[cifs-protocol] [EXTERNAL] Re: KB5028166 introduced undocumented changes to MS-NRPC? - TrackingID#2307130040007086
Jeff McCashland (He/him)
jeffm at microsoft.com
Thu Jul 13 21:01:27 UTC 2023
[Mike to BCC]
Hi Ralph,
I will look into these questions and let you know what I find.
Best regards,
Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team
Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
Local country phone number found here: http://support.microsoft.com/globalenglish | Extension 1138300
-----Original Message-----
From: Michael Bowen <Mike.Bowen at microsoft.com>
Sent: Thursday, July 13, 2023 8:53 AM
To: Ralph Böhme <slow at samba.org>
Cc: cifs-protocol at lists.samba.org; Microsoft Support <supportmail at microsoft.com>
Subject: RE: [EXTERNAL] Re: [cifs-protocol] KB5028166 introduced undocumented changes to MS-NRPC? - TrackingID#2307130040007086
[DocHelp to BCC]
Hi Ralph,
Thank you for your inquiry. The case 2307130040007086 has been created to track this issue. One of our team members will contact you soon.
Best regards,
Mike Bowen
Escalation Engineer - Microsoft Open Specifications
-----Original Message-----
From: Ralph Boehme <slow at samba.org>
Sent: Thursday, July 13, 2023 3:37 AM
To: Interoperability Documentation Help <dochelp at microsoft.com>
Cc: cifs-protocol at lists.samba.org
Subject: [EXTERNAL] Re: [cifs-protocol] KB5028166 introduced undocumented changes to MS-NRPC?
Hello dochelp,
On 7/13/23 11:10, Ralph Boehme via cifs-protocol wrote:
> Please read my description with a grain of salt, I'm not the netlogon
> expert on our team, just wanted to set the ball rolling... :)
hopefully this is not going to cause more confusion, but after digging some more I figured out the following
It seems the client's netr_LogonGetCapabilities request has a query-level of 2:
[2023/07/13 11:59:17.063300, 1, pid=32385, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:484(ndr_print_function_debug)
netr_LogonGetCapabilities: struct netr_LogonGetCapabilities
in: struct netr_LogonGetCapabilities
server_name : *
server_name : '\\master.five.new'
computer_name : *
computer_name : 'DESKTOP-6O7C598'
credential : *
credential: struct netr_Authenticator
cred: struct netr_Credential
data : b43363f1a6823757
timestamp : Thu Jul 13 11:59:16
2023 CEST
return_authenticator : *
return_authenticator: struct netr_Authenticator
cred: struct netr_Credential
data : 0000000000000000
timestamp : (time_t)0
query_level : 0x00000002 (2)
According to
https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/5780fc6c-82f0-489f-b9a0-a9e855388492
the server should fail this with STATUS_INVALID_LEVEL.
Are there any doc updates missing?
Samba accepts the request and then later uses the query-level as switch into the previously mentioned netr_Capabilities union. This then fails when trying to marshall the result structure.
Thanks!
-slow
--
Ralph Boehme, Samba Team https://samba.org/
SerNet Samba Team Lead https://sernet.de/en/
More information about the cifs-protocol
mailing list