rpc bind/bind_ack credentials

Matthieu Patou mat+Informatique.Samba at matws.net
Sun Aug 9 06:19:26 MDT 2009


I was wondering if someone knows where I can find more information in 
the WSPP docs about this fields that you can find in a Bind call for 
LSARPC when doing secure channel authentication.

schannel.idl gives this informations:

interface schannel
     a schannel bind blob - used in dcerpc auth_info
     on a schannel
   typedef struct {
     astring domain;
     astring workstation;
   } schannel_bind_3;

   typedef struct {
     astring domain;
     astring workstation;
     nbt_string dnsdomain;
     nbt_string dnsworkstation;
   } schannel_bind_23;

   typedef [nodiscriminant] union {
     [case (3)]  schannel_bind_3  info3;
     [case (23)] schannel_bind_23 info23;
   } schannel_bind_info;

   typedef [public] struct {
     uint32 unknown1; /* seems to need to be 0 */
     uint32 bind_type;
     [switch_is(bind_type)] schannel_bind_info u;
   } schannel_bind;

   /* a bind_ack blob */
   typedef [public] struct {
     uint32 unknown1; /* 1 */
     uint32 unknown2; /* 0 */
     uint32 unknown3; /* 0x006c0000 */
   } schannel_bind_ack;

But I'm quite surprise that it works as when windows 2003/windows 2008 
do a bind call to samba4 server field bind_type has the value 0x17 (23) 
but only transmit a domain and a workstation and no dnsdomain and 
dnsworkstation (maybe it's ok for the parser to have nothing I didn't 

Also when I look at response from windows 2003/2008 DC the field 
unknown3 of the schannel_bind_ack is not 0x006c0000 and is in fact 
changing most of the time.


More information about the samba-technical mailing list