Print this page
NEX-16929 Incorrect parameters passed to DC lead to STATUS_INVALID_INFO_CLASS
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
1575 untangle libmlrpc from SMB server
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Toomas Soome <tsoome@me.com>
Approved by: Richard Lowe <richlowe@richlowe.net>
NEX-1810 extended security Kerberos (inbound)
re #12435 rb3958 r10 is added 2 times to panic info
re #12393 rb3935 Kerberos and smbd disagree about who is our AD server
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/uts/common/smbsrv/ndl/netlogon.ndl
+++ new/usr/src/uts/common/smbsrv/ndl/netlogon.ndl
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
↓ open down ↓ |
14 lines elided |
↑ open up ↑ |
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
23 23 * Use is subject to license terms.
24 24 *
25 - * Copyright 2014 Nexenta Systems, Inc. All rights reserved.
25 + * Copyright 2018 Nexenta Systems, Inc. All rights reserved.
26 26 */
27 27
28 28 #ifndef _MLSVC_NETR_NDL_
29 29 #define _MLSVC_NETR_NDL_
30 30
31 31 /*
32 32 ***********************************************************************
33 33 *
34 34 * NetLogon RPC (NETR) interface definition.
35 35 *
36 36 ***********************************************************************
37 37 */
38 38
39 -#include "ndrtypes.ndl"
39 +#include <libmlrpc/ndrtypes.ndl>
40 40
41 41
42 42 #define NETR_OPNUM_UasLogon 0x00
43 43 #define NETR_OPNUM_UasLogoff 0x01
44 44 #define NETR_OPNUM_SamLogon 0x02
45 45 #define NETR_OPNUM_SamLogoff 0x03
46 46 #define NETR_OPNUM_ServerReqChallenge 0x04
47 47 #define NETR_OPNUM_ServerAuthenticate 0x05
48 48 #define NETR_OPNUM_ServerPasswordSet 0x06
49 49 #define NETR_OPNUM_DatabaseDeltas 0x07
50 50 #define NETR_OPNUM_DatabaseSync 0x08
51 51 #define NETR_OPNUM_AccountDeltas 0x09
52 52 #define NETR_OPNUM_AccountSync 0x0a
53 53 #define NETR_OPNUM_GetDCName 0x0b
54 54 #define NETR_OPNUM_LogonControl 0x0c
55 55 #define NETR_OPNUM_GetAnyDCName 0x0d
56 56 #define NETR_OPNUM_LogonControl2 0x0E
57 57 #define NETR_OPNUM_ServerAuthenticate2 0x0F
58 58 #define NETR_OPNUM_DatabaseSync2 0x10
59 59 #define NETR_OPNUM_DatabaseRedo 0x11
60 60 #define NETR_OPNUM_LogonControl2Ex 0x12
61 61 #define NETR_OPNUM_TrustDomainList 0x13
62 62 #define NETR_OPNUM_DsrGetDcName 0x14
63 63 #define NETR_OPNUM_LogonGetCapabilities 0x15
64 64 #define NETR_OPNUM_LogonSetServiceBits 0x16
65 65 #define NETR_OPNUM_LogonGetTrustRid 0x17
66 66 #define NETR_OPNUM_LogonComputeServerDigest 0x18
67 67 #define NETR_OPNUM_LogonComputeClientDigest 0x19
68 68 #define NETR_OPNUM_ServerAuthenticate3 0x1A
69 69 #define NETR_OPNUM_DsrGetDcNameEx 0x1B
70 70 #define NETR_OPNUM_DsrGetSiteName 0x1C
71 71 #define NETR_OPNUM_LogonGetDomainInfo 0x1D
72 72 #define NETR_OPNUM_ServerPasswordSet2 0x1E
73 73
74 74 /*
75 75 * This is not a real NETR OPNUM. It's used to unpack the
76 76 * struct krb5_validation_info found in the Kerberos PAC.
77 77 */
78 78 #define NETR_OPNUM_decode_krb5_pac 1000
79 79
80 80
81 81 struct netr_sid {
82 82 BYTE Revision;
83 83 BYTE SubAuthCount;
84 84 BYTE Authority[6];
85 85 SIZE_IS(SubAuthCount)
86 86 DWORD SubAuthority[ANY_SIZE_ARRAY];
87 87 };
88 88
89 89
90 90 struct netr_string {
91 91 WORD length;
92 92 WORD allosize;
93 93 LPTSTR str;
94 94 };
95 95 typedef struct netr_string netr_string_t;
96 96
97 97
98 98 /*
99 99 * Alternative varying/conformant string definition - for
100 100 * non-null terminated strings. This definition must match
101 101 * ndr_vcbuf_t.
102 102 */
103 103 struct netr_vcs {
104 104 /*
105 105 * size_is (actually a copy of length_is) will
106 106 * be inserted here by the marshalling library.
107 107 */
108 108 DWORD vc_first_is;
109 109 DWORD vc_length_is;
110 110 SIZE_IS(vc_length_is)
111 111 WORD buffer[ANY_SIZE_ARRAY];
112 112 };
113 113
114 114 struct netr_vcstr {
115 115 WORD wclen;
116 116 WORD wcsize;
117 117 struct netr_vcs *vcs;
118 118 };
119 119 typedef struct netr_vcstr netr_vcstr_t;
120 120
121 121 struct netr_vcb {
122 122 /*
123 123 * size_is (actually a copy of length_is) will
124 124 * be inserted here by the marshalling library.
125 125 */
126 126 DWORD vc_first_is;
127 127 DWORD vc_length_is;
128 128 SIZE_IS(vc_length_is)
129 129 BYTE buffer[ANY_SIZE_ARRAY];
130 130 };
131 131
132 132 struct netr_vcbuf {
133 133 WORD len;
134 134 WORD size;
135 135 struct netr_vcb *vcb;
136 136 };
137 137 typedef struct netr_vcbuf netr_vcbuf_t;
138 138
139 139 struct netr_credential {
140 140 BYTE data[8];
141 141 };
142 142
143 143 struct netr_authenticator {
144 144 struct netr_credential credential;
145 145 DWORD timestamp;
146 146 };
147 147 typedef struct netr_authenticator netr_auth_t;
148 148
149 149
150 150 struct OLD_LARGE_INTEGER {
151 151 DWORD LowPart;
152 152 DWORD HighPart;
153 153 };
154 154 typedef struct OLD_LARGE_INTEGER netr_int64_t;
155 155
156 156 struct CYPHER_BLOCK {
157 157 BYTE data[8];
158 158 };
159 159
160 160 struct OWF_PASSWORD {
161 161 BYTE data[16];
162 162 };
163 163 typedef struct OWF_PASSWORD netr_owf_password_t;
164 164
165 165 /*
166 166 * NL_TRUST_PASSWORD
167 167 * See also: samr_user_password
168 168 */
169 169 #define NETR_TRUST_PWLEN 256
170 170 struct netr_trust_password {
171 171 WORD Buffer[NETR_TRUST_PWLEN];
172 172 DWORD Length;
173 173 };
174 174 typedef struct netr_trust_password netr_trust_password_t;
175 175
176 176 struct USER_SESSION_KEY {
177 177 struct CYPHER_BLOCK data[2];
178 178 };
179 179
180 180
181 181
182 182
183 183 /*
184 184 ***********************************************************************
185 185 * ServerReqChallenge
186 186 ***********************************************************************
187 187 */
188 188 ALIGN(2)
189 189 OPERATION(NETR_OPNUM_ServerReqChallenge)
190 190 struct netr_ServerReqChallenge {
191 191 IN LPTSTR servername;
192 192 IN REFERENCE LPTSTR hostname;
193 193 IN struct netr_credential client_challenge;
194 194 OUT struct netr_credential server_challenge;
195 195 OUT DWORD status;
196 196 };
197 197
198 198
199 199 /*
200 200 ***********************************************************************
201 201 * ServerAuthenticate2
202 202 ***********************************************************************
203 203 */
204 204 ALIGN(2)
205 205 OPERATION(NETR_OPNUM_ServerAuthenticate2)
206 206 struct netr_ServerAuthenticate2 {
207 207 IN LPTSTR servername;
208 208 IN REFERENCE LPTSTR account_name;
209 209 IN WORD account_type;
210 210 IN REFERENCE LPTSTR hostname;
211 211 IN struct netr_credential client_credential;
212 212 OUT struct netr_credential server_credential;
213 213 INOUT DWORD negotiate_flags;
214 214 OUT DWORD status;
215 215 };
216 216
217 217
218 218 /*
219 219 ***********************************************************************
220 220 * ServerPasswordSet
221 221 ***********************************************************************
222 222 */
223 223 ALIGN(2)
224 224 OPERATION(NETR_OPNUM_ServerPasswordSet)
225 225 struct netr_PasswordSet {
226 226 IN LPTSTR servername;
227 227 IN REFERENCE LPTSTR account_name;
228 228 IN WORD sec_chan_type;
229 229 IN REFERENCE LPTSTR hostname;
230 230 INOUT struct netr_authenticator auth;
231 231 IN netr_owf_password_t owf_password;
232 232 OUT DWORD status;
233 233 };
234 234
235 235 OPERATION(NETR_OPNUM_ServerPasswordSet2)
236 236 struct netr_PasswordSet2 {
237 237 IN LPTSTR servername;
238 238 IN REFERENCE LPTSTR account_name;
239 239 IN WORD sec_chan_type;
240 240 IN REFERENCE LPTSTR hostname;
241 241 INOUT struct netr_authenticator auth;
242 242 IN netr_trust_password_t trust_password;
243 243 OUT DWORD status;
244 244 };
245 245
246 246
247 247 /*
248 248 ***********************************************************************
249 249 * SamLogon
250 250 ***********************************************************************
251 251 */
252 252
253 253 /*
254 254 * The challenge-response data should always be 24 bytes.
255 255 */
256 256 #define NETR_CR_PASSWORD_SIZE 24
257 257
258 258
259 259 struct lm_challenge {
260 260 BYTE data[8];
261 261 };
262 262 typedef struct lm_challenge lm_challenge_t;
263 263
264 264 /*
265 265 * Input data
266 266 */
267 267 struct netr_logon_identity_info {
268 268 netr_vcstr_t domain_name;
269 269 DWORD parameter_control;
270 270 struct OLD_LARGE_INTEGER logon_id;
271 271 netr_vcstr_t username;
272 272 netr_vcstr_t workstation;
273 273 };
274 274 typedef struct netr_logon_identity_info netr_logon_id_t;
275 275
276 276
277 277 /*
278 278 * Level 1: interactive logon
279 279 */
280 280 struct netr_logon_info1 {
281 281 netr_logon_id_t identity;
282 282 netr_owf_password_t lm_owf_password;
283 283 netr_owf_password_t nt_owf_password;
284 284 };
285 285
286 286
287 287 /*
288 288 * Level 2: network logon.
289 289 */
290 290 struct netr_logon_info2 {
291 291 netr_logon_id_t identity;
292 292 lm_challenge_t lm_challenge;
293 293 netr_vcbuf_t nt_response;
294 294 netr_vcbuf_t lm_response;
295 295 };
296 296
297 297
298 298 union netr_logon_info_u {
299 299 UNION_INFO_PTR(1,netr_logon_info);
300 300 UNION_INFO_PTR(2,netr_logon_info);
301 301 DEFAULT DWORD nothing;
302 302 };
303 303
304 304
305 305 struct netr_login_info {
306 306 WORD logon_level;
307 307 WORD switch_value;
308 308 SWITCH(switch_value)
309 309 union netr_logon_info_u ru;
310 310 };
311 311
312 312
313 313 /*
314 314 * Output data
315 315 */
316 316 struct netr_group_membership {
317 317 DWORD rid;
318 318 DWORD attributes;
319 319 };
320 320
321 321
322 322 struct netr_sid_and_attributes {
323 323 struct netr_sid *sid;
324 324 DWORD attributes;
325 325 };
326 326
327 327
328 328 struct netr_validation_info3 {
329 329 struct OLD_LARGE_INTEGER LogonTime;
330 330 struct OLD_LARGE_INTEGER LogoffTime;
331 331 struct OLD_LARGE_INTEGER KickOffTime;
332 332 struct OLD_LARGE_INTEGER PasswordLastSet;
333 333 struct OLD_LARGE_INTEGER PasswordCanChange;
334 334 struct OLD_LARGE_INTEGER PasswordMustChange;
335 335 netr_string_t EffectiveName;
336 336 netr_string_t FullName;
337 337 netr_string_t LogonScript;
338 338 netr_string_t ProfilePath;
339 339 netr_string_t HomeDirectory;
340 340 netr_string_t HomeDirectoryDrive;
341 341 WORD LogonCount;
342 342 WORD BadPasswordCount;
343 343 DWORD UserId;
344 344 DWORD PrimaryGroupId;
345 345 DWORD GroupCount;
346 346 SIZE_IS(GroupCount)
347 347 struct netr_group_membership *GroupIds;
348 348 DWORD UserFlags;
349 349 struct USER_SESSION_KEY UserSessionKey;
350 350 netr_string_t LogonServer;
351 351 netr_string_t LogonDomainName;
352 352 struct netr_sid *LogonDomainId;
353 353 DWORD ExpansionRoom[10];
354 354 DWORD SidCount;
355 355 SIZE_IS(SidCount)
356 356 struct netr_sid_and_attributes *ExtraSids;
357 357 };
358 358
359 359 /* NETR_OPNUM_decode_krb5_pac */
360 360 struct krb5_validation_info {
361 361 struct netr_validation_info3 info3;
362 362 /* Kerberos PAC "resource group" stuff. */
363 363 struct netr_sid *rg_dom_sid;
364 364 DWORD rg_rid_cnt;
365 365 SIZE_IS(rg_rid_cnt)
366 366 struct netr_group_membership *rg_rids;
367 367 };
368 368
369 369 union netr_validation_u {
370 370 CASE(3) struct netr_validation_info3 *info3;
371 371 DEFAULT DWORD nothing;
372 372 };
373 373
374 374
375 375 /*
376 376 * This structure needs to be declared, even though it can't be used
377 377 * in netr_SamLogon, in order to get the appropriate size to calculate
378 378 * the correct fixup offsets. If ndrgen did the right thing,
379 379 * netr_validation_info would be one of the out parameters. However,
380 380 * if we do it that way, the switch_value isn't known early enough to
381 381 * do the fixup calculation. So it all has to go in netr_SamLogon.
382 382 */
383 383 struct netr_validation_info {
384 384 WORD validation_level;
385 385 SWITCH(validation_level)
386 386 union netr_validation_u ru;
387 387 };
|
↓ open down ↓ |
338 lines elided |
↑ open up ↑ |
388 388
389 389
390 390 /*
391 391 * WARNING
392 392 *
393 393 * Validation_level is really a WORD and authoritative is really a
394 394 * BYTE. They are declared as DWORD here due to the way things are
395 395 * unmarshalled. NT does not clear out the unused bytes in the
396 396 * DWORD so they must be cast to get the correct value.
397 397 */
398 +ALIGN(2)
398 399 OPERATION(NETR_OPNUM_SamLogon)
399 400 struct netr_SamLogon {
400 401 IN LPTSTR servername;
401 402 IN LPTSTR hostname;
402 403 IN struct netr_authenticator *auth;
403 404 INOUT struct netr_authenticator *ret_auth;
404 405 IN struct netr_login_info logon_info;
405 406 INOUT WORD validation_level;
406 407 SWITCH(validation_level)
407 408 OUT union netr_validation_u ru;
408 409 OUT DWORD authoritative;
409 410 OUT DWORD status;
410 411 };
411 412
412 413
413 414 /*
414 415 ***********************************************************************
415 416 * SamLogoff
416 417 ***********************************************************************
417 418 */
418 419 OPERATION(NETR_OPNUM_SamLogoff)
419 420 struct netr_SamLogoff {
420 421 IN LPTSTR servername;
421 422 IN REFERENCE LPTSTR hostname;
422 423 IN struct netr_authenticator auth;
423 424 INOUT struct netr_authenticator ret_auth;
424 425 IN DWORD logon_level;
425 426 SWITCH(logon_level)
426 427 IN union netr_logon_info_u ru;
427 428 OUT DWORD status;
428 429 };
429 430
430 431
431 432 /*
432 433 ***********************************************************************
433 434 * The NETR interface definition.
434 435 ***********************************************************************
435 436 */
436 437 INTERFACE(0)
437 438 union netr_interface {
438 439 CASE(NETR_OPNUM_ServerReqChallenge)
439 440 struct netr_ServerReqChallenge ServerReqChallenge;
440 441 CASE(NETR_OPNUM_ServerAuthenticate2)
441 442 struct netr_ServerAuthenticate2 ServerAuthenticate2;
442 443 CASE(NETR_OPNUM_SamLogon)
443 444 struct netr_SamLogon SamLogon;
444 445 CASE(NETR_OPNUM_SamLogoff)
445 446 struct netr_SamLogoff SamLogoff;
446 447 CASE(NETR_OPNUM_ServerPasswordSet)
447 448 struct netr_PasswordSet PasswordSet;
448 449 CASE(NETR_OPNUM_ServerPasswordSet2)
449 450 struct netr_PasswordSet2 PasswordSet2;
450 451
451 452 /* Special, for smb_decode_krb5_pac() */
452 453 CASE(NETR_OPNUM_decode_krb5_pac)
453 454 struct krb5_validation_info krb5pac;
454 455 };
455 456 typedef union netr_interface netr_interface_t;
456 457 EXTERNTYPEINFO(netr_interface)
457 458
458 459 #endif /* _MLSVC_NETR_NDL_ */
|
↓ open down ↓ |
51 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX