wrong IDL for DsBind in drsuapi.idl
Matthieu Patou
mat at samba.org
Sun Oct 27 11:29:28 MDT 2013
On 10/20/2013 11:31 PM, Stefan (metze) Metzmacher wrote:
> Hi Matthieu,
>
>> - typedef struct {
>> - [flag(NDR_REMAINING)] DATA_BLOB info;
>> - } drsuapi_DsBindInfoFallBack;
>> -
>> typedef [nodiscriminant] union {
>> - [case(24)][subcontext(4)] drsuapi_DsBindInfo24 info24;
>> - [case(28)][subcontext(4)] drsuapi_DsBindInfo28 info28;
>> - [case(48)][subcontext(4)] drsuapi_DsBindInfo48 info48;
>> - [default][subcontext(4)] drsuapi_DsBindInfoFallBack FallBack;
>> + [case(24)][subcontext(0), subcontext_size(24)] drsuapi_DsBindInfo24 info24;
>> + [case(28)][subcontext(0), subcontext_size(28)] drsuapi_DsBindInfo28 info28;
>> + [case(48)][subcontext(0), subcontext_size(48)] drsuapi_DsBindInfo48 info48;
>> } drsuapi_DsBindInfo;
>>
>> + typedef [flag(NDR_NOALIGN)] struct {
>> + [range(1,10000)] uint3264 length;
>> + [value(length)] uint32 __ndr_length;
>> + [switch_is(length)] drsuapi_DsBindInfo info;
>> + } drsuapi_DsBindInfoCtr;
> I think we need to keep drsuapi_DsBindInfoFallBack, otherwise we maybe
> unable to parse
> unknown requests. I think it would be better to use uint3264 length in
> drsuapi_DsBindInfoCtr
> and add nopull,nopush to drsuapi_DsBindInfo and fix up the code there.
Ok I did the attached patch it's almost the same approach than before
but I re-introduced the fallback thing.
I tried with the attach blob:
./bin/ndrdump drsuapi drsuapi_DsBind out
~/workspace/samba/tcpdump/dcpromo/packet-240-bind-out --ndr-64
pull returned NT_STATUS_OK
drsuapi_DsBind: struct drsuapi_DsBind
out: struct drsuapi_DsBind
bind_info : *
bind_info: struct drsuapi_DsBindInfoCtr
length : 0x0000001c (28)
__ndr_length : 0x0000001c (28)
info : union
drsuapi_DsBindInfo(case 28)
info28: struct drsuapi_DsBindInfo28
supported_extensions : 0x1fffff7f (536870783)
1: DRSUAPI_SUPPORTED_EXTENSION_BASE
1:
DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
1: DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
1:
DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
1:
DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY
1: DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE
1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2
1:
DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
1:
DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
1: DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND
1: DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO
1:
DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01
1:
DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP
1:
DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY
1: DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5
1:
DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6
1: DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8
1:
DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5
1:
DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6
1:
DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3
1:
DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7
1: DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT
1:
DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS
0: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10
0:
DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART2
0:
DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART3
site_guid :
8163a869-c86c-4346-9d83-b337f200789a
pid : 0x0000024c (588)
repl_epoch : 0x00000000 (0)
bind_handle : *
bind_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
46d6e024-e2d0-4a75-aa6c-5622ea3be0a7
result : WERR_OK
I also tricked the code to pretend I don't supported the case 28 and got:
./bin/ndrdump drsuapi drsuapi_DsBind out
~/workspace/samba/tcpdump/dcpromo/packet-240-bind-out --ndr-64
pull returned NT_STATUS_OK
drsuapi_DsBind: struct drsuapi_DsBind
out: struct drsuapi_DsBind
bind_info : *
bind_info: struct drsuapi_DsBindInfoCtr
length : 0x0000001c (28)
__ndr_length : 0x0000001c (28)
info : union
drsuapi_DsBindInfo(case 28)
Fallback: struct drsuapi_DsBindInfoFallBack
info : DATA_BLOB length=28
[0000] 7F FF FF 1F 69 A8 63 81 6C C8 46 43 9D 83 B3 37 ....i.c. l.FC...7
[0010] F2 00 78 9A 4C 02 00 00 00 00 00 00 ..x.L... ....
bind_handle : *
bind_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
46d6e024-e2d0-4a75-aa6c-5622ea3be0a7
result : WERR_OK
dump OK
So it means that in the future *if* we meet a level that we don't
support it will be elegantly supported in the fallback.
Pretty good no ?
Can I have the review ?
Matthieu.
--
Matthieu Patou
Samba Team
http://samba.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-librpc-idl-change-the-drsuapi_DsBindInfoCtr-so-that-.patch
Type: text/x-diff
Size: 8990 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20131027/5b441a89/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: packet-240-bind-out
Type: image/x-icon
Size: 64 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20131027/5b441a89/attachment.ico>
More information about the samba-technical
mailing list