[cifs-protocol] [EXTERNAL] Re: KB5028166 introduced undocumented changes to MS-NRPC? - TrackingID#2307130040007086

[Michael Bowen]

[DocHelp to BCC]

Hi Ralph,

Thank you for your inquiry. The case 2307130040007086 has been created to track this issue. One of our team members will contact you soon.

Best regards,
Mike Bowen
Escalation Engineer - Microsoft Open Specifications

-----Original Message-----
From: Ralph Boehme <slow at samba.org> 
Sent: Thursday, July 13, 2023 3:37 AM
To: Interoperability Documentation Help <dochelp at microsoft.com>
Cc: cifs-protocol at lists.samba.org
Subject: [EXTERNAL] Re: [cifs-protocol] KB5028166 introduced undocumented changes to MS-NRPC?

Hello dochelp,

On 7/13/23 11:10, Ralph Boehme via cifs-protocol wrote:
> Please read my description with a grain of salt, I'm not the netlogon 
> expert on our team, just wanted to set the ball rolling... :)

hopefully this is not going to cause more confusion, but after digging some more I figured out the following

It seems the client's netr_LogonGetCapabilities request has a query-level of 2:

[2023/07/13 11:59:17.063300,  1, pid=32385, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:484(ndr_print_function_debug)
        netr_LogonGetCapabilities: struct netr_LogonGetCapabilities
           in: struct netr_LogonGetCapabilities
               server_name              : *
                   server_name              : '\\master.five.new'
               computer_name            : *
                   computer_name            : 'DESKTOP-6O7C598'
               credential               : *
                   credential: struct netr_Authenticator
                       cred: struct netr_Credential
                           data                     : b43363f1a6823757
                       timestamp                : Thu Jul 13 11:59:16 
2023 CEST
               return_authenticator     : *
                   return_authenticator: struct netr_Authenticator
                       cred: struct netr_Credential
                           data                     : 0000000000000000
                       timestamp                : (time_t)0
               query_level              : 0x00000002 (2)

According to
https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/5780fc6c-82f0-489f-b9a0-a9e855388492
the server should fail this with STATUS_INVALID_LEVEL.

Are there any doc updates missing?

Samba accepts the request and then later uses the query-level as switch into the previously mentioned netr_Capabilities union. This then fails when trying to marshall the result structure.

Thanks!
-slow

-- 
Ralph Boehme, Samba Team                      https://samba.org/
SerNet Samba Team Lead                     https://sernet.de/en/