FWD: Some compilation warnings
Elrond
elrond at samba-tng.org
Wed Jun 20 16:00:05 GMT 2001
On Wed, Jun 20, 2001 at 10:28:03AM -0500, Gerald Carter wrote:
> On Wed, 20 Jun 2001, Luke Kenneth Casson Leighton wrote:
>
> > hiya jerry, good to hear from you.
>
> :-) You doing ok?
>
> > unrecognised opcodes are already fault-pdu'd, that's how
> > ms managed to upgrade to LsaOpenPolicy3 and still
> > maintain backwards-compatibility.
>
> But it was not an unrecognized opcode. It was a known command
> with an unknown info level :)
Exactly my point.
> > this is likely to be related not to the info level but to
> > a newly-negotiated security 'blob' on the samr_get_user_info().
>
> Could be. But an NT 4 PDC doesn't support the
> EXTENDED_CAP_SECURITY_BITS.
>
> > anyway, if the sam_user_get_info() or sam_user_set_info()
> > contains 'incorrect' info for the encryption / decryption
> > of the user passwords, then you are expected to return
> > a 'fault' pdu.
> >
> > seems perfectly reasonable to me.
>
> I just don't see the logic for an invalid info level though.
> Anyways...
Okay, which info level is it?
(I want to ask a nt4-pdc and a win2k-sp1-pdc(which I have
to dig out of the cave...))
The main other question is how to do this the _right_ way
in TNG... Deciding, that this is an unknown info level
happens in _samr_get_user_info(), what is the nicest way,
that this functions tells the dce/rpc-rt, that it wants to
faul-pdu on this request?
> > i presume that MS use this to detect 'ah ha! this server
> > doesn't support my new spiffy-diffy more secure user-password
> > encryption, i'll revert to the old insecure method that
> > we know and love and allows an attacker to decode all
> > my passwords as if they were clear-text in the first place'.
> >
> > so, basically, try decoding the user-password. if it comes
> > out as garbage, or the length is not 516 bytes in 0x17 and
> > 0x18 info levels, and not exactly... urrr... 16 bytes
> > [each, for LM and NT] in 0x12 info level, then return a
> > Fault PDU.
>
> Again...these are valid points. Need to look at it again
> once I get a chance.
Well... get sends in... *checking*
A Handle (user!) and the switch value (uint16).
How can that fail on the unmarshalling/"decryption" part?
Elrond
> cheers, jerry
> ----------------------------------------------------------------------
> /\ Gerald (Jerry) Carter Professional Services
> \/ http://www.valinux.com/ VA Linux Systems gcarter at valinux.com
> http://www.samba.org/ SAMBA Team jerry at samba.org
> http://www.plainjoe.org/ jerry at plainjoe.org
>
> "...a hundred billion castaways looking for a home."
> - Sting "Message in a Bottle" ( 1979 )
More information about the samba-technical
mailing list