Fold the two 32 bit values logon_id_high and logon_id_low into a single
64 bit logon_id in netr_identity_info. This will be used to tie
together winbind and SamLogon requests in audit logging.
Summary of the of the Query and Response from Microsoft on it's usage.
[REG:
119013019612095] [MS-NRPC]: NETLOGON_LOGON_IDENTITY_INFO: Does
the Reserved field have LogonId meaning?
Questions:
In NetrLogonSamLogonEx does the Reserved field
(of NETLOGON_LOGON_IDENTITY_INFO) have LogonId meaning?
What is a valid LogonID, and does have any audit usage?
Samba is sending a constant "
deadbeef" in hex and would like to
understand any usage of this field.
Response:
The NRPC spec is accurate in defining the field as Reserved, and without
protocol significance. In the header file in our source code, it is
defined as LogonId and commented as such, but it’s effectively not used.
This is probably why the API structure has that field name. It may have
been intended as such but it’s not used.
Samba will send a random value in this field.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
MSV1_0_SUBAUTHENTICATION_DLL_EX = 0x00100000
} netr_LogonParameterControl;
+ /* Summary of the of the Query and Response from Microsoft on
+ * the usage of logon_id in netr_IdendityInfo
+ *
+ * [REG:119013019612095] [MS-NRPC]: NETLOGON_LOGON_IDENTITY_INFO: Does
+ * the Reserved field have LogonId meaning?
+ *
+ * Questions:
+ * In NetrLogonSamLogonEx does the Reserved field
+ * (of NETLOGON_LOGON_IDENTITY_INFO) have LogonId meaning?
+ *
+ * What is a valid LogonID, and does have any audit usage?
+ *
+ * Samba is sending a constant "deadbeef" in hex and would like to
+ * understand any usage of this field.
+ *
+ * Response:
+ * The NRPC spec is accurate in defining the field as Reserved, and
+ * without protocol significance. In the header file in our source
+ * code, it is defined as LogonId and commented as such, but it’s
+ * effectively not used. This is probably why the API structure has
+ * that field name. It may have been intended as such but it’s not
+ * used.
+ *
+ * Samba now sends a random value in this field.
+ */
typedef struct {
lsa_String domain_name;
netr_LogonParameterControl parameter_control; /* see MSV1_0_* */
- uint32 logon_id_low;
- uint32 logon_id_high;
+ udlong logon_id;
lsa_String account_name;
lsa_String workstation;
} netr_IdentityInfo;
password_info->identity_info.domain_name.string = domain;
password_info->identity_info.parameter_control = logon_parameters;
- password_info->identity_info.logon_id_low = 0xdead;
- password_info->identity_info.logon_id_high = 0xbeef;
+ password_info->identity_info.logon_id = 0xbeef0000dead;
password_info->identity_info.account_name.string = username;
password_info->identity_info.workstation.string = workstation_slash;
network_info->identity_info.domain_name.string = domain;
network_info->identity_info.parameter_control = logon_parameters;
- network_info->identity_info.logon_id_low = 0xdead;
- network_info->identity_info.logon_id_high = 0xbeef;
+ network_info->identity_info.logon_id = 0xbeef0000dead;
network_info->identity_info.account_name.string = username;
network_info->identity_info.workstation.string = workstation_slash;
network_info->identity_info.domain_name.string = domain;
network_info->identity_info.parameter_control = logon_parameters;
- network_info->identity_info.logon_id_low = 0xdead;
- network_info->identity_info.logon_id_high = 0xbeef;
+ network_info->identity_info.logon_id = 0xbeef0000dead;
network_info->identity_info.account_name.string = username;
network_info->identity_info.workstation.string = workstation_name_slash;
password_info->identity_info.domain_name.string = domain;
password_info->identity_info.parameter_control = logon_parameters;
- password_info->identity_info.logon_id_low = 0xdead;
- password_info->identity_info.logon_id_high = 0xbeef;
+ password_info->identity_info.logon_id = 0xbeef0000dead;
password_info->identity_info.account_name.string = username;
password_info->identity_info.workstation.string = workstation_name_slash;
identity_info->domain_name.string = user_info->client.domain_name;
identity_info->parameter_control = user_info->logon_parameters; /* see MSV1_0_* */
- identity_info->logon_id_low = 0;
- identity_info->logon_id_high = 0;
+ identity_info->logon_id = 0;
identity_info->account_name.string = user_info->client.account_name;
identity_info->workstation.string = user_info->workstation_name;
identity_info->domain_name.string = user_info->mapped.domain_name;
identity_info->parameter_control = user_info->logon_parameters; /* TODO */
- identity_info->logon_id_low = 0;
- identity_info->logon_id_high = 0;
+ identity_info->logon_id = 0;
identity_info->account_name.string = user_info->mapped.account_name;
identity_info->workstation.string
= talloc_asprintf(identity_info, "krb5-bad-pw on RODC from %s",
torture_assert_int_equal(tctx, r->in.logon->password->identity_info.domain_name.size, 12, "domain_name.size");
torture_assert_str_equal(tctx, r->in.logon->password->identity_info.domain_name.string, "W2KDOM", "domain_name.string");
torture_assert_int_equal(tctx, r->in.logon->password->identity_info.parameter_control, 0, "parameter_control");
- torture_assert_int_equal(tctx, r->in.logon->password->identity_info.logon_id_low, 0xdead, "logon_id_low");
- torture_assert_int_equal(tctx, r->in.logon->password->identity_info.logon_id_high, 0xbeef, "logon_id_high");
+ torture_assert_u64_equal(tctx, r->in.logon->password->identity_info.logon_id, 0xbeef0000dead, "logon_id");
torture_assert_int_equal(tctx, r->in.logon->password->identity_info.account_name.length, 26, "account_name.length");
torture_assert_int_equal(tctx, r->in.logon->password->identity_info.account_name.size, 26, "account_name.size");
torture_assert_str_equal(tctx, r->in.logon->password->identity_info.account_name.string, "administrator", "account_name.string");
ninfo.nt.length = nt_resp.length;
ninfo.identity_info.parameter_control = 0;
- ninfo.identity_info.logon_id_low = 0;
- ninfo.identity_info.logon_id_high = 0;
+ ninfo.identity_info.logon_id = 0;
ninfo.identity_info.workstation.string = cli_credentials_get_workstation(credentials);
logon.network = &ninfo;
/* Validate it over the netlogon pipe */
generic.identity_info.parameter_control = 0;
- generic.identity_info.logon_id_high = 0;
- generic.identity_info.logon_id_low = 0;
+ generic.identity_info.logon_id = 0;
generic.identity_info.domain_name.string = session_info->info->domain_name;
generic.identity_info.account_name.string = session_info->info->account_name;
generic.identity_info.workstation.string = test_machine_name;
ninfo.nt.length = nt_resp.length;
ninfo.identity_info.parameter_control = 0;
- ninfo.identity_info.logon_id_low = 0;
- ninfo.identity_info.logon_id_high = 0;
+ ninfo.identity_info.logon_id = 0;
ninfo.identity_info.workstation.string = cli_credentials_get_workstation(server_creds);
logon.network = &ninfo;
ninfo.identity_info.domain_name.string =
cli_credentials_get_domain(user_creds);
ninfo.identity_info.parameter_control = 0;
- ninfo.identity_info.logon_id_low = 0;
- ninfo.identity_info.logon_id_high = 0;
+ ninfo.identity_info.logon_id = 0;
ninfo.identity_info.workstation.string =
cli_credentials_get_workstation(user_creds);
memcpy(ninfo.challenge, chal.data, sizeof(ninfo.challenge));
ninfo.identity_info.domain_name.string = samlogon_state->account_domain;
ninfo.identity_info.parameter_control = parameter_control;
- ninfo.identity_info.logon_id_low = 0;
- ninfo.identity_info.logon_id_high = 0;
+ ninfo.identity_info.logon_id = 0;
ninfo.identity_info.account_name.string = samlogon_state->account_name;
ninfo.identity_info.workstation.string = TEST_MACHINE_NAME;
pinfo.identity_info.domain_name.string = account_domain;
pinfo.identity_info.parameter_control = parameter_control;
- pinfo.identity_info.logon_id_low = 0;
- pinfo.identity_info.logon_id_high = 0;
+ pinfo.identity_info.logon_id = 0;
pinfo.identity_info.account_name.string = account_name;
pinfo.identity_info.workstation.string = workstation_name;
identity.parameter_control =
MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT |
MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT;
- identity.logon_id_low = 0;
- identity.logon_id_high = 0;
+ identity.logon_id = 0;
identity.workstation.string = cli_credentials_get_workstation(test_credentials);
if (interactive) {
ninfo.identity_info.domain_name.string = domain;
ninfo.identity_info.parameter_control = 0;
- ninfo.identity_info.logon_id_low = 0;
- ninfo.identity_info.logon_id_high = 0;
+ ninfo.identity_info.logon_id = 0;
ninfo.identity_info.account_name.string = account_name;
ninfo.identity_info.workstation.string = workstation;
generate_random_buffer(ninfo.challenge,
ninfo.nt.length = nt_resp.length;
ninfo.identity_info.parameter_control = 0;
- ninfo.identity_info.logon_id_low = 0;
- ninfo.identity_info.logon_id_high = 0;
+ ninfo.identity_info.logon_id = 0;
ninfo.identity_info.workstation.string = cli_credentials_get_workstation(credentials);
logon.network = &ninfo;
conn->ninfo.nt.length = nt_resp.length;
conn->ninfo.identity_info.parameter_control = 0;
- conn->ninfo.identity_info.logon_id_low = 0;
- conn->ninfo.identity_info.logon_id_high = 0;
+ conn->ninfo.identity_info.logon_id = 0;
conn->ninfo.identity_info.workstation.string = cli_credentials_get_workstation(conn->wks_creds);
conn->r.in.server_name = talloc_asprintf(conn->tmp, "\\\\%s", dcerpc_server_name(conn->pipe));