diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2008-05-16 13:03:01 +1000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2008-05-16 13:03:01 +1000 |
| commit | 58e7f253eafecca6934162034e88ee19b103c6ee (patch) | |
| tree | 396365633a8c53434fbb62d33ecfcf9f404c337a /source4 | |
| parent | d55e57ca99de4c094113c18bf18179923f641887 (diff) | |
| download | samba-58e7f253eafecca6934162034e88ee19b103c6ee.tar.gz samba-58e7f253eafecca6934162034e88ee19b103c6ee.tar.bz2 samba-58e7f253eafecca6934162034e88ee19b103c6ee.zip | |
Rework the CLDAP and NBT netlogon requests and responses.
This now matches section 7.3.3 of the MS-ATDS specification, and all
our current tests pass against windows. There is still more testing
to do, and the server implementation to complete.
Andrew Bartlett
(This used to be commit 431d0c03965cbee85691cd0dc1e2a509c1a2b717)
Diffstat (limited to 'source4')
| -rw-r--r-- | source4/libcli/cldap/cldap.c | 35 | ||||
| -rw-r--r-- | source4/libcli/cldap/cldap.h | 7 | ||||
| -rw-r--r-- | source4/libcli/config.mk | 13 | ||||
| -rw-r--r-- | source4/libcli/dgram/libdgram.h | 21 | ||||
| -rw-r--r-- | source4/libcli/dgram/netlogon.c | 22 | ||||
| -rw-r--r-- | source4/libcli/dgram/ntlogon.c | 128 | ||||
| -rw-r--r-- | source4/libnet/libnet_become_dc.c | 24 | ||||
| -rw-r--r-- | source4/libnet/libnet_site.c | 7 | ||||
| -rw-r--r-- | source4/libnet/libnet_unbecome_dc.c | 21 | ||||
| -rw-r--r-- | source4/librpc/config.mk | 2 | ||||
| -rw-r--r-- | source4/librpc/idl/nbt.idl | 325 | ||||
| -rw-r--r-- | source4/torture/ldap/cldap.c | 67 | ||||
| -rw-r--r-- | source4/torture/nbt/dgram.c | 68 | ||||
| -rw-r--r-- | source4/torture/rpc/dssync.c | 7 |
14 files changed, 264 insertions, 483 deletions
diff --git a/source4/libcli/cldap/cldap.c b/source4/libcli/cldap/cldap.c index 614bd51d2a..3867f3d3fd 100644 --- a/source4/libcli/cldap/cldap.c +++ b/source4/libcli/cldap/cldap.c @@ -595,7 +595,6 @@ NTSTATUS cldap_netlogon_recv(struct cldap_request *req, struct cldap_netlogon *io) { NTSTATUS status; - enum ndr_err_code ndr_err; struct cldap_search search; struct cldap_socket *cldap; DATA_BLOB *data; @@ -618,18 +617,15 @@ NTSTATUS cldap_netlogon_recv(struct cldap_request *req, } data = search.out.response->attributes[0].values; - ndr_err = ndr_pull_union_blob_all(data, mem_ctx, - cldap->iconv_convenience, - &io->out.netlogon, - io->in.version & 0xF, - (ndr_pull_flags_fn_t)ndr_pull_nbt_cldap_netlogon); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - DEBUG(2,("cldap failed to parse netlogon response of type 0x%02x\n", - SVAL(data->data, 0))); - dump_data(10, data->data, data->length); - return ndr_map_error2ntstatus(ndr_err); + status = pull_netlogon_samlogon_response(data, mem_ctx, req->cldap->iconv_convenience, + &io->out.netlogon); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + if (io->in.map_response) { + map_netlogon_samlogon_response(&io->out.netlogon); } - return NT_STATUS_OK; } @@ -704,25 +700,20 @@ NTSTATUS cldap_netlogon_reply(struct cldap_socket *cldap, uint32_t message_id, struct socket_address *src, uint32_t version, - union nbt_cldap_netlogon *netlogon) + struct netlogon_samlogon_response *netlogon) { NTSTATUS status; - enum ndr_err_code ndr_err; struct cldap_reply reply; struct ldap_SearchResEntry response; struct ldap_Result result; TALLOC_CTX *tmp_ctx = talloc_new(cldap); DATA_BLOB blob; - ndr_err = ndr_push_union_blob(&blob, tmp_ctx, - cldap->iconv_convenience, - netlogon, version & 0xF, - (ndr_push_flags_fn_t)ndr_push_nbt_cldap_netlogon); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - talloc_free(tmp_ctx); - return ndr_map_error2ntstatus(ndr_err); - } + status = push_netlogon_samlogon_response(&blob, tmp_ctx, cldap->iconv_convenience, + netlogon); + if (!NT_STATUS_IS_OK(status)) { + } reply.messageid = message_id; reply.dest = src; reply.response = &response; diff --git a/source4/libcli/cldap/cldap.h b/source4/libcli/cldap/cldap.h index eb0191d0f4..7c2daf0ca2 100644 --- a/source4/libcli/cldap/cldap.h +++ b/source4/libcli/cldap/cldap.h @@ -20,7 +20,7 @@ */ #include "lib/util/asn1.h" -#include "librpc/gen_ndr/nbt.h" +#include "libcli/netlogon.h" struct ldap_message; @@ -161,9 +161,10 @@ struct cldap_netlogon { const char *domain_sid; int acct_control; uint32_t version; + bool map_response; } in; struct { - union nbt_cldap_netlogon netlogon; + struct netlogon_samlogon_response netlogon; } out; }; @@ -178,4 +179,4 @@ NTSTATUS cldap_netlogon_reply(struct cldap_socket *cldap, uint32_t message_id, struct socket_address *src, uint32_t version, - union nbt_cldap_netlogon *netlogon); + struct netlogon_samlogon_response *netlogon); diff --git a/source4/libcli/config.mk b/source4/libcli/config.mk index 95b45003be..08c08043a6 100644 --- a/source4/libcli/config.mk +++ b/source4/libcli/config.mk @@ -53,6 +53,14 @@ LIBCLI_NBT_OBJ_FILES = $(addprefix libcli/nbt/, \ namerefresh.o \ namerelease.o) +[SUBSYSTEM::LIBCLI_NETLOGON] +PRIVATE_PROTO_HEADER = netlogon_proto.h +PUBLIC_DEPENDENCIES = LIBNDR NDR_NBT \ + NDR_SECURITY LIBSAMBA-UTIL + +LIBCLI_NETLOGON_OBJ_FILES = $(addprefix libcli/, \ + netlogon.o) + [PYTHON::python_libcli_nbt] SWIG_FILE = swig/libcli_nbt.i PUBLIC_DEPENDENCIES = LIBCLI_NBT DYNCONFIG LIBSAMBA-HOSTCONFIG @@ -66,18 +74,17 @@ PUBLIC_DEPENDENCIES = LIBCLI_SMB DYNCONFIG LIBSAMBA-HOSTCONFIG python_libcli_smb_OBJ_FILES = libcli/swig/libcli_smb_wrap.o [SUBSYSTEM::LIBCLI_DGRAM] -PUBLIC_DEPENDENCIES = LIBCLI_NBT LIBNDR LIBCLI_RESOLVE +PUBLIC_DEPENDENCIES = LIBCLI_NBT LIBNDR LIBCLI_RESOLVE LIBCLI_NETLOGON LIBCLI_DGRAM_OBJ_FILES = $(addprefix libcli/dgram/, \ dgramsocket.o \ mailslot.o \ netlogon.o \ - ntlogon.o \ browse.o) [SUBSYSTEM::LIBCLI_CLDAP] PUBLIC_DEPENDENCIES = LIBCLI_LDAP -PRIVATE_DEPENDENCIES = LIBSAMBA-UTIL LIBLDB +PRIVATE_DEPENDENCIES = LIBSAMBA-UTIL LIBLDB LIBCLI_NETLOGON LIBCLI_CLDAP_OBJ_FILES = libcli/cldap/cldap.o # PUBLIC_HEADERS += libcli/cldap/cldap.h diff --git a/source4/libcli/dgram/libdgram.h b/source4/libcli/dgram/libdgram.h index 707cca8cc5..3eac78f5e8 100644 --- a/source4/libcli/dgram/libdgram.h +++ b/source4/libcli/dgram/libdgram.h @@ -19,7 +19,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. */ -#include "librpc/gen_ndr/nbt.h" +#include "libcli/netlogon.h" /* a datagram name request @@ -121,6 +121,7 @@ NTSTATUS dgram_mailslot_send(struct nbt_dgram_socket *dgmsock, NTSTATUS dgram_mailslot_netlogon_send(struct nbt_dgram_socket *dgmsock, struct nbt_name *dest_name, struct socket_address *dest, + const char *mailslot_name, struct nbt_name *src_name, struct nbt_netlogon_packet *request); NTSTATUS dgram_mailslot_netlogon_reply(struct nbt_dgram_socket *dgmsock, @@ -131,23 +132,7 @@ NTSTATUS dgram_mailslot_netlogon_reply(struct nbt_dgram_socket *dgmsock, NTSTATUS dgram_mailslot_netlogon_parse(struct dgram_mailslot_handler *dgmslot, TALLOC_CTX *mem_ctx, struct nbt_dgram_packet *dgram, - struct nbt_netlogon_packet *netlogon); - -NTSTATUS dgram_mailslot_ntlogon_send(struct nbt_dgram_socket *dgmsock, - enum dgram_msg_type msg_type, - struct nbt_name *dest_name, - struct socket_address *dest, - struct nbt_name *src_name, - struct nbt_ntlogon_packet *request); -NTSTATUS dgram_mailslot_ntlogon_reply(struct nbt_dgram_socket *dgmsock, - struct nbt_dgram_packet *request, - const char *my_netbios_name, - const char *mailslot_name, - struct nbt_ntlogon_packet *reply); -NTSTATUS dgram_mailslot_ntlogon_parse(struct dgram_mailslot_handler *dgmslot, - TALLOC_CTX *mem_ctx, - struct nbt_dgram_packet *dgram, - struct nbt_ntlogon_packet *ntlogon); + struct nbt_netlogon_response *netlogon); NTSTATUS dgram_mailslot_browse_send(struct nbt_dgram_socket *dgmsock, struct nbt_name *dest_name, diff --git a/source4/libcli/dgram/netlogon.c b/source4/libcli/dgram/netlogon.c index 5c7dedc7bb..c097127083 100644 --- a/source4/libcli/dgram/netlogon.c +++ b/source4/libcli/dgram/netlogon.c @@ -32,6 +32,7 @@ NTSTATUS dgram_mailslot_netlogon_send(struct nbt_dgram_socket *dgmsock, struct nbt_name *dest_name, struct socket_address *dest, + const char *mailslot, struct nbt_name *src_name, struct nbt_netlogon_packet *request) { @@ -51,7 +52,7 @@ NTSTATUS dgram_mailslot_netlogon_send(struct nbt_dgram_socket *dgmsock, status = dgram_mailslot_send(dgmsock, DGRAM_DIRECT_UNIQUE, - NBT_MAILSLOT_NETLOGON, + mailslot, dest_name, dest, src_name, &blob); talloc_free(tmp_ctx); @@ -109,21 +110,16 @@ NTSTATUS dgram_mailslot_netlogon_reply(struct nbt_dgram_socket *dgmsock, NTSTATUS dgram_mailslot_netlogon_parse(struct dgram_mailslot_handler *dgmslot, TALLOC_CTX *mem_ctx, struct nbt_dgram_packet *dgram, - struct nbt_netlogon_packet *netlogon) + struct nbt_netlogon_response *netlogon) { + NTSTATUS status; DATA_BLOB data = dgram_mailslot_data(dgram); - enum ndr_err_code ndr_err; - - ndr_err = ndr_pull_struct_blob(&data, mem_ctx, dgmslot->dgmsock->iconv_convenience, netlogon, - (ndr_pull_flags_fn_t)ndr_pull_nbt_netlogon_packet); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - NTSTATUS status = ndr_map_error2ntstatus(ndr_err); - DEBUG(0,("Failed to parse netlogon packet of length %d: %s\n", - (int)data.length, nt_errstr(status))); - if (DEBUGLVL(10)) { - file_save("netlogon.dat", data.data, data.length); - } + + status = pull_nbt_netlogon_response(&data, mem_ctx, dgmslot->dgmsock->iconv_convenience, netlogon); + if (!NT_STATUS_IS_OK(status)) { return status; } + return NT_STATUS_OK; } + diff --git a/source4/libcli/dgram/ntlogon.c b/source4/libcli/dgram/ntlogon.c deleted file mode 100644 index 7b26ed7c00..0000000000 --- a/source4/libcli/dgram/ntlogon.c +++ /dev/null @@ -1,128 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - handling for ntlogon dgram requests - - Copyright (C) Andrew Tridgell 2005 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include "libcli/dgram/libdgram.h" -#include "lib/socket/socket.h" -#include "libcli/resolve/resolve.h" -#include "librpc/gen_ndr/ndr_nbt.h" -#include "param/param.h" - -/* - send a ntlogon mailslot request -*/ -NTSTATUS dgram_mailslot_ntlogon_send(struct nbt_dgram_socket *dgmsock, - enum dgram_msg_type msg_type, - struct nbt_name *dest_name, - struct socket_address *dest, - struct nbt_name *src_name, - struct nbt_ntlogon_packet *request) -{ - NTSTATUS status; - enum ndr_err_code ndr_err; - DATA_BLOB blob; - TALLOC_CTX *tmp_ctx = talloc_new(dgmsock); - - ndr_err = ndr_push_struct_blob(&blob, tmp_ctx, dgmsock->iconv_convenience, - request, - (ndr_push_flags_fn_t)ndr_push_nbt_ntlogon_packet); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - talloc_free(tmp_ctx); - return ndr_map_error2ntstatus(ndr_err); - } - - - status = dgram_mailslot_send(dgmsock, msg_type, - NBT_MAILSLOT_NTLOGON, - dest_name, dest, - src_name, &blob); - talloc_free(tmp_ctx); - return status; -} - - -/* - send a ntlogon mailslot reply -*/ -NTSTATUS dgram_mailslot_ntlogon_reply(struct nbt_dgram_socket *dgmsock, - struct nbt_dgram_packet *request, - const char *my_netbios_name, - const char *mailslot_name, - struct nbt_ntlogon_packet *reply) -{ - NTSTATUS status; - enum ndr_err_code ndr_err; - DATA_BLOB blob; - TALLOC_CTX *tmp_ctx = talloc_new(dgmsock); - struct nbt_name myname; - struct socket_address *dest; - - ndr_err = ndr_push_struct_blob(&blob, tmp_ctx, dgmsock->iconv_convenience, reply, - (ndr_push_flags_fn_t)ndr_push_nbt_ntlogon_packet); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - talloc_free(tmp_ctx); - return ndr_map_error2ntstatus(ndr_err); - } - - make_nbt_name_client(&myname, my_netbios_name); - - dest = socket_address_from_strings(tmp_ctx, - dgmsock->sock->backend_name, - request->src_addr, request->src_port); - if (!dest) { - talloc_free(tmp_ctx); - return NT_STATUS_NO_MEMORY; - } - - status = dgram_mailslot_send(dgmsock, DGRAM_DIRECT_UNIQUE, - mailslot_name, - &request->data.msg.source_name, - dest, - &myname, &blob); - talloc_free(tmp_ctx); - return status; -} - - -/* - parse a ntlogon response. The packet must be a valid mailslot packet -*/ -NTSTATUS dgram_mailslot_ntlogon_parse(struct dgram_mailslot_handler *dgmslot, - TALLOC_CTX *mem_ctx, - struct nbt_dgram_packet *dgram, - struct nbt_ntlogon_packet *ntlogon) -{ - DATA_BLOB data = dgram_mailslot_data(dgram); - enum ndr_err_code ndr_err; - - ndr_err = ndr_pull_struct_blob(&data, mem_ctx, dgmslot->dgmsock->iconv_convenience, ntlogon, - (ndr_pull_flags_fn_t)ndr_pull_nbt_ntlogon_packet); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - NTSTATUS status = ndr_map_error2ntstatus(ndr_err); - DEBUG(0,("Failed to parse ntlogon packet of length %d: %s\n", - (int)data.length, nt_errstr(status))); - if (DEBUGLVL(10)) { - file_save("ntlogon.dat", data.data, data.length); - } - return status; - } - return NT_STATUS_OK; -} diff --git a/source4/libnet/libnet_become_dc.c b/source4/libnet/libnet_become_dc.c index e8a5329985..1c4c1d0732 100644 --- a/source4/libnet/libnet_become_dc.c +++ b/source4/libnet/libnet_become_dc.c @@ -30,6 +30,7 @@ #include "libcli/security/security.h" #include "librpc/gen_ndr/ndr_misc.h" #include "librpc/gen_ndr/ndr_security.h" +#include "librpc/gen_ndr/ndr_nbt.h" #include "librpc/gen_ndr/ndr_drsuapi.h" #include "auth/gensec/gensec.h" #include "param/param.h" @@ -687,7 +688,7 @@ struct libnet_BecomeDC_state { struct { struct cldap_socket *sock; struct cldap_netlogon io; - struct nbt_cldap_netlogon_5 netlogon5; + struct NETLOGON_SAM_LOGON_RESPONSE_EX netlogon; } cldap; struct becomeDC_ldap { @@ -745,7 +746,8 @@ static void becomeDC_send_cldap(struct libnet_BecomeDC_state *s) s->cldap.io.in.domain_guid = NULL; s->cldap.io.in.domain_sid = NULL; s->cldap.io.in.acct_control = -1; - s->cldap.io.in.version = 6; + s->cldap.io.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX; + s->cldap.io.in.map_response = true; s->cldap.sock = cldap_socket_init(s, s->libnet->event_ctx, lp_iconv_convenience(s->libnet->lp_ctx)); @@ -768,19 +770,19 @@ static void becomeDC_recv_cldap(struct cldap_request *req) c->status = cldap_netlogon_recv(req, s, &s->cldap.io); if (!composite_is_ok(c)) return; - s->cldap.netlogon5 = s->cldap.io.out.netlogon.logon5; + s->cldap.netlogon = s->cldap.io.out.netlogon.nt5_ex; - s->domain.dns_name = s->cldap.netlogon5.dns_domain; - s->domain.netbios_name = s->cldap.netlogon5.domain; - s->domain.guid = s->cldap.netlogon5.domain_uuid; + s->domain.dns_name = s->cldap.netlogon.dns_domain; + s->domain.netbios_name = s->cldap.netlogon.domain; + s->domain.guid = s->cldap.netlogon.domain_uuid; - s->forest.dns_name = s->cldap.netlogon5.forest; + s->forest.dns_name = s->cldap.netlogon.forest; - s->source_dsa.dns_name = s->cldap.netlogon5.pdc_dns_name; - s->source_dsa.netbios_name = s->cldap.netlogon5.pdc_name; - s->source_dsa.site_name = s->cldap.netlogon5.server_site; + s->source_dsa.dns_name = s->cldap.netlogon.pdc_dns_name; + s->source_dsa.netbios_name = s->cldap.netlogon.pdc_name; + s->source_dsa.site_name = s->cldap.netlogon.server_site; - s->dest_dsa.site_name = s->cldap.netlogon5.client_site; + s->dest_dsa.site_name = s->cldap.netlogon.client_site; becomeDC_connect_ldap1(s); } diff --git a/source4/libnet/libnet_site.c b/source4/libnet/libnet_site.c index f39d9e039c..bb65de1f54 100644 --- a/source4/libnet/libnet_site.c +++ b/source4/libnet/libnet_site.c @@ -53,11 +53,12 @@ NTSTATUS libnet_FindSite(TALLOC_CTX *ctx, struct libnet_context *lctx, struct li search.in.dest_address = r->in.dest_address; search.in.dest_port = r->in.cldap_port; search.in.acct_control = -1; - search.in.version = 6; + search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX; + search.in.map_response = true; cldap = cldap_socket_init(tmp_ctx, lctx->event_ctx, lp_iconv_convenience(global_loadparm)); status = cldap_netlogon(cldap, tmp_ctx, &search); - if (!NT_STATUS_IS_OK(status)) { + if (!NT_STATUS_IS_OK(status) || !search.out.netlogon.nt5_ex.client_site) { /* If cldap_netlogon() returns in error, default to using Default-First-Site-Name. @@ -71,7 +72,7 @@ NTSTATUS libnet_FindSite(TALLOC_CTX *ctx, struct libnet_context *lctx, struct li } } else { site_name_str = talloc_asprintf(tmp_ctx, "%s", - search.out.netlogon.logon5.client_site); + search.out.netlogon.nt5_ex.client_site); if (!site_name_str) { r->out.error_string = NULL; talloc_free(tmp_ctx); diff --git a/source4/libnet/libnet_unbecome_dc.c b/source4/libnet/libnet_unbecome_dc.c index 6f06585880..cff919018a 100644 --- a/source4/libnet/libnet_unbecome_dc.c +++ b/source4/libnet/libnet_unbecome_dc.c @@ -193,7 +193,7 @@ struct libnet_UnbecomeDC_state { struct { struct cldap_socket *sock; struct cldap_netlogon io; - struct nbt_cldap_netlogon_5 netlogon5; + struct NETLOGON_SAM_LOGON_RESPONSE_EX netlogon; } cldap; struct { @@ -265,7 +265,8 @@ static void unbecomeDC_send_cldap(struct libnet_UnbecomeDC_state *s) s->cldap.io.in.domain_guid = NULL; s->cldap.io.in.domain_sid = NULL; s->cldap.io.in.acct_control = -1; - s->cldap.io.in.version = 6; + s->cldap.io.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX; + s->cldap.io.in.map_response = true; s->cldap.sock = cldap_socket_init(s, s->libnet->event_ctx, lp_iconv_convenience(s->libnet->lp_ctx)); @@ -288,17 +289,17 @@ static void unbecomeDC_recv_cldap(struct cldap_request *req) c->status = cldap_netlogon_recv(req, s, &s->cldap.io); if (!composite_is_ok(c)) return; - s->cldap.netlogon5 = s->cldap.io.out.netlogon.logon5; + s->cldap.netlogon = s->cldap.io.out.netlogon.nt5_ex; - s->domain.dns_name = s->cldap.netlogon5.dns_domain; - s->domain.netbios_name = s->cldap.netlogon5.domain; - s->domain.guid = s->cldap.netlogon5.domain_uuid; + s->domain.dns_name = s->cldap.netlogon.dns_domain; + s->domain.netbios_name = s->cldap.netlogon.domain; + s->domain.guid = s->cldap.netlogon.domain_uuid; - s->source_dsa.dns_name = s->cldap.netlogon5.pdc_dns_name; - s->source_dsa.netbios_name = s->cldap.netlogon5.pdc_name; - s->source_dsa.site_name = s->cldap.netlogon5.server_site; + s->source_dsa.dns_name = s->cldap.netlogon.pdc_dns_name; + s->source_dsa.netbios_name = s->cldap.netlogon.pdc_name; + s->source_dsa.site_name = s->cldap.netlogon.server_site; - s->dest_dsa.site_name = s->cldap.netlogon5.client_site; + s->dest_dsa.site_name = s->cldap.netlogon.client_site; unbecomeDC_connect_ldap(s); } diff --git a/source4/librpc/config.mk b/source4/librpc/config.mk index 24fad8c9c4..0b136644d8 100644 --- a/source4/librpc/config.mk +++ b/source4/librpc/config.mk @@ -325,7 +325,7 @@ PUBLIC_DEPENDENCIES = LIBNDR NDR_NBT NDR_SCHANNEL_OBJ_FILES = librpc/gen_ndr/ndr_schannel.o [SUBSYSTEM::NDR_NBT] -PUBLIC_DEPENDENCIES = LIBNDR NDR_MISC NDR_NBT_BUF NDR_SVCCTL NDR_SECURITY +PUBLIC_DEPENDENCIES = LIBNDR NDR_MISC NDR_NBT_BUF NDR_SVCCTL NDR_SECURITY NDR_SAMR NDR_NBT_OBJ_FILES = librpc/gen_ndr/ndr_nbt.o diff --git a/source4/librpc/idl/nbt.idl b/source4/librpc/idl/nbt.idl index dddfa4e1ce..74e07210cd 100644 --- a/source4/librpc/idl/nbt.idl +++ b/source4/librpc/idl/nbt.idl @@ -8,7 +8,7 @@ encoding if it doesn't work out */ -import "misc.idl", "security.idl", "svcctl.idl"; +import "misc.idl", "security.idl", "svcctl.idl", "samr.idl"; [ helper("libcli/nbt/libnbt.h") ] @@ -338,52 +338,19 @@ interface nbt } nbt_dgram_packet; - /*******************************************/ - /* \MAILSLOT\NET\NETLOGON mailslot requests */ - typedef enum { - NETLOGON_QUERY_FOR_PDC = 0x7, - NETLOGON_ANNOUNCE_UAS = 0xa, - NETLOGON_RESPONSE_FROM_PDC = 0xc, - NETLOGON_QUERY_FOR_PDC2 = 0x12, - NETLOGON_RESPONSE_FROM_PDC2 = 0x17, - NETLOGON_RESPONSE_FROM_PDC_USER = 0x19 - } nbt_netlogon_command; - - /* query for pdc request */ - typedef struct { - astring computer_name; - astring mailslot_name; - [flag(NDR_ALIGN2)] DATA_BLOB _pad; - nstring unicode_name; - uint32 nt_version; - uint16 lmnt_token; - uint16 lm20_token; - } nbt_netlogon_query_for_pdc; - - /* query for pdc request - new style */ - typedef struct { - uint16 request_count; - nstring computer_name; - nstring user_name; - astring mailslot_name; - uint32 unknown[2]; - uint32 nt_version; - uint16 lmnt_token; - uint16 lm20_token; - } nbt_netlogon_query_for_pdc2; + /****************************************** + * \MAILSLOT\NET\NETLOGON mailslot requests + * and + * \MAILSLOT\NET\NTLOGON mailslot requests + */ - /* response from pdc */ - typedef struct { - astring pdc_name; - [flag(NDR_ALIGN2)] DATA_BLOB _pad; - nstring unicode_pdc_name; - nstring domain_name; - uint32 nt_version; - uint16 lmnt_token; - uint16 lm20_token; - } nbt_netlogon_response_from_pdc; + typedef [public,gensize] struct { + uint32 sa_family; + [flag(NDR_BIG_ENDIAN)] ipv4address pdc_ip; + [flag(NDR_REMAINING)] DATA_BLOB remaining; + } nbt_sockaddr; - typedef [bitmap32bit] bitmap { + typedef [bitmap32bit,public] bitmap { NBT_SERVER_PDC = 0x00000001, NBT_SERVER_GC = 0x00000004, NBT_SERVER_LDAP = 0x00000008, @@ -395,107 +362,81 @@ interface nbt NBT_SERVER_GOOD_TIMESERV = 0x00000200 } nbt_server_type; - /* response from pdc - type2 */ - typedef struct { - [flag(NDR_ALIGN4)] DATA_BLOB _pad; - nbt_server_type server_type; - GUID domain_uuid; - nbt_string forest; - nbt_string dns_domain; - nbt_string pdc_dns_name; - nbt_string domain; - nbt_string pdc_name; - nbt_string user_name; - nbt_string server_site; - nbt_string client_site; - uint8 unknown; - uint32 unknown2; - [flag(NDR_BIG_ENDIAN)] - ipv4address pdc_ip; - uint32 unknown3[2]; - uint32 nt_version; - uint16 lmnt_token; - uint16 lm20_token; - } nbt_netlogon_response_from_pdc2; - - typedef enum netr_SamDatabaseID netr_SamDatabaseID; - - /* announce change to UAS or SAM */ - typedef struct { - netr_SamDatabaseID db_index; - hyper serial; - NTTIME timestamp; - } nbt_db_change; + typedef [bitmap32bit,public] bitmap { + NETLOGON_NT_VERSION_1 = 0x00000001, + NETLOGON_NT_VERSION_5 = 0x00000002, + NETLOGON_NT_VERSION_5EX = 0x00000004, + NETLOGON_NT_VERSION_5EX_WITH_IP = 0x00000008, + NETLOGON_NT_VERSION_WITH_CLOSEST_SITE = 0x00000010, + NETLOGON_NT_VERSION_AVIOD_NT4EMUL = 0x01000000, + NETLOGON_NT_VERSION_PDC = 0x10000000, + NETLOGON_NT_VERSION_IP = 0x20000000, + NETLOGON_NT_VERSION_LOCAL = 0x40000000, + NETLOGON_NT_VERSION_GC = 0x80000000 + } netlogon_nt_version_flags; + + + typedef [enum16bit,public] enum { + LOGON_PRIMARY_QUERY = 7, /* Was also NETLOGON_QUERY_FOR_PDC */ + NETLOGON_ANNOUNCE_UAS = 10, + NETLOGON_RESPONSE_FROM_PDC = 12, + LOGON_SAM_LOGON_REQUEST = 18, /* Was also NETLOGON_QUERY_FOR_PDC2, NTLOGON_SAM_LOGON */ + LOGON_SAM_LOGON_RESPONSE = 19, /* Was also NTLOGON_SAM_LOGON_REPLY */ + LOGON_SAM_LOGON_PAUSE_RESPONSE = 20, + LOGON_SAM_LOGON_USER_UNKNOWN = 21, /* Was also NTLOGON_SAM_LOGON_REPLY15 */ + LOGON_SAM_LOGON_RESPONSE_EX = 23, /* was NETLOGON_RESPONSE_FROM_PDC2 */ + LOGON_SAM_LOGON_PAUSE_RESPONSE_EX = 24, + LOGON_SAM_LOGON_USER_UNKNOWN_EX = 25 /* was NETLOGON_RESPONSE_FROM_PDC_USER */ + } netlogon_command; + + typedef bitmap samr_AcctFlags samr_AcctFlags; - /* used to announce SAM changes */ typedef struct { - uint32 serial_lo; - time_t timestamp; - uint32 pulse; - uint32 random; - astring pdc_name; - astring domain; - [flag(NDR_ALIGN2)] DATA_BLOB _pad; - nstring unicode_pdc_name; - nstring unicode_domain; - uint32 db_count; - nbt_db_change dbchange[db_count]; + uint16 request_count; + nstring computer_name; + nstring user_name; + astring mailslot_name; + samr_AcctFlags acct_control; [value(ndr_size_dom_sid0(&sid, ndr->flags))] uint32 sid_size; [subcontext(0),subcontext_size(sid_size)] dom_sid0 sid; - uint32 nt_version; - uint16 lmnt_token; - uint16 lm20_token; - } nbt_netlogon_announce_uas; - - typedef [nodiscriminant] union { - [case(NETLOGON_QUERY_FOR_PDC)] nbt_netlogon_query_for_pdc pdc; - [case(NETLOGON_QUERY_FOR_PDC2)] nbt_netlogon_query_for_pdc2 pdc2; - [case(NETLOGON_ANNOUNCE_UAS)] nbt_netlogon_announce_uas uas; - [case(NETLOGON_RESPONSE_FROM_PDC)] nbt_netlogon_response_from_pdc response; - [case(NETLOGON_RESPONSE_FROM_PDC2)] nbt_netlogon_response_from_pdc2 response2; - [case(NETLOGON_RESPONSE_FROM_PDC_USER)] nbt_netlogon_response_from_pdc2 response2; - } nbt_netlogon_request; + netlogon_nt_version_flags nt_version; + uint16 lmnt_token; + uint16 lm20_token; + } NETLOGON_SAM_LOGON_REQUEST; typedef [flag(NDR_NOALIGN),public] struct { - nbt_netlogon_command command; - [switch_is(command)] nbt_netlogon_request req; - } nbt_netlogon_packet; - - /*******************************************/ - /* CLDAP netlogon response */ - - /* note that these structures are very similar to, but not - quite identical to, the netlogon structures above */ - - typedef struct { - uint16 type; - nstring pdc_name; + netlogon_command command; + nstring server; nstring user_name; - nstring domain_name; - [value(1)] uint32 nt_version; + nstring domain; + netlogon_nt_version_flags nt_version; uint16 lmnt_token; - uint16 lm20_token; - } nbt_cldap_netlogon_1; + uint16 lm20_token; + } NETLOGON_SAM_LOGON_RESPONSE_NT40; - typedef struct { - uint16 type; + typedef [flag(NDR_NOALIGN),public] struct { + netlogon_command command; nstring pdc_name; nstring user_name; nstring domain_name; GUID domain_uuid; - GUID unknown_uuid; + GUID zero_uuid; nbt_string forest; nbt_string dns_domain; nbt_string pdc_dns_name; ipv4address pdc_ip; nbt_server_type server_type; - [value(3)] uint32 nt_version; + netlogon_nt_version_flags nt_version; uint16 lmnt_token; uint16 lm20_token; - } nbt_cldap_netlogon_3; + } NETLOGON_SAM_LOGON_RESPONSE; - typedef struct { - uint32 type; + /* response from pdc hand marshaled (we have an additional + * function that uses this structure), as it has 'optional' + * parts */ + typedef [flag(NDR_NOALIGN),public] struct { + netlogon_command command; + uint16 sbz; /* From the docs */ nbt_server_type server_type; GUID domain_uuid; nbt_string forest; @@ -506,85 +447,91 @@ interface nbt nbt_string user_name; nbt_string server_site; nbt_string client_site; - [value(5)] uint32 nt_version; - uint16 lmnt_token; - uint16 lm20_token; - } nbt_cldap_netlogon_5; - typedef struct { - uint32 type; - nbt_server_type server_type; - GUID domain_uuid; - nbt_string forest; - nbt_string dns_domain; - nbt_string pdc_dns_name; - nbt_string domain; - nbt_string pdc_name; - nbt_string user_name; - nbt_string server_site; - nbt_string client_site; - uint8 unknown; - uint32 unknown2; - [flag(NDR_BIG_ENDIAN)] - ipv4address pdc_ip; - uint32 unknown3[2]; - [value(13)] uint32 nt_version; + /* Optional on NETLOGON_NT_VERSION_5EX_WITH_IP */ + [value(ndr_size_nbt_sockaddr(&sockaddr, ndr->flags))] uint8 sockaddr_size; + [subcontext(0),subcontext_size(sockaddr_size)] nbt_sockaddr sockaddr; + + /* Optional on NETLOGON_NT_VERSION_WITH_CLOSEST_SITE */ + nbt_string next_closest_site; + + netlogon_nt_version_flags nt_version; uint16 lmnt_token; uint16 lm20_token; - } nbt_cldap_netlogon_13; - - typedef [flag(NDR_NOALIGN),public,nodiscriminant] union { - [case(0)] nbt_cldap_netlogon_1 logon1; - [case(1)] nbt_cldap_netlogon_1 logon1; - [case(2)] nbt_cldap_netlogon_3 logon3; - [case(3)] nbt_cldap_netlogon_3 logon3; - [case(4)] nbt_cldap_netlogon_5 logon5; - [case(5)] nbt_cldap_netlogon_5 logon5; - [case(6)] nbt_cldap_netlogon_5 logon5; - [case(7)] nbt_cldap_netlogon_5 logon5; - [default] nbt_cldap_netlogon_13 logon13; - } nbt_cldap_netlogon; - - /*******************************************/ - /* \MAILSLOT\NET\NTLOGON mailslot requests */ - typedef enum { - NTLOGON_SAM_LOGON = 0x12, - NTLOGON_SAM_LOGON_REPLY = 0x13, - NTLOGON_SAM_LOGON_REPLY15 = 0x15 - } nbt_ntlogon_command; + } NETLOGON_SAM_LOGON_RESPONSE_EX; + /* query for pdc request */ typedef struct { - uint16 request_count; - nstring computer_name; - nstring user_name; + astring computer_name; astring mailslot_name; - uint32 acct_control; - [value(ndr_size_dom_sid0(&sid, ndr->flags))] uint32 sid_size; - [subcontext(0),subcontext_size(sid_size)] dom_sid0 sid; - uint32 nt_version; + [flag(NDR_ALIGN2)] DATA_BLOB _pad; + nstring unicode_name; + netlogon_nt_version_flags nt_version; uint16 lmnt_token; uint16 lm20_token; - } nbt_ntlogon_sam_logon; + } nbt_netlogon_query_for_pdc; - typedef struct { - nstring server; - nstring user_name; - nstring domain; - uint32 nt_version; + /* response from pdc */ + typedef [flag(NDR_NOALIGN),public] struct { + netlogon_command command; + astring pdc_name; + [flag(NDR_ALIGN2)] DATA_BLOB _pad; + nstring unicode_pdc_name; + nstring domain_name; + netlogon_nt_version_flags nt_version; uint16 lmnt_token; uint16 lm20_token; - } nbt_ntlogon_sam_logon_reply; + } nbt_netlogon_response_from_pdc; + + typedef enum netr_SamDatabaseID netr_SamDatabaseID; + + /* used to announce SAM changes - MS-NRPC 2.2.1.5.1 */ + typedef struct { + netr_SamDatabaseID db_index; + hyper serial; + NTTIME timestamp; + } nbt_db_change_info; + + typedef struct { + uint32 serial_lo; + time_t timestamp; + uint32 pulse; + uint32 random; + astring pdc_name; + astring domain; + [flag(NDR_ALIGN2)] DATA_BLOB _pad; + nstring unicode_pdc_name; + nstring unicode_domain; + uint32 db_count; + nbt_db_change_info dbchange[db_count]; + [value(ndr_size_dom_sid0(&sid, ndr->flags))] uint32 sid_size; + [subcontext(0),subcontext_size(sid_size)] dom_sid0 sid; + uint32 message_format_version; + uint32 message_token; + } NETLOGON_DB_CHANGE; typedef [nodiscriminant] union { - [case(NTLOGON_SAM_LOGON)] nbt_ntlogon_sam_logon logon; - [case(NTLOGON_SAM_LOGON_REPLY)] nbt_ntlogon_sam_logon_reply reply; - [case(NTLOGON_SAM_LOGON_REPLY15)] nbt_ntlogon_sam_logon_reply reply; - } nbt_ntlogon_request; + [case(LOGON_SAM_LOGON_REQUEST)] NETLOGON_SAM_LOGON_REQUEST logon; + [case(LOGON_PRIMARY_QUERY)] nbt_netlogon_query_for_pdc pdc; + [case(NETLOGON_ANNOUNCE_UAS)] NETLOGON_DB_CHANGE uas; + } nbt_netlogon_request; + +#if 0 + [case(NETLOGON_RESPONSE_FROM_PDC)] nbt_netlogon_response_from_pdc response; + [case(NETLOGON_RESPONSE_FROM_PDC_USER)] nbt_netlogon_response_from_pdc2 response2; + + [case(LOGON_SAM_LOGON_PAUSE_RESPONSE)] NETLOGON_SAM_LOGON_RESPONSE reply; + [case(LOGON_SAM_LOGON_RESPONSE)] NETLOGON_SAM_LOGON_RESPONSE reply; + [case(LOGON_SAM_LOGON_USER_UNKNOWN)] NETLOGON_SAM_LOGON_RESPONSE reply; + [case(LOGON_SAM_LOGON_RESPONSE_EX)] NETLOGON_SAM_LOGON_RESPONSE_EX reply_ex; + [case(LOGON_SAM_LOGON_PAUSE_RESPONSE_EX)] NETLOGON_SAM_LOGON_RESPONSE_EX reply_ex; + [case(LOGON_SAM_LOGON_USER_UNKNOWN_EX)] NETLOGON_SAM_LOGON_RESPONSE_EX reply_ex; +#endif typedef [flag(NDR_NOALIGN),public] struct { - nbt_ntlogon_command command; - [switch_is(command)] nbt_ntlogon_request req; - } nbt_ntlogon_packet; + netlogon_command command; + [switch_is(command)] nbt_netlogon_request req; + } nbt_netlogon_packet; /********************************************************/ /* \MAILSLOT\BROWSE mailslot requests */ diff --git a/source4/torture/ldap/cldap.c b/source4/torture/ldap/cldap.c index ca4d9b7705..bb77acd2d0 100644 --- a/source4/torture/ldap/cldap.c +++ b/source4/torture/ldap/cldap.c @@ -41,7 +41,7 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) struct cldap_socket *cldap; NTSTATUS status; struct cldap_netlogon search, empty_search; - union nbt_cldap_netlogon n1; + struct netlogon_samlogon_response n1; struct GUID guid; int i; @@ -51,7 +51,8 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) search.in.dest_address = dest; search.in.dest_port = lp_cldap_port(tctx->lp_ctx); search.in.acct_control = -1; - search.in.version = 6; + search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX; + search.in.map_response = true; empty_search = search; @@ -63,7 +64,7 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) n1 = search.out.netlogon; search.in.user = "Administrator"; - search.in.realm = n1.logon5.dns_domain; + search.in.realm = n1.nt5_ex.dns_domain; search.in.host = "__cldap_torture__"; printf("Scanning for netlogon levels\n"); @@ -91,8 +92,8 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) search.in.user = NULL; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.logon5.user_name, ""); - CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2); + CHECK_STRING(search.out.netlogon.nt5_ex.user_name, ""); + CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); printf("Trying with User=Administrator\n"); @@ -100,8 +101,8 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.logon5.user_name, search.in.user); - CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC_USER); + CHECK_STRING(search.out.netlogon.nt5_ex.user_name, search.in.user); + CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX); search.in.version = 6; status = cldap_netlogon(cldap, tctx, &search); @@ -112,8 +113,8 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) search.in.user = NULL; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.logon5.user_name, ""); - CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2); + CHECK_STRING(search.out.netlogon.nt5_ex.user_name, ""); + CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); printf("Trying with User=Administrator\n"); @@ -121,16 +122,16 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.logon5.user_name, search.in.user); - CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC_USER); + CHECK_STRING(search.out.netlogon.nt5_ex.user_name, search.in.user); + CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX); printf("Trying with a GUID\n"); search.in.realm = NULL; - search.in.domain_guid = GUID_string(tctx, &n1.logon5.domain_uuid); + search.in.domain_guid = GUID_string(tctx, &n1.nt5_ex.domain_uuid); status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC_USER); - CHECK_STRING(GUID_string(tctx, &search.out.netlogon.logon5.domain_uuid), search.in.domain_guid); + CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX); + CHECK_STRING(GUID_string(tctx, &search.out.netlogon.nt5_ex.domain_uuid), search.in.domain_guid); printf("Trying with a incorrect GUID\n"); guid = GUID_random(); @@ -141,15 +142,15 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) printf("Trying with a AAC\n"); search.in.acct_control = 0x180; - search.in.realm = n1.logon5.dns_domain; + search.in.realm = n1.nt5_ex.dns_domain; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2); - CHECK_STRING(search.out.netlogon.logon5.user_name, ""); + CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); + CHECK_STRING(search.out.netlogon.nt5_ex.user_name, ""); printf("Trying with a bad AAC\n"); search.in.acct_control = 0xFF00FF00; - search.in.realm = n1.logon5.dns_domain; + search.in.realm = n1.nt5_ex.dns_domain; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); @@ -158,15 +159,15 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) search.in.user = "Administrator"; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.logon5.dns_domain, n1.logon5.dns_domain); - CHECK_STRING(search.out.netlogon.logon5.user_name, search.in.user); + CHECK_STRING(search.out.netlogon.nt5_ex.dns_domain, n1.nt5_ex.dns_domain); + CHECK_STRING(search.out.netlogon.nt5_ex.user_name, search.in.user); printf("Trying with just a bad username\n"); search.in.user = "___no_such_user___"; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.logon5.user_name, search.in.user); - CHECK_STRING(search.out.netlogon.logon5.dns_domain, n1.logon5.dns_domain); + CHECK_STRING(search.out.netlogon.nt5_ex.user_name, search.in.user); + CHECK_STRING(search.out.netlogon.nt5_ex.dns_domain, n1.nt5_ex.dns_domain); printf("Trying with just a bad domain\n"); search = empty_search; @@ -175,29 +176,29 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) CHECK_STATUS(status, NT_STATUS_NOT_FOUND); printf("Trying with a incorrect domain and correct guid\n"); - search.in.domain_guid = GUID_string(tctx, &n1.logon5.domain_uuid); + search.in.domain_guid = GUID_string(tctx, &n1.nt5_ex.domain_uuid); status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.logon5.dns_domain, n1.logon5.dns_domain); - CHECK_STRING(search.out.netlogon.logon5.user_name, ""); - CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2); + CHECK_STRING(search.out.netlogon.nt5_ex.dns_domain, n1.nt5_ex.dns_domain); + CHECK_STRING(search.out.netlogon.nt5_ex.user_name, ""); + CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); printf("Trying with a incorrect domain and incorrect guid\n"); search.in.domain_guid = GUID_string(tctx, &guid); status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_NOT_FOUND); - CHECK_STRING(search.out.netlogon.logon5.dns_domain, n1.logon5.dns_domain); - CHECK_STRING(search.out.netlogon.logon5.user_name, ""); - CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2); + CHECK_STRING(search.out.netlogon.nt5_ex.dns_domain, n1.nt5_ex.dns_domain); + CHECK_STRING(search.out.netlogon.nt5_ex.user_name, ""); + CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); printf("Trying with a incorrect GUID and correct domain\n"); search.in.domain_guid = GUID_string(tctx, &guid); - search.in.realm = n1.logon5.dns_domain; + search.in.realm = n1.nt5_ex.dns_domain; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.logon5.dns_domain, n1.logon5.dns_domain); - CHECK_STRING(search.out.netlogon.logon5.user_name, ""); - CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2); + CHECK_STRING(search.out.netlogon.nt5_ex.dns_domain, n1.nt5_ex.dns_domain); + CHECK_STRING(search.out.netlogon.nt5_ex.user_name, ""); + CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); return true; } diff --git a/source4/torture/nbt/dgram.c b/source4/torture/nbt/dgram.c index a3585896eb..e039aac509 100644 --- a/source4/torture/nbt/dgram.c +++ b/source4/torture/nbt/dgram.c @@ -42,7 +42,7 @@ static void netlogon_handler(struct dgram_mailslot_handler *dgmslot, struct socket_address *src) { NTSTATUS status; - struct nbt_netlogon_packet netlogon; + struct nbt_netlogon_response netlogon; int *replies = (int *)dgmslot->private; printf("netlogon reply from %s:%d\n", src->addr, src->port); @@ -54,8 +54,6 @@ static void netlogon_handler(struct dgram_mailslot_handler *dgmslot, return; } - NDR_PRINT_DEBUG(nbt_netlogon_packet, &netlogon); - (*replies)++; } @@ -101,7 +99,7 @@ static bool nbt_test_netlogon(struct torture_context *tctx) /* try receiving replies on port 138 first, which will only work if we are root and smbd/nmbd are not running - fall back to listening on any port, which means replies from - some windows versions won't be seen */ + most windows versions won't be seen */ status = socket_listen(dgmsock->sock, socket_address, 0, 0); if (!NT_STATUS_IS_OK(status)) { talloc_free(socket_address); @@ -117,7 +115,7 @@ static bool nbt_test_netlogon(struct torture_context *tctx) netlogon_handler, &replies); ZERO_STRUCT(logon); - logon.command = NETLOGON_QUERY_FOR_PDC; + logon.command = LOGON_PRIMARY_QUERY; logon.req.pdc.computer_name = TEST_NAME; logon.req.pdc.mailslot_name = dgmslot->mailslot_name; logon.req.pdc.unicode_name = TEST_NAME; @@ -132,6 +130,7 @@ static bool nbt_test_netlogon(struct torture_context *tctx) torture_assert(tctx, dest != NULL, "Error getting address"); status = dgram_mailslot_netlogon_send(dgmsock, &name, dest, + NBT_MAILSLOT_NETLOGON, &myname, &logon); torture_assert_ntstatus_ok(tctx, status, "Failed to send netlogon request"); @@ -200,14 +199,14 @@ static bool nbt_test_netlogon2(struct torture_context *tctx) ZERO_STRUCT(logon); - logon.command = NETLOGON_QUERY_FOR_PDC2; - logon.req.pdc2.request_count = 0; - logon.req.pdc2.computer_name = TEST_NAME; - logon.req.pdc2.user_name = ""; - logon.req.pdc2.mailslot_name = dgmslot->mailslot_name; - logon.req.pdc2.nt_version = 11; - logon.req.pdc2.lmnt_token = 0xFFFF; - logon.req.pdc2.lm20_token = 0xFFFF; + logon.command = LOGON_SAM_LOGON_REQUEST; + logon.req.logon.request_count = 0; + logon.req.logon.computer_name = TEST_NAME; + logon.req.logon.user_name = ""; + logon.req.logon.mailslot_name = dgmslot->mailslot_name; + logon.req.logon.nt_version = 11; + logon.req.logon.lmnt_token = 0xFFFF; + logon.req.logon.lm20_token = 0xFFFF; make_nbt_name_client(&myname, TEST_NAME); @@ -216,6 +215,7 @@ static bool nbt_test_netlogon2(struct torture_context *tctx) torture_assert(tctx, dest != NULL, "Error getting address"); status = dgram_mailslot_netlogon_send(dgmsock, &name, dest, + NBT_MAILSLOT_NETLOGON, &myname, &logon); torture_assert_ntstatus_ok(tctx, status, "Failed to send netlogon request"); @@ -227,32 +227,6 @@ static bool nbt_test_netlogon2(struct torture_context *tctx) } -/* - reply handler for ntlogon request -*/ -static void ntlogon_handler(struct dgram_mailslot_handler *dgmslot, - struct nbt_dgram_packet *packet, - struct socket_address *src) -{ - NTSTATUS status; - struct nbt_ntlogon_packet ntlogon; - int *replies = (int *)dgmslot->private; - - printf("ntlogon reply from %s:%d\n", src->addr, src->port); - - status = dgram_mailslot_ntlogon_parse(dgmslot, dgmslot, packet, &ntlogon); - if (!NT_STATUS_IS_OK(status)) { - printf("Failed to parse ntlogon packet from %s:%d\n", - src->addr, src->port); - return; - } - - NDR_PRINT_DEBUG(nbt_ntlogon_packet, &ntlogon); - - (*replies)++; -} - - /* test UDP/138 ntlogon requests */ static bool nbt_test_ntlogon(struct torture_context *tctx) { @@ -265,7 +239,7 @@ static bool nbt_test_ntlogon(struct torture_context *tctx) const struct dom_sid *dom_sid; const char *myaddress; - struct nbt_ntlogon_packet logon; + struct nbt_netlogon_packet logon; struct nbt_name myname; NTSTATUS status; struct timeval tv = timeval_current(); @@ -296,7 +270,7 @@ static bool nbt_test_ntlogon(struct torture_context *tctx) /* try receiving replies on port 138 first, which will only work if we are root and smbd/nmbd are not running - fall back to listening on any port, which means replies from - some windows versions won't be seen */ + most windows versions won't be seen */ status = socket_listen(dgmsock->sock, socket_address, 0, 0); if (!NT_STATUS_IS_OK(status)) { talloc_free(socket_address); @@ -317,17 +291,17 @@ static bool nbt_test_ntlogon(struct torture_context *tctx) /* setup a temporary mailslot listener for replies */ dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC, - ntlogon_handler, &replies); + netlogon_handler, &replies); ZERO_STRUCT(logon); - logon.command = NTLOGON_SAM_LOGON; + logon.command = LOGON_SAM_LOGON_REQUEST; logon.req.logon.request_count = 0; logon.req.logon.computer_name = TEST_NAME; logon.req.logon.user_name = TEST_NAME"$"; logon.req.logon.mailslot_name = dgmslot->mailslot_name; logon.req.logon.acct_control = ACB_WSTRUST; - logon.req.logon.sid = *dom_sid; + /* Leave sid as all zero */ logon.req.logon.nt_version = 1; logon.req.logon.lmnt_token = 0xFFFF; logon.req.logon.lm20_token = 0xFFFF; @@ -337,8 +311,10 @@ static bool nbt_test_ntlogon(struct torture_context *tctx) dest = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name, address, lp_dgram_port(tctx->lp_ctx)); torture_assert(tctx, dest != NULL, "Error getting address"); - status = dgram_mailslot_ntlogon_send(dgmsock, DGRAM_DIRECT_UNIQUE, - &name, dest, &myname, &logon); + status = dgram_mailslot_netlogon_send(dgmsock, + &name, dest, + NBT_MAILSLOT_NTLOGON, + &myname, &logon); torture_assert_ntstatus_ok(tctx, status, "Failed to send ntlogon request"); while (timeval_elapsed(&tv) < 5 && replies == 0) { diff --git a/source4/torture/rpc/dssync.c b/source4/torture/rpc/dssync.c index 00617f4072..989a1faf27 100644 --- a/source4/torture/rpc/dssync.c +++ b/source4/torture/rpc/dssync.c @@ -288,16 +288,17 @@ static bool test_GetInfo(struct torture_context *tctx, struct DsSyncTest *ctx) search.in.dest_address = ctx->drsuapi_binding->host; search.in.dest_port = lp_cldap_port(tctx->lp_ctx); search.in.acct_control = -1; - search.in.version = 6; + search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX; + search.in.map_response = true; status = cldap_netlogon(cldap, ctx, &search); if (!NT_STATUS_IS_OK(status)) { const char *errstr = nt_errstr(status); ctx->site_name = talloc_asprintf(ctx, "%s", "Default-First-Site-Name"); printf("cldap_netlogon() returned %s. Defaulting to Site-Name: %s\n", errstr, ctx->site_name); } else { - ctx->site_name = talloc_steal(ctx, search.out.netlogon.logon5.client_site); + ctx->site_name = talloc_steal(ctx, search.out.netlogon.nt5_ex.client_site); printf("cldap_netlogon() returned Client Site-Name: %s.\n",ctx->site_name); - printf("cldap_netlogon() returned Server Site-Name: %s.\n",search.out.netlogon.logon5.server_site); + printf("cldap_netlogon() returned Server Site-Name: %s.\n",search.out.netlogon.nt5_ex.server_site); } return ret; |