Rework the CLDAP and NBT netlogon requests and responses.

This now matches section 7.3.3 of the MS-ATDS specification, and all
our current tests pass against windows.  There is still more testing
to do, and the server implementation to complete.

Andrew Bartlett
(This used to be commit 431d0c03965cbee85691cd0dc1e2a509c1a2b717)

diff --git a/source4/libcli/cldap/cldap.c b/source4/libcli/cldap/cldap.c
index 614bd51d2af928085d7505402c0b4a77efb56fdd..3867f3d3fd0ef28cc875fa477cd273dfcac08f7a 100644 (file)
--- a/source4/libcli/cldap/cldap.c
+++ b/source4/libcli/cldap/cldap.c
@@ -595,7 +595,6 @@ NTSTATUS cldap_netlogon_recv(struct cldap_request *req,
                             struct cldap_netlogon *io)
 {
        NTSTATUS status;
-       enum ndr_err_code ndr_err;
        struct cldap_search search;
        struct cldap_socket *cldap;
        DATA_BLOB *data;
@@ -618,18 +617,15 @@ NTSTATUS cldap_netlogon_recv(struct cldap_request *req,
        }
        data = search.out.response->attributes[0].values;
 
-       ndr_err = ndr_pull_union_blob_all(data, mem_ctx, 
-                                         cldap->iconv_convenience,
-                                         &io->out.netlogon,
-                                         io->in.version & 0xF,
-                                         (ndr_pull_flags_fn_t)ndr_pull_nbt_cldap_netlogon);
-       if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-               DEBUG(2,("cldap failed to parse netlogon response of type 0x%02x\n",
-                        SVAL(data->data, 0)));
-               dump_data(10, data->data, data->length);
-               return ndr_map_error2ntstatus(ndr_err);
+       status = pull_netlogon_samlogon_response(data, mem_ctx, req->cldap->iconv_convenience,
+                                                &io->out.netlogon);
+       if (!NT_STATUS_IS_OK(status)) {
+               return status;
+       }
+       
+       if (io->in.map_response) {
+               map_netlogon_samlogon_response(&io->out.netlogon);
        }
-
        return NT_STATUS_OK;
 }
 
@@ -704,25 +700,20 @@ NTSTATUS cldap_netlogon_reply(struct cldap_socket *cldap,
                              uint32_t message_id,
                              struct socket_address *src,
                              uint32_t version,
-                             union nbt_cldap_netlogon *netlogon)
+                             struct netlogon_samlogon_response *netlogon)
 {
        NTSTATUS status;
-       enum ndr_err_code ndr_err;
        struct cldap_reply reply;
        struct ldap_SearchResEntry response;
        struct ldap_Result result;
        TALLOC_CTX *tmp_ctx = talloc_new(cldap);
        DATA_BLOB blob;
 
-       ndr_err = ndr_push_union_blob(&blob, tmp_ctx, 
-                                     cldap->iconv_convenience,
-                                     netlogon, version & 0xF,
-                                    (ndr_push_flags_fn_t)ndr_push_nbt_cldap_netlogon);
-       if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-               talloc_free(tmp_ctx);
-               return ndr_map_error2ntstatus(ndr_err);
-       }
+       status = push_netlogon_samlogon_response(&blob, tmp_ctx, cldap->iconv_convenience,
+                                                netlogon);
+       if (!NT_STATUS_IS_OK(status)) {
 
+       }
        reply.messageid    = message_id;
        reply.dest         = src;
        reply.response     = &response;

diff --git a/source4/libcli/cldap/cldap.h b/source4/libcli/cldap/cldap.h
index eb0191d0f4589bfad6e6fbb38a0578de8f80f587..7c2daf0ca235d92d0cc7258f2b310b36973582b3 100644 (file)
--- a/source4/libcli/cldap/cldap.h
+++ b/source4/libcli/cldap/cldap.h
@@ -20,7 +20,7 @@
 */
 
 #include "lib/util/asn1.h"
-#include "librpc/gen_ndr/nbt.h"
+#include "libcli/netlogon.h"
 
 struct ldap_message;
 
@@ -161,9 +161,10 @@ struct cldap_netlogon {
                const char *domain_sid;
                int acct_control;
                uint32_t version;
+               bool map_response;
        } in;
        struct {
-               union nbt_cldap_netlogon netlogon;
+               struct netlogon_samlogon_response netlogon;
        } out;
 };
 
@@ -178,4 +179,4 @@ NTSTATUS cldap_netlogon_reply(struct cldap_socket *cldap,
                              uint32_t message_id,
                              struct socket_address *src,
                              uint32_t version,
-                             union nbt_cldap_netlogon *netlogon);
+                             struct netlogon_samlogon_response *netlogon);

diff --git a/source4/libcli/config.mk b/source4/libcli/config.mk
index 95b45003bec8b655c109a6f6a66ff107ae018c37..08c08043a6932191312bc764205fcab815bcc5ee 100644 (file)
--- a/source4/libcli/config.mk
+++ b/source4/libcli/config.mk
@@ -53,6 +53,14 @@ LIBCLI_NBT_OBJ_FILES = $(addprefix libcli/nbt/, \
        namerefresh.o \
        namerelease.o)
 
+[SUBSYSTEM::LIBCLI_NETLOGON]
+PRIVATE_PROTO_HEADER = netlogon_proto.h
+PUBLIC_DEPENDENCIES = LIBNDR NDR_NBT  \
+       NDR_SECURITY LIBSAMBA-UTIL
+
+LIBCLI_NETLOGON_OBJ_FILES = $(addprefix libcli/, \
+       netlogon.o)
+
 [PYTHON::python_libcli_nbt]
 SWIG_FILE = swig/libcli_nbt.i
 PUBLIC_DEPENDENCIES = LIBCLI_NBT DYNCONFIG LIBSAMBA-HOSTCONFIG
@@ -66,18 +74,17 @@ PUBLIC_DEPENDENCIES = LIBCLI_SMB DYNCONFIG LIBSAMBA-HOSTCONFIG
 python_libcli_smb_OBJ_FILES = libcli/swig/libcli_smb_wrap.o
 
 [SUBSYSTEM::LIBCLI_DGRAM]
-PUBLIC_DEPENDENCIES = LIBCLI_NBT LIBNDR LIBCLI_RESOLVE
+PUBLIC_DEPENDENCIES = LIBCLI_NBT LIBNDR LIBCLI_RESOLVE LIBCLI_NETLOGON
 
 LIBCLI_DGRAM_OBJ_FILES = $(addprefix libcli/dgram/, \
        dgramsocket.o \
        mailslot.o \
        netlogon.o \
-       ntlogon.o \
        browse.o)
 
 [SUBSYSTEM::LIBCLI_CLDAP]
 PUBLIC_DEPENDENCIES = LIBCLI_LDAP
-PRIVATE_DEPENDENCIES = LIBSAMBA-UTIL LIBLDB
+PRIVATE_DEPENDENCIES = LIBSAMBA-UTIL LIBLDB LIBCLI_NETLOGON
 
 LIBCLI_CLDAP_OBJ_FILES = libcli/cldap/cldap.o
 # PUBLIC_HEADERS += libcli/cldap/cldap.h

diff --git a/source4/libcli/dgram/libdgram.h b/source4/libcli/dgram/libdgram.h
index 707cca8cc53a7bda769bc9b3956e598fd4ae269a..3eac78f5e8f6c06848aefa8471103a3707d75390 100644 (file)
--- a/source4/libcli/dgram/libdgram.h
+++ b/source4/libcli/dgram/libdgram.h
@@ -19,7 +19,7 @@
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
-#include "librpc/gen_ndr/nbt.h"
+#include "libcli/netlogon.h"
 
 /*
   a datagram name request
@@ -121,6 +121,7 @@ NTSTATUS dgram_mailslot_send(struct nbt_dgram_socket *dgmsock,
 NTSTATUS dgram_mailslot_netlogon_send(struct nbt_dgram_socket *dgmsock,
                                      struct nbt_name *dest_name,
                                      struct socket_address *dest,
+                                     const char *mailslot_name,
                                      struct nbt_name *src_name,
                                      struct nbt_netlogon_packet *request);
 NTSTATUS dgram_mailslot_netlogon_reply(struct nbt_dgram_socket *dgmsock,
@@ -131,23 +132,7 @@ NTSTATUS dgram_mailslot_netlogon_reply(struct nbt_dgram_socket *dgmsock,
 NTSTATUS dgram_mailslot_netlogon_parse(struct dgram_mailslot_handler *dgmslot,
                                       TALLOC_CTX *mem_ctx,
                                       struct nbt_dgram_packet *dgram,
-                                      struct nbt_netlogon_packet *netlogon);
-
-NTSTATUS dgram_mailslot_ntlogon_send(struct nbt_dgram_socket *dgmsock,
-                                    enum dgram_msg_type msg_type,
-                                    struct nbt_name *dest_name,
-                                    struct socket_address *dest,
-                                    struct nbt_name *src_name,
-                                    struct nbt_ntlogon_packet *request);
-NTSTATUS dgram_mailslot_ntlogon_reply(struct nbt_dgram_socket *dgmsock,
-                                      struct nbt_dgram_packet *request,
-                                      const char *my_netbios_name,
-                                      const char *mailslot_name,
-                                      struct nbt_ntlogon_packet *reply);
-NTSTATUS dgram_mailslot_ntlogon_parse(struct dgram_mailslot_handler *dgmslot,
-                                      TALLOC_CTX *mem_ctx,
-                                      struct nbt_dgram_packet *dgram,
-                                      struct nbt_ntlogon_packet *ntlogon);
+                                      struct nbt_netlogon_response *netlogon);
 
 NTSTATUS dgram_mailslot_browse_send(struct nbt_dgram_socket *dgmsock,
                                    struct nbt_name *dest_name,

diff --git a/source4/libcli/dgram/netlogon.c b/source4/libcli/dgram/netlogon.c
index 5c7dedc7bb657202e234b5957b83d71520e2815a..c0971270836403abe3b123f6a8632cf16b8131f5 100644 (file)
--- a/source4/libcli/dgram/netlogon.c
+++ b/source4/libcli/dgram/netlogon.c
@@ -32,6 +32,7 @@
 NTSTATUS dgram_mailslot_netlogon_send(struct nbt_dgram_socket *dgmsock,
                                      struct nbt_name *dest_name,
                                      struct socket_address *dest,
+                                     const char *mailslot,
                                      struct nbt_name *src_name,
                                      struct nbt_netlogon_packet *request)
 {
@@ -51,7 +52,7 @@ NTSTATUS dgram_mailslot_netlogon_send(struct nbt_dgram_socket *dgmsock,
 
 
        status = dgram_mailslot_send(dgmsock, DGRAM_DIRECT_UNIQUE, 
-                                    NBT_MAILSLOT_NETLOGON,
+                                    mailslot,
                                     dest_name, dest, 
                                     src_name, &blob);
        talloc_free(tmp_ctx);
@@ -109,21 +110,16 @@ NTSTATUS dgram_mailslot_netlogon_reply(struct nbt_dgram_socket *dgmsock,
 NTSTATUS dgram_mailslot_netlogon_parse(struct dgram_mailslot_handler *dgmslot,
                                       TALLOC_CTX *mem_ctx,
                                       struct nbt_dgram_packet *dgram,
-                                      struct nbt_netlogon_packet *netlogon)
+                                      struct nbt_netlogon_response *netlogon)
 {
+       NTSTATUS status;
        DATA_BLOB data = dgram_mailslot_data(dgram);
-       enum ndr_err_code ndr_err;
-
-       ndr_err = ndr_pull_struct_blob(&data, mem_ctx, dgmslot->dgmsock->iconv_convenience, netlogon,
-                                     (ndr_pull_flags_fn_t)ndr_pull_nbt_netlogon_packet);
-       if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-               NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
-               DEBUG(0,("Failed to parse netlogon packet of length %d: %s\n",
-                        (int)data.length, nt_errstr(status)));
-               if (DEBUGLVL(10)) {
-                       file_save("netlogon.dat", data.data, data.length);
-               }
+       
+       status = pull_nbt_netlogon_response(&data, mem_ctx, dgmslot->dgmsock->iconv_convenience, netlogon);
+       if (!NT_STATUS_IS_OK(status)) {
                return status;
        }
+       
        return NT_STATUS_OK;
 }
+

diff --git a/source4/libcli/dgram/ntlogon.c b/source4/libcli/dgram/ntlogon.c
deleted file mode 100644 (file)
index 7b26ed7..0000000
--- a/source4/libcli/dgram/ntlogon.c
+++ /dev/null
@@ -1,128 +0,0 @@
-/* 
-   Unix SMB/CIFS implementation.
-
-   handling for ntlogon dgram requests
-
-   Copyright (C) Andrew Tridgell 2005
-   
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 3 of the License, or
-   (at your option) any later version.
-   
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-   
-   You should have received a copy of the GNU General Public License
-   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "includes.h"
-#include "libcli/dgram/libdgram.h"
-#include "lib/socket/socket.h"
-#include "libcli/resolve/resolve.h"
-#include "librpc/gen_ndr/ndr_nbt.h"
-#include "param/param.h"
-
-/* 
-   send a ntlogon mailslot request 
-*/
-NTSTATUS dgram_mailslot_ntlogon_send(struct nbt_dgram_socket *dgmsock,
-                                    enum dgram_msg_type msg_type,
-                                    struct nbt_name *dest_name,
-                                    struct socket_address *dest,
-                                    struct nbt_name *src_name,
-                                    struct nbt_ntlogon_packet *request)
-{
-       NTSTATUS status;
-       enum ndr_err_code ndr_err;
-       DATA_BLOB blob;
-       TALLOC_CTX *tmp_ctx = talloc_new(dgmsock);
-
-       ndr_err = ndr_push_struct_blob(&blob, tmp_ctx, dgmsock->iconv_convenience, 
-                                      request,
-                                     (ndr_push_flags_fn_t)ndr_push_nbt_ntlogon_packet);
-       if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-               talloc_free(tmp_ctx);
-               return ndr_map_error2ntstatus(ndr_err);
-       }
-
-
-       status = dgram_mailslot_send(dgmsock, msg_type,
-                                    NBT_MAILSLOT_NTLOGON,
-                                    dest_name, dest, 
-                                    src_name, &blob);
-       talloc_free(tmp_ctx);
-       return status;
-}
-
-
-/* 
-   send a ntlogon mailslot reply
-*/
-NTSTATUS dgram_mailslot_ntlogon_reply(struct nbt_dgram_socket *dgmsock,
-                                     struct nbt_dgram_packet *request,
-                                     const char *my_netbios_name,
-                                     const char *mailslot_name,
-                                     struct nbt_ntlogon_packet *reply)
-{
-       NTSTATUS status;
-       enum ndr_err_code ndr_err;
-       DATA_BLOB blob;
-       TALLOC_CTX *tmp_ctx = talloc_new(dgmsock);
-       struct nbt_name myname;
-       struct socket_address *dest;
-
-       ndr_err = ndr_push_struct_blob(&blob, tmp_ctx, dgmsock->iconv_convenience, reply,
-                                     (ndr_push_flags_fn_t)ndr_push_nbt_ntlogon_packet);
-       if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-               talloc_free(tmp_ctx);
-               return ndr_map_error2ntstatus(ndr_err);
-       }
-
-       make_nbt_name_client(&myname, my_netbios_name);
-
-       dest = socket_address_from_strings(tmp_ctx, 
-                                          dgmsock->sock->backend_name, 
-                                          request->src_addr, request->src_port);
-       if (!dest) {
-               talloc_free(tmp_ctx);
-               return NT_STATUS_NO_MEMORY;
-       }
-
-       status = dgram_mailslot_send(dgmsock, DGRAM_DIRECT_UNIQUE, 
-                                    mailslot_name,
-                                    &request->data.msg.source_name,
-                                    dest,
-                                    &myname, &blob);
-       talloc_free(tmp_ctx);
-       return status;
-}
-
-
-/*
-  parse a ntlogon response. The packet must be a valid mailslot packet
-*/
-NTSTATUS dgram_mailslot_ntlogon_parse(struct dgram_mailslot_handler *dgmslot,
-                                     TALLOC_CTX *mem_ctx,
-                                     struct nbt_dgram_packet *dgram,
-                                     struct nbt_ntlogon_packet *ntlogon)
-{
-       DATA_BLOB data = dgram_mailslot_data(dgram);
-       enum ndr_err_code ndr_err;
-
-       ndr_err = ndr_pull_struct_blob(&data, mem_ctx, dgmslot->dgmsock->iconv_convenience, ntlogon,
-                                     (ndr_pull_flags_fn_t)ndr_pull_nbt_ntlogon_packet);
-       if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-               NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
-               DEBUG(0,("Failed to parse ntlogon packet of length %d: %s\n",
-                        (int)data.length, nt_errstr(status)));
-               if (DEBUGLVL(10)) {
-                       file_save("ntlogon.dat", data.data, data.length);
-               }
-               return status;
-       }
-       return NT_STATUS_OK;
-}

diff --git a/source4/libnet/libnet_become_dc.c b/source4/libnet/libnet_become_dc.c
index e8a5329985aa8f8fb5acbd02213debde12e22c4c..1c4c1d073222d3167a59e9166546fa0dc9fdec33 100644 (file)
--- a/source4/libnet/libnet_become_dc.c
+++ b/source4/libnet/libnet_become_dc.c
@@ -30,6 +30,7 @@
 #include "libcli/security/security.h"
 #include "librpc/gen_ndr/ndr_misc.h"
 #include "librpc/gen_ndr/ndr_security.h"
+#include "librpc/gen_ndr/ndr_nbt.h"
 #include "librpc/gen_ndr/ndr_drsuapi.h"
 #include "auth/gensec/gensec.h"
 #include "param/param.h"
@@ -687,7 +688,7 @@ struct libnet_BecomeDC_state {
        struct {
                struct cldap_socket *sock;
                struct cldap_netlogon io;
-               struct nbt_cldap_netlogon_5 netlogon5;
+               struct NETLOGON_SAM_LOGON_RESPONSE_EX netlogon;
        } cldap;
 
        struct becomeDC_ldap {
@@ -745,7 +746,8 @@ static void becomeDC_send_cldap(struct libnet_BecomeDC_state *s)
        s->cldap.io.in.domain_guid      = NULL;
        s->cldap.io.in.domain_sid       = NULL;
        s->cldap.io.in.acct_control     = -1;
-       s->cldap.io.in.version          = 6;
+       s->cldap.io.in.version          = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
+       s->cldap.io.in.map_response     = true;
 
        s->cldap.sock = cldap_socket_init(s, s->libnet->event_ctx, 
                                          lp_iconv_convenience(s->libnet->lp_ctx));
@@ -768,19 +770,19 @@ static void becomeDC_recv_cldap(struct cldap_request *req)
        c->status = cldap_netlogon_recv(req, s, &s->cldap.io);
        if (!composite_is_ok(c)) return;
 
-       s->cldap.netlogon5 = s->cldap.io.out.netlogon.logon5;
+       s->cldap.netlogon = s->cldap.io.out.netlogon.nt5_ex;
 
-       s->domain.dns_name              = s->cldap.netlogon5.dns_domain;
-       s->domain.netbios_name          = s->cldap.netlogon5.domain;
-       s->domain.guid                  = s->cldap.netlogon5.domain_uuid;
+       s->domain.dns_name              = s->cldap.netlogon.dns_domain;
+       s->domain.netbios_name          = s->cldap.netlogon.domain;
+       s->domain.guid                  = s->cldap.netlogon.domain_uuid;
 
-       s->forest.dns_name              = s->cldap.netlogon5.forest;
+       s->forest.dns_name              = s->cldap.netlogon.forest;
 
-       s->source_dsa.dns_name          = s->cldap.netlogon5.pdc_dns_name;
-       s->source_dsa.netbios_name      = s->cldap.netlogon5.pdc_name;
-       s->source_dsa.site_name         = s->cldap.netlogon5.server_site;
+       s->source_dsa.dns_name          = s->cldap.netlogon.pdc_dns_name;
+       s->source_dsa.netbios_name      = s->cldap.netlogon.pdc_name;
+       s->source_dsa.site_name         = s->cldap.netlogon.server_site;
 
-       s->dest_dsa.site_name           = s->cldap.netlogon5.client_site;
+       s->dest_dsa.site_name           = s->cldap.netlogon.client_site;
 
        becomeDC_connect_ldap1(s);
 }

diff --git a/source4/libnet/libnet_site.c b/source4/libnet/libnet_site.c
index f39d9e039cb5788c95cb94b068d864eff5f5df9d..bb65de1f54be4837d24ae67df656f1d11a42a15e 100644 (file)
--- a/source4/libnet/libnet_site.c
+++ b/source4/libnet/libnet_site.c
@@ -53,11 +53,12 @@ NTSTATUS libnet_FindSite(TALLOC_CTX *ctx, struct libnet_context *lctx, struct li
        search.in.dest_address = r->in.dest_address;
        search.in.dest_port = r->in.cldap_port;
        search.in.acct_control = -1;
-       search.in.version = 6;
+       search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
+       search.in.map_response = true;
 
        cldap = cldap_socket_init(tmp_ctx, lctx->event_ctx, lp_iconv_convenience(global_loadparm));
        status = cldap_netlogon(cldap, tmp_ctx, &search);
-       if (!NT_STATUS_IS_OK(status)) {
+       if (!NT_STATUS_IS_OK(status) || !search.out.netlogon.nt5_ex.client_site) {
                /*
                  If cldap_netlogon() returns in error,
                  default to using Default-First-Site-Name.
@@ -71,7 +72,7 @@ NTSTATUS libnet_FindSite(TALLOC_CTX *ctx, struct libnet_context *lctx, struct li
                }
        } else {
                site_name_str = talloc_asprintf(tmp_ctx, "%s",
-                                       search.out.netlogon.logon5.client_site);
+                                       search.out.netlogon.nt5_ex.client_site);
                if (!site_name_str) {
                        r->out.error_string = NULL;
                        talloc_free(tmp_ctx);

diff --git a/source4/libnet/libnet_unbecome_dc.c b/source4/libnet/libnet_unbecome_dc.c
index 6f065858804dbf4e23ca7fdb6b497812e53d5224..cff919018a6e0dec6e1c6de47b2296bb45fa74ce 100644 (file)
--- a/source4/libnet/libnet_unbecome_dc.c
+++ b/source4/libnet/libnet_unbecome_dc.c
@@ -193,7 +193,7 @@ struct libnet_UnbecomeDC_state {
        struct {
                struct cldap_socket *sock;
                struct cldap_netlogon io;
-               struct nbt_cldap_netlogon_5 netlogon5;
+               struct NETLOGON_SAM_LOGON_RESPONSE_EX netlogon;
        } cldap;
 
        struct {
@@ -265,7 +265,8 @@ static void unbecomeDC_send_cldap(struct libnet_UnbecomeDC_state *s)
        s->cldap.io.in.domain_guid      = NULL;
        s->cldap.io.in.domain_sid       = NULL;
        s->cldap.io.in.acct_control     = -1;
-       s->cldap.io.in.version          = 6;
+       s->cldap.io.in.version          = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
+       s->cldap.io.in.map_response     = true;
 
        s->cldap.sock = cldap_socket_init(s, s->libnet->event_ctx,
                                          lp_iconv_convenience(s->libnet->lp_ctx));
@@ -288,17 +289,17 @@ static void unbecomeDC_recv_cldap(struct cldap_request *req)
        c->status = cldap_netlogon_recv(req, s, &s->cldap.io);
        if (!composite_is_ok(c)) return;
 
-       s->cldap.netlogon5 = s->cldap.io.out.netlogon.logon5;
+       s->cldap.netlogon = s->cldap.io.out.netlogon.nt5_ex;
 
-       s->domain.dns_name              = s->cldap.netlogon5.dns_domain;
-       s->domain.netbios_name          = s->cldap.netlogon5.domain;
-       s->domain.guid                  = s->cldap.netlogon5.domain_uuid;
+       s->domain.dns_name              = s->cldap.netlogon.dns_domain;
+       s->domain.netbios_name          = s->cldap.netlogon.domain;
+       s->domain.guid                  = s->cldap.netlogon.domain_uuid;
 
-       s->source_dsa.dns_name          = s->cldap.netlogon5.pdc_dns_name;
-       s->source_dsa.netbios_name      = s->cldap.netlogon5.pdc_name;
-       s->source_dsa.site_name         = s->cldap.netlogon5.server_site;
+       s->source_dsa.dns_name          = s->cldap.netlogon.pdc_dns_name;
+       s->source_dsa.netbios_name      = s->cldap.netlogon.pdc_name;
+       s->source_dsa.site_name         = s->cldap.netlogon.server_site;
 
-       s->dest_dsa.site_name           = s->cldap.netlogon5.client_site;
+       s->dest_dsa.site_name           = s->cldap.netlogon.client_site;
 
        unbecomeDC_connect_ldap(s);
 }

diff --git a/source4/librpc/config.mk b/source4/librpc/config.mk
index 24fad8c9c4176513f07852e3a6b3181423290600..0b136644d8390bdfded8328a7a0fc3eca99bde16 100644 (file)
--- a/source4/librpc/config.mk
+++ b/source4/librpc/config.mk
@@ -325,7 +325,7 @@ PUBLIC_DEPENDENCIES = LIBNDR NDR_NBT
 NDR_SCHANNEL_OBJ_FILES = librpc/gen_ndr/ndr_schannel.o
 
 [SUBSYSTEM::NDR_NBT]
-PUBLIC_DEPENDENCIES = LIBNDR NDR_MISC NDR_NBT_BUF NDR_SVCCTL NDR_SECURITY
+PUBLIC_DEPENDENCIES = LIBNDR NDR_MISC NDR_NBT_BUF NDR_SVCCTL NDR_SECURITY NDR_SAMR
 
 NDR_NBT_OBJ_FILES = librpc/gen_ndr/ndr_nbt.o
 

diff --git a/source4/librpc/idl/nbt.idl b/source4/librpc/idl/nbt.idl
index dddfa4e1ce7d1a1e9f9b3fdfce8b4e5d3d127a53..74e07210cd580d564d68ae935fd17d04bb146ff2 100644 (file)
--- a/source4/librpc/idl/nbt.idl
+++ b/source4/librpc/idl/nbt.idl
@@ -8,7 +8,7 @@
    encoding if it doesn't work out
 */
 
-import "misc.idl", "security.idl", "svcctl.idl";
+import "misc.idl", "security.idl", "svcctl.idl", "samr.idl";
 [
 helper("libcli/nbt/libnbt.h")
 ]
@@ -338,52 +338,19 @@ interface nbt
        } nbt_dgram_packet;
 
 
-       /*******************************************/
-       /* \MAILSLOT\NET\NETLOGON mailslot requests */
-       typedef enum {
-               NETLOGON_QUERY_FOR_PDC           = 0x7, 
-               NETLOGON_ANNOUNCE_UAS            = 0xa,
-               NETLOGON_RESPONSE_FROM_PDC       = 0xc,
-               NETLOGON_QUERY_FOR_PDC2          = 0x12,
-               NETLOGON_RESPONSE_FROM_PDC2      = 0x17,
-               NETLOGON_RESPONSE_FROM_PDC_USER  = 0x19
-       } nbt_netlogon_command;
-
-       /* query for pdc request */
-       typedef struct {
-               astring              computer_name;
-               astring              mailslot_name;
-               [flag(NDR_ALIGN2)]   DATA_BLOB _pad;
-               nstring              unicode_name;
-               uint32               nt_version;
-               uint16               lmnt_token;
-               uint16               lm20_token;
-       } nbt_netlogon_query_for_pdc;
-
-       /* query for pdc request - new style */
-       typedef struct {
-               uint16               request_count;
-               nstring              computer_name;
-               nstring              user_name;
-               astring              mailslot_name;
-               uint32               unknown[2];
-               uint32               nt_version;
-               uint16               lmnt_token;
-               uint16               lm20_token;
-       } nbt_netlogon_query_for_pdc2;
+       /******************************************
+        * \MAILSLOT\NET\NETLOGON mailslot requests
+        * and 
+        * \MAILSLOT\NET\NTLOGON mailslot requests 
+        */
 
-       /* response from pdc */
-       typedef struct {
-               astring pdc_name;
-               [flag(NDR_ALIGN2)]   DATA_BLOB _pad;
-               nstring              unicode_pdc_name;
-               nstring              domain_name;
-               uint32               nt_version;
-               uint16               lmnt_token;
-               uint16               lm20_token;
-       } nbt_netlogon_response_from_pdc;
+       typedef [public,gensize] struct {
+               uint32                  sa_family;
+               [flag(NDR_BIG_ENDIAN)]  ipv4address pdc_ip;
+               [flag(NDR_REMAINING)]   DATA_BLOB remaining;
+       } nbt_sockaddr;
 
-       typedef [bitmap32bit] bitmap {
+       typedef [bitmap32bit,public] bitmap {
                NBT_SERVER_PDC           = 0x00000001,
                NBT_SERVER_GC            = 0x00000004,
                NBT_SERVER_LDAP          = 0x00000008,
@@ -395,107 +362,81 @@ interface nbt
                NBT_SERVER_GOOD_TIMESERV = 0x00000200
        } nbt_server_type;
 
-       /* response from pdc - type2 */
-       typedef struct {
-               [flag(NDR_ALIGN4)]   DATA_BLOB _pad;
-               nbt_server_type      server_type;
-               GUID                 domain_uuid;
-               nbt_string           forest;
-               nbt_string           dns_domain;
-               nbt_string           pdc_dns_name;
-               nbt_string           domain;
-               nbt_string           pdc_name;
-               nbt_string           user_name;
-               nbt_string           server_site;
-               nbt_string           client_site;
-               uint8                unknown;
-               uint32               unknown2;
-               [flag(NDR_BIG_ENDIAN)] 
-                 ipv4address          pdc_ip;
-               uint32               unknown3[2];
-               uint32               nt_version;
-               uint16               lmnt_token;
-               uint16               lm20_token;
-       } nbt_netlogon_response_from_pdc2;
-
-       typedef enum netr_SamDatabaseID netr_SamDatabaseID;
-
-       /* announce change to UAS or SAM */
-       typedef struct {
-               netr_SamDatabaseID   db_index;
-               hyper                serial;
-               NTTIME               timestamp;
-       } nbt_db_change;
+       typedef [bitmap32bit,public] bitmap {
+               NETLOGON_NT_VERSION_1   =  0x00000001,
+               NETLOGON_NT_VERSION_5   =  0x00000002,
+               NETLOGON_NT_VERSION_5EX =  0x00000004,
+               NETLOGON_NT_VERSION_5EX_WITH_IP = 0x00000008,
+               NETLOGON_NT_VERSION_WITH_CLOSEST_SITE = 0x00000010,
+               NETLOGON_NT_VERSION_AVIOD_NT4EMUL = 0x01000000,
+               NETLOGON_NT_VERSION_PDC = 0x10000000,
+               NETLOGON_NT_VERSION_IP = 0x20000000,
+               NETLOGON_NT_VERSION_LOCAL = 0x40000000,
+               NETLOGON_NT_VERSION_GC = 0x80000000
+       } netlogon_nt_version_flags;
+
+
+       typedef [enum16bit,public] enum {
+               LOGON_PRIMARY_QUERY               = 7,  /* Was also NETLOGON_QUERY_FOR_PDC */
+               NETLOGON_ANNOUNCE_UAS             = 10,
+               NETLOGON_RESPONSE_FROM_PDC        = 12,
+               LOGON_SAM_LOGON_REQUEST           = 18, /* Was also NETLOGON_QUERY_FOR_PDC2, NTLOGON_SAM_LOGON */
+               LOGON_SAM_LOGON_RESPONSE          = 19, /* Was also NTLOGON_SAM_LOGON_REPLY */
+               LOGON_SAM_LOGON_PAUSE_RESPONSE    = 20, 
+               LOGON_SAM_LOGON_USER_UNKNOWN      = 21, /* Was also NTLOGON_SAM_LOGON_REPLY15 */
+               LOGON_SAM_LOGON_RESPONSE_EX       = 23,  /* was NETLOGON_RESPONSE_FROM_PDC2     */
+               LOGON_SAM_LOGON_PAUSE_RESPONSE_EX = 24, 
+               LOGON_SAM_LOGON_USER_UNKNOWN_EX   = 25 /* was NETLOGON_RESPONSE_FROM_PDC_USER */
+       } netlogon_command;
+
+       typedef bitmap samr_AcctFlags samr_AcctFlags;
 
-       /* used to announce SAM changes */
        typedef struct {
-               uint32           serial_lo;
-               time_t           timestamp;
-               uint32           pulse;
-               uint32           random;
-               astring          pdc_name;
-               astring          domain;
-               [flag(NDR_ALIGN2)] DATA_BLOB _pad;
-               nstring          unicode_pdc_name;
-               nstring          unicode_domain;
-               uint32           db_count;
-               nbt_db_change    dbchange[db_count];
+               uint16               request_count;
+               nstring              computer_name;
+               nstring              user_name;
+               astring              mailslot_name;
+               samr_AcctFlags       acct_control;
                [value(ndr_size_dom_sid0(&sid, ndr->flags))] uint32 sid_size;
                [subcontext(0),subcontext_size(sid_size)] dom_sid0 sid;
-               uint32           nt_version;
-               uint16           lmnt_token;
-               uint16           lm20_token;
-       } nbt_netlogon_announce_uas;
-
-       typedef [nodiscriminant] union {
-               [case(NETLOGON_QUERY_FOR_PDC)] nbt_netlogon_query_for_pdc pdc;
-               [case(NETLOGON_QUERY_FOR_PDC2)] nbt_netlogon_query_for_pdc2 pdc2;
-               [case(NETLOGON_ANNOUNCE_UAS)] nbt_netlogon_announce_uas uas;
-               [case(NETLOGON_RESPONSE_FROM_PDC)] nbt_netlogon_response_from_pdc response;
-               [case(NETLOGON_RESPONSE_FROM_PDC2)] nbt_netlogon_response_from_pdc2 response2;
-               [case(NETLOGON_RESPONSE_FROM_PDC_USER)] nbt_netlogon_response_from_pdc2 response2;
-       } nbt_netlogon_request;
+               netlogon_nt_version_flags               nt_version;
+               uint16               lmnt_token;
+               uint16               lm20_token;
+       } NETLOGON_SAM_LOGON_REQUEST;
 
        typedef [flag(NDR_NOALIGN),public] struct {
-               nbt_netlogon_command command;
-               [switch_is(command)] nbt_netlogon_request req;
-       } nbt_netlogon_packet;
-
-       /*******************************************/
-       /* CLDAP netlogon response                 */
-
-       /* note that these structures are very similar to, but not
-          quite identical to, the netlogon structures above */
-
-       typedef struct {
-               uint16               type;
-               nstring              pdc_name;
+               netlogon_command command;
+               nstring              server;
                nstring              user_name;
-               nstring              domain_name;
-               [value(1)] uint32    nt_version;
+               nstring              domain;
+               netlogon_nt_version_flags               nt_version;
                uint16               lmnt_token;
-               uint16               lm20_token;                
-       } nbt_cldap_netlogon_1;
+               uint16               lm20_token;
+       } NETLOGON_SAM_LOGON_RESPONSE_NT40;
 
-       typedef struct {
-               uint16               type;
+       typedef [flag(NDR_NOALIGN),public] struct {
+               netlogon_command command;
                nstring              pdc_name;
                nstring              user_name;
                nstring              domain_name;
                GUID                 domain_uuid;
-               GUID                 unknown_uuid;
+               GUID                 zero_uuid;
                nbt_string           forest;
                nbt_string           dns_domain;
                nbt_string           pdc_dns_name;
                ipv4address          pdc_ip;
                nbt_server_type      server_type;
-               [value(3)] uint32    nt_version;
+               netlogon_nt_version_flags    nt_version;
                uint16               lmnt_token;
                uint16               lm20_token;                
-       } nbt_cldap_netlogon_3;
+       } NETLOGON_SAM_LOGON_RESPONSE;
 
-       typedef struct {
-               uint32               type;
+       /* response from pdc hand marshaled (we have an additional
+        * function that uses this structure), as it has 'optional'
+        * parts */
+       typedef [flag(NDR_NOALIGN),public] struct {
+               netlogon_command command;
+               uint16               sbz; /* From the docs */
                nbt_server_type      server_type;
                GUID                 domain_uuid;
                nbt_string           forest;
@@ -506,85 +447,91 @@ interface nbt
                nbt_string           user_name;
                nbt_string           server_site;
                nbt_string           client_site;
-               [value(5)] uint32    nt_version;
-               uint16               lmnt_token;
-               uint16               lm20_token;
-       } nbt_cldap_netlogon_5;
 
-       typedef struct {
-               uint32               type;
-               nbt_server_type      server_type;
-               GUID                 domain_uuid;
-               nbt_string           forest;
-               nbt_string           dns_domain;
-               nbt_string           pdc_dns_name;
-               nbt_string           domain;
-               nbt_string           pdc_name;
-               nbt_string           user_name;
-               nbt_string           server_site;
-               nbt_string           client_site;
-               uint8                unknown;
-               uint32               unknown2;
-               [flag(NDR_BIG_ENDIAN)] 
-                 ipv4address          pdc_ip;
-               uint32               unknown3[2];
-               [value(13)] uint32   nt_version;
+               /* Optional on NETLOGON_NT_VERSION_5EX_WITH_IP */
+                [value(ndr_size_nbt_sockaddr(&sockaddr, ndr->flags))] uint8 sockaddr_size; 
+                [subcontext(0),subcontext_size(sockaddr_size)] nbt_sockaddr sockaddr;
+               
+               /* Optional on NETLOGON_NT_VERSION_WITH_CLOSEST_SITE */
+                nbt_string           next_closest_site;
+
+               netlogon_nt_version_flags               nt_version;
                uint16               lmnt_token;
                uint16               lm20_token;
-       } nbt_cldap_netlogon_13;
-
-       typedef [flag(NDR_NOALIGN),public,nodiscriminant] union {
-               [case(0)]  nbt_cldap_netlogon_1 logon1;
-               [case(1)]  nbt_cldap_netlogon_1 logon1;
-               [case(2)]  nbt_cldap_netlogon_3 logon3;
-               [case(3)]  nbt_cldap_netlogon_3 logon3;
-               [case(4)]  nbt_cldap_netlogon_5 logon5;
-               [case(5)]  nbt_cldap_netlogon_5 logon5;
-               [case(6)]  nbt_cldap_netlogon_5 logon5;
-               [case(7)]  nbt_cldap_netlogon_5 logon5;
-               [default]  nbt_cldap_netlogon_13 logon13;
-       } nbt_cldap_netlogon;
-
-       /*******************************************/
-       /* \MAILSLOT\NET\NTLOGON mailslot requests */
-       typedef enum {
-               NTLOGON_SAM_LOGON         = 0x12,
-               NTLOGON_SAM_LOGON_REPLY   = 0x13,
-               NTLOGON_SAM_LOGON_REPLY15 = 0x15
-       } nbt_ntlogon_command;
+       } NETLOGON_SAM_LOGON_RESPONSE_EX;
 
+       /* query for pdc request */
        typedef struct {
-               uint16               request_count;
-               nstring              computer_name;
-               nstring              user_name;
+               astring              computer_name;
                astring              mailslot_name;
-               uint32               acct_control;
-               [value(ndr_size_dom_sid0(&sid, ndr->flags))] uint32 sid_size;
-               [subcontext(0),subcontext_size(sid_size)] dom_sid0 sid;
-               uint32               nt_version;
+               [flag(NDR_ALIGN2)]   DATA_BLOB _pad;
+               nstring              unicode_name;
+               netlogon_nt_version_flags               nt_version;
                uint16               lmnt_token;
                uint16               lm20_token;
-       } nbt_ntlogon_sam_logon;
+       } nbt_netlogon_query_for_pdc;
 
-       typedef struct {
-               nstring              server;
-               nstring              user_name;
-               nstring              domain;
-               uint32               nt_version;
+       /* response from pdc */
+       typedef [flag(NDR_NOALIGN),public] struct {
+               netlogon_command command;
+               astring pdc_name;
+               [flag(NDR_ALIGN2)]   DATA_BLOB _pad;
+               nstring              unicode_pdc_name;
+               nstring              domain_name;
+               netlogon_nt_version_flags               nt_version;
                uint16               lmnt_token;
                uint16               lm20_token;
-       } nbt_ntlogon_sam_logon_reply;
+       } nbt_netlogon_response_from_pdc;
+
+       typedef enum netr_SamDatabaseID netr_SamDatabaseID;
+
+       /* used to announce SAM changes - MS-NRPC 2.2.1.5.1 */
+       typedef struct {
+               netr_SamDatabaseID   db_index;
+               hyper                serial;
+               NTTIME               timestamp;
+       } nbt_db_change_info;
+
+       typedef struct {
+               uint32           serial_lo;
+               time_t           timestamp;
+               uint32           pulse;
+               uint32           random;
+               astring          pdc_name;
+               astring          domain;
+               [flag(NDR_ALIGN2)] DATA_BLOB _pad;
+               nstring          unicode_pdc_name;
+               nstring          unicode_domain;
+               uint32           db_count;
+               nbt_db_change_info    dbchange[db_count];
+               [value(ndr_size_dom_sid0(&sid, ndr->flags))] uint32 sid_size;
+               [subcontext(0),subcontext_size(sid_size)] dom_sid0 sid;
+               uint32           message_format_version;
+               uint32           message_token;
+       } NETLOGON_DB_CHANGE;
 
        typedef [nodiscriminant] union {
-               [case(NTLOGON_SAM_LOGON)]       nbt_ntlogon_sam_logon logon;
-               [case(NTLOGON_SAM_LOGON_REPLY)] nbt_ntlogon_sam_logon_reply reply;
-               [case(NTLOGON_SAM_LOGON_REPLY15)] nbt_ntlogon_sam_logon_reply reply;
-       } nbt_ntlogon_request;
+               [case(LOGON_SAM_LOGON_REQUEST)]       NETLOGON_SAM_LOGON_REQUEST logon;
+               [case(LOGON_PRIMARY_QUERY)] nbt_netlogon_query_for_pdc pdc;
+               [case(NETLOGON_ANNOUNCE_UAS)] NETLOGON_DB_CHANGE uas;
+       } nbt_netlogon_request;
+
+#if 0
+               [case(NETLOGON_RESPONSE_FROM_PDC)] nbt_netlogon_response_from_pdc response;
+               [case(NETLOGON_RESPONSE_FROM_PDC_USER)] nbt_netlogon_response_from_pdc2 response2;
+
+               [case(LOGON_SAM_LOGON_PAUSE_RESPONSE)] NETLOGON_SAM_LOGON_RESPONSE reply;
+               [case(LOGON_SAM_LOGON_RESPONSE)] NETLOGON_SAM_LOGON_RESPONSE reply;
+               [case(LOGON_SAM_LOGON_USER_UNKNOWN)] NETLOGON_SAM_LOGON_RESPONSE reply;
+               [case(LOGON_SAM_LOGON_RESPONSE_EX)] NETLOGON_SAM_LOGON_RESPONSE_EX reply_ex;
+               [case(LOGON_SAM_LOGON_PAUSE_RESPONSE_EX)] NETLOGON_SAM_LOGON_RESPONSE_EX reply_ex;
+               [case(LOGON_SAM_LOGON_USER_UNKNOWN_EX)] NETLOGON_SAM_LOGON_RESPONSE_EX reply_ex;
+#endif
 
        typedef [flag(NDR_NOALIGN),public] struct {
-               nbt_ntlogon_command command;
-               [switch_is(command)] nbt_ntlogon_request req;
-       } nbt_ntlogon_packet;
+               netlogon_command command;
+               [switch_is(command)] nbt_netlogon_request req;
+       } nbt_netlogon_packet;
 
        /********************************************************/
        /* \MAILSLOT\BROWSE mailslot requests                   */

diff --git a/source4/torture/ldap/cldap.c b/source4/torture/ldap/cldap.c
index ca4d9b770540fbda5d777c41b35c5e1c8c6f0c1d..bb77acd2d0bd2376fa5f5b01031a55a3a6e1ee9b 100644 (file)
--- a/source4/torture/ldap/cldap.c
+++ b/source4/torture/ldap/cldap.c
@@ -41,7 +41,7 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest)
        struct cldap_socket *cldap;
        NTSTATUS status;
        struct cldap_netlogon search, empty_search;
-       union nbt_cldap_netlogon n1;
+       struct netlogon_samlogon_response n1;
        struct GUID guid;
        int i;
 
@@ -51,7 +51,8 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest)
        search.in.dest_address = dest;
        search.in.dest_port = lp_cldap_port(tctx->lp_ctx);
        search.in.acct_control = -1;
-       search.in.version = 6;
+       search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
+       search.in.map_response = true;
 
        empty_search = search;
 
@@ -63,7 +64,7 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest)
        n1 = search.out.netlogon;
 
        search.in.user         = "Administrator";
-       search.in.realm        = n1.logon5.dns_domain;
+       search.in.realm        = n1.nt5_ex.dns_domain;
        search.in.host         = "__cldap_torture__";
 
        printf("Scanning for netlogon levels\n");
@@ -91,8 +92,8 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest)
        search.in.user = NULL;
        status = cldap_netlogon(cldap, tctx, &search);
        CHECK_STATUS(status, NT_STATUS_OK);
-       CHECK_STRING(search.out.netlogon.logon5.user_name, "");
-       CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2);
+       CHECK_STRING(search.out.netlogon.nt5_ex.user_name, "");
+       CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
 
        printf("Trying with User=Administrator\n");
 
@@ -100,8 +101,8 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest)
        status = cldap_netlogon(cldap, tctx, &search);
        CHECK_STATUS(status, NT_STATUS_OK);
 
-       CHECK_STRING(search.out.netlogon.logon5.user_name, search.in.user);
-       CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC_USER);
+       CHECK_STRING(search.out.netlogon.nt5_ex.user_name, search.in.user);
+       CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
 
        search.in.version = 6;
        status = cldap_netlogon(cldap, tctx, &search);
@@ -112,8 +113,8 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest)
        search.in.user = NULL;
        status = cldap_netlogon(cldap, tctx, &search);
        CHECK_STATUS(status, NT_STATUS_OK);
-       CHECK_STRING(search.out.netlogon.logon5.user_name, "");
-       CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2);
+       CHECK_STRING(search.out.netlogon.nt5_ex.user_name, "");
+       CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
 
        printf("Trying with User=Administrator\n");
 
@@ -121,16 +122,16 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest)
        status = cldap_netlogon(cldap, tctx, &search);
        CHECK_STATUS(status, NT_STATUS_OK);
 
-       CHECK_STRING(search.out.netlogon.logon5.user_name, search.in.user);
-       CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC_USER);
+       CHECK_STRING(search.out.netlogon.nt5_ex.user_name, search.in.user);
+       CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
 
        printf("Trying with a GUID\n");
        search.in.realm       = NULL;
-       search.in.domain_guid = GUID_string(tctx, &n1.logon5.domain_uuid);
+       search.in.domain_guid = GUID_string(tctx, &n1.nt5_ex.domain_uuid);
        status = cldap_netlogon(cldap, tctx, &search);
        CHECK_STATUS(status, NT_STATUS_OK);
-       CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC_USER);
-       CHECK_STRING(GUID_string(tctx, &search.out.netlogon.logon5.domain_uuid), search.in.domain_guid);
+       CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
+       CHECK_STRING(GUID_string(tctx, &search.out.netlogon.nt5_ex.domain_uuid), search.in.domain_guid);
 
        printf("Trying with a incorrect GUID\n");
        guid = GUID_random();
@@ -141,15 +142,15 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest)
 
        printf("Trying with a AAC\n");
        search.in.acct_control = 0x180;
-       search.in.realm = n1.logon5.dns_domain;
+       search.in.realm = n1.nt5_ex.dns_domain;
        status = cldap_netlogon(cldap, tctx, &search);
        CHECK_STATUS(status, NT_STATUS_OK);
-       CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2);
-       CHECK_STRING(search.out.netlogon.logon5.user_name, "");
+       CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
+       CHECK_STRING(search.out.netlogon.nt5_ex.user_name, "");
 
        printf("Trying with a bad AAC\n");
        search.in.acct_control = 0xFF00FF00;
-       search.in.realm = n1.logon5.dns_domain;
+       search.in.realm = n1.nt5_ex.dns_domain;
        status = cldap_netlogon(cldap, tctx, &search);
        CHECK_STATUS(status, NT_STATUS_OK);
 
@@ -158,15 +159,15 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest)
        search.in.user = "Administrator";
        status = cldap_netlogon(cldap, tctx, &search);
        CHECK_STATUS(status, NT_STATUS_OK);
-       CHECK_STRING(search.out.netlogon.logon5.dns_domain, n1.logon5.dns_domain);
-       CHECK_STRING(search.out.netlogon.logon5.user_name, search.in.user);
+       CHECK_STRING(search.out.netlogon.nt5_ex.dns_domain, n1.nt5_ex.dns_domain);
+       CHECK_STRING(search.out.netlogon.nt5_ex.user_name, search.in.user);
 
        printf("Trying with just a bad username\n");
        search.in.user = "___no_such_user___";
        status = cldap_netlogon(cldap, tctx, &search);
        CHECK_STATUS(status, NT_STATUS_OK);
-       CHECK_STRING(search.out.netlogon.logon5.user_name, search.in.user);
-       CHECK_STRING(search.out.netlogon.logon5.dns_domain, n1.logon5.dns_domain);
+       CHECK_STRING(search.out.netlogon.nt5_ex.user_name, search.in.user);
+       CHECK_STRING(search.out.netlogon.nt5_ex.dns_domain, n1.nt5_ex.dns_domain);
 
        printf("Trying with just a bad domain\n");
        search = empty_search;
@@ -175,29 +176,29 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest)
        CHECK_STATUS(status, NT_STATUS_NOT_FOUND);
 
        printf("Trying with a incorrect domain and correct guid\n");
-       search.in.domain_guid = GUID_string(tctx, &n1.logon5.domain_uuid);
+       search.in.domain_guid = GUID_string(tctx, &n1.nt5_ex.domain_uuid);
        status = cldap_netlogon(cldap, tctx, &search);
        CHECK_STATUS(status, NT_STATUS_OK);
-       CHECK_STRING(search.out.netlogon.logon5.dns_domain, n1.logon5.dns_domain);
-       CHECK_STRING(search.out.netlogon.logon5.user_name, "");
-       CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2);
+       CHECK_STRING(search.out.netlogon.nt5_ex.dns_domain, n1.nt5_ex.dns_domain);
+       CHECK_STRING(search.out.netlogon.nt5_ex.user_name, "");
+       CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
 
        printf("Trying with a incorrect domain and incorrect guid\n");
        search.in.domain_guid = GUID_string(tctx, &guid);
        status = cldap_netlogon(cldap, tctx, &search);
        CHECK_STATUS(status, NT_STATUS_NOT_FOUND);
-       CHECK_STRING(search.out.netlogon.logon5.dns_domain, n1.logon5.dns_domain);
-       CHECK_STRING(search.out.netlogon.logon5.user_name, "");
-       CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2);
+       CHECK_STRING(search.out.netlogon.nt5_ex.dns_domain, n1.nt5_ex.dns_domain);
+       CHECK_STRING(search.out.netlogon.nt5_ex.user_name, "");
+       CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
 
        printf("Trying with a incorrect GUID and correct domain\n");
        search.in.domain_guid = GUID_string(tctx, &guid);
-       search.in.realm = n1.logon5.dns_domain;
+       search.in.realm = n1.nt5_ex.dns_domain;
        status = cldap_netlogon(cldap, tctx, &search);
        CHECK_STATUS(status, NT_STATUS_OK);
-       CHECK_STRING(search.out.netlogon.logon5.dns_domain, n1.logon5.dns_domain);
-       CHECK_STRING(search.out.netlogon.logon5.user_name, "");
-       CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2);
+       CHECK_STRING(search.out.netlogon.nt5_ex.dns_domain, n1.nt5_ex.dns_domain);
+       CHECK_STRING(search.out.netlogon.nt5_ex.user_name, "");
+       CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
 
        return true;
 }

diff --git a/source4/torture/nbt/dgram.c b/source4/torture/nbt/dgram.c
index a3585896eb4802bbcccd4d5f5c1bf2f15e23039f..e039aac5093f4bfb01890fbe7d3f00947930b7b1 100644 (file)
--- a/source4/torture/nbt/dgram.c
+++ b/source4/torture/nbt/dgram.c
@@ -42,7 +42,7 @@ static void netlogon_handler(struct dgram_mailslot_handler *dgmslot,
                             struct socket_address *src)
 {
        NTSTATUS status;
-       struct nbt_netlogon_packet netlogon;
+       struct nbt_netlogon_response netlogon;
        int *replies = (int *)dgmslot->private;
 
        printf("netlogon reply from %s:%d\n", src->addr, src->port);
@@ -54,8 +54,6 @@ static void netlogon_handler(struct dgram_mailslot_handler *dgmslot,
                return;
        }
 
-       NDR_PRINT_DEBUG(nbt_netlogon_packet, &netlogon);
-
        (*replies)++;
 }
 
@@ -101,7 +99,7 @@ static bool nbt_test_netlogon(struct torture_context *tctx)
        /* try receiving replies on port 138 first, which will only
           work if we are root and smbd/nmbd are not running - fall
           back to listening on any port, which means replies from
-          some windows versions won't be seen */
+          most windows versions won't be seen */
        status = socket_listen(dgmsock->sock, socket_address, 0, 0);
        if (!NT_STATUS_IS_OK(status)) {
                talloc_free(socket_address);
@@ -117,7 +115,7 @@ static bool nbt_test_netlogon(struct torture_context *tctx)
                                      netlogon_handler, &replies);
 
        ZERO_STRUCT(logon);
-       logon.command = NETLOGON_QUERY_FOR_PDC;
+       logon.command = LOGON_PRIMARY_QUERY;
        logon.req.pdc.computer_name = TEST_NAME;
        logon.req.pdc.mailslot_name = dgmslot->mailslot_name;
        logon.req.pdc.unicode_name  = TEST_NAME;
@@ -132,6 +130,7 @@ static bool nbt_test_netlogon(struct torture_context *tctx)
        torture_assert(tctx, dest != NULL, "Error getting address");
 
        status = dgram_mailslot_netlogon_send(dgmsock, &name, dest,
+                                             NBT_MAILSLOT_NETLOGON, 
                                              &myname, &logon);
        torture_assert_ntstatus_ok(tctx, status, "Failed to send netlogon request");
 
@@ -200,14 +199,14 @@ static bool nbt_test_netlogon2(struct torture_context *tctx)
        
 
        ZERO_STRUCT(logon);
-       logon.command = NETLOGON_QUERY_FOR_PDC2;
-       logon.req.pdc2.request_count = 0;
-       logon.req.pdc2.computer_name = TEST_NAME;
-       logon.req.pdc2.user_name     = "";
-       logon.req.pdc2.mailslot_name = dgmslot->mailslot_name;
-       logon.req.pdc2.nt_version    = 11;
-       logon.req.pdc2.lmnt_token    = 0xFFFF;
-       logon.req.pdc2.lm20_token    = 0xFFFF;
+       logon.command = LOGON_SAM_LOGON_REQUEST;
+       logon.req.logon.request_count = 0;
+       logon.req.logon.computer_name = TEST_NAME;
+       logon.req.logon.user_name     = "";
+       logon.req.logon.mailslot_name = dgmslot->mailslot_name;
+       logon.req.logon.nt_version    = 11;
+       logon.req.logon.lmnt_token    = 0xFFFF;
+       logon.req.logon.lm20_token    = 0xFFFF;
 
        make_nbt_name_client(&myname, TEST_NAME);
 
@@ -216,6 +215,7 @@ static bool nbt_test_netlogon2(struct torture_context *tctx)
 
        torture_assert(tctx, dest != NULL, "Error getting address");
        status = dgram_mailslot_netlogon_send(dgmsock, &name, dest,
+                                             NBT_MAILSLOT_NETLOGON, 
                                              &myname, &logon);
        torture_assert_ntstatus_ok(tctx, status, "Failed to send netlogon request");
 
@@ -227,32 +227,6 @@ static bool nbt_test_netlogon2(struct torture_context *tctx)
 }
 
 
-/*
-  reply handler for ntlogon request
-*/
-static void ntlogon_handler(struct dgram_mailslot_handler *dgmslot, 
-                            struct nbt_dgram_packet *packet, 
-                            struct socket_address *src)
-{
-       NTSTATUS status;
-       struct nbt_ntlogon_packet ntlogon;
-       int *replies = (int *)dgmslot->private;
-
-       printf("ntlogon reply from %s:%d\n", src->addr, src->port);
-
-       status = dgram_mailslot_ntlogon_parse(dgmslot, dgmslot, packet, &ntlogon);
-       if (!NT_STATUS_IS_OK(status)) {
-               printf("Failed to parse ntlogon packet from %s:%d\n",
-                      src->addr, src->port);
-               return;
-       }
-
-       NDR_PRINT_DEBUG(nbt_ntlogon_packet, &ntlogon);
-
-       (*replies)++;
-}
-
-
 /* test UDP/138 ntlogon requests */
 static bool nbt_test_ntlogon(struct torture_context *tctx)
 {
@@ -265,7 +239,7 @@ static bool nbt_test_ntlogon(struct torture_context *tctx)
        const struct dom_sid *dom_sid;
 
        const char *myaddress;
-       struct nbt_ntlogon_packet logon;
+       struct nbt_netlogon_packet logon;
        struct nbt_name myname;
        NTSTATUS status;
        struct timeval tv = timeval_current();
@@ -296,7 +270,7 @@ static bool nbt_test_ntlogon(struct torture_context *tctx)
        /* try receiving replies on port 138 first, which will only
           work if we are root and smbd/nmbd are not running - fall
           back to listening on any port, which means replies from
-          some windows versions won't be seen */
+          most windows versions won't be seen */
        status = socket_listen(dgmsock->sock, socket_address, 0, 0);
        if (!NT_STATUS_IS_OK(status)) {
                talloc_free(socket_address);
@@ -317,17 +291,17 @@ static bool nbt_test_ntlogon(struct torture_context *tctx)
 
        /* setup a temporary mailslot listener for replies */
        dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC,
-                                     ntlogon_handler, &replies);
+                                     netlogon_handler, &replies);
        
 
        ZERO_STRUCT(logon);
-       logon.command = NTLOGON_SAM_LOGON;
+       logon.command = LOGON_SAM_LOGON_REQUEST;
        logon.req.logon.request_count = 0;
        logon.req.logon.computer_name = TEST_NAME;
        logon.req.logon.user_name     = TEST_NAME"$";
        logon.req.logon.mailslot_name = dgmslot->mailslot_name;
        logon.req.logon.acct_control  = ACB_WSTRUST;
-       logon.req.logon.sid           = *dom_sid;
+       /* Leave sid as all zero */
        logon.req.logon.nt_version    = 1;
        logon.req.logon.lmnt_token    = 0xFFFF;
        logon.req.logon.lm20_token    = 0xFFFF;
@@ -337,8 +311,10 @@ static bool nbt_test_ntlogon(struct torture_context *tctx)
        dest = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name, 
                                           address, lp_dgram_port(tctx->lp_ctx));
        torture_assert(tctx, dest != NULL, "Error getting address");
-       status = dgram_mailslot_ntlogon_send(dgmsock, DGRAM_DIRECT_UNIQUE,
-                                            &name, dest, &myname, &logon);
+       status = dgram_mailslot_netlogon_send(dgmsock, 
+                                             &name, dest, 
+                                             NBT_MAILSLOT_NTLOGON, 
+                                             &myname, &logon);
        torture_assert_ntstatus_ok(tctx, status, "Failed to send ntlogon request");
 
        while (timeval_elapsed(&tv) < 5 && replies == 0) {

diff --git a/source4/torture/rpc/dssync.c b/source4/torture/rpc/dssync.c
index 00617f407268eac4b64718a12f4814680e04a4df..989a1faf27bd0ca56a498e45b4d3f69425dcd117 100644 (file)
--- a/source4/torture/rpc/dssync.c
+++ b/source4/torture/rpc/dssync.c
@@ -288,16 +288,17 @@ static bool test_GetInfo(struct torture_context *tctx, struct DsSyncTest *ctx)
        search.in.dest_address = ctx->drsuapi_binding->host;
        search.in.dest_port = lp_cldap_port(tctx->lp_ctx);
        search.in.acct_control = -1;
-       search.in.version = 6;
+       search.in.version               = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
+       search.in.map_response = true;
        status = cldap_netlogon(cldap, ctx, &search);
        if (!NT_STATUS_IS_OK(status)) {
                const char *errstr = nt_errstr(status);
                ctx->site_name = talloc_asprintf(ctx, "%s", "Default-First-Site-Name");
                printf("cldap_netlogon() returned %s. Defaulting to Site-Name: %s\n", errstr, ctx->site_name);          
        } else {
-               ctx->site_name = talloc_steal(ctx, search.out.netlogon.logon5.client_site);
+               ctx->site_name = talloc_steal(ctx, search.out.netlogon.nt5_ex.client_site);
                printf("cldap_netlogon() returned Client Site-Name: %s.\n",ctx->site_name);
-               printf("cldap_netlogon() returned Server Site-Name: %s.\n",search.out.netlogon.logon5.server_site);
+               printf("cldap_netlogon() returned Server Site-Name: %s.\n",search.out.netlogon.nt5_ex.server_site);
        }
 
        return ret;