Rework the CLDAP and NBT netlogon requests and responses.

This now matches section 7.3.3 of the MS-ATDS specification, and all
our current tests pass against windows.  There is still more testing
to do, and the server implementation to complete.

Andrew Bartlett
(This used to be commit 431d0c03965cbee85691cd0dc1e2a509c1a2b717)

1 files changed, 22 insertions, 46 deletions

diff --git a/source4/torture/nbt/dgram.c b/source4/torture/nbt/dgram.c
index a3585896eb..e039aac509 100644
--- a/source4/torture/nbt/dgram.c
+++ b/source4/torture/nbt/dgram.c
@@ -42,7 +42,7 @@ static void netlogon_handler(struct dgram_mailslot_handler *dgmslot,
 			     struct socket_address *src)
 {
 	NTSTATUS status;
-	struct nbt_netlogon_packet netlogon;
+	struct nbt_netlogon_response netlogon;
 	int *replies = (int *)dgmslot->private;
 
 	printf("netlogon reply from %s:%d\n", src->addr, src->port);
@@ -54,8 +54,6 @@ static void netlogon_handler(struct dgram_mailslot_handler *dgmslot,
 		return;
 	}
 
-	NDR_PRINT_DEBUG(nbt_netlogon_packet, &netlogon);
-
 	(*replies)++;
 }
 
@@ -101,7 +99,7 @@ static bool nbt_test_netlogon(struct torture_context *tctx)
 	/* try receiving replies on port 138 first, which will only
 	   work if we are root and smbd/nmbd are not running - fall
 	   back to listening on any port, which means replies from
-	   some windows versions won't be seen */
+	   most windows versions won't be seen */
 	status = socket_listen(dgmsock->sock, socket_address, 0, 0);
 	if (!NT_STATUS_IS_OK(status)) {
 		talloc_free(socket_address);
@@ -117,7 +115,7 @@ static bool nbt_test_netlogon(struct torture_context *tctx)
 				      netlogon_handler, &replies);
 
 	ZERO_STRUCT(logon);
-	logon.command = NETLOGON_QUERY_FOR_PDC;
+	logon.command = LOGON_PRIMARY_QUERY;
 	logon.req.pdc.computer_name = TEST_NAME;
 	logon.req.pdc.mailslot_name = dgmslot->mailslot_name;
 	logon.req.pdc.unicode_name  = TEST_NAME;
@@ -132,6 +130,7 @@ static bool nbt_test_netlogon(struct torture_context *tctx)
 	torture_assert(tctx, dest != NULL, "Error getting address");
 
 	status = dgram_mailslot_netlogon_send(dgmsock, &name, dest,
+					      NBT_MAILSLOT_NETLOGON, 
 					      &myname, &logon);
 	torture_assert_ntstatus_ok(tctx, status, "Failed to send netlogon request");
 
@@ -200,14 +199,14 @@ static bool nbt_test_netlogon2(struct torture_context *tctx)
 	
 
 	ZERO_STRUCT(logon);
-	logon.command = NETLOGON_QUERY_FOR_PDC2;
-	logon.req.pdc2.request_count = 0;
-	logon.req.pdc2.computer_name = TEST_NAME;
-	logon.req.pdc2.user_name     = "";
-	logon.req.pdc2.mailslot_name = dgmslot->mailslot_name;
-	logon.req.pdc2.nt_version    = 11;
-	logon.req.pdc2.lmnt_token    = 0xFFFF;
-	logon.req.pdc2.lm20_token    = 0xFFFF;
+	logon.command = LOGON_SAM_LOGON_REQUEST;
+	logon.req.logon.request_count = 0;
+	logon.req.logon.computer_name = TEST_NAME;
+	logon.req.logon.user_name     = "";
+	logon.req.logon.mailslot_name = dgmslot->mailslot_name;
+	logon.req.logon.nt_version    = 11;
+	logon.req.logon.lmnt_token    = 0xFFFF;
+	logon.req.logon.lm20_token    = 0xFFFF;
 
 	make_nbt_name_client(&myname, TEST_NAME);
 
@@ -216,6 +215,7 @@ static bool nbt_test_netlogon2(struct torture_context *tctx)
 
 	torture_assert(tctx, dest != NULL, "Error getting address");
 	status = dgram_mailslot_netlogon_send(dgmsock, &name, dest,
+					      NBT_MAILSLOT_NETLOGON, 
 					      &myname, &logon);
 	torture_assert_ntstatus_ok(tctx, status, "Failed to send netlogon request");
 
@@ -227,32 +227,6 @@ static bool nbt_test_netlogon2(struct torture_context *tctx)
 }
 
 
-/*
-  reply handler for ntlogon request
-*/
-static void ntlogon_handler(struct dgram_mailslot_handler *dgmslot, 
-			     struct nbt_dgram_packet *packet, 
-			     struct socket_address *src)
-{
-	NTSTATUS status;
-	struct nbt_ntlogon_packet ntlogon;
-	int *replies = (int *)dgmslot->private;
-
-	printf("ntlogon reply from %s:%d\n", src->addr, src->port);
-
-	status = dgram_mailslot_ntlogon_parse(dgmslot, dgmslot, packet, &ntlogon);
-	if (!NT_STATUS_IS_OK(status)) {
-		printf("Failed to parse ntlogon packet from %s:%d\n",
-		       src->addr, src->port);
-		return;
-	}
-
-	NDR_PRINT_DEBUG(nbt_ntlogon_packet, &ntlogon);
-
-	(*replies)++;
-}
-
-
 /* test UDP/138 ntlogon requests */
 static bool nbt_test_ntlogon(struct torture_context *tctx)
 {
@@ -265,7 +239,7 @@ static bool nbt_test_ntlogon(struct torture_context *tctx)
 	const struct dom_sid *dom_sid;
 
 	const char *myaddress;
-	struct nbt_ntlogon_packet logon;
+	struct nbt_netlogon_packet logon;
 	struct nbt_name myname;
 	NTSTATUS status;
 	struct timeval tv = timeval_current();
@@ -296,7 +270,7 @@ static bool nbt_test_ntlogon(struct torture_context *tctx)
 	/* try receiving replies on port 138 first, which will only
 	   work if we are root and smbd/nmbd are not running - fall
 	   back to listening on any port, which means replies from
-	   some windows versions won't be seen */
+	   most windows versions won't be seen */
 	status = socket_listen(dgmsock->sock, socket_address, 0, 0);
 	if (!NT_STATUS_IS_OK(status)) {
 		talloc_free(socket_address);
@@ -317,17 +291,17 @@ static bool nbt_test_ntlogon(struct torture_context *tctx)
 
 	/* setup a temporary mailslot listener for replies */
 	dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC,
-				      ntlogon_handler, &replies);
+				      netlogon_handler, &replies);
 	
 
 	ZERO_STRUCT(logon);
-	logon.command = NTLOGON_SAM_LOGON;
+	logon.command = LOGON_SAM_LOGON_REQUEST;
 	logon.req.logon.request_count = 0;
 	logon.req.logon.computer_name = TEST_NAME;
 	logon.req.logon.user_name     = TEST_NAME"$";
 	logon.req.logon.mailslot_name = dgmslot->mailslot_name;
 	logon.req.logon.acct_control  = ACB_WSTRUST;
-	logon.req.logon.sid           = *dom_sid;
+	/* Leave sid as all zero */
 	logon.req.logon.nt_version    = 1;
 	logon.req.logon.lmnt_token    = 0xFFFF;
 	logon.req.logon.lm20_token    = 0xFFFF;
@@ -337,8 +311,10 @@ static bool nbt_test_ntlogon(struct torture_context *tctx)
 	dest = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name, 
 					   address, lp_dgram_port(tctx->lp_ctx));
 	torture_assert(tctx, dest != NULL, "Error getting address");
-	status = dgram_mailslot_ntlogon_send(dgmsock, DGRAM_DIRECT_UNIQUE,
-					     &name, dest, &myname, &logon);
+	status = dgram_mailslot_netlogon_send(dgmsock, 
+					      &name, dest, 
+					      NBT_MAILSLOT_NTLOGON, 
+					      &myname, &logon);
 	torture_assert_ntstatus_ok(tctx, status, "Failed to send ntlogon request");
 
 	while (timeval_elapsed(&tv) < 5 && replies == 0) {