G'day, My friend in Samba development Matthieu has been chasing down small but possibly significant differences between Samba4 and Windows. He is puzzled by the following, and we wondered if you might be able to shed some light on the matter.
Thanks, Andrew Bartlett -------- Original Message -------- Subject: clarify reserved bytes that are in fact used in LogonSamLogonEx response Date: Mon, 20 Jul 2009 00:45:28 +0400 From: Matthieu Patou <[email protected]> Hello, Data returned by the LogonSamLogonEx RPC there is a NETLOGON_VALIDATION pointer called ValidationInformation (in MS-NRPC.pdf). The following data is obtained with a Windows 2003R2 server 0000 06 00 00 00 00 00 02 00 10 95 6f 37 a6 05 ca 01 0010 ff ff ff ff ff ff ff 7f ff ff ff ff ff ff ff 7f 0020 04 53 0a 67 38 61 c9 01 04 13 74 91 01 62 c9 01 0030 ff ff ff ff ff ff ff 7f 1a 00 1c 00 04 00 02 00 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0060 00 00 00 00 00 00 00 00 3b 00 00 00 f4 01 00 00 0070 01 02 00 00 05 00 00 00 08 00 02 00 20 05 00 00 0080 fa 40 c6 06 2c 65 f8 cc 0e 8e 5c 8a 9e 9a 57 b7 0090 14 00 16 00 0c 00 02 00 0c 00 0e 00 10 00 02 00 00a0 14 00 02 00 c7 b2 00 73 b4 fb 7d b2 10 02 00 00 00b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00d0 00 00 00 00 14 00 16 00 18 00 02 00 30 00 30 00 00e0 1c 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0100 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0110 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0120 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0130 00 00 00 00 0e 00 00 00 00 00 00 00 0d 00 00 00 0140 41 00 64 00 6d 00 69 00 6e 00 69 00 73 00 74 00 0150 72 00 61 00 74 00 6f 00 72 00 00 00 05 00 00 00 0160 07 02 00 00 07 00 00 00 08 02 00 00 07 00 00 00 0170 00 02 00 00 07 00 00 00 06 02 00 00 07 00 00 00 0180 01 02 00 00 07 00 00 00 0b 00 00 00 00 00 00 00 0190 0a 00 00 00 57 00 32 00 4b 00 33 00 41 00 44 00 01a0 56 00 5a 00 30 00 31 00 07 00 00 00 00 00 00 00 01b0 06 00 00 00 4d 00 53 00 57 00 32 00 4b 00 33 00 01c0 04 00 00 00 01 04 00 00 00 00 00 05 15 00 00 00 01d0 86 ec 41 48 9a 49 bf 58 d1 8f f7 2b 0b 00 00 00 01e0 00 00 00 00 0a 00 00 00 6d 00 73 00 77 00 32 00 01f0 6b 00 33 00 2e 00 74 00 73 00 74 00 18 00 00 00 0200 00 00 00 00 18 00 00 00 41 00 64 00 6d 00 69 00 0210 6e 00 69 00 73 00 74 00 72 00 61 00 74 00 6f 00 0220 72 00 40 00 6d 00 73 00 77 00 32 00 6b 00 33 00 0230 2e 00 74 00 73 00 74 00 01 00 00 00 00 00 00 00 0240 00 00 00 00 As the level for this netlogon_validation is 6, the returned data is in fact a pointer to a NETLOGON_VALIDATION_SAM_INFO4 structure called ValidationSam4. It is stated: "All fields of this structure, except the following fields, have the same meaning as the identically named fields in the KERB_VALIDATION_INFO structure, as specified in [MS-PAC] section 2.5. The following is the list of fields that are not found in [MS-PAC]" Reading this document inform us that after LogonDomainId there is reserved1 (at offset 0xa5) "Reserved1: A two-element array of unsigned 32-bit integers. This member is reserved, and each element of the array MUST be equal to 0x00000000 and MUST be ignored on receipt." Clearly it's not the case here because the value is not null: c7 b2 00 73 b4 fb 7d b2. Can you explain the contents of this two longs ? Best regards. Matthieu Patou. -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Cisco Inc.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
