[prev in list] [next in list] [prev in thread] [next in thread]
List: cifs-protocol
Subject: Re: [cifs-protocol] [EXTERNAL] Re: [MS-LSAD] LsarCreateTrustedDomainEx3 requires cbCipher 520 for Au
From: "Jeff McCashland \(He/him\) via cifs-protocol" <cifs-protocol () lists ! samba ! org>
Date: 2024-01-10 17:12:10
Message-ID: MN0PR21MB3701EBB3E6E2E98D8D74A9FFA3692 () MN0PR21MB3701 ! namprd21 ! prod ! outlook ! com
[Download RAW message or body]
We'll take another look.
Best regards,
Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Protocol Open \
Specifications Team
-----Original Message-----
From: Stefan Metzmacher <metze@samba.org>
Sent: Tuesday, January 9, 2024 11:53 PM
To: Jeff McCashland (He/him) <jeffm@microsoft.com>; Andreas Schneider \
<asn@samba.org>; cifs-protocol@lists.samba.org
Subject: Re: [cifs-protocol] [EXTERNAL] Re: [MS-LSAD] LsarCreateTrustedDomainEx3 \
requires cbCipher 520 for Auth information - TrackingID#2312150040008317
Hi Jeff,
> We have updated [MS-LSAD] for the next release to address this issue:
>
> 2.2.7.29 LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL_AES
> The LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL_AES structure communicates \
> authentication material. The cleartext password data is in the form of a \
> LSAPR_TRUSTED_DOMAIN_AUTH_BLOB (section 2.2.7.16). The following structure \
> corresponds to the TrustedDomainAuthInformationInternalAes information class \
> (section 2.2.7.2).
> 3.1.4.7.17 LsarCreateTrustedDomainEx3 (Opnum 129)
> AuthenticationInformation: A structure containing encrypted \
> LSAPR_TRUSTED_DOMAIN_AUTH_BLOB (section 2.2.7.16) authentication information for \
> the trusted domain. If the length of cbCipher in AuthenticationInformation is less \
> than (512 + IncomingAuthInfoSize + OutgoingAuthInfoSize) the server MUST return \
> STATUS_INVALID_PARAMETER.
Please note that LSAPR_TRUSTED_DOMAIN_AUTH_BLOB is not strictly correct.
Maybe it would be useful to define a new separate structure for the content of \
LSAPR_TRUSTED_DOMAIN_AUTH_BLOB.AuthBlob. As that's what is used in \
LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL_AES.Cipher
metze
_______________________________________________
cifs-protocol mailing list
cifs-protocol@lists.samba.org
https://lists.samba.org/mailman/listinfo/cifs-protocol
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic