[DocHelp to Bcc] Hi Alexander and Metze,
Thank you for your request. The case number 2111240040005432 has been created for this inquiry. One of our team members will follow-up with you soon. Regards, Kristian Kristian Smith Support Escalation Engineer Windows Open Spec Protocols Office: (425) 421-4442 krsm...@microsoftsupport.com -----Original Message----- From: metze <me...@samba.org> Sent: Wednesday, November 24, 2021 2:13 AM To: Alexander Bokovoy <a...@samba.org>; Interoperability Documentation Help <doch...@microsoft.com> Cc: cifs-protocol@lists.samba.org Subject: [EXTERNAL] Re: [cifs-protocol] Update of MS-PAC spec regarding November 2021 security updates Am 24.11.21 um 10:33 schrieb Alexander Bokovoy via cifs-protocol: > Hello dochelp, > > I can see inconsistency in what is published on > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs > .microsoft.com%2Fen-us%2Fopenspecs%2Fwindows_protocols%2Fms-pac%2F& > ;data=04%7C01%7CKristian.Smith%40microsoft.com%7C976b8182b4b84582f4bd0 > 8d9af334186%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C6377334569597 > 45681%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJB > TiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=7gzSojo9ov6Uwx80K%2FwOQGhB > drb8oxqR%2F7yid5vn8tQ%3D&reserved=0 > with regards to the changes introduced as a part of the Microsoft > Windows security update of November 2021. Could this inconsistency be > clarified by publishing the new revision of the MS-PAC document? > > Errata document[1] talks about changes dated 2021/11/11 post V22.0 but > the rest of the linked documents are only V22.0. > > In particular, the errata document[1] is saying: > > ----- > The following sections were changed or added. Please see the diff > document for the details. > > In section 2.10 UPN_DNS_INFO, added four new fields and a flag to the > UPN_DNS_INFO structure. > > In section 2.14 PAC_ATTRIBUTES_INFO, added section. > > In section 2.15 PAC_REQUESTOR, added section. > ----- > > The document published, however, does not have these changes. The last > section in chapter 2 is '14', there is no section 2.15. I'm seeing it here: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwinprotocoldoc.blob.core.windows.net%2Fproductionwindowsarchives%2FMS-PAC%2F%255bMS-PAC%255d-20211109-diff.pdf&data=04%7C01%7CKristian.Smith%40microsoft.com%7C976b8182b4b84582f4bd08d9af334186%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637733456959745681%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=hPdqSfDWTKjXyRhC6Casr19q0dPSZv6Hg0em7noK4Mc%3D&reserved=0 But for me the PAC_ATTRIBUTES_INFO documentation is a bit unclear: We have this in Samba: typedef [bitmap32bit] bitmap { PAC_ATTRIBUTE_FLAG_PAC_WAS_REQUESTED = 0x00000001, PAC_ATTRIBUTE_FLAG_PAC_WAS_GIVEN_IMPLICITLY = 0x00000002 } PAC_ATTRIBUTE_INFO_FLAGS; typedef struct { uint32 flags_length; /* length in bits */ PAC_ATTRIBUTE_INFO_FLAGS flags; } PAC_ATTRIBUTES_INFO; And the documentation has: FlagsLength (4 bytes): An unsigned 32-bit integer in little-endian format that describes the length, in bits, of the Flags field. Flags (variable): an array of 32-bit unsigned integers in little-endian format that contains flag bits describing the PAC. It's not really clear that the array size is '((int)(flags_length/32))+1', for now it's seems to be just a single uint32 element with two defined flags. Unless bit 33 will be defined someday, it would be easier to have it as typedef struct { uint32 number_of_valid_flags; uint32 flags; } PAC_ATTRIBUTES_INFO; which is basically what we currently have in Samba, but in theory it would have to be typedef struct { uint32 number_of_valid_flags; uint32 flags[(number_of_valid_flags/32)+1]; } PAC_ATTRIBUTES_INFO; metze _______________________________________________ cifs-protocol mailing list cifs-protocol@lists.samba.org https://lists.samba.org/mailman/listinfo/cifs-protocol