[cifs-protocol] Please clarify LSA and OsVersion behaviour in MS-NRPC

Hongwei Sun hongweis at microsoft.com
Tue Jul 14 11:11:08 MDT 2009


Andrew,

  After review, we confirmed that the LsaPolicy in _NETLOGON_WORKSTATION_INFO is not used in any release of Windows.  The LsaPolicySize field is set to zero, and the LsaPolicy field is set to NULL.   I filed a request for documentation update to include this information.

  Bill already responded to you in a separate e-mail regarding the behaviour of OsVersion.
 
  Please let us know if you have any further questions.

Thanks!

--------------------------------------------------------------------
Hongwei  Sun - Sr. Support Escalation Engineer
DSC Protocol  Team, Microsoft
hongweis at microsoft.com
Tel:  469-7757027 x 57027
---------------------------------------------------------------------


-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org] 
Sent: Tuesday, July 07, 2009 10:45 PM
To: Interoperability Documentation Help
Cc: pfif at tridgell.net; cifs-protocol at samba.org; Matthias Dieter Wallnöfer
Subject: Please clarify LSA and OsVersion behaviour in MS-NRPC

In MS-NRPC 2.2.1.3.6 NETLOGON_WORKSTATION_INFO it has:

> 
> typedef struct _NETLOGON_WORKSTATION_INFO {
>   NETLOGON_LSA_POLICY_INFO LsaPolicy;
> 
This is defined in 2.2.1.3.5, but not very helpfully:

> The NETLOGON_LSA_POLICY_INFO structure defines Local Security 
> Authority (LSA) policy information as an unsigned character buffer. For details, see [LSAPOLICY] and [MS-LSAD].

My question is:  Is this buffer ever filled in (it is null in the attached example from a WinXP join), and if so, what does it mean?  The links to [LSAPOLICY] and [MS-LSAD] are non-specific and not very useful in understanding the possible inputs here.

Further down, it claims:

> OsVersion: A null-terminated Unicode string that contains the version number of the operating
>   system installed on the client machine.<23> The DC that receives this data structure updates
>   the operatingSystemVersion attribute of the client's machine account object in Active
>   Directory with this value, unchanged and uninterpreted, as specified in [MS-ADTS].
> OsName: A null-terminated Unicode string that contains the name of the operating system
>   installed on the client machine.<24> The DC that receives this data structure updates the
>   operatingSystem attribute of the client's machine account object in Active Directory, as
>   specified in [MS-ADTS].

Firstly, which part of MS-ADTS does this refer?  It is a large document, and I can't find the reference. 

However, the main problem I have is that the text for OsName is plausable, given the input.  The examples in <24> even match up with the wire data (attached).  However, OsVersion is a very different thing.
What is in this 284 byte buffer?  For certain it is not a unicode string
- and certainly not the one indicated in <23>: 

> <23> Section 2.2.1.3.6: The version and build number of the client 
> operating system are used. For example, for Windows Server 2003 SP1, 
> the string "5.2 (3790)" is used, which indicates version 5.2 and build number 3790.
> 

Please clarify these inputs, so that Matthias may implement this important part of NETLOGON correctly (see
https://bugzilla.samba.org/show_bug.cgi?id=4888 for his attempts so far).


Thanks,

Andrew Bartlett


--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.


More information about the cifs-protocol mailing list