diff options
| -rw-r--r-- | source4/libcli/cldap/cldap.c | 35 | ||||
| -rw-r--r-- | source4/libcli/cldap/cldap.h | 7 | ||||
| -rw-r--r-- | source4/libcli/config.mk | 13 | ||||
| -rw-r--r-- | source4/libcli/dgram/libdgram.h | 21 | ||||
| -rw-r--r-- | source4/libcli/dgram/netlogon.c | 22 | ||||
| -rw-r--r-- | source4/libcli/dgram/ntlogon.c | 128 | ||||
| -rw-r--r-- | source4/libnet/libnet_become_dc.c | 24 | ||||
| -rw-r--r-- | source4/libnet/libnet_site.c | 7 | ||||
| -rw-r--r-- | source4/libnet/libnet_unbecome_dc.c | 21 | ||||
| -rw-r--r-- | source4/librpc/config.mk | 2 | ||||
| -rw-r--r-- | source4/librpc/idl/nbt.idl | 325 | ||||
| -rw-r--r-- | source4/torture/ldap/cldap.c | 67 | ||||
| -rw-r--r-- | source4/torture/nbt/dgram.c | 68 | ||||
| -rw-r--r-- | source4/torture/rpc/dssync.c | 7 |
14 files changed, 264 insertions, 483 deletions
diff --git a/source4/libcli/cldap/cldap.c b/source4/libcli/cldap/cldap.c index 614bd51d2a..3867f3d3fd 100644 --- a/source4/libcli/cldap/cldap.c +++ b/source4/libcli/cldap/cldap.c @@ -595,7 +595,6 @@ NTSTATUS cldap_netlogon_recv(struct cldap_request *req, struct cldap_netlogon *io) { NTSTATUS status; - enum ndr_err_code ndr_err; struct cldap_search search; struct cldap_socket *cldap; DATA_BLOB *data; @@ -618,18 +617,15 @@ NTSTATUS cldap_netlogon_recv(struct cldap_request *req, } data = search.out.response->attributes[0].values; - ndr_err = ndr_pull_union_blob_all(data, mem_ctx, - cldap->iconv_convenience, - &io->out.netlogon, - io->in.version & 0xF, - (ndr_pull_flags_fn_t)ndr_pull_nbt_cldap_netlogon); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - DEBUG(2,("cldap failed to parse netlogon response of type 0x%02x\n", - SVAL(data->data, 0))); - dump_data(10, data->data, data->length); - return ndr_map_error2ntstatus(ndr_err); + status = pull_netlogon_samlogon_response(data, mem_ctx, req->cldap->iconv_convenience, + &io->out.netlogon); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + if (io->in.map_response) { + map_netlogon_samlogon_response(&io->out.netlogon); } - return NT_STATUS_OK; } @@ -704,25 +700,20 @@ NTSTATUS cldap_netlogon_reply(struct cldap_socket *cldap, uint32_t message_id, struct socket_address *src, uint32_t version, - union nbt_cldap_netlogon *netlogon) + struct netlogon_samlogon_response *netlogon) { NTSTATUS status; - enum ndr_err_code ndr_err; struct cldap_reply reply; struct ldap_SearchResEntry response; struct ldap_Result result; TALLOC_CTX *tmp_ctx = talloc_new(cldap); DATA_BLOB blob; - ndr_err = ndr_push_union_blob(&blob, tmp_ctx, - cldap->iconv_convenience, - netlogon, version & 0xF, - (ndr_push_flags_fn_t)ndr_push_nbt_cldap_netlogon); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - talloc_free(tmp_ctx); - return ndr_map_error2ntstatus(ndr_err); - } + status = push_netlogon_samlogon_response(&blob, tmp_ctx, cldap->iconv_convenience, + netlogon); + if (!NT_STATUS_IS_OK(status)) { + } reply.messageid = message_id; reply.dest = src; reply.response = &response; diff --git a/source4/libcli/cldap/cldap.h b/source4/libcli/cldap/cldap.h index eb0191d0f4..7c2daf0ca2 100644 --- a/source4/libcli/cldap/cldap.h +++ b/source4/libcli/cldap/cldap.h @@ -20,7 +20,7 @@ */ #include "lib/util/asn1.h" -#include "librpc/gen_ndr/nbt.h" +#include "libcli/netlogon.h" struct ldap_message; @@ -161,9 +161,10 @@ struct cldap_netlogon { const char *domain_sid; int acct_control; uint32_t version; + bool map_response; } in; struct { - union nbt_cldap_netlogon netlogon; + struct netlogon_samlogon_response netlogon; } out; }; @@ -178,4 +179,4 @@ NTSTATUS cldap_netlogon_reply(struct cldap_socket *cldap, uint32_t message_id, struct socket_address *src, uint32_t version, - union nbt_cldap_netlogon *netlogon); + struct netlogon_samlogon_response *netlogon); diff --git a/source4/libcli/config.mk b/source4/libcli/config.mk index 95b45003be..08c08043a6 100644 --- a/source4/libcli/config.mk +++ b/source4/libcli/config.mk @@ -53,6 +53,14 @@ LIBCLI_NBT_OBJ_FILES = $(addprefix libcli/nbt/, \ namerefresh.o \ namerelease.o) +[SUBSYSTEM::LIBCLI_NETLOGON] +PRIVATE_PROTO_HEADER = netlogon_proto.h +PUBLIC_DEPENDENCIES = LIBNDR NDR_NBT \ + NDR_SECURITY LIBSAMBA-UTIL + +LIBCLI_NETLOGON_OBJ_FILES = $(addprefix libcli/, \ + netlogon.o) + [PYTHON::python_libcli_nbt] SWIG_FILE = swig/libcli_nbt.i PUBLIC_DEPENDENCIES = LIBCLI_NBT DYNCONFIG LIBSAMBA-HOSTCONFIG @@ -66,18 +74,17 @@ PUBLIC_DEPENDENCIES = LIBCLI_SMB DYNCONFIG LIBSAMBA-HOSTCONFIG python_libcli_smb_OBJ_FILES = libcli/swig/libcli_smb_wrap.o [SUBSYSTEM::LIBCLI_DGRAM] -PUBLIC_DEPENDENCIES = LIBCLI_NBT LIBNDR LIBCLI_RESOLVE +PUBLIC_DEPENDENCIES = LIBCLI_NBT LIBNDR LIBCLI_RESOLVE LIBCLI_NETLOGON LIBCLI_DGRAM_OBJ_FILES = $(addprefix libcli/dgram/, \ dgramsocket.o \ mailslot.o \ netlogon.o \ - ntlogon.o \ browse.o) [SUBSYSTEM::LIBCLI_CLDAP] PUBLIC_DEPENDENCIES = LIBCLI_LDAP -PRIVATE_DEPENDENCIES = LIBSAMBA-UTIL LIBLDB +PRIVATE_DEPENDENCIES = LIBSAMBA-UTIL LIBLDB LIBCLI_NETLOGON LIBCLI_CLDAP_OBJ_FILES = libcli/cldap/cldap.o # PUBLIC_HEADERS += libcli/cldap/cldap.h diff --git a/source4/libcli/dgram/libdgram.h b/source4/libcli/dgram/libdgram.h index 707cca8cc5..3eac78f5e8 100644 --- a/source4/libcli/dgram/libdgram.h +++ b/source4/libcli/dgram/libdgram.h @@ -19,7 +19,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. */ -#include "librpc/gen_ndr/nbt.h" +#include "libcli/netlogon.h" /* a datagram name request @@ -121,6 +121,7 @@ NTSTATUS dgram_mailslot_send(struct nbt_dgram_socket *dgmsock, NTSTATUS dgram_mailslot_netlogon_send(struct nbt_dgram_socket *dgmsock, struct nbt_name *dest_name, struct socket_address *dest, + const char *mailslot_name, struct nbt_name *src_name, struct nbt_netlogon_packet *request); NTSTATUS dgram_mailslot_netlogon_reply(struct nbt_dgram_socket *dgmsock, @@ -131,23 +132,7 @@ NTSTATUS dgram_mailslot_netlogon_reply(struct nbt_dgram_socket *dgmsock, NTSTATUS dgram_mailslot_netlogon_parse(struct dgram_mailslot_handler *dgmslot, TALLOC_CTX *mem_ctx, struct nbt_dgram_packet *dgram, - struct nbt_netlogon_packet *netlogon); - -NTSTATUS dgram_mailslot_ntlogon_send(struct nbt_dgram_socket *dgmsock, - enum dgram_msg_type msg_type, - struct nbt_name *dest_name, - struct socket_address *dest, - struct nbt_name *src_name, - struct nbt_ntlogon_packet *request); -NTSTATUS dgram_mailslot_ntlogon_reply(struct nbt_dgram_socket *dgmsock, - struct nbt_dgram_packet *request, - const char *my_netbios_name, - const char *mailslot_name, - struct nbt_ntlogon_packet *reply); -NTSTATUS dgram_mailslot_ntlogon_parse(struct dgram_mailslot_handler *dgmslot, - TALLOC_CTX *mem_ctx, - struct nbt_dgram_packet *dgram, - struct nbt_ntlogon_packet *ntlogon); + struct nbt_netlogon_response *netlogon); NTSTATUS dgram_mailslot_browse_send(struct nbt_dgram_socket *dgmsock, struct nbt_name *dest_name, diff --git a/source4/libcli/dgram/netlogon.c b/source4/libcli/dgram/netlogon.c index 5c7dedc7bb..c097127083 100644 --- a/source4/libcli/dgram/netlogon.c +++ b/source4/libcli/dgram/netlogon.c @@ -32,6 +32,7 @@ NTSTATUS dgram_mailslot_netlogon_send(struct nbt_dgram_socket *dgmsock, struct nbt_name *dest_name, struct socket_address *dest, + const char *mailslot, struct nbt_name *src_name, struct nbt_netlogon_packet *request) { @@ -51,7 +52,7 @@ NTSTATUS dgram_mailslot_netlogon_send(struct nbt_dgram_socket *dgmsock, status = dgram_mailslot_send(dgmsock, DGRAM_DIRECT_UNIQUE, - NBT_MAILSLOT_NETLOGON, + mailslot, dest_name, dest, src_name, &blob); talloc_free(tmp_ctx); @@ -109,21 +110,16 @@ NTSTATUS dgram_mailslot_netlogon_reply(struct nbt_dgram_socket *dgmsock, NTSTATUS dgram_mailslot_netlogon_parse(struct dgram_mailslot_handler *dgmslot, TALLOC_CTX *mem_ctx, struct nbt_dgram_packet *dgram, - struct nbt_netlogon_packet *netlogon) + struct nbt_netlogon_response *netlogon) { + NTSTATUS status; DATA_BLOB data = dgram_mailslot_data(dgram); - enum ndr_err_code ndr_err; - - ndr_err = ndr_pull_struct_blob(&data, mem_ctx, dgmslot->dgmsock->iconv_convenience, netlogon, - (ndr_pull_flags_fn_t)ndr_pull_nbt_netlogon_packet); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - NTSTATUS status = ndr_map_error2ntstatus(ndr_err); - DEBUG(0,("Failed to parse netlogon packet of length %d: %s\n", - (int)data.length, nt_errstr(status))); - if (DEBUGLVL(10)) { - file_save("netlogon.dat", data.data, data.length); - } + + status = pull_nbt_netlogon_response(&data, mem_ctx, dgmslot->dgmsock->iconv_convenience, netlogon); + if (!NT_STATUS_IS_OK(status)) { return status; } + return NT_STATUS_OK; } + diff --git a/source4/libcli/dgram/ntlogon.c b/source4/libcli/dgram/ntlogon.c deleted file mode 100644 index 7b26ed7c00..0000000000 --- a/source4/libcli/dgram/ntlogon.c +++ /dev/null @@ -1,128 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - handling for ntlogon dgram requests - - Copyright (C) Andrew Tridgell 2005 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include "libcli/dgram/libdgram.h" -#include "lib/socket/socket.h" -#include "libcli/resolve/resolve.h" -#include "librpc/gen_ndr/ndr_nbt.h" -#include "param/param.h" - -/* - send a ntlogon mailslot request -*/ -NTSTATUS dgram_mailslot_ntlogon_send(struct nbt_dgram_socket *dgmsock, - enum dgram_msg_type msg_type, - struct nbt_name *dest_name, - struct socket_address *dest, - struct nbt_name *src_name, - struct nbt_ntlogon_packet *request) -{ - NTSTATUS status; - enum ndr_err_code ndr_err; - DATA_BLOB blob; - TALLOC_CTX *tmp_ctx = talloc_new(dgmsock); - - ndr_err = ndr_push_struct_blob(&blob, tmp_ctx, dgmsock->iconv_convenience, - request, - (ndr_push_flags_fn_t)ndr_push_nbt_ntlogon_packet); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - talloc_free(tmp_ctx); - return ndr_map_error2ntstatus(ndr_err); - } - - - status = dgram_mailslot_send(dgmsock, msg_type, - NBT_MAILSLOT_NTLOGON, - dest_name, dest, - src_name, &blob); - talloc_free(tmp_ctx); - return status; -} - - -/* - send a ntlogon mailslot reply -*/ -NTSTATUS dgram_mailslot_ntlogon_reply(struct nbt_dgram_socket *dgmsock, - struct nbt_dgram_packet *request, - const char *my_netbios_name, - const char *mailslot_name, - struct nbt_ntlogon_packet *reply) -{ - NTSTATUS status; - enum ndr_err_code ndr_err; - DATA_BLOB blob; - TALLOC_CTX *tmp_ctx = talloc_new(dgmsock); - struct nbt_name myname; - struct socket_address *dest; - - ndr_err = ndr_push_struct_blob(&blob, tmp_ctx, dgmsock->iconv_convenience, reply, - (ndr_push_flags_fn_t)ndr_push_nbt_ntlogon_packet); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - talloc_free(tmp_ctx); - return ndr_map_error2ntstatus(ndr_err); - } - - make_nbt_name_client(&myname, my_netbios_name); - - dest = socket_address_from_strings(tmp_ctx, - dgmsock->sock->backend_name, - request->src_addr, request->src_port); - if (!dest) { - talloc_free(tmp_ctx); - return NT_STATUS_NO_MEMORY; - } - - status = dgram_mailslot_send(dgmsock, DGRAM_DIRECT_UNIQUE, - mailslot_name, - &request->data.msg.source_name, - dest, - &myname, &blob); - talloc_free(tmp_ctx); - return status; -} - - -/* - parse a ntlogon response. The packet must be a valid mailslot packet -*/ -NTSTATUS dgram_mailslot_ntlogon_parse(struct dgram_mailslot_handler *dgmslot, - TALLOC_CTX *mem_ctx, - struct nbt_dgram_packet *dgram, - struct nbt_ntlogon_packet *ntlogon) -{ - DATA_BLOB data = dgram_mailslot_data(dgram); - enum ndr_err_code ndr_err; - - ndr_err = ndr_pull_struct_blob(&data, mem_ctx, dgmslot->dgmsock->iconv_convenience, ntlogon, - (ndr_pull_flags_fn_t)ndr_pull_nbt_ntlogon_packet); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - NTSTATUS status = ndr_map_error2ntstatus(ndr_err); - DEBUG(0,("Failed to parse ntlogon packet of length %d: %s\n", - (int)data.length, nt_errstr(status))); - if (DEBUGLVL(10)) { - file_save("ntlogon.dat", data.data, data.length); - } - return status; - } - return NT_STATUS_OK; -} diff --git a/source4/libnet/libnet_become_dc.c b/source4/libnet/libnet_become_dc.c index e8a5329985..1c4c1d0732 100644 --- a/source4/libnet/libnet_become_dc.c +++ b/source4/libnet/libnet_become_dc.c @@ -30,6 +30,7 @@ #include "libcli/security/security.h" #include "librpc/gen_ndr/ndr_misc.h" #include "librpc/gen_ndr/ndr_security.h" +#include "librpc/gen_ndr/ndr_nbt.h" #include "librpc/gen_ndr/ndr_drsuapi.h" #include "auth/gensec/gensec.h" #include "param/param.h" @@ -687,7 +688,7 @@ struct libnet_BecomeDC_state { struct { struct cldap_socket *sock; struct cldap_netlogon io; - struct nbt_cldap_netlogon_5 netlogon5; + struct NETLOGON_SAM_LOGON_RESPONSE_EX netlogon; } cldap; struct becomeDC_ldap { @@ -745,7 +746,8 @@ static void becomeDC_send_cldap(struct libnet_BecomeDC_state *s) s->cldap.io.in.domain_guid = NULL; s->cldap.io.in.domain_sid = NULL; s->cldap.io.in.acct_control = -1; - s->cldap.io.in.version = 6; + s->cldap.io.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX; + s->cldap.io.in.map_response = true; s->cldap.sock = cldap_socket_init(s, s->libnet->event_ctx, lp_iconv_convenience(s->libnet->lp_ctx)); @@ -768,19 +770,19 @@ static void becomeDC_recv_cldap(struct cldap_request *req) c->status = cldap_netlogon_recv(req, s, &s->cldap.io); if (!composite_is_ok(c)) return; - s->cldap.netlogon5 = s->cldap.io.out.netlogon.logon5; + s->cldap.netlogon = s->cldap.io.out.netlogon.nt5_ex; - s->domain.dns_name = s->cldap.netlogon5.dns_domain; - s->domain.netbios_name = s->cldap.netlogon5.domain; - s->domain.guid = s->cldap.netlogon5.domain_uuid; + s->domain.dns_name = s->cldap.netlogon.dns_domain; + s->domain.netbios_name = s->cldap.netlogon.domain; + s->domain.guid = s->cldap.netlogon.domain_uuid; - s->forest.dns_name = s->cldap.netlogon5.forest; + s->forest.dns_name = s->cldap.netlogon.forest; - s->source_dsa.dns_name = s->cldap.netlogon5.pdc_dns_name; - s->source_dsa.netbios_name = s->cldap.netlogon5.pdc_name; - s->source_dsa.site_name = s->cldap.netlogon5.server_site; + s->source_dsa.dns_name = s->cldap.netlogon.pdc_dns_name; + s->source_dsa.netbios_name = s->cldap.netlogon.pdc_name; + s->source_dsa.site_name = s->cldap.netlogon.server_site; - s->dest_dsa.site_name = s->cldap.netlogon5.client_site; + s->dest_dsa.site_name = s->cldap.netlogon.client_site; becomeDC_connect_ldap1(s); } diff --git a/source4/libnet/libnet_site.c b/source4/libnet/libnet_site.c index f39d9e039c..bb65de1f54 100644 --- a/source4/libnet/libnet_site.c +++ b/source4/libnet/libnet_site.c @@ -53,11 +53,12 @@ NTSTATUS libnet_FindSite(TALLOC_CTX *ctx, struct libnet_context *lctx, struct li search.in.dest_address = r->in.dest_address; search.in.dest_port = r->in.cldap_port; search.in.acct_control = -1; - search.in.version = 6; + search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX; + search.in.map_response = true; cldap = cldap_socket_init(tmp_ctx, lctx->event_ctx, lp_iconv_convenience(global_loadparm)); status = cldap_netlogon(cldap, tmp_ctx, &search); - if (!NT_STATUS_IS_OK(status)) { + if (!NT_STATUS_IS_OK(status) || !search.out.netlogon.nt5_ex.client_site) { /* If cldap_netlogon() returns in error, default to using Default-First-Site-Name. @@ -71,7 +72,7 @@ NTSTATUS libnet_FindSite(TALLOC_CTX *ctx, struct libnet_context *lctx, struct li } } else { site_name_str = talloc_asprintf(tmp_ctx, "%s", - search.out.netlogon.logon5.client_site); + search.out.netlogon.nt5_ex.client_site); if (!site_name_str) { r->out.error_string = NULL; talloc_free(tmp_ctx); diff --git a/source4/libnet/libnet_unbecome_dc.c b/source4/libnet/libnet_unbecome_dc.c index 6f06585880..cff919018a 100644 --- a/source4/libnet/libnet_unbecome_dc.c +++ b/source4/libnet/libnet_unbecome_dc.c @@ -193,7 +193,7 @@ struct libnet_UnbecomeDC_state { struct { struct cldap_socket *sock; struct cldap_netlogon io; - struct nbt_cldap_netlogon_5 netlogon5; + struct NETLOGON_SAM_LOGON_RESPONSE_EX netlogon; } cldap; struct { @@ -265,7 +265,8 @@ static void unbecomeDC_send_cldap(struct libnet_UnbecomeDC_state *s) s->cldap.io.in.domain_guid = NULL; s->cldap.io.in.domain_sid = NULL; s->cldap.io.in.acct_control = -1; - s->cldap.io.in.version = 6; + s->cldap.io.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX; + s->cldap.io.in.map_response = true; s->cldap.sock = cldap_socket_init(s, s->libnet->event_ctx, lp_iconv_convenience(s->libnet->lp_ctx)); @@ -288,17 +289,17 @@ static void unbecomeDC_recv_cldap(struct cldap_request *req) c->status = cldap_netlogon_recv(req, s, &s->cldap.io); if (!composite_is_ok(c)) return; - s->cldap.netlogon5 = s->cldap.io.out.netlogon.logon5; + s->cldap.netlogon = s->cldap.io.out.netlogon.nt5_ex; - s->domain.dns_name = s->cldap.netlogon5.dns_domain; - s->domain.netbios_name = s->cldap.netlogon5.domain; - s->domain.guid = s->cldap.netlogon5.domain_uuid; + s->domain.dns_name = s->cldap.netlogon.dns_domain; + s->domain.netbios_name = s->cldap.netlogon.domain; + s->domain.guid = s->cldap.netlogon.domain_uuid; - s->source_dsa.dns_name = s->cldap.netlogon5.pdc_dns_name; - s->source_dsa.netbios_name = s->cldap.netlogon5.pdc_name; - s->source_dsa.site_name = s->cldap.netlogon5.server_site; + s->source_dsa.dns_name = s->cldap.netlogon.pdc_dns_name; + s->source_dsa.netbios_name = s->cldap.netlogon.pdc_name; + s->source_dsa.site_name = s->cldap.netlogon.server_site; - s->dest_dsa.site_name = s->cldap.netlogon5.client_site; + s->dest_dsa.site_name = s->cldap.netlogon.client_site; unbecomeDC_connect_ldap(s); } diff --git a/source4/librpc/config.mk b/source4/librpc/config.mk index 24fad8c9c4..0b136644d8 100644 --- a/source4/librpc/config.mk +++ b/source4/librpc/config.mk @@ -325,7 +325,7 @@ PUBLIC_DEPENDENCIES = LIBNDR NDR_NBT NDR_SCHANNEL_OBJ_FILES = librpc/gen_ndr/ndr_schannel.o [SUBSYSTEM::NDR_NBT] -PUBLIC_DEPENDENCIES = LIBNDR NDR_MISC NDR_NBT_BUF NDR_SVCCTL NDR_SECURITY +PUBLIC_DEPENDENCIES = LIBNDR NDR_MISC NDR_NBT_BUF NDR_SVCCTL NDR_SECURITY NDR_SAMR NDR_NBT_OBJ_FILES = librpc/gen_ndr/ndr_nbt.o diff --git a/source4/librpc/idl/nbt.idl b/source4/librpc/idl/nbt.idl index dddfa4e1ce..74e07210cd 100644 --- a/source4/librpc/idl/nbt.idl +++ b/source4/librpc/idl/nbt.idl @@ -8,7 +8,7 @@ encoding if it doesn't work out */ -import "misc.idl", "security.idl", "svcctl.idl"; +import "misc.idl", "security.idl", "svcctl.idl", "samr.idl"; [ helper("libcli/nbt/libnbt.h") ] @@ -338,52 +338,19 @@ interface nbt } nbt_dgram_packet; - /*******************************************/ - /* \MAILSLOT\NET\NETLOGON mailslot requests */ - typedef enum { - NETLOGON_QUERY_FOR_PDC = 0x7, - NETLOGON_ANNOUNCE_UAS = 0xa, - NETLOGON_RESPONSE_FROM_PDC = 0xc, - NETLOGON_QUERY_FOR_PDC2 = 0x12, - NETLOGON_RESPONSE_FROM_PDC2 = 0x17, - NETLOGON_RESPONSE_FROM_PDC_USER = 0x19 - } nbt_netlogon_command; - - /* query for pdc request */ - typedef struct { - astring computer_name; - astring mailslot_name; - [flag(NDR_ALIGN2)] DATA_BLOB _pad; - nstring unicode_name; - uint32 nt_version; - uint16 lmnt_token; - uint16 lm20_token; - } nbt_netlogon_query_for_pdc; - - /* query for pdc request - new style */ - typedef struct { - uint16 request_count; - nstring computer_name; - nstring user_name; - astring mailslot_name; - uint32 unknown[2]; - uint32 nt_version; - uint16 lmnt_token; - uint16 lm20_token; - } nbt_netlogon_query_for_pdc2; + /****************************************** + * \MAILSLOT\NET\NETLOGON mailslot requests + * and + * \MAILSLOT\NET\NTLOGON mailslot requests + */ - /* response from pdc */ - typedef struct { - astring pdc_name; - [flag(NDR_ALIGN2)] DATA_BLOB _pad; - nstring unicode_pdc_name; - nstring domain_name; - uint32 nt_version; - uint16 lmnt_token; - uint16 lm20_token; - } nbt_netlogon_response_from_pdc; + typedef [public,gensize] struct { + uint32 sa_family; + [flag(NDR_BIG_ENDIAN)] ipv4address pdc_ip; + [flag(NDR_REMAINING)] DATA_BLOB remaining; + } nbt_sockaddr; - typedef [bitmap32bit] bitmap { + typedef [bitmap32bit,public] bitmap { NBT_SERVER_PDC = 0x00000001, NBT_SERVER_GC = 0x00000004, NBT_SERVER_LDAP = 0x00000008, @@ -395,107 +362,81 @@ interface nbt NBT_SERVER_GOOD_TIMESERV = 0x00000200 } nbt_server_type; - /* response from pdc - type2 */ - typedef struct { - [flag(NDR_ALIGN4)] DATA_BLOB _pad; - nbt_server_type server_type; - GUID domain_uuid; - nbt_string forest; - nbt_string dns_domain; - nbt_string pdc_dns_name; - nbt_string domain; - nbt_string pdc_name; - nbt_string user_name; - nbt_string server_site; - nbt_string client_site; - uint8 unknown; - uint32 unknown2; - [flag(NDR_BIG_ENDIAN)] - ipv4address pdc_ip; - uint32 unknown3[2]; - uint32 nt_version; - uint16 lmnt_token; - uint16 lm20_token; - } nbt_netlogon_response_from_pdc2; - - typedef enum netr_SamDatabaseID netr_SamDatabaseID; - - /* announce change to UAS or SAM */ - typedef struct { - netr_SamDatabaseID db_index; - hyper serial; - NTTIME timestamp; - } nbt_db_change; + typedef [bitmap32bit,public] bitmap { + NETLOGON_NT_VERSION_1 = 0x00000001, + NETLOGON_NT_VERSION_5 = 0x00000002, + NETLOGON_NT_VERSION_5EX = 0x00000004, + NETLOGON_NT_VERSION_5EX_WITH_IP = 0x00000008, + NETLOGON_NT_VERSION_WITH_CLOSEST_SITE = 0x00000010, + NETLOGON_NT_VERSION_AVIOD_NT4EMUL = 0x01000000, + NETLOGON_NT_VERSION_PDC = 0x10000000, + NETLOGON_NT_VERSION_IP = 0x20000000, + NETLOGON_NT_VERSION_LOCAL = 0x40000000, + NETLOGON_NT_VERSION_GC = 0x80000000 + } netlogon_nt_version_flags; + + + typedef [enum16bit,public] enum { + LOGON_PRIMARY_QUERY = 7, /* Was also NETLOGON_QUERY_FOR_PDC */ + NETLOGON_ANNOUNCE_UAS = 10, + NETLOGON_RESPONSE_FROM_PDC = 12, + LOGON_SAM_LOGON_REQUEST = 18, /* Was also NETLOGON_QUERY_FOR_PDC2, NTLOGON_SAM_LOGON */ + LOGON_SAM_LOGON_RESPONSE = 19, /* Was also NTLOGON_SAM_LOGON_REPLY */ + LOGON_SAM_LOGON_PAUSE_RESPONSE = 20, + LOGON_SAM_LOGON_USER_UNKNOWN = 21, /* Was also NTLOGON_SAM_LOGON_REPLY15 */ + LOGON_SAM_LOGON_RESPONSE_EX = 23, /* was NETLOGON_RESPONSE_FROM_PDC2 */ + LOGON_SAM_LOGON_PAUSE_RESPONSE_EX = 24, + LOGON_SAM_LOGON_USER_UNKNOWN_EX = 25 /* was NETLOGON_RESPONSE_FROM_PDC_USER */ + } netlogon_command; + + typedef bitmap samr_AcctFlags samr_AcctFlags; - /* used to announce SAM changes */ typedef struct { - uint32 serial_lo; - time_t timestamp; - uint32 pulse; - uint32 random; - astring pdc_name; - astring domain; - [flag(NDR_ALIGN2)] DATA_BLOB _pad; - nstring unicode_pdc_name; - nstring unicode_domain; - uint32 db_count; - nbt_db_change dbchange[db_count]; + uint16 request_count; + nstring computer_name; + nstring user_name; + astring mailslot_name; + samr_AcctFlags acct_control; [value(ndr_size_dom_sid0(&sid, ndr->flags))] uint32 sid_size; [subcontext(0),subcontext_size(sid_size)] dom_sid0 sid; - uint32 nt_version; - uint16 lmnt_token; - uint16 lm20_token; - } nbt_netlogon_announce_uas; - - typedef [nodiscriminant] union { - [case(NETLOGON_QUERY_FOR_PDC)] nbt_netlogon_query_for_pdc pdc; - [case(NETLOGON_QUERY_FOR_PDC2)] nbt_netlogon_query_for_pdc2 pdc2; - [case(NETLOGON_ANNOUNCE_UAS)] nbt_netlogon_announce_uas uas; - [case(NETLOGON_RESPONSE_FROM_PDC)] nbt_netlogon_response_from_pdc response; - [case(NETLOGON_RESPONSE_FROM_PDC2)] nbt_netlogon_response_from_pdc2 response2; - [case(NETLOGON_RESPONSE_FROM_PDC_USER)] nbt_netlogon_response_from_pdc2 response2; - } nbt_netlogon_request; + netlogon_nt_version_flags nt_version; + uint16 lmnt_token; + uint16 lm20_token; + } NETLOGON_SAM_LOGON_REQUEST; typedef [flag(NDR_NOALIGN),public] struct { - nbt_netlogon_command command; - [switch_is(command)] nbt_netlogon_request req; - } nbt_netlogon_packet; - - /*******************************************/ - /* CLDAP netlogon response */ - - /* note that these structures are very similar to, but not - quite identical to, the netlogon structures above */ - - typedef struct { - uint16 type; - nstring pdc_name; + netlogon_command command; + nstring server; nstring user_name; - nstring domain_name; - [value(1)] uint32 nt_version; + nstring domain; + netlogon_nt_version_flags nt_version; uint16 lmnt_token; - uint16 lm20_token; - } nbt_cldap_netlogon_1; + uint16 lm20_token; + } NETLOGON_SAM_LOGON_RESPONSE_NT40; - typedef struct { - uint16 type; + typedef [flag(NDR_NOALIGN),public] struct { + netlogon_command command; nstring pdc_name; nstring user_name; nstring domain_name; GUID domain_uuid; - GUID unknown_uuid; + GUID zero_uuid; nbt_string forest; nbt_string dns_domain; nbt_string pdc_dns_name; ipv4address pdc_ip; nbt_server_type server_type; - [value(3)] uint32 nt_version; + netlogon_nt_version_flags nt_version; uint16 lmnt_token; uint16 lm20_token; - } nbt_cldap_netlogon_3; + } NETLOGON_SAM_LOGON_RESPONSE; - typedef struct { - uint32 type; + /* response from pdc hand marshaled (we have an additional + * function that uses this structure), as it has 'optional' + * parts */ + typedef [flag(NDR_NOALIGN),public] struct { + netlogon_command command; + uint16 sbz; /* From the docs */ nbt_server_type server_type; GUID domain_uuid; nbt_string forest; @@ -506,85 +447,91 @@ interface nbt nbt_string user_name; nbt_string server_site; nbt_string client_site; - [value(5)] uint32 nt_version; - uint16 lmnt_token; - uint16 lm20_token; - } nbt_cldap_netlogon_5; - typedef struct { - uint32 type; - nbt_server_type server_type; - GUID domain_uuid; - nbt_string forest; - nbt_string dns_domain; - nbt_string pdc_dns_name; - nbt_string domain; - nbt_string pdc_name; - nbt_string user_name; - nbt_string server_site; - nbt_string client_site; - uint8 unknown; - uint32 unknown2; - [flag(NDR_BIG_ENDIAN)] - ipv4address pdc_ip; - uint32 unknown3[2]; - [value(13)] uint32 nt_version; + /* Optional on NETLOGON_NT_VERSION_5EX_WITH_IP */ + [value(ndr_size_nbt_sockaddr(&sockaddr, ndr->flags))] uint8 sockaddr_size; + [subcontext(0),subcontext_size(sockaddr_size)] nbt_sockaddr sockaddr; + + /* Optional on NETLOGON_NT_VERSION_WITH_CLOSEST_SITE */ + nbt_string next_closest_site; + + netlogon_nt_version_flags nt_version; uint16 lmnt_token; uint16 lm20_token; - } nbt_cldap_netlogon_13; - - typedef [flag(NDR_NOALIGN),public,nodiscriminant] union { - [case(0)] nbt_cldap_netlogon_1 logon1; - [case(1)] nbt_cldap_netlogon_1 logon1; - [case(2)] nbt_cldap_netlogon_3 logon3; - [case(3)] nbt_cldap_netlogon_3 logon3; - [case(4)] nbt_cldap_netlogon_5 logon5; - [case(5)] nbt_cldap_netlogon_5 logon5; - [case(6)] nbt_cldap_netlogon_5 logon5; - [case(7)] nbt_cldap_netlogon_5 logon5; - [default] nbt_cldap_netlogon_13 logon13; - } nbt_cldap_netlogon; - - /*******************************************/ - /* \MAILSLOT\NET\NTLOGON mailslot requests */ - typedef enum { - NTLOGON_SAM_LOGON = 0x12, - NTLOGON_SAM_LOGON_REPLY = 0x13, - NTLOGON_SAM_LOGON_REPLY15 = 0x15 - } nbt_ntlogon_command; + } NETLOGON_SAM_LOGON_RESPONSE_EX; + /* query for pdc request */ typedef struct { - uint16 request_count; - nstring computer_name; - nstring user_name; + astring computer_name; astring mailslot_name; - uint32 acct_control; - [value(ndr_size_dom_sid0(&sid, ndr->flags))] uint32 sid_size; - [subcontext(0),subcontext_size(sid_size)] dom_sid0 sid; - uint32 nt_version; + [flag(NDR_ALIGN2)] DATA_BLOB _pad; + nstring unicode_name; + netlogon_nt_version_flags nt_version; uint16 lmnt_token; uint16 lm20_token; - } nbt_ntlogon_sam_logon; + } nbt_netlogon_query_for_pdc; - typedef struct { - nstring server; - nstring user_name; - nstring domain; - uint32 nt_version; + /* response from pdc */ + typedef [flag(NDR_NOALIGN),public] struct { + netlogon_command command; + astring pdc_name; + [flag(NDR_ALIGN2)] DATA_BLOB _pad; + nstring unicode_pdc_name; + nstring domain_name; + netlogon_nt_version_flags nt_version; uint16 lmnt_token; uint16 lm20_token; - } nbt_ntlogon_sam_logon_reply; + } nbt_netlogon_response_from_pdc; + + typedef enum netr_SamDatabaseID netr_SamDatabaseID; + + /* used to announce SAM changes - MS-NRPC 2.2.1.5.1 */ + typedef struct { + netr_SamDatabaseID db_index; + hyper serial; + NTTIME timestamp; + } nbt_db_change_info; + + typedef struct { + uint32 serial_lo; + time_t timestamp; + uint32 pulse; + uint32 random; + astring pdc_name; + astring domain; + [flag(NDR_ALIGN2)] DATA_BLOB _pad; + nstring unicode_pdc_name; + nstring unicode_domain; + uint32 db_count; + nbt_db_change_info dbchange[db_count]; + [value(ndr_size_dom_sid0(&sid, ndr->flags))] uint32 sid_size; + [subcontext(0),subcontext_size(sid_size)] dom_sid0 sid; + uint32 message_format_version; + uint32 message_token; + } NETLOGON_DB_CHANGE; typedef [nodiscriminant] union { - [case(NTLOGON_SAM_LOGON)] nbt_ntlogon_sam_logon logon; - [case(NTLOGON_SAM_LOGON_REPLY)] nbt_ntlogon_sam_logon_reply reply; - [case(NTLOGON_SAM_LOGON_REPLY15)] nbt_ntlogon_sam_logon_reply reply; - } nbt_ntlogon_request; + [case(LOGON_SAM_LOGON_REQUEST)] NETLOGON_SAM_LOGON_REQUEST logon; + [case(LOGON_PRIMARY_QUERY)] nbt_netlogon_query_for_pdc pdc; + [case(NETLOGON_ANNOUNCE_UAS)] NETLOGON_DB_CHANGE uas; + } nbt_netlogon_request; + +#if 0 + [case(NETLOGON_RESPONSE_FROM_PDC)] nbt_netlogon_response_from_pdc response; + [case(NETLOGON_RESPONSE_FROM_PDC_USER)] nbt_netlogon_response_from_pdc2 response2; + + [case(LOGON_SAM_LOGON_PAUSE_RESPONSE)] NETLOGON_SAM_LOGON_RESPONSE reply; + [case(LOGON_SAM_LOGON_RESPONSE)] NETLOGON_SAM_LOGON_RESPONSE reply; + [case(LOGON_SAM_LOGON_USER_UNKNOWN)] NETLOGON_SAM_LOGON_RESPONSE reply; + [case(LOGON_SAM_LOGON_RESPONSE_EX)] NETLOGON_SAM_LOGON_RESPONSE_EX reply_ex; + [case(LOGON_SAM_LOGON_PAUSE_RESPONSE_EX)] NETLOGON_SAM_LOGON_RESPONSE_EX reply_ex; + [case(LOGON_SAM_LOGON_USER_UNKNOWN_EX)] NETLOGON_SAM_LOGON_RESPONSE_EX reply_ex; +#endif typedef [flag(NDR_NOALIGN),public] struct { - nbt_ntlogon_command command; - [switch_is(command)] nbt_ntlogon_request req; - } nbt_ntlogon_packet; + netlogon_command command; + [switch_is(command)] nbt_netlogon_request req; + } nbt_netlogon_packet; /********************************************************/ /* \MAILSLOT\BROWSE mailslot requests */ diff --git a/source4/torture/ldap/cldap.c b/source4/torture/ldap/cldap.c index ca4d9b7705..bb77acd2d0 100644 --- a/source4/torture/ldap/cldap.c +++ b/source4/torture/ldap/cldap.c @@ -41,7 +41,7 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) struct cldap_socket *cldap; NTSTATUS status; struct cldap_netlogon search, empty_search; - union nbt_cldap_netlogon n1; + struct netlogon_samlogon_response n1; struct GUID guid; int i; @@ -51,7 +51,8 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) search.in.dest_address = dest; search.in.dest_port = lp_cldap_port(tctx->lp_ctx); search.in.acct_control = -1; - search.in.version = 6; + search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX; + search.in.map_response = true; empty_search = search; @@ -63,7 +64,7 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) n1 = search.out.netlogon; search.in.user = "Administrator"; - search.in.realm = n1.logon5.dns_domain; + search.in.realm = n1.nt5_ex.dns_domain; search.in.host = "__cldap_torture__"; printf("Scanning for netlogon levels\n"); @@ -91,8 +92,8 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) search.in.user = NULL; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.logon5.user_name, ""); - CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2); + CHECK_STRING(search.out.netlogon.nt5_ex.user_name, ""); + CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); printf("Trying with User=Administrator\n"); @@ -100,8 +101,8 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.logon5.user_name, search.in.user); - CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC_USER); + CHECK_STRING(search.out.netlogon.nt5_ex.user_name, search.in.user); + CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX); search.in.version = 6; status = cldap_netlogon(cldap, tctx, &search); @@ -112,8 +113,8 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) search.in.user = NULL; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.logon5.user_name, ""); - CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2); + CHECK_STRING(search.out.netlogon.nt5_ex.user_name, ""); + CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); printf("Trying with User=Administrator\n"); @@ -121,16 +122,16 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.logon5.user_name, search.in.user); - CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC_USER); + CHECK_STRING(search.out.netlogon.nt5_ex.user_name, search.in.user); + CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX); printf("Trying with a GUID\n"); search.in.realm = NULL; - search.in.domain_guid = GUID_string(tctx, &n1.logon5.domain_uuid); + search.in.domain_guid = GUID_string(tctx, &n1.nt5_ex.domain_uuid); status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC_USER); - CHECK_STRING(GUID_string(tctx, &search.out.netlogon.logon5.domain_uuid), search.in.domain_guid); + CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX); + CHECK_STRING(GUID_string(tctx, &search.out.netlogon.nt5_ex.domain_uuid), search.in.domain_guid); printf("Trying with a incorrect GUID\n"); guid = GUID_random(); @@ -141,15 +142,15 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) printf("Trying with a AAC\n"); search.in.acct_control = 0x180; - search.in.realm = n1.logon5.dns_domain; + search.in.realm = n1.nt5_ex.dns_domain; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2); - CHECK_STRING(search.out.netlogon.logon5.user_name, ""); + CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); + CHECK_STRING(search.out.netlogon.nt5_ex.user_name, ""); printf("Trying with a bad AAC\n"); search.in.acct_control = 0xFF00FF00; - search.in.realm = n1.logon5.dns_domain; + search.in.realm = n1.nt5_ex.dns_domain; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); @@ -158,15 +159,15 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) search.in.user = "Administrator"; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.logon5.dns_domain, n1.logon5.dns_domain); - CHECK_STRING(search.out.netlogon.logon5.user_name, search.in.user); + CHECK_STRING(search.out.netlogon.nt5_ex.dns_domain, n1.nt5_ex.dns_domain); + CHECK_STRING(search.out.netlogon.nt5_ex.user_name, search.in.user); printf("Trying with just a bad username\n"); search.in.user = "___no_such_user___"; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.logon5.user_name, search.in.user); - CHECK_STRING(search.out.netlogon.logon5.dns_domain, n1.logon5.dns_domain); + CHECK_STRING(search.out.netlogon.nt5_ex.user_name, search.in.user); + CHECK_STRING(search.out.netlogon.nt5_ex.dns_domain, n1.nt5_ex.dns_domain); printf("Trying with just a bad domain\n"); search = empty_search; @@ -175,29 +176,29 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) CHECK_STATUS(status, NT_STATUS_NOT_FOUND); printf("Trying with a incorrect domain and correct guid\n"); - search.in.domain_guid = GUID_string(tctx, &n1.logon5.domain_uuid); + search.in.domain_guid = GUID_string(tctx, &n1.nt5_ex.domain_uuid); status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.logon5.dns_domain, n1.logon5.dns_domain); - CHECK_STRING(search.out.netlogon.logon5.user_name, ""); - CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2); + CHECK_STRING(search.out.netlogon.nt5_ex.dns_domain, n1.nt5_ex.dns_domain); + CHECK_STRING(search.out.netlogon.nt5_ex.user_name, ""); + CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); printf("Trying with a incorrect domain and incorrect guid\n"); search.in.domain_guid = GUID_string(tctx, &guid); status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_NOT_FOUND); - CHECK_STRING(search.out.netlogon.logon5.dns_domain, n1.logon5.dns_domain); - CHECK_STRING(search.out.netlogon.logon5.user_name, ""); - CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2); + CHECK_STRING(search.out.netlogon.nt5_ex.dns_domain, n1.nt5_ex.dns_domain); + CHECK_STRING(search.out.netlogon.nt5_ex.user_name, ""); + CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); printf("Trying with a incorrect GUID and correct domain\n"); search.in.domain_guid = GUID_string(tctx, &guid); - search.in.realm = n1.logon5.dns_domain; + search.in.realm = n1.nt5_ex.dns_domain; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.logon5.dns_domain, n1.logon5.dns_domain); - CHECK_STRING(search.out.netlogon.logon5.user_name, ""); - CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2); + CHECK_STRING(search.out.netlogon.nt5_ex.dns_domain, n1.nt5_ex.dns_domain); + CHECK_STRING(search.out.netlogon.nt5_ex.user_name, ""); + CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); return true; } diff --git a/source4/torture/nbt/dgram.c b/source4/torture/nbt/dgram.c index a3585896eb..e039aac509 100644 --- a/source4/torture/nbt/dgram.c +++ b/source4/torture/nbt/dgram.c @@ -42,7 +42,7 @@ static void netlogon_handler(struct dgram_mailslot_handler *dgmslot, struct socket_address *src) { NTSTATUS status; - struct nbt_netlogon_packet netlogon; + struct nbt_netlogon_response netlogon; int *replies = (int *)dgmslot->private; printf("netlogon reply from %s:%d\n", src->addr, src->port); @@ -54,8 +54,6 @@ static void netlogon_handler(struct dgram_mailslot_handler *dgmslot, return; } - NDR_PRINT_DEBUG(nbt_netlogon_packet, &netlogon); - (*replies)++; } @@ -101,7 +99,7 @@ static bool nbt_test_netlogon(struct torture_context *tctx) /* try receiving replies on port 138 first, which will only work if we are root and smbd/nmbd are not running - fall back to listening on any port, which means replies from - some windows versions won't be seen */ + most windows versions won't be seen */ status = socket_listen(dgmsock->sock, socket_address, 0, 0); if (!NT_STATUS_IS_OK(status)) { talloc_free(socket_address); @@ -117,7 +115,7 @@ static bool nbt_test_netlogon(struct torture_context *tctx) netlogon_handler, &replies); ZERO_STRUCT(logon); - logon.command = NETLOGON_QUERY_FOR_PDC; + logon.command = LOGON_PRIMARY_QUERY; logon.req.pdc.computer_name = TEST_NAME; logon.req.pdc.mailslot_name = dgmslot->mailslot_name; logon.req.pdc.unicode_name = TEST_NAME; @@ -132,6 +130,7 @@ static bool nbt_test_netlogon(struct torture_context *tctx) torture_assert(tctx, dest != NULL, "Error getting address"); status = dgram_mailslot_netlogon_send(dgmsock, &name, dest, + NBT_MAILSLOT_NETLOGON, &myname, &logon); torture_assert_ntstatus_ok(tctx, status, "Failed to send netlogon request"); @@ -200,14 +199,14 @@ static bool nbt_test_netlogon2(struct torture_context *tctx) ZERO_STRUCT(logon); - logon.command = NETLOGON_QUERY_FOR_PDC2; - logon.req.pdc2.request_count = 0; - logon.req.pdc2.computer_name = TEST_NAME; - logon.req.pdc2.user_name = ""; - logon.req.pdc2.mailslot_name = dgmslot->mailslot_name; - logon.req.pdc2.nt_version = 11; - logon.req.pdc2.lmnt_token = 0xFFFF; - logon.req.pdc2.lm20_token = 0xFFFF; + logon.command = LOGON_SAM_LOGON_REQUEST; + logon.req.logon.request_count = 0; + logon.req.logon.computer_name = TEST_NAME; + logon.req.logon.user_name = ""; + logon.req.logon.mailslot_name = dgmslot->mailslot_name; + logon.req.logon.nt_version = 11; + logon.req.logon.lmnt_token = 0xFFFF; + logon.req.logon.lm20_token = 0xFFFF; make_nbt_name_client(&myname, TEST_NAME); @@ -216,6 +215,7 @@ static bool nbt_test_netlogon2(struct torture_context *tctx) torture_assert(tctx, dest != NULL, "Error getting address"); status = dgram_mailslot_netlogon_send(dgmsock, &name, dest, + NBT_MAILSLOT_NETLOGON, &myname, &logon); torture_assert_ntstatus_ok(tctx, status, "Failed to send netlogon request"); @@ -227,32 +227,6 @@ static bool nbt_test_netlogon2(struct torture_context *tctx) } -/* - reply handler for ntlogon request -*/ -static void ntlogon_handler(struct dgram_mailslot_handler *dgmslot, - struct nbt_dgram_packet *packet, - struct socket_address *src) -{ - NTSTATUS status; - struct nbt_ntlogon_packet ntlogon; - int *replies = (int *)dgmslot->private; - - printf("ntlogon reply from %s:%d\n", src->addr, src->port); - - status = dgram_mailslot_ntlogon_parse(dgmslot, dgmslot, packet, &ntlogon); - if (!NT_STATUS_IS_OK(status)) { - printf("Failed to parse ntlogon packet from %s:%d\n", - src->addr, src->port); - return; - } - - NDR_PRINT_DEBUG(nbt_ntlogon_packet, &ntlogon); - - (*replies)++; -} - - /* test UDP/138 ntlogon requests */ static bool nbt_test_ntlogon(struct torture_context *tctx) { @@ -265,7 +239,7 @@ static bool nbt_test_ntlogon(struct torture_context *tctx) const struct dom_sid *dom_sid; const char *myaddress; - struct nbt_ntlogon_packet logon; + struct nbt_netlogon_packet logon; struct nbt_name myname; NTSTATUS status; struct timeval tv = timeval_current(); @@ -296,7 +270,7 @@ static bool nbt_test_ntlogon(struct torture_context *tctx) /* try receiving replies on port 138 first, which will only work if we are root and smbd/nmbd are not running - fall back to listening on any port, which means replies from - some windows versions won't be seen */ + most windows versions won't be seen */ status = socket_listen(dgmsock->sock, socket_address, 0, 0); if (!NT_STATUS_IS_OK(status)) { talloc_free(socket_address); @@ -317,17 +291,17 @@ static bool nbt_test_ntlogon(struct torture_context *tctx) /* setup a temporary mailslot listener for replies */ dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC, - ntlogon_handler, &replies); + netlogon_handler, &replies); ZERO_STRUCT(logon); - logon.command = NTLOGON_SAM_LOGON; + logon.command = LOGON_SAM_LOGON_REQUEST; logon.req.logon.request_count = 0; logon.req.logon.computer_name = TEST_NAME; logon.req.logon.user_name = TEST_NAME"$"; logon.req.logon.mailslot_name = dgmslot->mailslot_name; logon.req.logon.acct_control = ACB_WSTRUST; - logon.req.logon.sid = *dom_sid; + /* Leave sid as all zero */ logon.req.logon.nt_version = 1; logon.req.logon.lmnt_token = 0xFFFF; logon.req.logon.lm20_token = 0xFFFF; @@ -337,8 +311,10 @@ static bool nbt_test_ntlogon(struct torture_context *tctx) dest = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name, address, lp_dgram_port(tctx->lp_ctx)); torture_assert(tctx, dest != NULL, "Error getting address"); - status = dgram_mailslot_ntlogon_send(dgmsock, DGRAM_DIRECT_UNIQUE, - &name, dest, &myname, &logon); + status = dgram_mailslot_netlogon_send(dgmsock, + &name, dest, + NBT_MAILSLOT_NTLOGON, + &myname, &logon); torture_assert_ntstatus_ok(tctx, status, "Failed to send ntlogon request"); while (timeval_elapsed(&tv) < 5 && replies == 0) { diff --git a/source4/torture/rpc/dssync.c b/source4/torture/rpc/dssync.c index 00617f4072..989a1faf27 100644 --- a/source4/torture/rpc/dssync.c +++ b/source4/torture/rpc/dssync.c @@ -288,16 +288,17 @@ static bool test_GetInfo(struct torture_context *tctx, struct DsSyncTest *ctx) search.in.dest_address = ctx->drsuapi_binding->host; search.in.dest_port = lp_cldap_port(tctx->lp_ctx); search.in.acct_control = -1; - search.in.version = 6; + search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX; + search.in.map_response = true; status = cldap_netlogon(cldap, ctx, &search); if (!NT_STATUS_IS_OK(status)) { const char *errstr = nt_errstr(status); ctx->site_name = talloc_asprintf(ctx, "%s", "Default-First-Site-Name"); printf("cldap_netlogon() returned %s. Defaulting to Site-Name: %s\n", errstr, ctx->site_name); } else { - ctx->site_name = talloc_steal(ctx, search.out.netlogon.logon5.client_site); + ctx->site_name = talloc_steal(ctx, search.out.netlogon.nt5_ex.client_site); printf("cldap_netlogon() returned Client Site-Name: %s.\n",ctx->site_name); - printf("cldap_netlogon() returned Server Site-Name: %s.\n",search.out.netlogon.logon5.server_site); + printf("cldap_netlogon() returned Server Site-Name: %s.\n",search.out.netlogon.nt5_ex.server_site); } return ret; |