[cifs-protocol] [EXTERNAL] Re: KB5028166 introduced undocumented changes to MS-NRPC? - TrackingID#2307130040007086

Ralph Boehme slow at samba.org
Wed Jul 19 17:55:55 UTC 2023 

Hi Jeff,

thanks a lot for providing the updated doc so quickly!

We're now looking into implementing this.

Kind regards

Ralph Böhme

-- 
Ralph Boehme, Samba Team                      https://samba.org/
SerNet Samba Team Lead                     https://sernet.de/en/

On 7/19/23 19:46, Jeff McCashland (He/him) wrote:
> Hi Ralph,
> 
> As I mentioned in the thread for the other issue, the updates have been published in an Errata document for later inclusion in [MS-NRPC]:
> 
> Windows Protocols Errata: [MS-NRPC]: Netlogon Remote Protocol
> https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-winerrata/69ffd0ac-a0dd-49f2-96ad-6720441b0a93
> 
> Please let us know if this does not address the issue below.
> 
> Best regards,
> Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team
> Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
> Local country phone number found here: http://support.microsoft.com/globalenglish | Extension 1138300
> 
> -----Original Message-----
> From: Jeff McCashland (He/him)
> Sent: Thursday, July 13, 2023 2:01 PM
> To: Ralph Böhme <slow at samba.org>
> Cc: cifs-protocol at lists.samba.org; Microsoft Support <supportmail at microsoft.com>
> Subject: RE: [EXTERNAL] Re: [cifs-protocol] KB5028166 introduced undocumented changes to MS-NRPC? - TrackingID#2307130040007086
> 
> [Mike to BCC]
> 
> Hi Ralph,
> 
> I will look into these questions and let you know what I find.
> 
> Best regards,
> Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team
> Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada) Local country phone number found here: http://support.microsoft.com/globalenglish | Extension 1138300
> 
> -----Original Message-----
> From: Michael Bowen <Mike.Bowen at microsoft.com>
> Sent: Thursday, July 13, 2023 8:53 AM
> To: Ralph Böhme <slow at samba.org>
> Cc: cifs-protocol at lists.samba.org; Microsoft Support <supportmail at microsoft.com>
> Subject: RE: [EXTERNAL] Re: [cifs-protocol] KB5028166 introduced undocumented changes to MS-NRPC? - TrackingID#2307130040007086
> 
> [DocHelp to BCC]
> 
> Hi Ralph,
> 
> Thank you for your inquiry. The case 2307130040007086 has been created to track this issue. One of our team members will contact you soon.
> 
> Best regards,
> Mike Bowen
> Escalation Engineer - Microsoft Open Specifications
> 
> -----Original Message-----
> From: Ralph Boehme <slow at samba.org>
> Sent: Thursday, July 13, 2023 3:37 AM
> To: Interoperability Documentation Help <dochelp at microsoft.com>
> Cc: cifs-protocol at lists.samba.org
> Subject: [EXTERNAL] Re: [cifs-protocol] KB5028166 introduced undocumented changes to MS-NRPC?
> 
> Hello dochelp,
> 
> On 7/13/23 11:10, Ralph Boehme via cifs-protocol wrote:
>> Please read my description with a grain of salt, I'm not the netlogon
>> expert on our team, just wanted to set the ball rolling... :)
> 
> hopefully this is not going to cause more confusion, but after digging some more I figured out the following
> 
> It seems the client's netr_LogonGetCapabilities request has a query-level of 2:
> 
> [2023/07/13 11:59:17.063300,  1, pid=32385, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:484(ndr_print_function_debug)
>          netr_LogonGetCapabilities: struct netr_LogonGetCapabilities
>             in: struct netr_LogonGetCapabilities
>                 server_name              : *
>                     server_name              : '\\master.five.new'
>                 computer_name            : *
>                     computer_name            : 'DESKTOP-6O7C598'
>                 credential               : *
>                     credential: struct netr_Authenticator
>                         cred: struct netr_Credential
>                             data                     : b43363f1a6823757
>                         timestamp                : Thu Jul 13 11:59:16
> 2023 CEST
>                 return_authenticator     : *
>                     return_authenticator: struct netr_Authenticator
>                         cred: struct netr_Credential
>                             data                     : 0000000000000000
>                         timestamp                : (time_t)0
>                 query_level              : 0x00000002 (2)
> 
> According to
> https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/5780fc6c-82f0-489f-b9a0-a9e855388492
> the server should fail this with STATUS_INVALID_LEVEL.
> 
> Are there any doc updates missing?
> 
> Samba accepts the request and then later uses the query-level as switch into the previously mentioned netr_Capabilities union. This then fails when trying to marshall the result structure.
> 
> Thanks!
> -slow
> 
> --
> Ralph Boehme, Samba Team                      https://samba.org/
> SerNet Samba Team Lead                     https://sernet.de/en/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20230719/a6770c2b/OpenPGP_signature.sig>

More information about the cifs-protocol mailing list