Bug 15425 - NetrGetLogonCapabilities QueryLevel 2 needs to be implemented
Summary: NetrGetLogonCapabilities QueryLevel 2 needs to be implemented
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.18.4
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Douglas Bagnall
QA Contact: Samba QA Contact
URL: https://gitlab.com/samba-team/samba/-...
Depends on:
Reported: 2023-07-19 05:36 UTC by Andrew Bartlett
Modified: 2023-11-28 23:38 UTC (History)
9 users (show)

See Also:

WIP patches for master (38.42 KB, text/plain)
2023-07-19 19:21 UTC, Stefan Metzmacher
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Bartlett 2023-07-19 05:36:53 UTC
KB5028166 has caused some disruption in the Samba community, and we are assured that an updated MS-NRPC will be published soon.

The new level 2 will document the exact behaviour, but for this to have been rushed out in a security release it will have mattered.  (The failure against Samba was clearly not intentional).
Comment 2 Stefan Metzmacher 2023-07-19 19:21:10 UTC
Created attachment 17989 [details]
WIP patches for master
Comment 3 Michael Saxl 2023-07-20 08:09:46 UTC
I like the fact that you check for 
and set the result to NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE (is that the same as INVALID?)

but as you noted later, the sequence will be out of sync since a patched server will not call dcesrv_netr_creds_server_step_check whereas a not patched will (but is unable to return return_authenticator).

Don't know if there is a way to make this compatible with both patched/windows and not patched samba..
Comment 4 Stefan Metzmacher 2023-07-20 08:17:41 UTC
(In reply to Michael Saxl from comment #3)

It is compatible with patched/unpatched Windows/Samba.

notice the state->tmp_creds = *state->creds and *state->creds = state->tmp_creds, which allows us rollback when step function
was not called on the server.
Comment 5 Stefan Metzmacher 2023-07-20 08:18:29 UTC
(In reply to Michael Saxl from comment #3)

Comment 6 Stefan Metzmacher 2023-07-20 08:19:34 UTC
(In reply to Stefan Metzmacher from comment #5)

Comment 7 Stefan Metzmacher 2023-07-20 08:28:36 UTC
Comment on attachment 17989 [details]
WIP patches for master

See https://gitlab.com/samba-team/samba/-/merge_requests/3189 for the latest version of patches
Comment 8 Michael Saxl 2023-07-20 08:41:51 UTC
(In reply to Stefan Metzmacher from comment #4)

but how do you decide if you rollback?
The intended way is to rollback since a patched samba/windows will not step, but samba unpatched will.

I'm quite dumb at the specifics but as far as I read you make the step if all succeeds with
*state->creds = state->tmp_creds;

else a rollback is done.

What happens if the server side does the step (as far as I understood the unpatched server will)?
Comment 10 Douglas Bagnall 2023-11-28 23:38:32 UTC
I will work on this, unless someone else is well underway.