RE: [cifs-protocol] RE: CreateTrustedDomainEX blob incorrect

Tue, 04 Nov 2008 15:44:17 -0800 

On Tue, 2008-11-04 at 11:33 -0800, Richard Guthrie wrote:
> Andrew,
> 
> The section of the documentation that I sent you included the
> following updated text.  It was decided to put this information in
> section 2.2.58 because this structure is used by multiple interfaces.
> 
>         The incoming and outgoing authentication information buffer
> size included at the end of the LSAPR_TRUSTED_DOMAIN_AUTH_BLOB can be
> used to extract       the incoming and outgoing authentication
> information buffers from the LSAPR_TRUSTED_DOMAIN_AUTH_BLOB. Each of
> these buffers contains the byte   offset to both the current and the
> previous authentication information. This information can be used to
> extract current and (if any) previous   authentication information.
> 
> It would appear that the trustAuthInOutBlob in the IDL you provided
> does not correctly represent LSAPR_TRUSTED_DOMAIN_AUTH_BLOB

I think I need to do some renaming in our IDL.  Not that I like the
Microsoft names, but the current situation is confusing.  We use this to
decode the LSA form of the blob:

        typedef [public,gensize] struct {
                uint32 count;
                [relative] AuthenticationInformation *current[count];
        } trustCurrentPasswords;

        typedef [public,nopull] struct {
                uint8 confounder[512];
                [subcontext(0),subcontext_size(outgoing_size)] 
trustCurrentPasswords
outgoing;
                [subcontext(0),subcontext_size(incoming_size)] 
trustCurrentPasswords
incoming;
                [value(ndr_size_trustCurrentPasswords(&outgoing, ndr->flags))] 
uint32
outgoing_size;
                [value(ndr_size_trustCurrentPasswords(&incoming, ndr->flags))] 
uint32
incoming_size;
        } trustDomainPasswords;


>  as it is missing a count of incoming auth infos.  I have included some 
> additional information in Layout of buffers in LSAPR_TRUSTED_DOMAIN_AUTH_BLOB 
> pdf/docx documents that are attached.

I can't read the docx files. 

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
cifs-protocol mailing list
[email protected]
https://lists.samba.org/mailman/listinfo/cifs-protocol

Reply via email to