FWD: Some compilation warnings

Elrond elrond at samba-tng.org
Wed Jun 20 16:00:05 GMT 2001 

On Wed, Jun 20, 2001 at 10:28:03AM -0500, Gerald Carter wrote:
> On Wed, 20 Jun 2001, Luke Kenneth Casson Leighton wrote:
> 
> > hiya jerry, good to hear from you.
> 
> :-)  You doing ok?
> 
> > unrecognised opcodes are already fault-pdu'd, that's how
> > ms managed to upgrade to LsaOpenPolicy3 and still
> > maintain backwards-compatibility.
> 
> But it was not an unrecognized opcode.  It was a known command
> with an unknown info level :)

Exactly my point.


> > this is likely to be related not to the info level but to
> > a newly-negotiated security 'blob' on the samr_get_user_info().
> 
> Could be.  But an NT 4 PDC doesn't support the
> EXTENDED_CAP_SECURITY_BITS.
> 
> > anyway, if the sam_user_get_info() or sam_user_set_info()
> > contains 'incorrect' info for the encryption / decryption
> > of the user passwords, then you are expected to return
> > a 'fault' pdu.
> >
> > seems perfectly reasonable to me.
> 
> I just don't see the logic for an invalid info level though.
> Anyways...

Okay, which info level is it?

(I want to ask a nt4-pdc and a win2k-sp1-pdc(which I have
to dig out of the cave...))


The main other question is how to do this the _right_ way
in TNG... Deciding, that this is an unknown info level
happens in _samr_get_user_info(), what is the nicest way,
that this functions tells the dce/rpc-rt, that it wants to
faul-pdu on this request?



> > i presume that MS use this to detect 'ah ha!  this server
> > doesn't support my new spiffy-diffy more secure user-password
> > encryption, i'll revert to the old insecure method that
> > we know and love and allows an attacker to decode all
> > my passwords as if they were clear-text in the first place'.
> >
> > so, basically, try decoding the user-password.  if it comes
> > out as garbage, or the length is not 516 bytes in 0x17 and
> > 0x18 info levels, and not exactly... urrr... 16 bytes
> > [each, for LM and NT] in 0x12 info level, then return a
> > Fault PDU.
> 
> Again...these are valid points.  Need to look at it again
> once I get a chance.

Well... get sends in... *checking*

A Handle (user!) and the switch value (uint16).


How can that fail on the unmarshalling/"decryption" part?


    Elrond


> cheers, jerry
> ----------------------------------------------------------------------
>    /\  Gerald (Jerry) Carter                     Professional Services
>  \/    http://www.valinux.com/  VA Linux Systems   gcarter at valinux.com
>        http://www.samba.org/       SAMBA Team          jerry at samba.org
>        http://www.plainjoe.org/                     jerry at plainjoe.org
> 
>        "...a hundred billion castaways looking for a home."
>                                 - Sting "Message in a Bottle" ( 1979 )

More information about the samba-technical mailing list