diff options
| author | Gary Lockyer <gary@catalyst.net.nz> | 2018-12-20 15:02:30 +1300 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2019-02-20 06:03:09 +0100 |
| commit | 96e6adedcd9dfb7556f503a9d7602ac04fe870c1 (patch) | |
| tree | 63e39bfb76446929ba01ea54baafd461eea64bae /librpc/idl | |
| parent | 87e63a8665ffb5547140b4bbc25529e20e345a6c (diff) | |
| download | samba-96e6adedcd9dfb7556f503a9d7602ac04fe870c1.tar.gz | |
librpc idl: netlogon netr_identity_info logon_id to 64 bit
Fold the two 32 bit values logon_id_high and logon_id_low into a single
64 bit logon_id in netr_identity_info. This will be used to tie
together winbind and SamLogon requests in audit logging.
Summary of the of the Query and Response from Microsoft on it's usage.
[REG:119013019612095] [MS-NRPC]: NETLOGON_LOGON_IDENTITY_INFO: Does
the Reserved field have LogonId meaning?
Questions:
In NetrLogonSamLogonEx does the Reserved field
(of NETLOGON_LOGON_IDENTITY_INFO) have LogonId meaning?
What is a valid LogonID, and does have any audit usage?
Samba is sending a constant "deadbeef" in hex and would like to
understand any usage of this field.
Response:
The NRPC spec is accurate in defining the field as Reserved, and without
protocol significance. In the header file in our source code, it is
defined as LogonId and commented as such, but it’s effectively not used.
This is probably why the API structure has that field name. It may have
been intended as such but it’s not used.
Samba will send a random value in this field.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'librpc/idl')
| -rw-r--r-- | librpc/idl/netlogon.idl | 28 |
1 files changed, 26 insertions, 2 deletions
diff --git a/librpc/idl/netlogon.idl b/librpc/idl/netlogon.idl index 22f86b92076..b4474f7ec49 100644 --- a/librpc/idl/netlogon.idl +++ b/librpc/idl/netlogon.idl @@ -133,11 +133,35 @@ interface netlogon MSV1_0_SUBAUTHENTICATION_DLL_EX = 0x00100000 } netr_LogonParameterControl; + /* Summary of the of the Query and Response from Microsoft on + * the usage of logon_id in netr_IdendityInfo + * + * [REG:119013019612095] [MS-NRPC]: NETLOGON_LOGON_IDENTITY_INFO: Does + * the Reserved field have LogonId meaning? + * + * Questions: + * In NetrLogonSamLogonEx does the Reserved field + * (of NETLOGON_LOGON_IDENTITY_INFO) have LogonId meaning? + * + * What is a valid LogonID, and does have any audit usage? + * + * Samba is sending a constant "deadbeef" in hex and would like to + * understand any usage of this field. + * + * Response: + * The NRPC spec is accurate in defining the field as Reserved, and + * without protocol significance. In the header file in our source + * code, it is defined as LogonId and commented as such, but it’s + * effectively not used. This is probably why the API structure has + * that field name. It may have been intended as such but it’s not + * used. + * + * Samba now sends a random value in this field. + */ typedef struct { lsa_String domain_name; netr_LogonParameterControl parameter_control; /* see MSV1_0_* */ - uint32 logon_id_low; - uint32 logon_id_high; + udlong logon_id; lsa_String account_name; lsa_String workstation; } netr_IdentityInfo; |