[cifs-protocol] [EXTERNAL] Re: [MS-LSAD] LsarCreateTrustedDomainEx3 requires cbCipher 520 for Auth information - TrackingID#2312150040008317
Stefan Metzmacher
metze at samba.org
Wed Jan 10 07:52:44 UTC 2024
Hi Jeff,
> We have updated [MS-LSAD] for the next release to address this issue:
>
> 2.2.7.29 LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL_AES
> The LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL_AES structure communicates authentication material. The cleartext password data is in the form of a LSAPR_TRUSTED_DOMAIN_AUTH_BLOB (section 2.2.7.16). The following structure corresponds to the TrustedDomainAuthInformationInternalAes information class (section 2.2.7.2).
>
> 3.1.4.7.17 LsarCreateTrustedDomainEx3 (Opnum 129)
> AuthenticationInformation: A structure containing encrypted LSAPR_TRUSTED_DOMAIN_AUTH_BLOB (section 2.2.7.16) authentication information for the trusted domain.
> If the length of cbCipher in AuthenticationInformation is less than (512 + IncomingAuthInfoSize + OutgoingAuthInfoSize) the server MUST return STATUS_INVALID_PARAMETER.
Please note that LSAPR_TRUSTED_DOMAIN_AUTH_BLOB is not strictly correct.
Maybe it would be useful to define a new separate structure for the content of
LSAPR_TRUSTED_DOMAIN_AUTH_BLOB.AuthBlob. As that's what is used in
LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL_AES.Cipher
metze
More information about the cifs-protocol
mailing list