Günther,
As a follow-up, below is the text of [MS-LSAD] 2.2.7.16 as it was updated for
your issue. It will become available in a future refresh of the documentation.
Bryan
2.2.7.16 LSAPR_TRUSTED_DOMAIN_AUTH_BLOB
The LSAPR_TRUSTED_DOMAIN_AUTH_BLOB structure contains a counted buffer of
authentication material. Domain trust authentication is specified in
[MS-ADTS]<%5bMS-ADTS%5d.pdf> section 7.1.6.9.1.
typedef struct _LSAPR_TRUSTED_DOMAIN_AUTH_BLOB {
[range(0,65536)] unsigned long AuthSize;
[size_is(AuthSize)] unsigned char* AuthBlob;
} LSAPR_TRUSTED_DOMAIN_AUTH_BLOB,
*PLSAPR_TRUSTED_DOMAIN_AUTH_BLOB;
AuthSize: The count of bytes in AuthBlob.<26>
AuthBlob: An array of bytes containing the authentication material. If the
AuthSize field has a value other than 0, this field MUST NOT be NULL. Always
encrypted using algorithms, as specified in section 5.1.1. The plaintext layout
is in the following format.
The incoming and outgoing authentication information buffer size included at
the end of the LSAPR_TRUSTED_DOMAIN_AUTH_BLOB can be used to extract the
incoming and outgoing authentication information buffers from the
LSAPR_TRUSTED_DOMAIN_AUTH_BLOB. Each of these buffers contains the byte offset
to both the current and the previous authentication information. This
information can be used to extract current and (if any) previous authentication
information.
0
1
2
3
4
5
6
7
8
9
1
0
1
2
3
4
5
6
7
8
9
2
0
1
2
3
4
5
6
7
8
9
3
0
1
512 bytes of random data ...
CountOutgoingAuthInfos
ByteOffsetCurrentOutgoingAuthInfo
ByteOffsetPreviousOutgoingAuthInfo
CurrentOutgoingAuthInfos
...
PreviousOutgoingAuthInfos (optional)
...
CountIncomingAuthInfos
ByteOffsetCurrentIncomingAuthInfo
ByteOffsetPreviousIncomingAuthInfo
CurrentIncomingAuthInfos
...
PreviousIncomingAuthInfos (optional)
...
OutgoingAuthInfoSize
IncomingAuthInfoSize
CountOutgoingAuthInfos (4 bytes): Specifies the count of entries present in the
CurrentOutgoingAuthInfos field. Also specifies the count of entries present in
the PreviousOutgoingAuthInfos field if this optional field is present.
ByteOffsetCurrentOutgoingAuthInfo (4 bytes): Specifies the byte offset from the
beginning of CountOutgoingAuthInfos to the start of the
CurrentOutgoingAuthInfos field. If CountOutgoingAuthInfos is 0, this field MUST
be ignored.
ByteOffsetPreviousOutgoingAuthInfo (4 bytes): Specifies the byte offset from
the beginning of CountOutgoingAuthInfos to the start of the
PreviousOutgoingAuthInfos field. If the difference between
ByteOffsetPreviousOutgoingAuthInfo and OutgoingAuthInfoSize is 0, the
PreviousOutgoingAuthInfos field has zero entries.
CurrentOutgoingAuthInfos: Contains an array of CountOutgoingAuthInfos of
LSAPR_AUTH_INFORMATION (section 2.2.7.17) entries in self-relative format. Each
LSAPR_AUTH_INFORMATION entry in the array MUST be 4-byte aligned. When it is
necessary to insert unused padding bytes into a buffer for data alignment, such
bytes MUST be set to 0.
PreviousOutgoingAuthInfos: Contains an array of CountOutgoingAuthInfos
LSAPR_AUTH_INFORMATION entries in self-relative format. See the comments for
the ByteOffsetPreviousOutgoingAuthInfo field to determine when this field is
present. Each LSAPR_AUTH_INFORMATION entry in the array MUST be 4-byte aligned.
When it is necessary to insert unused padding bytes into a buffer for data
alignment, such bytes MUST be set to 0.
CountIncomingAuthInfos (4 bytes): Specifies the count of entries present in the
CurrentIncomingAuthInfos field. Also specifies the count of entries present in
the PreviousIncomingAuthInfos field if this optional field is present.
ByteOffsetCurrentIncomingAuthInfo (4 bytes): Specifies the byte offset from the
beginning of CountIncomingAuthInfos to the start of the
CurrentIncomingAuthInfos field. If CountIncomingAuthInfos is 0, this field MUST
be ignored.
ByteOffsetPreviousIncomingAuthInfo (4 bytes): Specifies the byte offset from
the beginning of CountIncomingAuthInfos to the start of the
PreviousIncomingAuthInfos field. If the difference between
ByteOffsetPreviousIncomingAuthInfo and IncomingAuthInfoSize is 0, the
PreviousIncomingAuthInfos field has zero entries.
CurrentIncomingAuthInfos: Contains an array of CountIncomingAuthInfos
LSAPR_AUTH_INFORMATION entries in self-relative format. Each
LSAPR_AUTH_INFORMATION entry in the array MUST be 4-byte aligned. When it is
necessary to insert unused padding bytes into a buffer for data alignment, such
bytes MUST be set to 0.
PreviousIncomingAuthInfos: Contains an array of CountIncomingAuthInfos
LSAPR_AUTH_INFORMATION entries in self-relative format. See the comments for
the ByteOffsetPreviousIncomingAuthInfo field to determine when this field is
present. Each LSAPR_AUTH_INFORMATION entry in the array MUST be 4-byte aligned.
When it is necessary to insert unused padding bytes into a buffer for data
alignment, such bytes MUST be set to 0.
OutgoingAuthInfoSize (4 bytes): Specifies the size, in bytes, of the subportion
of the structure from the beginning of the CountOutgoingAuthInfos field through
the end of the of the PreviousOutgoingAuthInfos field.
IncomingAuthInfoSize (4 bytes): Specifies the size, in bytes, of the
sub-portion of the structure from the beginning of the CountIncomingAuthInfos
field through the end of the of the PreviousIncomingAuthInfos field.
-----Original Message-----
From: Bryan Burgin
Sent: Thursday, October 07, 2010 2:50 PM
To: Guenther Deschner ([email protected])
Cc: MSSolve Case Email; '[email protected]'; '[email protected]'
Subject: RE: [REG:110092949275537] MS-LSAD 2.2.7.16
LSAPR_TRUSTED_DOMAIN_AUTH_BLOB
Günther,
I should have waited a few seconds longer as I just received feedback from the
product group. Below are your questions and answers. Updates will be made to
the technical documents in a future refresh. Please let me know if this
resolves your questions.
Thank you for your patience.
Bryan
Q1: Is CountOutgoingAuthInfos defining the number of CurrentOutgoingAuthInfos
*and* PreviousOutgoingAuthInfos in total, n-times both structs or just n-times
CurrentOutgoingAuthInfos ? In any case, is it up the user to figure out the
number of PreviousOutgoingAuthInfos from calculation with the offsets ?
(likewise for CountIncomingAuthInfos and CurrentIncomingAuthInfos and
PreviousIncomingAuthInfos)
A: PreviousOutgoingAuthInfos is either an array of 0 elements or an array of
exactly the same number of elements as CurrentOutgoingAuthInfos (this number is
CountOutgoingAuthInfos). Same applies to CountIncomingAuthInfos and
CurrentIncomingAuthInfos and PreviousIncomingAuthInfos
Q2: "CountIncomingAuthInfos": is there a typo ? It says: "Specifies the count
of entries present in the CountIncomingAuthInfos field"
A: Yes, It should say "Specifies the count of entries present in the
CurrentIncomingAuthInfos field"
Q3: Which values do ByteOffsetCurrentOutgoingAuthInfo and
ByteOffsetPreviousOutgoingAuthInfo have in case CountOutgoingAuthInfos is 0 ?
(likewise for ByteOffsetCurrentIncomingAuthInfo and
ByteOffsetPreviousIncomingAuthInfo and CountIncomingAuthInfos)
A: ByteOffsetCurrentOutgoingAuthInfo will always be 12
([CountOutgoingAuthInfos][ByteOffsetCurrentOutgoingAuthInfo][ByteOffsetPreviousAuthInfos])
as it points to where the CurrentOutgoingAuthInfo array begins (which remains
the same irrespective of how many entries are in the array).
In this case (when CountOutgoingAuthInfos is 0),
ByteOffsetPreviousOutgoingAuthInfo will also be 12 as it points to where the
PreviousOutgoingAuthInfo array begins (which is
ByteOffsetCurrentOutgoingAuthInfo + size of CurrentIncomingAuthInfos and the
latter is 0).
-----Original Message-----
From: Bryan Burgin
Sent: Thursday, October 07, 2010 2:03 PM
To: Guenther Deschner ([email protected])
Cc: MSSolve Case Email
Subject: RE: [REG:110092949275537] MS-LSAD 2.2.7.16
LSAPR_TRUSTED_DOMAIN_AUTH_BLOB
Günther,
Just a quick update. I am expecting a reply from development very soon. As
soon as I have a solution for you I'll pass it on.
Bryan
-----Original Message-----
From: Bryan Burgin
Sent: Wednesday, September 29, 2010 10:19 AM
To: Guenther Deschner ([email protected])
Cc: MSSolve Case Email
Subject: [REG:110092949275537] MS-LSAD 2.2.7.16 LSAPR_TRUSTED_DOMAIN_AUTH_BLOB
[Darryl Welch, Will Gregg, Eric Urbasich on bcc, FYI] [Note to case: Guenther
and the core Samba team are working with us in-person at a Interop Lab
engagement]
Guenther,
I am reviewing this for you and will be making a request to improve the
document. The case to track this issue is SR 110092949275537.
Bryan
-----Original Message-----
From: Guenther Deschner [mailto:[email protected]]
Sent: Tuesday, September 28, 2010 10:44 AM
To: Darryl Welch
Subject: MS-LSAD 2.2.7.16 LSAPR_TRUSTED_DOMAIN_AUTH_BLOB
Hi Darryl,
here are some questions for clarification for the
LSAPR_TRUSTED_DOMAIN_AUTH_BLOB struct as defined in MS-LSAD 2.2.7.16:
* Is CountOutgoingAuthInfos defining the number of CurrentOutgoingAuthInfos
*and* PreviousOutgoingAuthInfos in total, n-times both structs or just n-times
CurrentOutgoingAuthInfos ? In any case, is it up the user to figure out the
number of PreviousOutgoingAuthInfos from calculation with the offsets ?
(likewise for CountIncomingAuthInfos and CurrentIncomingAuthInfos and
PreviousIncomingAuthInfos)
* "CountIncomingAuthInfos": is there a typo ? It says: "Specifies the count of
entries present in the CountIncomingAuthInfos field"
* Which values do ByteOffsetCurrentOutgoingAuthInfo and
ByteOffsetPreviousOutgoingAuthInfo have in case CountOutgoingAuthInfos is 0 ?
(likewise for ByteOffsetCurrentIncomingAuthInfo and
ByteOffsetPreviousIncomingAuthInfo and CountIncomingAuthInfos)
Thanks,
Guenther
--
Günther Deschner GPG-ID: 8EE11688
Red Hat
[email protected]<mailto:[email protected]>
Samba Team [email protected]<mailto:[email protected]>
_______________________________________________
cifs-protocol mailing list
[email protected]
https://lists.samba.org/mailman/listinfo/cifs-protocol
