Rework the CLDAP and NBT netlogon requests and responses.

This now matches section 7.3.3 of the MS-ATDS specification, and all
our current tests pass against windows.  There is still more testing
to do, and the server implementation to complete.

Andrew Bartlett
(This used to be commit 431d0c03965cbee85691cd0dc1e2a509c1a2b717)

3 files changed, 28 insertions, 24 deletions

diff --git a/source4/libnet/libnet_become_dc.c b/source4/libnet/libnet_become_dc.c
index e8a5329985..1c4c1d0732 100644
--- a/source4/libnet/libnet_become_dc.c
+++ b/source4/libnet/libnet_become_dc.c
@@ -30,6 +30,7 @@
 #include "libcli/security/security.h"
 #include "librpc/gen_ndr/ndr_misc.h"
 #include "librpc/gen_ndr/ndr_security.h"
+#include "librpc/gen_ndr/ndr_nbt.h"
 #include "librpc/gen_ndr/ndr_drsuapi.h"
 #include "auth/gensec/gensec.h"
 #include "param/param.h"
@@ -687,7 +688,7 @@ struct libnet_BecomeDC_state {
 	struct {
 		struct cldap_socket *sock;
 		struct cldap_netlogon io;
-		struct nbt_cldap_netlogon_5 netlogon5;
+		struct NETLOGON_SAM_LOGON_RESPONSE_EX netlogon;
 	} cldap;
 
 	struct becomeDC_ldap {
@@ -745,7 +746,8 @@ static void becomeDC_send_cldap(struct libnet_BecomeDC_state *s)
 	s->cldap.io.in.domain_guid	= NULL;
 	s->cldap.io.in.domain_sid	= NULL;
 	s->cldap.io.in.acct_control	= -1;
-	s->cldap.io.in.version		= 6;
+	s->cldap.io.in.version		= NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
+	s->cldap.io.in.map_response	= true;
 
 	s->cldap.sock = cldap_socket_init(s, s->libnet->event_ctx, 
 					  lp_iconv_convenience(s->libnet->lp_ctx));
@@ -768,19 +770,19 @@ static void becomeDC_recv_cldap(struct cldap_request *req)
 	c->status = cldap_netlogon_recv(req, s, &s->cldap.io);
 	if (!composite_is_ok(c)) return;
 
-	s->cldap.netlogon5 = s->cldap.io.out.netlogon.logon5;
+	s->cldap.netlogon = s->cldap.io.out.netlogon.nt5_ex;
 
-	s->domain.dns_name		= s->cldap.netlogon5.dns_domain;
-	s->domain.netbios_name		= s->cldap.netlogon5.domain;
-	s->domain.guid			= s->cldap.netlogon5.domain_uuid;
+	s->domain.dns_name		= s->cldap.netlogon.dns_domain;
+	s->domain.netbios_name		= s->cldap.netlogon.domain;
+	s->domain.guid			= s->cldap.netlogon.domain_uuid;
 
-	s->forest.dns_name		= s->cldap.netlogon5.forest;
+	s->forest.dns_name		= s->cldap.netlogon.forest;
 
-	s->source_dsa.dns_name		= s->cldap.netlogon5.pdc_dns_name;
-	s->source_dsa.netbios_name	= s->cldap.netlogon5.pdc_name;
-	s->source_dsa.site_name		= s->cldap.netlogon5.server_site;
+	s->source_dsa.dns_name		= s->cldap.netlogon.pdc_dns_name;
+	s->source_dsa.netbios_name	= s->cldap.netlogon.pdc_name;
+	s->source_dsa.site_name		= s->cldap.netlogon.server_site;
 
-	s->dest_dsa.site_name		= s->cldap.netlogon5.client_site;
+	s->dest_dsa.site_name		= s->cldap.netlogon.client_site;
 
 	becomeDC_connect_ldap1(s);
 }
diff --git a/source4/libnet/libnet_site.c b/source4/libnet/libnet_site.c
index f39d9e039c..bb65de1f54 100644
--- a/source4/libnet/libnet_site.c
+++ b/source4/libnet/libnet_site.c
@@ -53,11 +53,12 @@ NTSTATUS libnet_FindSite(TALLOC_CTX *ctx, struct libnet_context *lctx, struct li
 	search.in.dest_address = r->in.dest_address;
 	search.in.dest_port = r->in.cldap_port;
 	search.in.acct_control = -1;
-	search.in.version = 6;
+	search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
+	search.in.map_response = true;
 
 	cldap = cldap_socket_init(tmp_ctx, lctx->event_ctx, lp_iconv_convenience(global_loadparm));
 	status = cldap_netlogon(cldap, tmp_ctx, &search);
-	if (!NT_STATUS_IS_OK(status)) {
+	if (!NT_STATUS_IS_OK(status) || !search.out.netlogon.nt5_ex.client_site) {
 		/*
 		  If cldap_netlogon() returns in error,
 		  default to using Default-First-Site-Name.
@@ -71,7 +72,7 @@ NTSTATUS libnet_FindSite(TALLOC_CTX *ctx, struct libnet_context *lctx, struct li
 		}
 	} else {
 		site_name_str = talloc_asprintf(tmp_ctx, "%s",
-					search.out.netlogon.logon5.client_site);
+					search.out.netlogon.nt5_ex.client_site);
 		if (!site_name_str) {
 			r->out.error_string = NULL;
 			talloc_free(tmp_ctx);
diff --git a/source4/libnet/libnet_unbecome_dc.c b/source4/libnet/libnet_unbecome_dc.c
index 6f06585880..cff919018a 100644
--- a/source4/libnet/libnet_unbecome_dc.c
+++ b/source4/libnet/libnet_unbecome_dc.c
@@ -193,7 +193,7 @@ struct libnet_UnbecomeDC_state {
 	struct {
 		struct cldap_socket *sock;
 		struct cldap_netlogon io;
-		struct nbt_cldap_netlogon_5 netlogon5;
+		struct NETLOGON_SAM_LOGON_RESPONSE_EX netlogon;
 	} cldap;
 
 	struct {
@@ -265,7 +265,8 @@ static void unbecomeDC_send_cldap(struct libnet_UnbecomeDC_state *s)
 	s->cldap.io.in.domain_guid	= NULL;
 	s->cldap.io.in.domain_sid	= NULL;
 	s->cldap.io.in.acct_control	= -1;
-	s->cldap.io.in.version		= 6;
+	s->cldap.io.in.version		= NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
+	s->cldap.io.in.map_response	= true;
 
 	s->cldap.sock = cldap_socket_init(s, s->libnet->event_ctx,
 					  lp_iconv_convenience(s->libnet->lp_ctx));
@@ -288,17 +289,17 @@ static void unbecomeDC_recv_cldap(struct cldap_request *req)
 	c->status = cldap_netlogon_recv(req, s, &s->cldap.io);
 	if (!composite_is_ok(c)) return;
 
-	s->cldap.netlogon5 = s->cldap.io.out.netlogon.logon5;
+	s->cldap.netlogon = s->cldap.io.out.netlogon.nt5_ex;
 
-	s->domain.dns_name		= s->cldap.netlogon5.dns_domain;
-	s->domain.netbios_name		= s->cldap.netlogon5.domain;
-	s->domain.guid			= s->cldap.netlogon5.domain_uuid;
+	s->domain.dns_name		= s->cldap.netlogon.dns_domain;
+	s->domain.netbios_name		= s->cldap.netlogon.domain;
+	s->domain.guid			= s->cldap.netlogon.domain_uuid;
 
-	s->source_dsa.dns_name		= s->cldap.netlogon5.pdc_dns_name;
-	s->source_dsa.netbios_name	= s->cldap.netlogon5.pdc_name;
-	s->source_dsa.site_name		= s->cldap.netlogon5.server_site;
+	s->source_dsa.dns_name		= s->cldap.netlogon.pdc_dns_name;
+	s->source_dsa.netbios_name	= s->cldap.netlogon.pdc_name;
+	s->source_dsa.site_name		= s->cldap.netlogon.server_site;
 
-	s->dest_dsa.site_name		= s->cldap.netlogon5.client_site;
+	s->dest_dsa.site_name		= s->cldap.netlogon.client_site;
 
 	unbecomeDC_connect_ldap(s);
 }