rpc bind/bind_ack credentials
Matthieu Patou
mat+Informatique.Samba at matws.net
Sun Aug 9 06:19:26 MDT 2009
Hello,
I was wondering if someone knows where I can find more information in
the WSPP docs about this fields that you can find in a Bind call for
LSARPC when doing secure channel authentication.
schannel.idl gives this informations:
interface schannel
{
/*
a schannel bind blob - used in dcerpc auth_info
on a schannel
*/
typedef struct {
astring domain;
astring workstation;
} schannel_bind_3;
typedef struct {
astring domain;
astring workstation;
nbt_string dnsdomain;
nbt_string dnsworkstation;
} schannel_bind_23;
typedef [nodiscriminant] union {
[case (3)] schannel_bind_3 info3;
[case (23)] schannel_bind_23 info23;
} schannel_bind_info;
typedef [public] struct {
uint32 unknown1; /* seems to need to be 0 */
uint32 bind_type;
[switch_is(bind_type)] schannel_bind_info u;
} schannel_bind;
/* a bind_ack blob */
typedef [public] struct {
uint32 unknown1; /* 1 */
uint32 unknown2; /* 0 */
uint32 unknown3; /* 0x006c0000 */
} schannel_bind_ack;
}
But I'm quite surprise that it works as when windows 2003/windows 2008
do a bind call to samba4 server field bind_type has the value 0x17 (23)
but only transmit a domain and a workstation and no dnsdomain and
dnsworkstation (maybe it's ok for the parser to have nothing I didn't
investigate)
Also when I look at response from windows 2003/2008 DC the field
unknown3 of the schannel_bind_ack is not 0x006c0000 and is in fact
changing most of the time.
Matthieu.
More information about the samba-technical
mailing list