It conflicted with my recent P bit patch.
I merged the meat of your patch by hand.
Please verify I didnt drop anything.
I have also seen new additions to NTLMSSP.
In the NTLMSSP_AUTH PDU inside the NTLMv2 response is a list of "names"
Two new names are seen
one with name type 6 which contains a 4 byte integer with the value 2
then also nametype 7 which contains a NTTIME 8 byte timestamp.
I will check in code to decode name type 7 as "current client time" for the time being.
On 2/7/06, Stefan (metze) Metzmacher <metze@xxxxxxxxx> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi *,
I just noticed that the 2 bytes between opcode and flags,
are also some kind of flags,
it's 0x0030 for requests and 0x0001 for normal replies
(in samba4 both are 0x0000)
it's also 0x0000 in a response with STATUS_CANCELLED
metze
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Mozilla -
http://enigmail.mozdev.org
iD8DBQFD6HrRm70gjA5TCD8RArVQAJ9iEK6VKxLAP0yrngQPuR3jWkxUwQCbBSC8
AiX9obapf6us9q9eu12KU8U=
=EAWT
-----END PGP SIGNATURE-----
_______________________________________________
Smb2-protocol mailing list
Smb2-protocol@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/smb2-protocol
