Rework the CLDAP and NBT netlogon requests and responses.

This now matches section 7.3.3 of the MS-ATDS specification, and all
our current tests pass against windows.  There is still more testing
to do, and the server implementation to complete.

Andrew Bartlett
(This used to be commit 431d0c03965cbee85691cd0dc1e2a509c1a2b717)

3 files changed, 60 insertions, 82 deletions

diff --git a/source4/torture/ldap/cldap.c b/source4/torture/ldap/cldap.c
index ca4d9b7705..bb77acd2d0 100644
--- a/source4/torture/ldap/cldap.c
+++ b/source4/torture/ldap/cldap.c
@@ -41,7 +41,7 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest)
 	struct cldap_socket *cldap;
 	NTSTATUS status;
 	struct cldap_netlogon search, empty_search;
-	union nbt_cldap_netlogon n1;
+	struct netlogon_samlogon_response n1;
 	struct GUID guid;
 	int i;
 
@@ -51,7 +51,8 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest)
 	search.in.dest_address = dest;
 	search.in.dest_port = lp_cldap_port(tctx->lp_ctx);
 	search.in.acct_control = -1;
-	search.in.version = 6;
+	search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
+	search.in.map_response = true;
 
 	empty_search = search;
 
@@ -63,7 +64,7 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest)
 	n1 = search.out.netlogon;
 
 	search.in.user         = "Administrator";
-	search.in.realm        = n1.logon5.dns_domain;
+	search.in.realm        = n1.nt5_ex.dns_domain;
 	search.in.host         = "__cldap_torture__";
 
 	printf("Scanning for netlogon levels\n");
@@ -91,8 +92,8 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest)
 	search.in.user = NULL;
 	status = cldap_netlogon(cldap, tctx, &search);
 	CHECK_STATUS(status, NT_STATUS_OK);
-	CHECK_STRING(search.out.netlogon.logon5.user_name, "");
-	CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2);
+	CHECK_STRING(search.out.netlogon.nt5_ex.user_name, "");
+	CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
 
 	printf("Trying with User=Administrator\n");
 
@@ -100,8 +101,8 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest)
 	status = cldap_netlogon(cldap, tctx, &search);
 	CHECK_STATUS(status, NT_STATUS_OK);
 
-	CHECK_STRING(search.out.netlogon.logon5.user_name, search.in.user);
-	CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC_USER);
+	CHECK_STRING(search.out.netlogon.nt5_ex.user_name, search.in.user);
+	CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
 
 	search.in.version = 6;
 	status = cldap_netlogon(cldap, tctx, &search);
@@ -112,8 +113,8 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest)
 	search.in.user = NULL;
 	status = cldap_netlogon(cldap, tctx, &search);
 	CHECK_STATUS(status, NT_STATUS_OK);
-	CHECK_STRING(search.out.netlogon.logon5.user_name, "");
-	CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2);
+	CHECK_STRING(search.out.netlogon.nt5_ex.user_name, "");
+	CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
 
 	printf("Trying with User=Administrator\n");
 
@@ -121,16 +122,16 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest)
 	status = cldap_netlogon(cldap, tctx, &search);
 	CHECK_STATUS(status, NT_STATUS_OK);
 
-	CHECK_STRING(search.out.netlogon.logon5.user_name, search.in.user);
-	CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC_USER);
+	CHECK_STRING(search.out.netlogon.nt5_ex.user_name, search.in.user);
+	CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
 
 	printf("Trying with a GUID\n");
 	search.in.realm       = NULL;
-	search.in.domain_guid = GUID_string(tctx, &n1.logon5.domain_uuid);
+	search.in.domain_guid = GUID_string(tctx, &n1.nt5_ex.domain_uuid);
 	status = cldap_netlogon(cldap, tctx, &search);
 	CHECK_STATUS(status, NT_STATUS_OK);
-	CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC_USER);
-	CHECK_STRING(GUID_string(tctx, &search.out.netlogon.logon5.domain_uuid), search.in.domain_guid);
+	CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
+	CHECK_STRING(GUID_string(tctx, &search.out.netlogon.nt5_ex.domain_uuid), search.in.domain_guid);
 
 	printf("Trying with a incorrect GUID\n");
 	guid = GUID_random();
@@ -141,15 +142,15 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest)
 
 	printf("Trying with a AAC\n");
 	search.in.acct_control = 0x180;
-	search.in.realm = n1.logon5.dns_domain;
+	search.in.realm = n1.nt5_ex.dns_domain;
 	status = cldap_netlogon(cldap, tctx, &search);
 	CHECK_STATUS(status, NT_STATUS_OK);
-	CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2);
-	CHECK_STRING(search.out.netlogon.logon5.user_name, "");
+	CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
+	CHECK_STRING(search.out.netlogon.nt5_ex.user_name, "");
 
 	printf("Trying with a bad AAC\n");
 	search.in.acct_control = 0xFF00FF00;
-	search.in.realm = n1.logon5.dns_domain;
+	search.in.realm = n1.nt5_ex.dns_domain;
 	status = cldap_netlogon(cldap, tctx, &search);
 	CHECK_STATUS(status, NT_STATUS_OK);
 
@@ -158,15 +159,15 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest)
 	search.in.user = "Administrator";
 	status = cldap_netlogon(cldap, tctx, &search);
 	CHECK_STATUS(status, NT_STATUS_OK);
-	CHECK_STRING(search.out.netlogon.logon5.dns_domain, n1.logon5.dns_domain);
-	CHECK_STRING(search.out.netlogon.logon5.user_name, search.in.user);
+	CHECK_STRING(search.out.netlogon.nt5_ex.dns_domain, n1.nt5_ex.dns_domain);
+	CHECK_STRING(search.out.netlogon.nt5_ex.user_name, search.in.user);
 
 	printf("Trying with just a bad username\n");
 	search.in.user = "___no_such_user___";
 	status = cldap_netlogon(cldap, tctx, &search);
 	CHECK_STATUS(status, NT_STATUS_OK);
-	CHECK_STRING(search.out.netlogon.logon5.user_name, search.in.user);
-	CHECK_STRING(search.out.netlogon.logon5.dns_domain, n1.logon5.dns_domain);
+	CHECK_STRING(search.out.netlogon.nt5_ex.user_name, search.in.user);
+	CHECK_STRING(search.out.netlogon.nt5_ex.dns_domain, n1.nt5_ex.dns_domain);
 
 	printf("Trying with just a bad domain\n");
 	search = empty_search;
@@ -175,29 +176,29 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest)
 	CHECK_STATUS(status, NT_STATUS_NOT_FOUND);
 
 	printf("Trying with a incorrect domain and correct guid\n");
-	search.in.domain_guid = GUID_string(tctx, &n1.logon5.domain_uuid);
+	search.in.domain_guid = GUID_string(tctx, &n1.nt5_ex.domain_uuid);
 	status = cldap_netlogon(cldap, tctx, &search);
 	CHECK_STATUS(status, NT_STATUS_OK);
-	CHECK_STRING(search.out.netlogon.logon5.dns_domain, n1.logon5.dns_domain);
-	CHECK_STRING(search.out.netlogon.logon5.user_name, "");
-	CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2);
+	CHECK_STRING(search.out.netlogon.nt5_ex.dns_domain, n1.nt5_ex.dns_domain);
+	CHECK_STRING(search.out.netlogon.nt5_ex.user_name, "");
+	CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
 
 	printf("Trying with a incorrect domain and incorrect guid\n");
 	search.in.domain_guid = GUID_string(tctx, &guid);
 	status = cldap_netlogon(cldap, tctx, &search);
 	CHECK_STATUS(status, NT_STATUS_NOT_FOUND);
-	CHECK_STRING(search.out.netlogon.logon5.dns_domain, n1.logon5.dns_domain);
-	CHECK_STRING(search.out.netlogon.logon5.user_name, "");
-	CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2);
+	CHECK_STRING(search.out.netlogon.nt5_ex.dns_domain, n1.nt5_ex.dns_domain);
+	CHECK_STRING(search.out.netlogon.nt5_ex.user_name, "");
+	CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
 
 	printf("Trying with a incorrect GUID and correct domain\n");
 	search.in.domain_guid = GUID_string(tctx, &guid);
-	search.in.realm = n1.logon5.dns_domain;
+	search.in.realm = n1.nt5_ex.dns_domain;
 	status = cldap_netlogon(cldap, tctx, &search);
 	CHECK_STATUS(status, NT_STATUS_OK);
-	CHECK_STRING(search.out.netlogon.logon5.dns_domain, n1.logon5.dns_domain);
-	CHECK_STRING(search.out.netlogon.logon5.user_name, "");
-	CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2);
+	CHECK_STRING(search.out.netlogon.nt5_ex.dns_domain, n1.nt5_ex.dns_domain);
+	CHECK_STRING(search.out.netlogon.nt5_ex.user_name, "");
+	CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
 
 	return true;
 }
diff --git a/source4/torture/nbt/dgram.c b/source4/torture/nbt/dgram.c
index a3585896eb..e039aac509 100644
--- a/source4/torture/nbt/dgram.c
+++ b/source4/torture/nbt/dgram.c
@@ -42,7 +42,7 @@ static void netlogon_handler(struct dgram_mailslot_handler *dgmslot,
 			     struct socket_address *src)
 {
 	NTSTATUS status;
-	struct nbt_netlogon_packet netlogon;
+	struct nbt_netlogon_response netlogon;
 	int *replies = (int *)dgmslot->private;
 
 	printf("netlogon reply from %s:%d\n", src->addr, src->port);
@@ -54,8 +54,6 @@ static void netlogon_handler(struct dgram_mailslot_handler *dgmslot,
 		return;
 	}
 
-	NDR_PRINT_DEBUG(nbt_netlogon_packet, &netlogon);
-
 	(*replies)++;
 }
 
@@ -101,7 +99,7 @@ static bool nbt_test_netlogon(struct torture_context *tctx)
 	/* try receiving replies on port 138 first, which will only
 	   work if we are root and smbd/nmbd are not running - fall
 	   back to listening on any port, which means replies from
-	   some windows versions won't be seen */
+	   most windows versions won't be seen */
 	status = socket_listen(dgmsock->sock, socket_address, 0, 0);
 	if (!NT_STATUS_IS_OK(status)) {
 		talloc_free(socket_address);
@@ -117,7 +115,7 @@ static bool nbt_test_netlogon(struct torture_context *tctx)
 				      netlogon_handler, &replies);
 
 	ZERO_STRUCT(logon);
-	logon.command = NETLOGON_QUERY_FOR_PDC;
+	logon.command = LOGON_PRIMARY_QUERY;
 	logon.req.pdc.computer_name = TEST_NAME;
 	logon.req.pdc.mailslot_name = dgmslot->mailslot_name;
 	logon.req.pdc.unicode_name  = TEST_NAME;
@@ -132,6 +130,7 @@ static bool nbt_test_netlogon(struct torture_context *tctx)
 	torture_assert(tctx, dest != NULL, "Error getting address");
 
 	status = dgram_mailslot_netlogon_send(dgmsock, &name, dest,
+					      NBT_MAILSLOT_NETLOGON, 
 					      &myname, &logon);
 	torture_assert_ntstatus_ok(tctx, status, "Failed to send netlogon request");
 
@@ -200,14 +199,14 @@ static bool nbt_test_netlogon2(struct torture_context *tctx)
 	
 
 	ZERO_STRUCT(logon);
-	logon.command = NETLOGON_QUERY_FOR_PDC2;
-	logon.req.pdc2.request_count = 0;
-	logon.req.pdc2.computer_name = TEST_NAME;
-	logon.req.pdc2.user_name     = "";
-	logon.req.pdc2.mailslot_name = dgmslot->mailslot_name;
-	logon.req.pdc2.nt_version    = 11;
-	logon.req.pdc2.lmnt_token    = 0xFFFF;
-	logon.req.pdc2.lm20_token    = 0xFFFF;
+	logon.command = LOGON_SAM_LOGON_REQUEST;
+	logon.req.logon.request_count = 0;
+	logon.req.logon.computer_name = TEST_NAME;
+	logon.req.logon.user_name     = "";
+	logon.req.logon.mailslot_name = dgmslot->mailslot_name;
+	logon.req.logon.nt_version    = 11;
+	logon.req.logon.lmnt_token    = 0xFFFF;
+	logon.req.logon.lm20_token    = 0xFFFF;
 
 	make_nbt_name_client(&myname, TEST_NAME);
 
@@ -216,6 +215,7 @@ static bool nbt_test_netlogon2(struct torture_context *tctx)
 
 	torture_assert(tctx, dest != NULL, "Error getting address");
 	status = dgram_mailslot_netlogon_send(dgmsock, &name, dest,
+					      NBT_MAILSLOT_NETLOGON, 
 					      &myname, &logon);
 	torture_assert_ntstatus_ok(tctx, status, "Failed to send netlogon request");
 
@@ -227,32 +227,6 @@ static bool nbt_test_netlogon2(struct torture_context *tctx)
 }
 
 
-/*
-  reply handler for ntlogon request
-*/
-static void ntlogon_handler(struct dgram_mailslot_handler *dgmslot, 
-			     struct nbt_dgram_packet *packet, 
-			     struct socket_address *src)
-{
-	NTSTATUS status;
-	struct nbt_ntlogon_packet ntlogon;
-	int *replies = (int *)dgmslot->private;
-
-	printf("ntlogon reply from %s:%d\n", src->addr, src->port);
-
-	status = dgram_mailslot_ntlogon_parse(dgmslot, dgmslot, packet, &ntlogon);
-	if (!NT_STATUS_IS_OK(status)) {
-		printf("Failed to parse ntlogon packet from %s:%d\n",
-		       src->addr, src->port);
-		return;
-	}
-
-	NDR_PRINT_DEBUG(nbt_ntlogon_packet, &ntlogon);
-
-	(*replies)++;
-}
-
-
 /* test UDP/138 ntlogon requests */
 static bool nbt_test_ntlogon(struct torture_context *tctx)
 {
@@ -265,7 +239,7 @@ static bool nbt_test_ntlogon(struct torture_context *tctx)
 	const struct dom_sid *dom_sid;
 
 	const char *myaddress;
-	struct nbt_ntlogon_packet logon;
+	struct nbt_netlogon_packet logon;
 	struct nbt_name myname;
 	NTSTATUS status;
 	struct timeval tv = timeval_current();
@@ -296,7 +270,7 @@ static bool nbt_test_ntlogon(struct torture_context *tctx)
 	/* try receiving replies on port 138 first, which will only
 	   work if we are root and smbd/nmbd are not running - fall
 	   back to listening on any port, which means replies from
-	   some windows versions won't be seen */
+	   most windows versions won't be seen */
 	status = socket_listen(dgmsock->sock, socket_address, 0, 0);
 	if (!NT_STATUS_IS_OK(status)) {
 		talloc_free(socket_address);
@@ -317,17 +291,17 @@ static bool nbt_test_ntlogon(struct torture_context *tctx)
 
 	/* setup a temporary mailslot listener for replies */
 	dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC,
-				      ntlogon_handler, &replies);
+				      netlogon_handler, &replies);
 	
 
 	ZERO_STRUCT(logon);
-	logon.command = NTLOGON_SAM_LOGON;
+	logon.command = LOGON_SAM_LOGON_REQUEST;
 	logon.req.logon.request_count = 0;
 	logon.req.logon.computer_name = TEST_NAME;
 	logon.req.logon.user_name     = TEST_NAME"$";
 	logon.req.logon.mailslot_name = dgmslot->mailslot_name;
 	logon.req.logon.acct_control  = ACB_WSTRUST;
-	logon.req.logon.sid           = *dom_sid;
+	/* Leave sid as all zero */
 	logon.req.logon.nt_version    = 1;
 	logon.req.logon.lmnt_token    = 0xFFFF;
 	logon.req.logon.lm20_token    = 0xFFFF;
@@ -337,8 +311,10 @@ static bool nbt_test_ntlogon(struct torture_context *tctx)
 	dest = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name, 
 					   address, lp_dgram_port(tctx->lp_ctx));
 	torture_assert(tctx, dest != NULL, "Error getting address");
-	status = dgram_mailslot_ntlogon_send(dgmsock, DGRAM_DIRECT_UNIQUE,
-					     &name, dest, &myname, &logon);
+	status = dgram_mailslot_netlogon_send(dgmsock, 
+					      &name, dest, 
+					      NBT_MAILSLOT_NTLOGON, 
+					      &myname, &logon);
 	torture_assert_ntstatus_ok(tctx, status, "Failed to send ntlogon request");
 
 	while (timeval_elapsed(&tv) < 5 && replies == 0) {
diff --git a/source4/torture/rpc/dssync.c b/source4/torture/rpc/dssync.c
index 00617f4072..989a1faf27 100644
--- a/source4/torture/rpc/dssync.c
+++ b/source4/torture/rpc/dssync.c
@@ -288,16 +288,17 @@ static bool test_GetInfo(struct torture_context *tctx, struct DsSyncTest *ctx)
 	search.in.dest_address = ctx->drsuapi_binding->host;
 	search.in.dest_port = lp_cldap_port(tctx->lp_ctx);
 	search.in.acct_control = -1;
-	search.in.version = 6;
+	search.in.version		= NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
+	search.in.map_response = true;
 	status = cldap_netlogon(cldap, ctx, &search);
 	if (!NT_STATUS_IS_OK(status)) {
 		const char *errstr = nt_errstr(status);
 		ctx->site_name = talloc_asprintf(ctx, "%s", "Default-First-Site-Name");
 		printf("cldap_netlogon() returned %s. Defaulting to Site-Name: %s\n", errstr, ctx->site_name);		
 	} else {
-		ctx->site_name = talloc_steal(ctx, search.out.netlogon.logon5.client_site);
+		ctx->site_name = talloc_steal(ctx, search.out.netlogon.nt5_ex.client_site);
 		printf("cldap_netlogon() returned Client Site-Name: %s.\n",ctx->site_name);
-		printf("cldap_netlogon() returned Server Site-Name: %s.\n",search.out.netlogon.logon5.server_site);
+		printf("cldap_netlogon() returned Server Site-Name: %s.\n",search.out.netlogon.nt5_ex.server_site);
 	}
 
 	return ret;