba.org <cifs-protocol at lists.samba.org>
> *Cc:* Microsoft Support <supportmail at microsoft.com>
> *Subject:* Re: [EXTERNAL] Re: [cifs-protocol] [MS-APDS] 
> NETLOGON_TICKET_LOGON_INFO message - TrackingID#2405210040011397
> Hi Sreekanth,
> 
> Yes, I think I used the updated IDL. I’ve uploaded
> netlogon_ticket_logon_info_2.zip, which contains a trace of Windows
> Server 2022 sending RPC_NT_BAD_STUB_DATA in response to my
> NetlogonTicketLogonInformation message.
> 
> Cheers,
> Jo (she/her)
> 
> On 20/07/24 2:32 am, Sreekanth Nadendla wrote:
>> Hello Jo, Have you used the new IDL file from the updated MS-NRPC 
>> specification? Please feel free to collect the data and upload it to the 
>> workspace shared with you.
>> 
>> Regards,
>> 
>> Sreekanth Nadendla
>> 
>> Microsoft Windows Open Specifications
>> 
>> 
>> ------------------------------------------------------------------------
>> *From:* Jo Sutton <jsutton at samba.org>
>> *Sent:* Friday, July 19, 2024 12:31 AM
>> *To:* Sreekanth Nadendla <srenaden at microsoft.com>; 
>> cifs-protocol at lists.samba.org <cifs-protocol at lists.samba.org>
>> *Cc:* Microsoft Support <supportmail at microsoft.com>
>> *Subject:* [EXTERNAL] Re: [cifs-protocol] [MS-APDS] 
>> NETLOGON_TICKET_LOGON_INFO message - TrackingID#2405210040011397
>> Hi Sreekanth,
>> 
>> Thank you for your helpful response! It seems I still haven’t got it
>> quite right, as Windows responds with RPC_NT_BAD_STUB_DATA when I send
>> the NetlogonTicketLogonInformation message. May I upload more traces
>> next week so I can find out where I’ve gone wrong?
>> 
>> Cheers,
>> Jo (she/her)
>> 
>> On 19/07/24 6:40 am, Sreekanth Nadendla wrote:
>>> Hello Jo, please review the latest copy of [MS-NRPC].  It has the 
>>> updated IDL definitions as well. As of now,  [MS-APDS] is still being 
>>> updated. The following information should be helpful in the meantime.
>>> 
>>> MS-APDS Section 3.2.5.1 shows  messagetype field should be set to 
>>> 0x00000026. The actual design did not introduce such message type. We 
>>> are using a new  logonlevel i.e. NETLOGON_LEVEL of 
>>> NetlogonTicketLogonInformation and a new validationLevel i.e. 
>>> NETLOGON_VALIDATION of NetlogonValidationTicketLogon.
>>> 
>>>  1.
>>>           From MS-APDS Section 3.2.5.1, we see the
>>>     NETLOGON_TICKET_LOGON_INFO  is layered on top of generic pass
>>>     through structure however MS-NRPC section 2.2.1.4.6 defines
>>>     TicketLogon as a new NETLOGON_LEVEL struct which refers
>>>     to NETLOGON_TICKET_LOGON_INFO.
>>>           The NETLOGON_TICKET_LOGON_INFO message does not utilize
>>>     Generic Passthrough as described in MS-APDS 3.2.5.1. Instead, you 
>>>     will be using /LogonLevel/ parameter 8
>>>     (_NetlogonTicketLogonInformation
>>>     <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fopenspecs%2Fwindows_protocols%2Fms-nrpc%2F8c7808e5-4e5c-420e-9c90-47286da2218f&data=05%7C02%7Csrenaden%40microsoft.com%7C486ba47e7fee4a3849ca08dcb1d389cb%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638580769327344092%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=Nm%2FgJN3xJLwKqsqzMtyawzVSC7p5kB8pUdytxNsL0IA%3D&reserved=0 <https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/8c7808e5-4e5c-420e-9c90-47286da2218f>>_ <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fopenspecs%2Fwindows_protocols%2Fms-nrpc%2F8c7808e5-4e5c-420e-9c90-47286da2218f&data=05%7C02%7Csrenaden%40microsoft.com%7C486ba47e7fee4a3849ca08dcb1d389cb%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638580769327355025%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=bfFedk7NsQ2Sjz7qXgE8svk2wn%2FpiDb7NVgrhZdygtM%3D&reserved=0 <https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/8c7808e5-4e5c-420e-9c90-47286da2218f>>)
>>>          1.
>>> 
>>>  2.
>>>           Generic Passthrough returns
>>>     NETLOGON_VALIDATION_GENERIC_INFO2.   But the new TicketLogon will
>>>     return NETLOGON_VALIDATION_TICKET_LOGON.
>>>      1.
>>>         As NETLOGON_TICKET_LOGON_INFO message does not actually utilize
>>>         Generic Passthrough, you will use /ValidationLevel/ parameter is
>>>         7 (_NetLogonValidationTicketLogon
>>>         <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fopenspecs%2Fwindows_protocols%2Fms-nrpc%2F95154ae4-d305-43e5-82e4-d5353e0f117c&data=05%7C02%7Csrenaden%40microsoft.com%7C486ba47e7fee4a3849ca08dcb1d389cb%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638580769327358674%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=Qz67z7x650eKr%2FoBUryu%2B5IUUAE0DCrmxwZIe5ST82k%3D&reserved=0 <https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/95154ae4-d305-43e5-82e4-d5353e0f117c>>_ <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fopenspecs%2Fwindows_protocols%2Fms-nrpc%2F95154ae4-d305-43e5-82e4-d5353e0f117c&data=05%7C02%7Csrenaden%40microsoft.com%7C486ba47e7fee4a3849ca08dcb1d389cb%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638580769327361691%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=5RHPYtY6QcTuxgy6xz3JIEc6oi1sskor0BfDwy1Pwvw%3D&reserved=0 <https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/95154ae4-d305-43e5-82e4-d5353e0f117c>>),
>>>          1.
>>> 
>>>      2.
>>> 
>>> You can find a list of applicable Windows OS versions that have this 
>>> security update from the following link (click the “More…” link below 
>>> the title)
>>> 
>>>  3.
>>>     _https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Ftopic%2Fkb5037754-how-to-manage-pac-validation-changes-related-to-cve-2024-26248-and-cve-2024-29056-6e661d4f-799a-4217-b948-be0a1943fef1&data=05%7C02%7Csrenaden%40microsoft.com%7C486ba47e7fee4a3849ca08dcb1d389cb%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638580769327364718%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=VVzvoJun5vKBMruHjeP0SvcYpzmv4a33w9C6DdE9rxA%3D&reserved=0
>> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Ftopic%2Fkb5037754-how-to-manage-pac-validation-changes-related-to-cve-2024-26248-and-cve-2024-29056-6e661d4f-799a-4217-b948-be0a1943fef1&data=05%7C02%7Csrenaden%40microsoft.com%7C486ba47e7fee4a3849ca08dcb1d389cb%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638580769327368688%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=pZVRoogzqmI6vwZx%2B%2BDREYOkZ9z3CEI0AqdMqknkJiY%3D&reserved=0 
> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Ftopic%2Fkb5037754-how-to-manage-pac-validation-changes-related-to-cve-2024-26248-and-cve-2024-29056-6e661d4f-799a-4217-b948-be0a1943fef1&data=05%7C02%7Csrenaden%40microsoft.com%7C486ba47e7fee4a3849ca08dcb1d389cb%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638580769327372714%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=7hM4iTXDtlFYE8RQYdMStT5w%2B2tA3E6QE8l2rIC%2FPy8%3D&reserved=0 <https://support.microsoft.com/en-us/topic/kb5037754-how-to-manage-pac-validation-changes-related-to-cve-2024-26248-and-cve-2024-29056-6e661d4f-799a-4217-b948-be0a1943fef1>>>_
>>> 
>>>     This list does not include Server 2025, but it also contains this
>>>     update.
>>> 
>>> 
>>> Please let me know if you have additional questions.
>>> 
>>> Regards,
>>> 
>>> Sreekanth Nadendla
>>> 
>>> Microsoft Windows Open Specifications
>>> 
>>> 
>>> ------------------------------------------------------------------------
>>> *From:* Jo Sutton <jsutton at samba.org>
>>> *Sent:* Tuesday, July 16, 2024 12:33 AM
>>> *To:* Sreekanth Nadendla <srenaden at microsoft.com>; 
>>> cifs-protocol at lists.samba.org <cifs-protocol at lists.samba.org>
>>> *Cc:* Microsoft Support <supportmail at microsoft.com>
>>> *Subject:* Re: [cifs-protocol] [EXTERNAL] Re: [MS-APDS] 
>>> NETLOGON_TICKET_LOGON_INFO message - TrackingID#2405210040011397
>>> For completeness’ sake, I ran the same procedure against a Windows
>>> Server 2022 host, and got exactly the same STATUS_INVALID_PARAMETER
>>> error. For MessageType I tried both 0x00000003 and 0x00000026 (and many
>>> other values, for good measure).
>>> 
>>> Cheers,
>>> Jo (she/her)
>>> 
>>> On 10/07/24 2:08 pm, Jo Sutton via cifs-protocol wrote:
>>>  > Hi Sreekanth,
>>>  >
>>>  > I’m afraid that using 0x03 for the message type still gets me
>>>  > STATUS_INVALID_PARAMETER codes.
>>>  >
>>>  > 0x03 is the message type corresponding to KERB_VERIFY_PAC_REQUEST, which
>>>  > is used for the older method of PAC verification. But the message I’m
>>>  > attempting to send is NETLOGON_TICKET_LOGON_INFO ([MS-APDS] 2.2.2.1),
>>>  > which includes the entire Kerberos ticket and is used in the newer
>>>  > method of PAC verification.
>>>  >
>>>  > What do I need to do to get Windows Server 2019 to accept a
>>>  > NETLOGON_TICKET_LOGON_INFO message? I don’t see any information
>>>  > indicating that Windows Server 2019 doesn’t support such messages.
>>>  >
>>>  > Cheers,
>>>  > Jo (she/her)
>>>  >
>>>  > On 10/07/24 7:12 am, Sreekanth Nadendla wrote:
>>>  >> Hello Jo, can you change the message type from 0x00000026  ( byte
>>>  >> sequence seen as 26 00 00 00 below)  to 0x00000003 (to indicate
>>>  >> message type of KerbVerifyPacMessage) and try this again ?
>>>  >>
>>>  >> 0:002> db ProtocolSubmitBuffer L0x5e0
>>>  >>
>>>  >> 00000218`69819c80  26 00 00 00 00 00 11 00-21 00 31 00 c0 05 00 00
>>>  >>   &.......!.1.....
>>>  >> 00000218`69819c90  00 00 02 00 00 00 00 00-00 00 00 00 c0 05 00 00
>>>  >>   ................
>>>  >> 00000218`69819ca0  61 82 05 bc 30 82 05 b8-a0 03 02 01 05 a1 0d 1b
>>>  >>   a...0...........
>>>  >> .. ..... .. ..... .. .....
>>>  >> .. ..... .. ..... .. .....
>>>  >> .. ..... .. ..... .. .....
>>>  >> 00000218`6981a250  85 1d 35 87 38 7d b1 5b-52 c0 c3 e4 30 c8 77 7d
>>>  >>   ..5.8}.[R...0.w}
>>>  >>
>>>  >> Regards,
>>>  >>
>>>  >> Sreekanth Nadendla
>>>  >>
>>>  >> Microsoft Windows Open Specifications
>>>  >>
>>>  >>
>>>  >> ------------------------------------------------------------------------
>>>  >> *From:* Jo Sutton <jsutton at samba.org>
>>>  >> *Sent:* Tuesday, July 2, 2024 6:23 PM
>>>  >> *To:* Sreekanth Nadendla <srenaden at microsoft.com>;
>>>  >> cifs-protocol at lists.samba.org <cifs-protocol at lists.samba.org>
>>>  >> *Cc:* Microsoft Support <supportmail at microsoft.com>
>>>  >> *Subject:* [EXTERNAL] Re: [cifs-protocol] [MS-APDS]
>>>  >> NETLOGON_TICKET_LOGON_INFO message - TrackingID#2405210040011397
>>>  >> Thank you, Sreekanth. I’ve uploaded a trace and network capture of a
>>>  >> call to NetrLogonSamLogonEx() attempting to validate a service ticket.
>>>  >>
>>>  >> Cheers,
>>>  >> Jo (she/her)
>>>  >>
>>>  >> On 3/07/24 2:02 am, Sreekanth Nadendla wrote:
>>>  >>  > Hello Jo,  you may have gotten an invitation to upload files by now.
>>>  >>  > Please check your e-mail folders and let me know otherwise.
>>>  >>  >
>>>  >>  > Regards,
>>>  >>  >
>>>  >>  > Sreekanth Nadendla
>>>  >>  >
>>>  >>  > Microsoft Windows Open Specifications
>>>  >>  >
>>>  >>  >
>>>  >> ------------------------------------------------------------------------
>>>  >>  > *From:* Jo Sutton <jsutton at samba.org>
>>>  >>  > *Sent:* Monday, July 1, 2024 10:01 PM
>>>  >>  > *To:* Sreekanth Nadendla <srenaden at microsoft.com>;
>>>  >>  > cifs-protocol at lists.samba.org <cifs-protocol at lists.samba.org>
>>>  >>  > *Cc:* Microsoft Support <supportmail at microsoft.com>
>>>  >>  > *Subject:* [EXTERNAL] Re: [cifs-protocol] [MS-APDS]
>>>  >>  > NETLOGON_TICKET_LOGON_INFO message - TrackingID#2405210040011397
>>>  >>  > On second thoughts, I’d rather not send traces via unencrypted email.
>>>  >>  > Can you provide somewhere for me to upload them?
>>>  >>  >
>>>  >>  > Cheers,
>>>  >>  > Jo (she/her)
>>>  >>  >
>>>  >>  > On 2/07/24 1:57 pm, Jo Sutton via cifs-protocol wrote:
>>>  >>  >> [moving back to cifs-protocol]
>>>  >>  >>
>>>  >>  >> Hi Sreekanth,
>>>  >>  >>
>>>  >>  >> Call me Jo :)
>>>  >>  >>
>>>  >>  >> As I can’t seem to upload the traces via the link you sent me,
>>>  >> I’ll try
>>>  >>  >> to email them to you directly.
>>>  >>  >>
>>>  >>  >> The reason for asking about NETLOGON_TICKET_LOGON_INFO is that we’re
>>>  >>  >> looking to address
>>>  >> 
>>> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.samba.org%2Fshow_bug.cgi%3Fid%3D15249&data=05%7C02%7Csrenaden%40microsoft.com%7C486ba47e7fee4a3849ca08dcb1d389cb%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638580769327375786%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=6N2KbmKTYun%2BZ1xmECBrJvs4p8rmavhx8QfUGuuH2YY%3D&reserved=0 <https://bugzilla.samba.org/show_bug.cgi?id=15249> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.samba.org%2Fshow_bug.cgi%3Fid%3D15249&data=05%7C02%7Csrenaden%40microsoft.com%7C486ba47e7fee4a3849ca08dcb1d389cb%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638580769327378909%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=fn6luE9dNX125IDJhDLVzFFtxHUqVF5YED4vBJPMW7E%3D&reserved=0 <https://bugzilla.samba.org/show_bug.cgi?id=15249>> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.samba.org%2Fshow_bug.cgi%3Fid%3D15249&data=05%7C02%7Csrenaden%40microsoft.com%7C486ba47e7fee4a3849ca08dcb1d389cb%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638580769327381834%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=q54fkaHzvBl%2Fx5HbawzKysIu9zTWlkQmI%2FJ6P%2BOOeLU%3D&reserved=0 <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.samba.org%2Fshow_bug.cgi%3Fid%3D15249&data=05%7C02%7Csrenaden%40microsoft.com%7C486ba47e7fee4a3849ca08dcb1d389cb%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638580769327384751%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=UFEI%2Bc0BaEDNOQPXvV9e9vYbWtWCabB2TLWNOu8y%2FbE%3D&reserved=0 <https://bugzilla.samba.org/show_bug.cgi?id=15249>>> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.samba.org%2Fshow_bug.cgi%3Fid%3D15249&data=05%7C02%7Csrenaden%40microsoft.com%7C486ba47e7fee4a3849ca08dcb1d389cb%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638580769327387630%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=oWILqwdii1Sk59PJccG%2FBm2Nr%2BLrWR8W5zftukwQZWc%3D&reserved=0 <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.samba.org%2Fshow_bug.cgi%3Fid%3D15249&data=05%7C02%7Csrenaden%40microsoft.com%7C486ba47e7fee4a3849ca08dcb1d389cb%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638580769327390442%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=M0GJWUVvzBCgJ2vT%2F6VTmZMLK8s7%2BmNYqdQPV8AYLmE%3D&reserved=0 <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.samba.org%2Fshow_bug.cgi%3Fid%3D15249&data=05%7C02%7Csrenaden%40microsoft.com%7C486ba47e7fee4a3849ca08dcb1d389cb%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638580769327393209%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=%2BzNH0leTGD6lDWqe1T%2FrguImAjPXaRAu8QWA1PbTr1Q%3D&reserved=0 <https://bugzilla.samba.org/show_bug.cgi?id=15249>>>> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.samba.org%2Fshow_bug.cgi%3Fid%3D15249&data=05%7C02%7Csrenaden%40microsoft.com%7C486ba47e7fee4a3849ca08dcb1d389cb%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638580769327396011%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=k2MoKF3DBuj61QqHuuMculXK%2B6eEjCuXUVjcUEetZI4%3D&reserved=0 <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.samba.org%2Fshow_bug.cgi%3Fid%3D15249&data=05%7C02%7Csrenaden%40microsoft.com%7C486ba47e7fee4a3849ca08dcb1d389cb%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638580769327398785%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=APARqEUDRPsWov5r8nR1hSKOiVsSA6j9%2FRy%2FhR2ha88%3D&reserved=0 <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.samba.org%2Fshow_bug.cgi%3Fid%3D15249&data=05%7C02%7Csrenaden%40microsoft.com%7C486ba47e7fee4a3849ca08dcb1d389cb%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638580769327401601%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=zp4%2BHhtMme%2FBVgCCGXFY%2BPe9hGK7vOjXfhAHYyMmcuc%3D&reserved=0 <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.samba.org%2Fshow_bug.cgi%3Fid%3D15249&data=05%7C02%7Csrenaden%40microsoft.com%7C486ba47e7fee4a3849ca08dcb1d389cb%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638580769327404327%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=kuTVAK77lt5FatGY14kYtjeDIQsWBG7nt9Q2TWSPJnE%3D&reserved=0 <https://bugzilla.samba.org/show_bug.cgi?id=15249>>>>>.
>>>  >>  >>
>>>  >>  >> Cheers,
>>>  >>  >> Jo (she/her)
>>>  >>  >>
>>>  >>  >> On 14/06/24 3:39 am, Sreekanth Nadendla wrote:
>>>  >>  >>> Hello Joseph, I've sent you instructions to download time travel
>>>  >> trace
>>>  >>  >>> tool to collect traces for lass process earlier. But we were
>>>  >> informed
>>>  >>  >>> by Andrew Bartlet that the reason why you've raised the login issue
>>>  >>  >>> with [MS-APDS] NETLOGON_TICKET_LOGON_INFO is that you are 
>>> looking to
>>>  >>  >>> resolve a privilege escalation problem via enforcement of PAC
>>>  >>  >>> verification.  I could not see how these two issues are connected
>>>  >>  >>> hence I'm unable to continue the investigation on my own (while you
>>>  >>  >>> are away dealing with a personal issue).
>>>  >>  >>> Please let us know whenever you are ready and we will gather the
>>>  >>  >>> details, data to investigate the issue you are experiencing.
>>>  >>  >>>
>>>  >>  >>> Regards,
>>>  >>  >>>
>>>  >>  >>> Sreekanth Nadendla
>>>  >>  >>>
>>>  >>  >>> Microsoft Windows Open Specifications
>>>  >>  >>>
>>>  >>  >>>
>>>  >>  >>>
>>>  >>  >>>
>>>  >>  >>>
>>>  >>  >>>
>>>  >>  >>> From: Jo Sutton <jsutton at samba.org>
>>>  >>  >>>
>>>  >>  >>> Sent: Monday, May 20, 2024 9:49 PM
>>>  >>  >>> To: cifs-protocol at lists.samba.org <cifs-protocol at lists.samba.org>;
>>>  >>  >>> Interoperability Documentation Help <dochelp at microsoft.com>
>>>  >>  >>> Subject: [EXTERNAL] [MS-APDS] NETLOGON_TICKET_LOGON_INFO message
>>>  >>  >>> [Some people who received this message don't often get email from
>>>  >>  >>> jsutton at samba.org. Learn why this is important at
>>>  >>  >>> https://aka.ms/LearnAboutSenderIdentification 
> <https://aka.ms/LearnAboutSenderIdentification>
>> <https://aka.ms/LearnAboutSenderIdentification 
> <https://aka.ms/LearnAboutSenderIdentification>>
>>> <https://aka.ms/LearnAboutSenderIdentification 
>> <https://aka.ms/LearnAboutSenderIdentification 
> <https://aka.ms/LearnAboutSenderIdentification>>>
>>>  >> <https://aka.ms/LearnAboutSenderIdentification 
>>> <https://aka.ms/LearnAboutSenderIdentification 
>> <https://aka.ms/LearnAboutSenderIdentification 
> <https://aka.ms/LearnAboutSenderIdentification>>>>
>>>  >>  > <https://aka.ms/LearnAboutSenderIdentification
>>>  >> <https://aka.ms/LearnAboutSenderIdentification 
>>> <https://aka.ms/LearnAboutSenderIdentification 
>> <https://aka.ms/LearnAboutSenderIdentification 
> <https://aka.ms/LearnAboutSenderIdentification>>>>> ]
>>>  >>  >>>
>>>  >>  >>> Hi dochelp,
>>>  >>  >>>
>>>  >>  >>> I’m trying to follow [MS-APDS] 2.2.2.1, “NETLOGON_TICKET_LOGON_INFO
>>>  >>  >>> Message”, in order to create a NETLOGON_TICKET_LOGON_INFO message
>>>  >> that
>>>  >>  >>> will be accepted by Windows Server 2019. However, in my attempts
>>>  >> so far,
>>>  >>  >>> all I’ve got is STATUS_INVALID_PARAMETER codes from
>>>  >> NetrLogonSamLogonEx.
>>>  >>  >>>
>>>  >>  >>> Although [MS-APDS] doesn’t mention it, I assume
>>>  >>  >>> NETLOGON_TICKET_LOGON_INFO should contain an unsigned 32‐bit
>>>  >> MessageType
>>>  >>  >>> field, set to 0x00000026, that indicates the message is a
>>>  >>  >>> NETLOGON_TICKET_LOGON_INFO message. Other than that, I’m not sure
>>>  >> what
>>>  >>  >>> I’m doing wrong. Are the ticket fields arrays, are depicted in the
>>>  >>  >>> diagram, or pointers, as claimed in the documentation?
>>>  >>  >>>
>>>  >>  >>> I can provide traces showing the problem if you would like.
>>>  >>  >>>
>>>  >>  >>> Cheers,
>>>  >>  >>> Jo (she/her)
>>>  >>  >>
>>>  >>  >>
>>>  >>  >> _______________________________________________
>>>  >>  >> cifs-protocol mailing list
>>>  >>  >> cifs-protocol at lists.samba.org
>>>  >>  >>
>>>  >> 
>>> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.samba.org%2Fmailman%2Flistinfo%2Fcifs-protocol&data=05%7C02%7Csrenaden%40microsoft.com%7C486ba47e7fee4a3849ca08dcb1d389cb%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638580769327407308%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=cXrdstI%2BFjz4GP9lSChtOKS3qCghoRXpxuRfExbKUIU%3D&reserved=0 <https://lists.samba.org/mailman/listinfo/cifs-protocol> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.samba.org%2Fmailman%2Flistinfo%2Fcifs-protocol&data=05%7C02%7Csrenaden%40microsoft.com%7C486ba47e7fee4a3849ca08dcb1d389cb%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638580769327410056%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=9p0NeKkxWLG8D5COLIDonDLscY5RPQTDhtL%2BqiTH2Qg%3D&reserved=0 <https://lists.samba.org/mailman/listinfo/cifs-protocol>> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.samba.org%2Fmailman%2Flistinfo%2Fcifs-protocol&data=05%7C02%7Csrenaden%40microsoft.com%7C486ba47e7fee4a3849ca08dcb1d389cb%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638580769327412805%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=MlzPZLPK8e7r%2FWRZd66ROH8oFjUqUOQEmNg3mhcPTOw%3D&reserved=0 <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.samba.org%2Fmailman%2Flistinfo%2Fcifs-protocol&data=05%7C02%7Csrenaden%40microsoft.com%7C486ba47e7fee4a3849ca08dcb1d389cb%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638580769327415542%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=FuE%2FXlmXOoo26%2BNWfaWUKXjtORG5%2FTH2xNmKhco6vkE%3D&reserved=0 <https://lists.samba.org/mailman/listinfo/cifs-protocol>>> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.samba.org%2Fmailman%2Flistinfo%2Fcifs-protocol&data=05%7C02%7Csrenaden%40microsoft.com%7C486ba47e7fee4a3849ca08dcb1d389cb%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638580769327418313%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=SfGhCuoaurN4HyZUXjjxg1C1b09KCcG1n8i80Pq1jd8%3D&reserved=0 <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.samba.org%2Fmailman%2Flistinfo%2Fcifs-protocol&data=05%7C02%7Csrenaden%40microsoft.com%7C486ba47e7fee4a3849ca08dcb1d389cb%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638580769327421050%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=1pVNkKuYH5Lqlr9ajvn2t%2FmVza274WzQKvYkcGoUAS8%3D&reserved=0 <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.samba.org%2Fmailman%2Flistinfo%2Fcifs-protocol&data=05%7C02%7Csrenaden%40microsoft.com%7C486ba47e7fee4a3849ca08dcb1d389cb%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638580769327423828%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=Bwj%2BZ5HLYG1vMoEfvxoE6PKnXYSfeaQk4qNPo6ctVOc%3D&reserved=0 <https://lists.samba.org/mailman/listinfo/cifs-protocol>>>> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.samba.org%2Fmailman%2Flistinfo%2Fcifs-protocol&data=05%7C02%7Csrenaden%40microsoft.com%7C486ba47e7fee4a3849ca08dcb1d389cb%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638580769327426546%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=2974BngbXxNIlX3QSm6SjsLgqN6VzY2mVLSuU34EJP8%3D&reserved=0 <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.samba.org%2Fmailman%2Flistinfo%2Fcifs-protocol&data=05%7C02%7Csrenaden%40microsoft.com%7C486ba47e7fee4a3849ca08dcb1d389cb%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638580769327429259%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=%2FnE1LaWAQ3GeMdb1XQxfUzSlaTHCs7h1WRXo3IpJqUg%3D&reserved=0 <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.samba.org%2Fmailman%2Flistinfo%2Fcifs-protocol&data=05%7C02%7Csrenaden%40microsoft.com%7C486ba47e7fee4a3849ca08dcb1d389cb%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638580769327431954%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=Tqev5S01mLnJzpRcW7%2F4t0aJ3ywF1hQUfxM1tibhCHU%3D&reserved=0 <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.samba.org%2Fmailman%2Flistinfo%2Fcifs-protocol&data=05%7C02%7Csrenaden%40microsoft.com%7C486ba47e7fee4a3849ca08dcb1d389cb%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638580769327434706%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=oZ87Tt0Ln7NY4GRKaVK1NnroDRjiPj3Nr7Qqv4DXqYs%3D&reserved=0 <https://lists.samba.org/mailman/listinfo/cifs-protocol>>>>>
>>>  >
>>>  >
>>>  > _______________________________________________
>>>  > cifs-protocol mailing list
>>>  > cifs-protocol at lists.samba.org
>>>  > 
>>> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.samba.org%2Fmailman%2Flistinfo%2Fcifs-protocol&data=05%7C02%7Csrenaden%40microsoft.com%7C486ba47e7fee4a3849ca08dcb1d389cb%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638580769327437530%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=T9j4QGbpcJuyek8QYUZdPzTDFD%2FgSS%2BZo4LS9L6iyHE%3D&reserved=0 <https://lists.samba.org/mailman/listinfo/cifs-protocol> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.samba.org%2Fmailman%2Flistinfo%2Fcifs-protocol&data=05%7C02%7Csrenaden%40microsoft.com%7C486ba47e7fee4a3849ca08dcb1d389cb%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638580769327440433%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=dTzyUQECy2SlN3%2FX%2B0Llx9iWB6QwGeN3pV%2B3ZiMjSUQ%3D&reserved=0 <https://lists.samba.org/mailman/listinfo/cifs-protocol>> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.samba.org%2Fmailman%2Flistinfo%2Fcifs-protocol&data=05%7C02%7Csrenaden%40microsoft.com%7C486ba47e7fee4a3849ca08dcb1d389cb%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638580769327443210%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=zmdPupMbuzdcGII9iPKSYD1ZWKwTJx%2FuyslK1IDm1lg%3D&reserved=0 <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.samba.org%2Fmailman%2Flistinfo%2Fcifs-protocol&data=05%7C02%7Csrenaden%40microsoft.com%7C486ba47e7fee4a3849ca08dcb1d389cb%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638580769327445942%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=K0grEmfryE4nuNxPVKdK%2FxaX5LIThTsve5sgHgBwR2c%3D&reserved=0 <https://lists.samba.org/mailman/listinfo/cifs-protocol>>>
> 


More information about the cifs-protocol mailing list