[cifs-protocol] [MS-APDS] NETLOGON_TICKET_LOGON_INFO message - TrackingID#2405210040011397

Tue Jul 2 14:02:31 UTC 2024

Hello Jo,  you may have gotten an invitation to upload files by now. Please check your e-mail folders and let me know otherwise.

Regards,

Sreekanth Nadendla

Microsoft Windows Open Specifications

________________________________
From: Jo Sutton <jsutton at samba.org>
Sent: Monday, July 1, 2024 10:01 PM
To: Sreekanth Nadendla <srenaden at microsoft.com>; cifs-protocol at lists.samba.org <cifs-protocol at lists.samba.org>
Cc: Microsoft Support <supportmail at microsoft.com>
Subject: [EXTERNAL] Re: [cifs-protocol] [MS-APDS] NETLOGON_TICKET_LOGON_INFO message - TrackingID#2405210040011397

On second thoughts, I’d rather not send traces via unencrypted email.
Can you provide somewhere for me to upload them?

Cheers,
Jo (she/her)

On 2/07/24 1:57 pm, Jo Sutton via cifs-protocol wrote:
> [moving back to cifs-protocol]
>
> Hi Sreekanth,
>
> Call me Jo :)
>
> As I can’t seem to upload the traces via the link you sent me, I’ll try
> to email them to you directly.
>
> The reason for asking about NETLOGON_TICKET_LOGON_INFO is that we’re
> looking to address https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.samba.org%2Fshow_bug.cgi%3Fid%3D15249&data=05%7C02%7Csrenaden%40microsoft.com%7C83670b065fbc4d16899808dc9a3af045%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638554825139640803%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=aQFBXTi1EROEIq9H1Nj39tDjsQ6BA9FyVNhfmfwj6MI%3D&reserved=0<https://bugzilla.samba.org/show_bug.cgi?id=15249>.
>
> Cheers,
> Jo (she/her)
>
> On 14/06/24 3:39 am, Sreekanth Nadendla wrote:
>> Hello Joseph, I've sent you instructions to download time travel trace
>> tool to collect traces for lass process earlier. But we were informed
>> by Andrew Bartlet that the reason why you've raised the login issue
>> with [MS-APDS] NETLOGON_TICKET_LOGON_INFO is that you are looking to
>> resolve a privilege escalation problem via enforcement of PAC
>> verification.  I could not see how these two issues are connected
>> hence I'm unable to continue the investigation on my own (while you
>> are away dealing with a personal issue).
>> Please let us know whenever you are ready and we will gather the
>> details, data to investigate the issue you are experiencing.
>>
>> Regards,
>>
>> Sreekanth Nadendla
>>
>> Microsoft Windows Open Specifications
>>
>>
>>
>>
>>
>>
>> From: Jo Sutton <jsutton at samba.org>
>>
>> Sent: Monday, May 20, 2024 9:49 PM
>> To: cifs-protocol at lists.samba.org <cifs-protocol at lists.samba.org>;
>> Interoperability Documentation Help <dochelp at microsoft.com>
>> Subject: [EXTERNAL] [MS-APDS] NETLOGON_TICKET_LOGON_INFO message
>> [Some people who received this message don't often get email from
>> jsutton at samba.org. Learn why this is important at
>> https://aka.ms/LearnAboutSenderIdentification ]
>>
>> Hi dochelp,
>>
>> I’m trying to follow [MS-APDS] 2.2.2.1, “NETLOGON_TICKET_LOGON_INFO
>> Message”, in order to create a NETLOGON_TICKET_LOGON_INFO message that
>> will be accepted by Windows Server 2019. However, in my attempts so far,
>> all I’ve got is STATUS_INVALID_PARAMETER codes from NetrLogonSamLogonEx.
>>
>> Although [MS-APDS] doesn’t mention it, I assume
>> NETLOGON_TICKET_LOGON_INFO should contain an unsigned 32‐bit MessageType
>> field, set to 0x00000026, that indicates the message is a
>> NETLOGON_TICKET_LOGON_INFO message. Other than that, I’m not sure what
>> I’m doing wrong. Are the ticket fields arrays, are depicted in the
>> diagram, or pointers, as claimed in the documentation?
>>
>> I can provide traces showing the problem if you would like.
>>
>> Cheers,
>> Jo (she/her)
>
>
> _______________________________________________
> cifs-protocol mailing list
> cifs-protocol at lists.samba.org
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.samba.org%2Fmailman%2Flistinfo%2Fcifs-protocol&data=05%7C02%7Csrenaden%40microsoft.com%7C83670b065fbc4d16899808dc9a3af045%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638554825139647864%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=d8RdLMIv1vB7GGJzluzMBC%2Fhf5MdBJy%2BGF3wNHCMb0o%3D&reserved=0<https://lists.samba.org/mailman/listinfo/cifs-protocol>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20240702/b1b8b71f/attachment.htm>