wrong IDL for DsBind in drsuapi.idl

Matthieu Patou mat at samba.org
Sun Oct 27 11:29:28 MDT 2013


On 10/20/2013 11:31 PM, Stefan (metze) Metzmacher wrote:
> Hi Matthieu,
>
>> -	typedef struct {
>> -		[flag(NDR_REMAINING)] DATA_BLOB info;
>> -	} drsuapi_DsBindInfoFallBack;
>> -
>>   	typedef [nodiscriminant] union {
>> -		[case(24)][subcontext(4)] drsuapi_DsBindInfo24 info24;
>> -		[case(28)][subcontext(4)] drsuapi_DsBindInfo28 info28;
>> -		[case(48)][subcontext(4)] drsuapi_DsBindInfo48 info48;
>> -		[default][subcontext(4)] drsuapi_DsBindInfoFallBack FallBack;
>> +		[case(24)][subcontext(0), subcontext_size(24)] drsuapi_DsBindInfo24 info24;
>> +		[case(28)][subcontext(0), subcontext_size(28)] drsuapi_DsBindInfo28 info28;
>> +		[case(48)][subcontext(0), subcontext_size(48)] drsuapi_DsBindInfo48 info48;
>>   	} drsuapi_DsBindInfo;
>>
>> +	typedef [flag(NDR_NOALIGN)] struct {
>> +		[range(1,10000)] uint3264 length;
>> +		[value(length)] uint32 __ndr_length;
>> +		[switch_is(length)] drsuapi_DsBindInfo info;
>> +	} drsuapi_DsBindInfoCtr;
> I think we need to keep drsuapi_DsBindInfoFallBack, otherwise we maybe
> unable to parse
> unknown requests. I think it would be better to use uint3264 length in
> drsuapi_DsBindInfoCtr
> and add nopull,nopush to drsuapi_DsBindInfo and fix up the code there.
Ok I did the attached patch it's almost the same approach than before 
but I re-introduced the fallback thing.

I tried with the attach blob:

./bin/ndrdump drsuapi drsuapi_DsBind out 
~/workspace/samba/tcpdump/dcpromo/packet-240-bind-out --ndr-64
pull returned NT_STATUS_OK
     drsuapi_DsBind: struct drsuapi_DsBind
         out: struct drsuapi_DsBind
             bind_info                : *
                 bind_info: struct drsuapi_DsBindInfoCtr
                     length                   : 0x0000001c (28)
                     __ndr_length             : 0x0000001c (28)
                     info                     : union 
drsuapi_DsBindInfo(case 28)
                     info28: struct drsuapi_DsBindInfo28
                         supported_extensions     : 0x1fffff7f (536870783)
                                1: DRSUAPI_SUPPORTED_EXTENSION_BASE
                                1: 
DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
                                1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
                                1: DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
                                1: 
DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
                                1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
                                1: 
DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
                                0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY
                                1: DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE
                                1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2
                                1: 
DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
                                1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
                                1: 
DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
                                1: DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND
                                1: DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO
                                1: 
DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
                                1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01
                                1: 
DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP
                                1: 
DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY
                                1: DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
                                1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5
                                1: 
DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2
                                1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6
                                1: DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS
                                1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8
                                1: 
DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5
                                1: 
DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6
                                1: 
DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3
                                1: 
DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7
                                1: DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT
                                1: 
DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS
                                0: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10
                                0: 
DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART2
                                0: 
DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART3
                         site_guid                : 
8163a869-c86c-4346-9d83-b337f200789a
                         pid                      : 0x0000024c (588)
                         repl_epoch               : 0x00000000 (0)
             bind_handle              : *
                 bind_handle: struct policy_handle
                     handle_type              : 0x00000000 (0)
                     uuid                     : 
46d6e024-e2d0-4a75-aa6c-5622ea3be0a7
             result                   : WERR_OK

I also tricked the code to pretend I don't supported the case 28 and got:

./bin/ndrdump drsuapi drsuapi_DsBind out 
~/workspace/samba/tcpdump/dcpromo/packet-240-bind-out --ndr-64
pull returned NT_STATUS_OK
     drsuapi_DsBind: struct drsuapi_DsBind
         out: struct drsuapi_DsBind
             bind_info                : *
                 bind_info: struct drsuapi_DsBindInfoCtr
                     length                   : 0x0000001c (28)
                     __ndr_length             : 0x0000001c (28)
                     info                     : union 
drsuapi_DsBindInfo(case 28)
                     Fallback: struct drsuapi_DsBindInfoFallBack
                         info                     : DATA_BLOB length=28
[0000] 7F FF FF 1F 69 A8 63 81   6C C8 46 43 9D 83 B3 37   ....i.c. l.FC...7
[0010] F2 00 78 9A 4C 02 00 00   00 00 00 00              ..x.L... ....
             bind_handle              : *
                 bind_handle: struct policy_handle
                     handle_type              : 0x00000000 (0)
                     uuid                     : 
46d6e024-e2d0-4a75-aa6c-5622ea3be0a7
             result                   : WERR_OK
dump OK

So it means that in the future *if* we meet a level that we don't 
support it will be elegantly supported in the fallback.
Pretty good no ?

Can I have the review ?

Matthieu.

-- 
Matthieu Patou
Samba Team
http://samba.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-librpc-idl-change-the-drsuapi_DsBindInfoCtr-so-that-.patch
Type: text/x-diff
Size: 8990 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20131027/5b441a89/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: packet-240-bind-out
Type: image/x-icon
Size: 64 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20131027/5b441a89/attachment.ico>


More information about the samba-technical mailing list