From 1637e23c35dab542a10a855f7648fede2633fc39 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 30 Apr 2024 15:14:47 +0200
Subject: [PATCH] netlogon.idl: add netr_ServerAuthenticateKerberos() and
 related stuff

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit de8de55a5fee573d0718fa8dd13168a4f0a14614)
---
 librpc/idl/netlogon.idl                       | 31 ++++++++++++++++++-
 source3/rpc_server/netlogon/srv_netlog_nt.c   | 25 +++++++++++++++
 source4/rpc_server/netlogon/dcerpc_netlogon.c | 30 ++++++++++++++++++
 3 files changed, 85 insertions(+), 1 deletion(-)

diff --git a/librpc/idl/netlogon.idl b/librpc/idl/netlogon.idl
index ed75fe3797a..f9672b1bf54 100644
--- a/librpc/idl/netlogon.idl
+++ b/librpc/idl/netlogon.idl
@@ -1036,7 +1036,8 @@ interface netlogon
 		NETLOGON_NEG_SUPPORTS_AES_SHA2		= 0x00400000,
 		NETLOGON_NEG_SUPPORTS_AES		= 0x01000000,
 		NETLOGON_NEG_AUTHENTICATED_RPC_LSASS	= 0x20000000,
-		NETLOGON_NEG_AUTHENTICATED_RPC		= 0x40000000
+		NETLOGON_NEG_AUTHENTICATED_RPC		= 0x40000000,
+		NETLOGON_NEG_SUPPORTS_KERBEROS_AUTH	= 0x80000000
 	} netr_NegotiateFlags;
 
 	const uint32 NETLOGON_NEG_128BIT = NETLOGON_NEG_STRONG_KEYS;
@@ -1885,4 +1886,32 @@ interface netlogon
 		[in] uint32 dns_ttl,
 		[in,out,ref] NL_DNS_NAME_INFO_ARRAY *dns_names
 		);
+
+	[todo] void netr_Opnum49NotUsedOnWire(void);
+	[todo] void netr_Opnum50NotUsedOnWire(void);
+	[todo] void netr_Opnum51NotUsedOnWire(void);
+	[todo] void netr_Opnum52NotUsedOnWire(void);
+	[todo] void netr_Opnum53NotUsedOnWire(void);
+
+	/**********************/
+	/* Function 0x36 (54) */
+	/* from wireshark:    */
+	/* This is documented as 49 (0x31) but it's 54) */
+	[todo] NTSTATUS netr_ChainSetClientAttributes();
+
+	[todo] void netr_Opnum55NotUsedOnWire(void);
+	[todo] void netr_Opnum56NotUsedOnWire(void);
+	[todo] void netr_Opnum57NotUsedOnWire(void);
+	[todo] void netr_Opnum58NotUsedOnWire(void);
+
+	/*****************/
+	/* Function 0x3b (59) */
+	[public] NTSTATUS netr_ServerAuthenticateKerberos(
+		[in,unique]  [string,charset(UTF16)] uint16 *server_name,
+		[in]         [string,charset(UTF16)] uint16 *account_name,
+		[in]         netr_SchannelType account_type,
+		[in]         [string,charset(UTF16)] uint16 *computer_name,
+		[in,out,ref] netr_NegotiateFlags *negotiate_flags,
+		[out,ref]    uint32 *rid
+		);
 }
diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
index fb5894ffefb..4900742c6bf 100644
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -2906,6 +2906,31 @@ NTSTATUS _netr_DsrUpdateReadOnlyServerDnsRecords(struct pipes_struct *p,
 	return NT_STATUS_NOT_IMPLEMENTED;
 }
 
+DCESRV_COMPAT_NOT_USED_ON_WIRE(netr_Opnum49NotUsedOnWire)
+DCESRV_COMPAT_NOT_USED_ON_WIRE(netr_Opnum50NotUsedOnWire)
+DCESRV_COMPAT_NOT_USED_ON_WIRE(netr_Opnum51NotUsedOnWire)
+DCESRV_COMPAT_NOT_USED_ON_WIRE(netr_Opnum52NotUsedOnWire)
+DCESRV_COMPAT_NOT_USED_ON_WIRE(netr_Opnum53NotUsedOnWire)
+
+NTSTATUS _netr_ChainSetClientAttributes(struct pipes_struct *p,
+					struct netr_ChainSetClientAttributes *r)
+{
+	p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+DCESRV_COMPAT_NOT_USED_ON_WIRE(netr_Opnum55NotUsedOnWire)
+DCESRV_COMPAT_NOT_USED_ON_WIRE(netr_Opnum56NotUsedOnWire)
+DCESRV_COMPAT_NOT_USED_ON_WIRE(netr_Opnum57NotUsedOnWire)
+DCESRV_COMPAT_NOT_USED_ON_WIRE(netr_Opnum58NotUsedOnWire)
+
+NTSTATUS _netr_ServerAuthenticateKerberos(struct pipes_struct *p,
+					  struct netr_ServerAuthenticateKerberos *r)
+{
+	p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
 /*
  * Define the bind function that will be used by ndr_netlogon_scompat.c,
  * included at the bottom of this file.
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index a2c4dbd5292..be7c5665655 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -4776,6 +4776,36 @@ static NTSTATUS dcesrv_netr_DsrUpdateReadOnlyServerDnsRecords(struct dcesrv_call
 	return NT_STATUS_OK;
 }
 
+DCESRV_NOT_USED_ON_WIRE(netr_Opnum49NotUsedOnWire)
+DCESRV_NOT_USED_ON_WIRE(netr_Opnum50NotUsedOnWire)
+DCESRV_NOT_USED_ON_WIRE(netr_Opnum51NotUsedOnWire)
+DCESRV_NOT_USED_ON_WIRE(netr_Opnum52NotUsedOnWire)
+DCESRV_NOT_USED_ON_WIRE(netr_Opnum53NotUsedOnWire)
+
+/*
+  netr_ChainSetClientAttributes
+ */
+static NTSTATUS dcesrv_netr_ChainSetClientAttributes(struct dcesrv_call_state *dce_call,
+						     TALLOC_CTX *mem_ctx,
+						     struct netr_ChainSetClientAttributes *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
+
+DCESRV_NOT_USED_ON_WIRE(netr_Opnum55NotUsedOnWire)
+DCESRV_NOT_USED_ON_WIRE(netr_Opnum56NotUsedOnWire)
+DCESRV_NOT_USED_ON_WIRE(netr_Opnum57NotUsedOnWire)
+DCESRV_NOT_USED_ON_WIRE(netr_Opnum58NotUsedOnWire)
+
+/*
+  netr_ServerAuthenticateKerberos
+ */
+static NTSTATUS dcesrv_netr_ServerAuthenticateKerberos(struct dcesrv_call_state *dce_call,
+						       TALLOC_CTX *mem_ctx,
+						       struct netr_ServerAuthenticateKerberos *r)
+{
+	DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR);
+}
 
 /* include the generated boilerplate */
 #include "librpc/gen_ndr/ndr_netlogon_s.c"
-- 
2.47.2