[cifs-protocol] Please clarify LSA and OsVersion behaviour in MS-NRPC
Hongwei Sun
hongweis at microsoft.com
Tue Jul 14 11:11:08 MDT 2009
Andrew,
After review, we confirmed that the LsaPolicy in _NETLOGON_WORKSTATION_INFO is not used in any release of Windows. The LsaPolicySize field is set to zero, and the LsaPolicy field is set to NULL. I filed a request for documentation update to include this information.
Bill already responded to you in a separate e-mail regarding the behaviour of OsVersion.
Please let us know if you have any further questions.
Thanks!
--------------------------------------------------------------------
Hongwei Sun - Sr. Support Escalation Engineer
DSC Protocol Team, Microsoft
hongweis at microsoft.com
Tel: 469-7757027 x 57027
---------------------------------------------------------------------
-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Tuesday, July 07, 2009 10:45 PM
To: Interoperability Documentation Help
Cc: pfif at tridgell.net; cifs-protocol at samba.org; Matthias Dieter Wallnöfer
Subject: Please clarify LSA and OsVersion behaviour in MS-NRPC
In MS-NRPC 2.2.1.3.6 NETLOGON_WORKSTATION_INFO it has:
>
> typedef struct _NETLOGON_WORKSTATION_INFO {
> NETLOGON_LSA_POLICY_INFO LsaPolicy;
>
This is defined in 2.2.1.3.5, but not very helpfully:
> The NETLOGON_LSA_POLICY_INFO structure defines Local Security
> Authority (LSA) policy information as an unsigned character buffer. For details, see [LSAPOLICY] and [MS-LSAD].
My question is: Is this buffer ever filled in (it is null in the attached example from a WinXP join), and if so, what does it mean? The links to [LSAPOLICY] and [MS-LSAD] are non-specific and not very useful in understanding the possible inputs here.
Further down, it claims:
> OsVersion: A null-terminated Unicode string that contains the version number of the operating
> system installed on the client machine.<23> The DC that receives this data structure updates
> the operatingSystemVersion attribute of the client's machine account object in Active
> Directory with this value, unchanged and uninterpreted, as specified in [MS-ADTS].
> OsName: A null-terminated Unicode string that contains the name of the operating system
> installed on the client machine.<24> The DC that receives this data structure updates the
> operatingSystem attribute of the client's machine account object in Active Directory, as
> specified in [MS-ADTS].
Firstly, which part of MS-ADTS does this refer? It is a large document, and I can't find the reference.
However, the main problem I have is that the text for OsName is plausable, given the input. The examples in <24> even match up with the wire data (attached). However, OsVersion is a very different thing.
What is in this 284 byte buffer? For certain it is not a unicode string
- and certainly not the one indicated in <23>:
> <23> Section 2.2.1.3.6: The version and build number of the client
> operating system are used. For example, for Windows Server 2003 SP1,
> the string "5.2 (3790)" is used, which indicates version 5.2 and build number 3790.
>
Please clarify these inputs, so that Matthias may implement this important part of NETLOGON correctly (see
https://bugzilla.samba.org/show_bug.cgi?id=4888 for his attempts so far).
Thanks,
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
More information about the cifs-protocol
mailing list