We'll take another look. Best regards, Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team
-----Original Message----- From: Stefan Metzmacher <me...@samba.org> Sent: Tuesday, January 9, 2024 11:53 PM To: Jeff McCashland (He/him) <je...@microsoft.com>; Andreas Schneider <a...@samba.org>; cifs-protocol@lists.samba.org Subject: Re: [cifs-protocol] [EXTERNAL] Re: [MS-LSAD] LsarCreateTrustedDomainEx3 requires cbCipher 520 for Auth information - TrackingID#2312150040008317 Hi Jeff, > We have updated [MS-LSAD] for the next release to address this issue: > > 2.2.7.29 LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL_AES > The LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL_AES structure communicates > authentication material. The cleartext password data is in the form of a > LSAPR_TRUSTED_DOMAIN_AUTH_BLOB (section 2.2.7.16). The following structure > corresponds to the TrustedDomainAuthInformationInternalAes information class > (section 2.2.7.2). > > 3.1.4.7.17 LsarCreateTrustedDomainEx3 (Opnum 129) > AuthenticationInformation: A structure containing encrypted > LSAPR_TRUSTED_DOMAIN_AUTH_BLOB (section 2.2.7.16) authentication information > for the trusted domain. > If the length of cbCipher in AuthenticationInformation is less than (512 + > IncomingAuthInfoSize + OutgoingAuthInfoSize) the server MUST return > STATUS_INVALID_PARAMETER. Please note that LSAPR_TRUSTED_DOMAIN_AUTH_BLOB is not strictly correct. Maybe it would be useful to define a new separate structure for the content of LSAPR_TRUSTED_DOMAIN_AUTH_BLOB.AuthBlob. As that's what is used in LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL_AES.Cipher metze _______________________________________________ cifs-protocol mailing list cifs-protocol@lists.samba.org https://lists.samba.org/mailman/listinfo/cifs-protocol