[cifs-protocol] KB5028166 introduced undocumented changes to MS-NRPC?
Ralph Boehme
slow at samba.org
Thu Jul 13 10:37:04 UTC 2023
Hello dochelp,
On 7/13/23 11:10, Ralph Boehme via cifs-protocol wrote:
> Please read my description with a grain of salt, I'm not the netlogon
> expert on our team, just wanted to set the ball rolling... :)
hopefully this is not going to cause more confusion, but after digging
some more I figured out the following
It seems the client's netr_LogonGetCapabilities request has a
query-level of 2:
[2023/07/13 11:59:17.063300, 1, pid=32385, effective(0, 0), real(0, 0),
class=rpc_parse] ../../librpc/ndr/ndr.c:484(ndr_print_function_debug)
netr_LogonGetCapabilities: struct netr_LogonGetCapabilities
in: struct netr_LogonGetCapabilities
server_name : *
server_name : '\\master.five.new'
computer_name : *
computer_name : 'DESKTOP-6O7C598'
credential : *
credential: struct netr_Authenticator
cred: struct netr_Credential
data : b43363f1a6823757
timestamp : Thu Jul 13 11:59:16
2023 CEST
return_authenticator : *
return_authenticator: struct netr_Authenticator
cred: struct netr_Credential
data : 0000000000000000
timestamp : (time_t)0
query_level : 0x00000002 (2)
According to
https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/5780fc6c-82f0-489f-b9a0-a9e855388492
the server should fail this with STATUS_INVALID_LEVEL.
Are there any doc updates missing?
Samba accepts the request and then later uses the query-level as switch
into the previously mentioned netr_Capabilities union. This then fails
when trying to marshall the result structure.
Thanks!
-slow
--
Ralph Boehme, Samba Team https://samba.org/
SerNet Samba Team Lead https://sernet.de/en/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20230713/94584945/OpenPGP_signature.sig>
More information about the cifs-protocol
mailing list