netr_DatabaseDeltas() now works. We ask for the deltas associated with

the last two sequence numbers on each database.

source/librpc/idl/netlogon.idl

@@ -353,9 +353,9 @@ interface netlogon
 		NTTIME forcedlogoff;
 		uint16 minpasswdlen;
 		uint16 passwdhistorylen;
-		NTTIME pwd_must_change_time;
-		NTTIME pwd_can_change_time;
-		NTTIME domain_modify_time;
+		ULONG8 pwd_must_change_time;
+		ULONG8 pwd_can_change_time;
+		ULONG8 sequence_num;
 		NTTIME domain_create_time;
 		uint32 SecurityInformation;
 		sec_desc_buf sdbuf;
@@ -537,7 +537,7 @@ interface netlogon
 		[case(18)] netr_DELTA_SECRET *secret;
 		[case(20)] netr_DELTA_DELETE_USER *delete_group;
 		[case(21)] netr_DELTA_DELETE_USER *delete_user;
-		[case(22)] HYPER_T *modified_count;
+		[case(22)] ULONG8 *modified_count;
 	} netr_DELTA_UNION;
 
 	typedef union {
@@ -582,7 +582,7 @@ interface netlogon
 		[in]      netr_Authenticator credential,
 		[in,out]  netr_Authenticator return_authenticator,
 		[in]      uint32 database_id,
-		[in,out]  HYPER_T domain_modify_count,
+		[in,out]  ULONG8 sequence_num,
 		[in]      uint32 preferredmaximumlength,
 		[out]     netr_DELTA_ENUM_ARRAY *delta_enum_array
 		);
@@ -602,9 +602,6 @@ interface netlogon
 		[out]    netr_DELTA_ENUM_ARRAY *delta_enum_array
 		);
 
-#if 0
-
-
 
 	/*****************/
 	/* Function 0x09 */
@@ -616,19 +613,20 @@ interface netlogon
 	} UAS_INFO_0;
 
 	NTSTATUS netr_AccountDeltas(
-		[in][string] wchar_t *logonserver,
-		[in][string][ref] wchar_t *computername,
-		[in][ref] AUTHENTICATOR credential,
-		[in][out][ref] AUTHENTICATOR return_authenticator,
-		[out][ref][size_is(count_returned)] uint8 *Buffer,
-		[out][ref] uint32 count_returned,
-		[out][ref] uint32 total_entries,
-		[in][out][ref] UAS_INFO_0 recordid,
-		[in][long] count,
-		[in][long] level,
-		[in][long] buffersize,
+		[in]     unistr *logonserver,
+		[in]     unistr computername,
+		[in]     netr_Authenticator credential,
+		[in,out] netr_Authenticator return_authenticator,
+		[out][size_is(count_returned)] uint8 *buffer,
+		[out]    uint32 count_returned,
+		[out]    uint32 total_entries,
+		[in,out] UAS_INFO_0 recordid,
+		[in]     uint32 count,
+		[in]     uint32 level,
+		[in]     uint32 buffersize
 		);
 
+#if 0
 
 	/*****************/
 	/* Function 0x0A */
@@ -666,7 +664,7 @@ interface netlogon
 	typedef struct {
 		uint32 flags;
 		uint32 pdc_connection_status;
-		unistrtrusted_dc_name;
+		unistr trusted_dc_name;
 		uint32 tc_connection_status;
 	} NETLOGON_INFO_2;
 

source/torture/rpc/netlogon.c

@@ -240,6 +240,9 @@ static BOOL test_SetPassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
 }
 
 
+/* we remember the sequence numbers so we can easily do a DatabaseDelta */
+static struct ULONG8 sequence_nums[3];
+
 /*
   try a netlogon DatabaseSync
 */
@@ -283,6 +286,71 @@ static BOOL test_DatabaseSync(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
 			}
 
 			r.in.sync_context = r.out.sync_context;
+
+			if (r.out.delta_enum_array &&
+			    r.out.delta_enum_array->num_deltas > 0 &&
+			    r.out.delta_enum_array->delta_enum[0].delta_type == 1 &&
+			    r.out.delta_enum_array->delta_enum[0].delta_union.domain) {
+				sequence_nums[r.in.database_id] = 
+					r.out.delta_enum_array->delta_enum[0].delta_union.domain->sequence_num;
+				printf("sequence_nums[%d]=0x%08x%08x\n",
+				       r.in.database_id, 
+				       sequence_nums[r.in.database_id].high,
+				       sequence_nums[r.in.database_id].low);
+			}
+		} while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
+	}
+
+	return ret;
+}
+
+
+/*
+  try a netlogon DatabaseDeltas
+*/
+static BOOL test_DatabaseDeltas(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
+{
+	NTSTATUS status;
+	struct netr_DatabaseDeltas r;
+	struct netr_CredentialState creds;
+	const uint32 database_ids[] = {0, 1, 2}; 
+	int i;
+	BOOL ret = True;
+
+	if (!test_SetupCredentials(p, mem_ctx, &creds)) {
+		return False;
+	}
+
+	r.in.logonserver = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p));
+	r.in.computername = lp_netbios_name();
+	r.in.preferredmaximumlength = (uint32)-1;
+	ZERO_STRUCT(r.in.return_authenticator);
+
+	for (i=0;i<ARRAY_SIZE(database_ids);i++) {
+		r.in.database_id = database_ids[i];
+		r.in.sequence_num = sequence_nums[r.in.database_id];
+		r.in.sequence_num.low -= 1;
+
+		printf("Testing DatabaseDeltas of id %d at %d\n", 
+		       r.in.database_id, r.in.sequence_num.low);
+
+		do {
+			creds_client_authenticator(&creds, &r.in.credential);
+
+			status = dcerpc_netr_DatabaseDeltas(p, mem_ctx, &r);
+			if (!NT_STATUS_IS_OK(status) &&
+			    !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
+				printf("DatabaseDeltas - %s\n", nt_errstr(status));
+				ret = False;
+				break;
+			}
+
+			if (!creds_client_check(&creds, &r.out.return_authenticator.cred)) {
+				printf("Credential chaining failed\n");
+			}
+
+			r.in.sequence_num.low++;
+			r.in.sequence_num.high = 0;
 		} while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
 	}
 
@@ -329,6 +397,10 @@ BOOL torture_rpc_netlogon(int dummy)
 		ret = False;
 	}
 
+	if (!test_DatabaseDeltas(p, mem_ctx)) {
+		ret = False;
+	}
+
         torture_rpc_close(p);
 
 	return ret;