[cifs-protocol] RE: Please clarify LSA and OsVersion behaviour in
MS-NRPC
Bill Wesse
billwe at microsoft.com
Fri Jul 10 03:48:22 MDT 2009
Good day Andrew! Hongwei and I have divided your request in two parts - one each for OsVersion and the LsaPolicy buffer.
I have just filed a Technical Document Issue (TDI) concerning the OsVersion field (of [MS-NRPC] 2.2.1.3.6 NETLOGON_WORKSTATION_INFO). Hongwei will be your contact for the LsaPolicy buffer information you asked after.
The OsVersion member is an OSVERSIONINFOEX structure (284 bytes); this is cross-referenced in [MS-REF], and documented on MSDN (links included below, along with the actual typedef). This structure is subject to normal RPC marshaling; .
As you noted, the OsVersion description states 'the version information is unchanged and uninterpreted' for (placement in) the operatingSystemVersion attribute. This certainly does not match the example given in <23>, which shows "5.2 (3790)".
I pointed out these discrepancies in the TDI, as well as noting that the operatingSystemVersion attribute is mentioned once only in [MS-ADTS] at 3.1.1.2.3.5 'Flag fRODCFilteredAttribute in Attribute searchFlags' (where there is a link to [MS-ADA3]: Active Directory Schema Attributes N-Z / 2.55 Attribute operatingSystemVersion).
I have included a manual deconstruction of the OSVERSIONINFOEX structure from netlogon-29.0.in.
Please let me know your thoughts concerning any further elaboration or reference information that would assist in your efforts!
OSVERSIONINFOEX Structure
http://msdn.microsoft.com/en-us/library/ms724833(VS.85).aspx
[MS-REF]: Windows Protocols Master Reference
[MSDN-OSVERSIONINFOEX] Microsoft Corporation, "OSVERSIONINFOEX" Structure, http://msdn2.microsoft.com/en-us/library/ms724833.aspx
typedef struct _OSVERSIONINFOEX {
DWORD dwOSVersionInfoSize;
DWORD dwMajorVersion;
DWORD dwMinorVersion;
DWORD dwBuildNumber;
DWORD dwPlatformId;
TCHAR szCSDVersion[128];
WORD wServicePackMajor;
WORD wServicePackMinor;
WORD wSuiteMask;
BYTE wProductType;
BYTE wReserved;
} OSVERSIONINFOEX, *POSVERSIONINFOEX, *LPOSVERSIONINFOEX;
netlogon-29.0.in
OsVersion
---------
blob2: struct lsa_BinaryString
length : 0x011c (284)
size : 0x011c (284)
array : *
0140 DWORD dwOSVersionInfoSize 0x0000011C (284)
0144 DWORD dwMajorVersion 0x00000005 (5) 5.1 Windows XP
0148 DWORD dwMinorVersion 0x00000001 (1)
014C DWORD dwBuildNumber 0x00000A28 (2600)
0150 DWORD dwPlatformId 0x00000002 (2) VER_PLATFORM_WIN32_NT
0154 TCHAR szCSDVersion[128] "Service Pack 2\0"
0170 TCHAR szCSDVersion[...] (ignore; recycled memory)
0254 WORD wServicePackMajor 0x0002 (2) 2.0
0256 WORD wServicePackMinor 0x0000 (0)
0257 WORD wSuiteMask 0x0100 (256) VER_SUITE_SINGLEUSERTS
0257 BYTE wProductType 0x01 (1) VER_NT_WORKSTATION
0258 BYTE wReserved 0x00 (0)
0140 1C 01 00 00 .... DWORD dwOSVersionInfoSize 0x0000011C (284)
0144 05 00 00 00 .... DWORD dwMajorVersion 0x00000005 (5) 5.1 Windows XP
0148 01 00 00 00 .... DWORD dwMinorVersion 0x00000001 (1)
014C 28 0A 00 00 (... DWORD dwBuildNumber 0x00000A28 (2600)
0150 02 00 00 00 .... DWORD dwPlatformId 0x00000002 (2) VER_PLATFORM_WIN32_NT
0154 53 00 65 00 72 00 76 00 69 00 63 00 S.e.r.v.i.c. TCHAR szCSDVersion[128] Service Pack 2
0160 65 00 20 00 50 00 61 00 63 00 6B 00 20 00 32 00 e. .P.a.c.k. .2.
0170 00 00 ..
0170 E6 00 02 00 00 00 00 00 00 00 20 C0 0B 00 .......... ... ignore; recycled memory: TCHAR szCSDVersion[128] ...
0180 40 5A 86 5B 00 00 00 00 00 00 00 00 00 00 00 00 @Z.[............
0190 30 00 09 00 02 00 00 00 00 00 00 00 00 00 00 00 0...............
01A0 B0 E4 E6 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01B0 00 00 00 00 C4 F5 E6 00 0E 00 00 00 00 00 00 00 ................
01C0 D0 E4 E6 00 20 F6 E6 00 00 00 00 00 00 00 00 00 .... ...........
01D0 00 00 00 00 0D 00 00 00 58 61 17 00 4F 00 00 00 ........Xa..O...
01E0 00 00 00 00 00 00 09 00 1A 00 00 00 00 00 00 00 ................
01F0 00 00 00 00 00 00 00 00 20 C0 0B 00 00 00 00 00 ........ .......
0200 04 5D 88 8A 48 00 00 00 CC 27 87 5B BC 27 87 5B .]..H....'.[.'.[
0210 09 00 00 00 DA 27 87 5B D0 F8 E6 00 00 00 00 00 .....'.[........
0220 00 00 00 00 C6 27 87 5B DA 5A 86 5B 00 00 00 00 .....'.[.Z.[....
0230 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0240 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 $...............
0250 00 00 00 00 ....
0254 02 00 .. WORD wServicePackMajor 0x0002 (2) 2.0
0256 00 00 .. WORD wServicePackMinor 0x0000 (0)
0257 00 01 .. WORD wSuiteMask 0x0100 (256) VER_SUITE_SINGLEUSERTS
0257 01 . BYTE wProductType 0x01 (1) VER_NT_WORKSTATION
0258 00 . BYTE wReserved 0x00 (0)
NTSTATUS NetrLogonGetDomainInfo(
[in, string] LOGONSRV_HANDLE ServerName,
[in, string, unique] wchar_t* ComputerName,
[in] PNETLOGON_AUTHENTICATOR Authenticator,
[in, out] PNETLOGON_AUTHENTICATOR ReturnAuthenticator,
[in] DWORD Level,
[in, switch_is(Level)] PNETLOGON_WORKSTATION_INFORMATION WkstaBuffer,
[out, switch_is(Level)] PNETLOGON_DOMAIN_INFORMATION DomBuffer
);
0000 1E 00 00 00 00 00 00 00 1E 00 00 00 5C 00 5C 00 ............\.\.
0010 6E 00 61 00 6F 00 6D 00 69 00 2E 00 53 00 34 00 n.a.o.m.i...S.4.
0020 2E 00 4E 00 41 00 4F 00 4D 00 49 00 2E 00 41 00 ..N.A.O.M.I...A.
0030 42 00 41 00 52 00 54 00 4C 00 45 00 54 00 2E 00 B.A.R.T.L.E.T...
0040 4E 00 45 00 54 00 00 00 08 5E 17 00 08 00 00 00 N.E.T....^......
0050 00 00 00 00 08 00 00 00 57 00 49 00 4E 00 58 00 ........W.I.N.X.
0060 50 00 2D 00 35 00 00 00 4D 20 E4 59 70 FC A2 CE P.-.5...M .Yp...
0070 D5 0D 54 4A 00 00 00 00 00 00 00 00 00 00 00 00 ..TJ............
0080 01 00 00 00 01 00 00 00 D0 F4 E6 00 00 00 00 00 ................
0090 00 00 00 00 58 CF 15 00 94 F8 E6 00 00 00 00 00 ....X...........
00A0 00 00 00 00 00 00 00 00 00 00 00 00 1C 01 1C 01 ................
00B0 60 F5 E6 00 2E 00 30 00 80 27 50 74 00 00 00 00 `.....0..'Pt....
00C0 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 ................
00D0 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 ................
00E0 00 00 00 00 08 00 00 00 77 00 69 00 6E 00 78 00 ........w.i.n.x.
00F0 70 00 2D 00 35 00 00 00 18 00 00 00 00 00 00 00 p.-.5...........
0100 18 00 00 00 44 00 65 00 66 00 61 00 75 00 6C 00 ....D.e.f.a.u.l.
0110 74 00 2D 00 46 00 69 00 72 00 73 00 74 00 2D 00 t.-.F.i.r.s.t.-.
0120 53 00 69 00 74 00 65 00 2D 00 4E 00 61 00 6D 00 S.i.t.e.-.N.a.m.
0130 65 00 00 00 8E 00 00 00 00 00 00 00 8E 00 00 00 e...............
0140 1C 01 00 00 05 00 00 00 01 00 00 00 28 0A 00 00 ............(...
0150 02 00 00 00 53 00 65 00 72 00 76 00 69 00 63 00 ....S.e.r.v.i.c.
0160 65 00 20 00 50 00 61 00 63 00 6B 00 20 00 32 00 e. .P.a.c.k. .2.
0170 00 00 E6 00 02 00 00 00 00 00 00 00 20 C0 0B 00 ............ ...
0180 40 5A 86 5B 00 00 00 00 00 00 00 00 00 00 00 00 @Z.[............
0190 30 00 09 00 02 00 00 00 00 00 00 00 00 00 00 00 0...............
01A0 B0 E4 E6 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01B0 00 00 00 00 C4 F5 E6 00 0E 00 00 00 00 00 00 00 ................
01C0 D0 E4 E6 00 20 F6 E6 00 00 00 00 00 00 00 00 00 .... ...........
01D0 00 00 00 00 0D 00 00 00 58 61 17 00 4F 00 00 00 ........Xa..O...
01E0 00 00 00 00 00 00 09 00 1A 00 00 00 00 00 00 00 ................
01F0 00 00 00 00 00 00 00 00 20 C0 0B 00 00 00 00 00 ........ .......
0200 04 5D 88 8A 48 00 00 00 CC 27 87 5B BC 27 87 5B .]..H....'.[.'.[
0210 09 00 00 00 DA 27 87 5B D0 F8 E6 00 00 00 00 00 .....'.[........
0220 00 00 00 00 C6 27 87 5B DA 5A 86 5B 00 00 00 00 .....'.[.Z.[....
0230 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0240 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 $...............
0250 00 00 00 00 02 00 00 00 00 01 01 00 18 00 00 00 ................
0260 00 00 00 00 17 00 00 00 57 00 69 00 6E 00 64 00 ........W.i.n.d.
0270 6F 00 77 00 73 00 20 00 58 00 50 00 20 00 50 00 o.w.s. .X.P. .P.
0280 72 00 6F 00 66 00 65 00 73 00 73 00 69 00 6F 00 r.o.f.e.s.s.i.o.
0290 6E 00 61 00 6C 00 00 00 8A E3 13 71 02 F4 36 71 n.a.l......q..6q
02A0 01 40 04 00 01 00 00 00- . at ......*
Regards,
Bill Wesse
MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL TEAM
8055 Microsoft Way
Charlotte, NC 28273
TEL: +1(980) 776-8200
CELL: +1(704) 661-5438
FAX: +1(704) 665-9606
-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Tuesday, July 07, 2009 11:45 PM
To: Interoperability Documentation Help
Cc: pfif at tridgell.net; cifs-protocol at samba.org; Matthias Dieter Wallnöfer
Subject: Please clarify LSA and OsVersion behaviour in MS-NRPC
In MS-NRPC 2.2.1.3.6 NETLOGON_WORKSTATION_INFO it has:
>
> typedef struct _NETLOGON_WORKSTATION_INFO {
> NETLOGON_LSA_POLICY_INFO LsaPolicy;
>
This is defined in 2.2.1.3.5, but not very helpfully:
> The NETLOGON_LSA_POLICY_INFO structure defines Local Security
> Authority (LSA) policy information as an unsigned character buffer. For details, see [LSAPOLICY] and [MS-LSAD].
My question is: Is this buffer ever filled in (it is null in the attached example from a WinXP join), and if so, what does it mean? The links to [LSAPOLICY] and [MS-LSAD] are non-specific and not very useful in understanding the possible inputs here.
Further down, it claims:
> OsVersion: A null-terminated Unicode string that contains the version number of the operating
> system installed on the client machine.<23> The DC that receives this data structure updates
> the operatingSystemVersion attribute of the client's machine account object in Active
> Directory with this value, unchanged and uninterpreted, as specified in [MS-ADTS].
> OsName: A null-terminated Unicode string that contains the name of the operating system
> installed on the client machine.<24> The DC that receives this data structure updates the
> operatingSystem attribute of the client's machine account object in Active Directory, as
> specified in [MS-ADTS].
Firstly, which part of MS-ADTS does this refer? It is a large document, and I can't find the reference.
However, the main problem I have is that the text for OsName is plausable, given the input. The examples in <24> even match up with the wire data (attached). However, OsVersion is a very different thing.
What is in this 284 byte buffer? For certain it is not a unicode string
- and certainly not the one indicated in <23>:
> <23> Section 2.2.1.3.6: The version and build number of the client
> operating system are used. For example, for Windows Server 2003 SP1,
> the string "5.2 (3790)" is used, which indicates version 5.2 and build number 3790.
>
Please clarify these inputs, so that Matthias may implement this important part of NETLOGON correctly (see
https://bugzilla.samba.org/show_bug.cgi?id=4888 for his attempts so far).
Thanks,
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
More information about the cifs-protocol
mailing list