rpms
/
samba
7
0
Fork 0
Code Issues Pull Requests Releases Activity
samba/SOURCES/CVE-2021-23192.patch

4997 lines
222 KiB
Diff
Raw Blame History

From d6310598bd205240950410d59a3453f45c45d644 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Fri, 2 Apr 2021 12:20:38 +0200
Subject: [PATCH 1/9] rpc: Give dcerpc_util.c its own header
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875
(cherry picked from commit 8945d99758d8bedd374f1c51304b87a6cf10498c)
---
librpc/rpc/dcerpc_util.c | 1 +
librpc/rpc/dcerpc_util.h | 103 ++++++++++++++++++++
librpc/rpc/dcesrv_auth.c | 1 +
librpc/rpc/dcesrv_core.c | 1 +
librpc/rpc/dcesrv_reply.c | 1 +
librpc/rpc/rpc_common.h | 74 --------------
source3/librpc/rpc/dcerpc_helpers.c | 1 +
source3/rpc_client/cli_pipe.c | 1 +
source3/rpc_client/rpc_transport_np.c | 1 +
source3/rpc_server/rpc_ncacn_np.c | 1 +
source4/librpc/rpc/dcerpc.c | 1 +
source4/librpc/rpc/dcerpc_roh_channel_out.c | 1 +
12 files changed, 113 insertions(+), 74 deletions(-)
create mode 100644 librpc/rpc/dcerpc_util.h
diff --git a/librpc/rpc/dcerpc_util.c b/librpc/rpc/dcerpc_util.c
index 42e8e611019..925fb70ad7c 100644
--- a/librpc/rpc/dcerpc_util.c
+++ b/librpc/rpc/dcerpc_util.c
@@ -25,6 +25,7 @@
#include "lib/tsocket/tsocket.h"
#include "lib/util/tevent_ntstatus.h"
#include "librpc/rpc/dcerpc.h"
+#include "librpc/rpc/dcerpc_util.h"
#include "librpc/gen_ndr/ndr_dcerpc.h"
#include "rpc_common.h"
#include "lib/util/bitmap.h"
diff --git a/librpc/rpc/dcerpc_util.h b/librpc/rpc/dcerpc_util.h
new file mode 100644
index 00000000000..0ecaf428c3c
--- /dev/null
+++ b/librpc/rpc/dcerpc_util.h
@@ -0,0 +1,103 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ Copyright (C) Stefan Metzmacher 2010-2011
+ Copyright (C) Andrew Tridgell 2010-2011
+ Copyright (C) Simo Sorce 2010
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __LIBRPC_RPC_DCERPC_UTIL_H__
+#define __LIBRPC_RPC_DCERPC_UTIL_H__
+
+#include "replace.h"
+#include <talloc.h>
+#include "lib/util/data_blob.h"
+#include "librpc/rpc/rpc_common.h"
+#include "librpc/gen_ndr/dcerpc.h"
+
+void dcerpc_set_frag_length(DATA_BLOB *blob, uint16_t v);
+uint16_t dcerpc_get_frag_length(const DATA_BLOB *blob);
+void dcerpc_set_auth_length(DATA_BLOB *blob, uint16_t v);
+uint16_t dcerpc_get_auth_length(const DATA_BLOB *blob);
+uint8_t dcerpc_get_endian_flag(DATA_BLOB *blob);
+uint8_t dcerpc_get_auth_type(const DATA_BLOB *blob);
+uint8_t dcerpc_get_auth_level(const DATA_BLOB *blob);
+uint32_t dcerpc_get_auth_context_id(const DATA_BLOB *blob);
+const char *dcerpc_default_transport_endpoint(TALLOC_CTX *mem_ctx,
+ enum dcerpc_transport_t transport,
+ const struct ndr_interface_table *table);
+
+NTSTATUS dcerpc_pull_ncacn_packet(TALLOC_CTX *mem_ctx,
+ const DATA_BLOB *blob,
+ struct ncacn_packet *r);
+
+/**
+* @brief Pull a dcerpc_auth structure, taking account of any auth
+* padding in the blob. For request/response packets we pass
+* the whole data blob, so auth_data_only must be set to false
+* as the blob contains data+pad+auth and no just pad+auth.
+*
+* @param pkt - The ncacn_packet strcuture
+* @param mem_ctx - The mem_ctx used to allocate dcerpc_auth elements
+* @param pkt_trailer - The packet trailer data, usually the trailing
+* auth_info blob, but in the request/response case
+* this is the stub_and_verifier blob.
+* @param auth - A preallocated dcerpc_auth *empty* structure
+* @param auth_length - The length of the auth trail, sum of auth header
+* lenght and pkt->auth_length
+* @param auth_data_only - Whether the pkt_trailer includes only the auth_blob
+* (+ padding) or also other data.
+*
+* @return - A NTSTATUS error code.
+*/
+NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet *pkt,
+ TALLOC_CTX *mem_ctx,
+ const DATA_BLOB *pkt_trailer,
+ struct dcerpc_auth *auth,
+ uint32_t *auth_length,
+ bool auth_data_only);
+NTSTATUS dcerpc_verify_ncacn_packet_header(const struct ncacn_packet *pkt,
+ enum dcerpc_pkt_type ptype,
+ size_t max_auth_info,
+ uint8_t required_flags,
+ uint8_t optional_flags);
+NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state,
+ struct gensec_security *gensec,
+ TALLOC_CTX *mem_ctx,
+ enum dcerpc_pkt_type ptype,
+ uint8_t required_flags,
+ uint8_t optional_flags,
+ uint8_t payload_offset,
+ DATA_BLOB *payload_and_verifier,
+ DATA_BLOB *raw_packet,
+ const struct ncacn_packet *pkt);
+NTSTATUS dcerpc_ncacn_push_pkt_auth(const struct dcerpc_auth *auth_state,
+ struct gensec_security *gensec,
+ TALLOC_CTX *mem_ctx,
+ DATA_BLOB *raw_packet,
+ size_t sig_size,
+ uint8_t payload_offset,
+ const DATA_BLOB *payload,
+ const struct ncacn_packet *pkt);
+struct tevent_req *dcerpc_read_ncacn_packet_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct tstream_context *stream);
+NTSTATUS dcerpc_read_ncacn_packet_recv(struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ struct ncacn_packet **pkt,
+ DATA_BLOB *buffer);
+
+#endif
diff --git a/librpc/rpc/dcesrv_auth.c b/librpc/rpc/dcesrv_auth.c
index 8ac90f2a2bd..f7919ebf575 100644
--- a/librpc/rpc/dcesrv_auth.c
+++ b/librpc/rpc/dcesrv_auth.c
@@ -23,6 +23,7 @@
#include "includes.h"
#include "librpc/rpc/dcesrv_core.h"
#include "librpc/rpc/dcesrv_core_proto.h"
+#include "librpc/rpc/dcerpc_util.h"
#include "librpc/gen_ndr/ndr_dcerpc.h"
#include "auth/credentials/credentials.h"
#include "auth/gensec/gensec.h"
diff --git a/librpc/rpc/dcesrv_core.c b/librpc/rpc/dcesrv_core.c
index 06f6c4b2382..74730f22c7c 100644
--- a/librpc/rpc/dcesrv_core.c
+++ b/librpc/rpc/dcesrv_core.c
@@ -24,6 +24,7 @@
#include "includes.h"
#include "librpc/rpc/dcesrv_core.h"
#include "librpc/rpc/dcesrv_core_proto.h"
+#include "librpc/rpc/dcerpc_util.h"
#include "librpc/gen_ndr/auth.h"
#include "auth/gensec/gensec.h"
#include "lib/util/dlinklist.h"
diff --git a/librpc/rpc/dcesrv_reply.c b/librpc/rpc/dcesrv_reply.c
index 96bd98f53e1..5b4429956e7 100644
--- a/librpc/rpc/dcesrv_reply.c
+++ b/librpc/rpc/dcesrv_reply.c
@@ -23,6 +23,7 @@
#include "includes.h"
#include "librpc/rpc/dcesrv_core.h"
#include "librpc/rpc/dcesrv_core_proto.h"
+#include "librpc/rpc/dcerpc_util.h"
#include "auth/gensec/gensec.h"
#include "lib/util/dlinklist.h"
#include "param/param.h"
diff --git a/librpc/rpc/rpc_common.h b/librpc/rpc/rpc_common.h
index 82fe2eb7e80..55a35f31096 100644
--- a/librpc/rpc/rpc_common.h
+++ b/librpc/rpc/rpc_common.h
@@ -165,80 +165,6 @@ const char *derpc_transport_string_by_transport(enum dcerpc_transport_t t);
enum dcerpc_transport_t dcerpc_transport_by_name(const char *name);
enum dcerpc_transport_t dcerpc_transport_by_tower(const struct epm_tower *tower);
-/* The following definitions come from ../librpc/rpc/dcerpc_util.c */
-
-void dcerpc_set_frag_length(DATA_BLOB *blob, uint16_t v);
-uint16_t dcerpc_get_frag_length(const DATA_BLOB *blob);
-void dcerpc_set_auth_length(DATA_BLOB *blob, uint16_t v);
-uint16_t dcerpc_get_auth_length(const DATA_BLOB *blob);
-uint8_t dcerpc_get_endian_flag(DATA_BLOB *blob);
-uint8_t dcerpc_get_auth_type(const DATA_BLOB *blob);
-uint8_t dcerpc_get_auth_level(const DATA_BLOB *blob);
-uint32_t dcerpc_get_auth_context_id(const DATA_BLOB *blob);
-const char *dcerpc_default_transport_endpoint(TALLOC_CTX *mem_ctx,
- enum dcerpc_transport_t transport,
- const struct ndr_interface_table *table);
-
-NTSTATUS dcerpc_pull_ncacn_packet(TALLOC_CTX *mem_ctx,
- const DATA_BLOB *blob,
- struct ncacn_packet *r);
-
-/**
-* @brief Pull a dcerpc_auth structure, taking account of any auth
-* padding in the blob. For request/response packets we pass
-* the whole data blob, so auth_data_only must be set to false
-* as the blob contains data+pad+auth and no just pad+auth.
-*
-* @param pkt - The ncacn_packet strcuture
-* @param mem_ctx - The mem_ctx used to allocate dcerpc_auth elements
-* @param pkt_trailer - The packet trailer data, usually the trailing
-* auth_info blob, but in the request/response case
-* this is the stub_and_verifier blob.
-* @param auth - A preallocated dcerpc_auth *empty* structure
-* @param auth_length - The length of the auth trail, sum of auth header
-* lenght and pkt->auth_length
-* @param auth_data_only - Whether the pkt_trailer includes only the auth_blob
-* (+ padding) or also other data.
-*
-* @return - A NTSTATUS error code.
-*/
-NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet *pkt,
- TALLOC_CTX *mem_ctx,
- const DATA_BLOB *pkt_trailer,
- struct dcerpc_auth *auth,
- uint32_t *auth_length,
- bool auth_data_only);
-NTSTATUS dcerpc_verify_ncacn_packet_header(const struct ncacn_packet *pkt,
- enum dcerpc_pkt_type ptype,
- size_t max_auth_info,
- uint8_t required_flags,
- uint8_t optional_flags);
-NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state,
- struct gensec_security *gensec,
- TALLOC_CTX *mem_ctx,
- enum dcerpc_pkt_type ptype,
- uint8_t required_flags,
- uint8_t optional_flags,
- uint8_t payload_offset,
- DATA_BLOB *payload_and_verifier,
- DATA_BLOB *raw_packet,
- const struct ncacn_packet *pkt);
-NTSTATUS dcerpc_ncacn_push_pkt_auth(const struct dcerpc_auth *auth_state,
- struct gensec_security *gensec,
- TALLOC_CTX *mem_ctx,
- DATA_BLOB *raw_packet,
- size_t sig_size,
- uint8_t payload_offset,
- const DATA_BLOB *payload,
- const struct ncacn_packet *pkt);
-struct tevent_req *dcerpc_read_ncacn_packet_send(TALLOC_CTX *mem_ctx,
- struct tevent_context *ev,
- struct tstream_context *stream);
-NTSTATUS dcerpc_read_ncacn_packet_recv(struct tevent_req *req,
- TALLOC_CTX *mem_ctx,
- struct ncacn_packet **pkt,
- DATA_BLOB *buffer);
-
/* The following definitions come from ../librpc/rpc/binding_handle.c */
struct dcerpc_binding_handle_ops {
diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c
index 1f67987561c..c609efd5b07 100644
--- a/source3/librpc/rpc/dcerpc_helpers.c
+++ b/source3/librpc/rpc/dcerpc_helpers.c
@@ -20,6 +20,7 @@
#include "includes.h"
#include "librpc/rpc/dcerpc.h"
+#include "librpc/rpc/dcerpc_util.h"
#include "librpc/gen_ndr/ndr_dcerpc.h"
#include "librpc/crypto/gse.h"
#include "auth/gensec/gensec.h"
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 8f52acadec8..3d16f1092db 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -30,6 +30,7 @@
#include "librpc/gen_ndr/ndr_dcerpc.h"
#include "librpc/gen_ndr/ndr_netlogon_c.h"
#include "librpc/rpc/dcerpc.h"
+#include "librpc/rpc/dcerpc_util.h"
#include "rpc_dce.h"
#include "cli_pipe.h"
#include "libsmb/libsmb.h"
diff --git a/source3/rpc_client/rpc_transport_np.c b/source3/rpc_client/rpc_transport_np.c
index 9dc5c5634fc..b24023661ff 100644
--- a/source3/rpc_client/rpc_transport_np.c
+++ b/source3/rpc_client/rpc_transport_np.c
@@ -19,6 +19,7 @@
#include "includes.h"
#include "../lib/util/tevent_ntstatus.h"
+#include "librpc/rpc/dcerpc_util.h"
#include "rpc_client/rpc_transport.h"
#include "librpc/ndr/ndr_table.h"
#include "libcli/smb/smbXcli_base.h"
diff --git a/source3/rpc_server/rpc_ncacn_np.c b/source3/rpc_server/rpc_ncacn_np.c
index 494b002e714..a874a2376d1 100644
--- a/source3/rpc_server/rpc_ncacn_np.c
+++ b/source3/rpc_server/rpc_ncacn_np.c
@@ -37,6 +37,7 @@
#include "rpc_server/rpc_config.h"
#include "librpc/ndr/ndr_table.h"
#include "rpc_server/rpc_server.h"
+#include "librpc/rpc/dcerpc_util.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_RPC_SRV
diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c
index 87a99a8df89..f97263dcc5b 100644
--- a/source4/librpc/rpc/dcerpc.c
+++ b/source4/librpc/rpc/dcerpc.c
@@ -26,6 +26,7 @@
#include "lib/events/events.h"
#include "librpc/rpc/dcerpc.h"
#include "librpc/rpc/dcerpc_proto.h"
+#include "librpc/rpc/dcerpc_util.h"
#include "librpc/gen_ndr/ndr_misc.h"
#include "librpc/gen_ndr/ndr_dcerpc.h"
#include "auth/gensec/gensec.h"
diff --git a/source4/librpc/rpc/dcerpc_roh_channel_out.c b/source4/librpc/rpc/dcerpc_roh_channel_out.c
index e431689d419..2abafb0bab5 100644
--- a/source4/librpc/rpc/dcerpc_roh_channel_out.c
+++ b/source4/librpc/rpc/dcerpc_roh_channel_out.c
@@ -37,6 +37,7 @@
#include "librpc/rpc/dcerpc.h"
#include "librpc/rpc/dcerpc_roh.h"
#include "librpc/rpc/dcerpc_proto.h"
+#include "librpc/rpc/dcerpc_util.h"
#include "libcli/http/http.h"
struct roh_request_state {
--
2.25.1
From fc8592c7e3aa24c3b6819641908f21311840e6cb Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Fri, 2 Apr 2021 13:41:21 +0200
Subject: [PATCH 2/9] librpc: Remove the gensec dependency from library
dcerpc-binding
This means yet another library, but having to depend on gensec just
for dcerpc_parse_binding() and basic packet parsing seems like a bit
overkill to me.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 6 23:33:14 UTC 2021 on sn-devel-184
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875
(cherry picked from commit 4d3b6506d30e4bf302f832493dad00a83b73d370)
---
libcli/auth/wscript_build | 10 +-
librpc/rpc/dcerpc_pkt_auth.c | 497 +++++++++++++++++++++++++++++++++++
librpc/rpc/dcerpc_pkt_auth.h | 58 ++++
librpc/rpc/dcerpc_util.c | 464 --------------------------------
librpc/rpc/dcerpc_util.h | 18 --
librpc/rpc/dcesrv_auth.c | 1 +
librpc/wscript_build | 25 +-
source3/wscript_build | 8 +-
source4/librpc/rpc/dcerpc.c | 1 +
source4/librpc/wscript_build | 21 +-
10 files changed, 613 insertions(+), 490 deletions(-)
create mode 100644 librpc/rpc/dcerpc_pkt_auth.c
create mode 100644 librpc/rpc/dcerpc_pkt_auth.h
diff --git a/libcli/auth/wscript_build b/libcli/auth/wscript_build
index 2a6a7468e45..24ab68fac1e 100644
--- a/libcli/auth/wscript_build
+++ b/libcli/auth/wscript_build
@@ -30,7 +30,15 @@ bld.SAMBA_SUBSYSTEM('COMMON_SCHANNEL',
bld.SAMBA_SUBSYSTEM('NETLOGON_CREDS_CLI',
source='netlogon_creds_cli.c',
- deps='dbwrap util_tdb tevent-util samba-hostconfig RPC_NDR_NETLOGON NDR_NETLOGON'
+ deps='''
+ dbwrap
+ util_tdb
+ tevent-util
+ samba-hostconfig
+ gensec
+ RPC_NDR_NETLOGON
+ NDR_NETLOGON
+ '''
)
bld.SAMBA_SUBSYSTEM('PAM_ERRORS',
diff --git a/librpc/rpc/dcerpc_pkt_auth.c b/librpc/rpc/dcerpc_pkt_auth.c
new file mode 100644
index 00000000000..322d7497893
--- /dev/null
+++ b/librpc/rpc/dcerpc_pkt_auth.c
@@ -0,0 +1,497 @@
+/*
+ Unix SMB/CIFS implementation.
+ raw dcerpc operations
+
+ Copyright (C) Andrew Tridgell 2003-2005
+ Copyright (C) Jelmer Vernooij 2004-2005
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "replace.h"
+#include "system/network.h"
+#include <tevent.h>
+#include "lib/util/talloc_stack.h"
+#include "lib/util/debug.h"
+#include "lib/util/byteorder.h"
+#include "lib/util/samba_util.h"
+#include "librpc/rpc/dcerpc.h"
+#include "librpc/rpc/dcerpc_util.h"
+#include "librpc/rpc/dcerpc_pkt_auth.h"
+#include "librpc/gen_ndr/ndr_dcerpc.h"
+#include "rpc_common.h"
+#include "lib/util/bitmap.h"
+#include "auth/gensec/gensec.h"
+#include "lib/util/mkdir_p.h"
+#include "lib/crypto/gnutls_helpers.h"
+#include <gnutls/crypto.h>
+
+NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state,
+ struct gensec_security *gensec,
+ TALLOC_CTX *mem_ctx,
+ enum dcerpc_pkt_type ptype,
+ uint8_t required_flags,
+ uint8_t optional_flags,
+ uint8_t payload_offset,
+ DATA_BLOB *payload_and_verifier,
+ DATA_BLOB *raw_packet,
+ const struct ncacn_packet *pkt)
+{
+ NTSTATUS status;
+ struct dcerpc_auth auth;
+ uint32_t auth_length;
+
+ if (auth_state == NULL) {
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ status = dcerpc_verify_ncacn_packet_header(pkt, ptype,
+ payload_and_verifier->length,
+ required_flags, optional_flags);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ switch (auth_state->auth_level) {
+ case DCERPC_AUTH_LEVEL_PRIVACY:
+ case DCERPC_AUTH_LEVEL_INTEGRITY:
+ case DCERPC_AUTH_LEVEL_PACKET:
+ break;
+
+ case DCERPC_AUTH_LEVEL_CONNECT:
+ if (pkt->auth_length != 0) {
+ break;
+ }
+ return NT_STATUS_OK;
+ case DCERPC_AUTH_LEVEL_NONE:
+ if (pkt->auth_length != 0) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+ return NT_STATUS_OK;
+
+ default:
+ return NT_STATUS_RPC_UNSUPPORTED_AUTHN_LEVEL;
+ }
+
+ if (pkt->auth_length == 0) {
+ return NT_STATUS_RPC_PROTOCOL_ERROR;
+ }
+
+ if (gensec == NULL) {
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ status = dcerpc_pull_auth_trailer(pkt, mem_ctx,
+ payload_and_verifier,
+ &auth, &auth_length, false);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ if (payload_and_verifier->length < auth_length) {
+ /*
+ * should be checked in dcerpc_pull_auth_trailer()
+ */
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ payload_and_verifier->length -= auth_length;
+
+ if (payload_and_verifier->length < auth.auth_pad_length) {
+ /*
+ * should be checked in dcerpc_pull_auth_trailer()
+ */
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ if (auth.auth_type != auth_state->auth_type) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ if (auth.auth_level != auth_state->auth_level) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ if (auth.auth_context_id != auth_state->auth_context_id) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ /* check signature or unseal the packet */
+ switch (auth_state->auth_level) {
+ case DCERPC_AUTH_LEVEL_PRIVACY:
+ status = gensec_unseal_packet(gensec,
+ raw_packet->data + payload_offset,
+ payload_and_verifier->length,
+ raw_packet->data,
+ raw_packet->length -
+ auth.credentials.length,
+ &auth.credentials);
+ if (!NT_STATUS_IS_OK(status)) {
+ return NT_STATUS_RPC_SEC_PKG_ERROR;
+ }
+ memcpy(payload_and_verifier->data,
+ raw_packet->data + payload_offset,
+ payload_and_verifier->length);
+ break;
+
+ case DCERPC_AUTH_LEVEL_INTEGRITY:
+ case DCERPC_AUTH_LEVEL_PACKET:
+ status = gensec_check_packet(gensec,
+ payload_and_verifier->data,
+ payload_and_verifier->length,
+ raw_packet->data,
+ raw_packet->length -
+ auth.credentials.length,
+ &auth.credentials);
+ if (!NT_STATUS_IS_OK(status)) {
+ return NT_STATUS_RPC_SEC_PKG_ERROR;
+ }
+ break;
+
+ case DCERPC_AUTH_LEVEL_CONNECT:
+ /* for now we ignore possible signatures here */
+ break;
+
+ default:
+ return NT_STATUS_RPC_UNSUPPORTED_AUTHN_LEVEL;
+ }
+
+ /*
+ * remove the indicated amount of padding
+ *
+ * A possible overflow is checked above.
+ */
+ payload_and_verifier->length -= auth.auth_pad_length;
+
+ return NT_STATUS_OK;
+}
+
+NTSTATUS dcerpc_ncacn_push_pkt_auth(const struct dcerpc_auth *auth_state,
+ struct gensec_security *gensec,
+ TALLOC_CTX *mem_ctx,
+ DATA_BLOB *raw_packet,
+ size_t sig_size,
+ uint8_t payload_offset,
+ const DATA_BLOB *payload,
+ const struct ncacn_packet *pkt)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ NTSTATUS status;
+ enum ndr_err_code ndr_err;
+ struct ndr_push *ndr = NULL;
+ uint32_t payload_length;
+ uint32_t whole_length;
+ DATA_BLOB blob = data_blob_null;
+ DATA_BLOB sig = data_blob_null;
+ struct dcerpc_auth _out_auth_info;
+ struct dcerpc_auth *out_auth_info = NULL;
+
+ *raw_packet = data_blob_null;
+
+ if (auth_state == NULL) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ switch (auth_state->auth_level) {
+ case DCERPC_AUTH_LEVEL_PRIVACY:
+ case DCERPC_AUTH_LEVEL_INTEGRITY:
+ case DCERPC_AUTH_LEVEL_PACKET:
+ if (sig_size == 0) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ if (gensec == NULL) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ _out_auth_info = (struct dcerpc_auth) {
+ .auth_type = auth_state->auth_type,
+ .auth_level = auth_state->auth_level,
+ .auth_context_id = auth_state->auth_context_id,
+ };
+ out_auth_info = &_out_auth_info;
+ break;
+
+ case DCERPC_AUTH_LEVEL_CONNECT:
+ /*
+ * TODO: let the gensec mech decide if it wants to generate a
+ * signature that might be needed for schannel...
+ */
+ if (sig_size != 0) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ if (gensec == NULL) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+ break;
+
+ case DCERPC_AUTH_LEVEL_NONE:
+ if (sig_size != 0) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+ break;
+
+ default:
+ TALLOC_FREE(frame);
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ ndr = ndr_push_init_ctx(frame);
+ if (ndr == NULL) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ ndr_err = ndr_push_ncacn_packet(ndr, NDR_SCALARS|NDR_BUFFERS, pkt);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ TALLOC_FREE(frame);
+ return ndr_map_error2ntstatus(ndr_err);
+ }
+
+ if (out_auth_info != NULL) {
+ /*
+ * pad to 16 byte multiple in the payload portion of the
+ * packet. This matches what w2k3 does. Note that we can't use
+ * ndr_push_align() as that is relative to the start of the
+ * whole packet, whereas w2k8 wants it relative to the start
+ * of the stub.
+ */
+ out_auth_info->auth_pad_length =
+ DCERPC_AUTH_PAD_LENGTH(payload->length);
+ ndr_err = ndr_push_zero(ndr, out_auth_info->auth_pad_length);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ TALLOC_FREE(frame);
+ return ndr_map_error2ntstatus(ndr_err);
+ }
+
+ payload_length = payload->length +
+ out_auth_info->auth_pad_length;
+
+ ndr_err = ndr_push_dcerpc_auth(ndr, NDR_SCALARS|NDR_BUFFERS,
+ out_auth_info);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ TALLOC_FREE(frame);
+ return ndr_map_error2ntstatus(ndr_err);
+ }
+
+ whole_length = ndr->offset;
+
+ ndr_err = ndr_push_zero(ndr, sig_size);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ TALLOC_FREE(frame);
+ return ndr_map_error2ntstatus(ndr_err);
+ }
+ } else {
+ payload_length = payload->length;
+ whole_length = ndr->offset;
+ }
+
+ /* extract the whole packet as a blob */
+ blob = ndr_push_blob(ndr);
+
+ /*
+ * Setup the frag and auth length in the packet buffer.
+ * This is needed if the GENSEC mech does AEAD signing
+ * of the packet headers. The signature itself will be
+ * appended later.
+ */
+ dcerpc_set_frag_length(&blob, blob.length);
+ dcerpc_set_auth_length(&blob, sig_size);
+
+ /* sign or seal the packet */
+ switch (auth_state->auth_level) {
+ case DCERPC_AUTH_LEVEL_PRIVACY:
+ status = gensec_seal_packet(gensec,
+ frame,
+ blob.data + payload_offset,
+ payload_length,
+ blob.data,
+ whole_length,
+ &sig);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+ break;
+
+ case DCERPC_AUTH_LEVEL_INTEGRITY:
+ case DCERPC_AUTH_LEVEL_PACKET:
+ status = gensec_sign_packet(gensec,
+ frame,
+ blob.data + payload_offset,
+ payload_length,
+ blob.data,
+ whole_length,
+ &sig);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+ break;
+
+ case DCERPC_AUTH_LEVEL_CONNECT:
+ case DCERPC_AUTH_LEVEL_NONE:
+ break;
+
+ default:
+ TALLOC_FREE(frame);
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ if (sig.length != sig_size) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_RPC_SEC_PKG_ERROR;
+ }
+
+ if (sig_size != 0) {
+ memcpy(blob.data + whole_length, sig.data, sig_size);
+ }
+
+ *raw_packet = blob;
+ talloc_steal(mem_ctx, raw_packet->data);
+ TALLOC_FREE(frame);
+ return NT_STATUS_OK;
+}
+
+#ifdef DEVELOPER
+
+/*
+ * Save valid, well-formed DCE/RPC stubs to use as a seed for
+ * ndr_fuzz_X
+ */
+void dcerpc_save_ndr_fuzz_seed(TALLOC_CTX *mem_ctx,
+ DATA_BLOB raw_blob,
+ const char *dump_dir,
+ const char *iface_name,
+ int flags,
+ int opnum,
+ bool ndr64)
+{
+ char *fname = NULL;
+ const char *sub_dir = NULL;
+ TALLOC_CTX *temp_ctx = talloc_new(mem_ctx);
+ DATA_BLOB blob;
+ int ret, rc;
+ uint8_t digest[20];
+ DATA_BLOB digest_blob;
+ char *digest_hex;
+ uint16_t fuzz_flags = 0;
+
+ /*
+ * We want to save the 'stub' in a per-pipe subdirectory, with
+ * the ndr_fuzz_X header 4 byte header. For the sake of
+ * convenience (this is a developer only function), we mkdir
+ * -p the sub-directories when they are needed.
+ */
+
+ if (dump_dir == NULL) {
+ return;
+ }
+
+ temp_ctx = talloc_stackframe();
+
+ sub_dir = talloc_asprintf(temp_ctx, "%s/%s",
+ dump_dir,
+ iface_name);
+ if (sub_dir == NULL) {
+ talloc_free(temp_ctx);
+ return;
+ }
+ ret = mkdir_p(sub_dir, 0755);
+ if (ret && errno != EEXIST) {
+ DBG_ERR("could not create %s\n", sub_dir);
+ talloc_free(temp_ctx);
+ return;
+ }
+
+ blob.length = raw_blob.length + 4;
+ blob.data = talloc_array(sub_dir,
+ uint8_t,
+ blob.length);
+ if (blob.data == NULL) {
+ DBG_ERR("could not allocate for fuzz seeds! (%s)\n",
+ iface_name);
+ talloc_free(temp_ctx);
+ return;
+ }
+
+ if (ndr64) {
+ fuzz_flags = 4;
+ }
+ if (flags & NDR_IN) {
+ fuzz_flags |= 1;
+ } else if (flags & NDR_OUT) {
+ fuzz_flags |= 2;
+ }
+
+ SSVAL(blob.data, 0, fuzz_flags);
+ SSVAL(blob.data, 2, opnum);
+
+ memcpy(&blob.data[4],
+ raw_blob.data,
+ raw_blob.length);
+
+ /*
+ * This matches how oss-fuzz names the corpus input files, due
+ * to a preference from libFuzzer
+ */
+ rc = gnutls_hash_fast(GNUTLS_DIG_SHA1,
+ blob.data,
+ blob.length,
+ digest);
+ if (rc < 0) {
+ /*
+ * This prints a better error message, eg if SHA1 is
+ * disabled
+ */
+ NTSTATUS status = gnutls_error_to_ntstatus(rc,
+ NT_STATUS_HASH_NOT_SUPPORTED);
+ DBG_ERR("Failed to generate SHA1 to save fuzz seed: %s",
+ nt_errstr(status));
+ talloc_free(temp_ctx);
+ return;
+ }
+
+ digest_blob.data = digest;
+ digest_blob.length = sizeof(digest);
+ digest_hex = data_blob_hex_string_lower(temp_ctx, &digest_blob);
+
+ fname = talloc_asprintf(temp_ctx, "%s/%s",
+ sub_dir,
+ digest_hex);
+ if (fname == NULL) {
+ talloc_free(temp_ctx);
+ return;
+ }
+
+ /*
+ * If this fails, it is most likely because that file already
+ * exists. This is fine, it means we already have this
+ * sample
+ */
+ file_save(fname,
+ blob.data,
+ blob.length);
+
+ talloc_free(temp_ctx);
+}
+
+#endif /*if DEVELOPER, enveloping _dcesrv_save_ndr_fuzz_seed() */
diff --git a/librpc/rpc/dcerpc_pkt_auth.h b/librpc/rpc/dcerpc_pkt_auth.h
new file mode 100644
index 00000000000..c0d23b91c05
--- /dev/null
+++ b/librpc/rpc/dcerpc_pkt_auth.h
@@ -0,0 +1,58 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ Copyright (C) Stefan Metzmacher 2010-2011
+ Copyright (C) Andrew Tridgell 2010-2011
+ Copyright (C) Simo Sorce 2010
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __LIBRPC_RPC_DCERPC_PKT_AUTH_H__
+#define __LIBRPC_RPC_DCERPC_PKT_AUTH_H__
+
+#include "replace.h"
+#include <talloc.h>
+#include "lib/util/data_blob.h"
+#include "libcli/util/ntstatus.h"
+#include "librpc/rpc/rpc_common.h"
+#include "librpc/gen_ndr/dcerpc.h"
+
+NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state,
+ struct gensec_security *gensec,
+ TALLOC_CTX *mem_ctx,
+ enum dcerpc_pkt_type ptype,
+ uint8_t required_flags,
+ uint8_t optional_flags,
+ uint8_t payload_offset,
+ DATA_BLOB *payload_and_verifier,
+ DATA_BLOB *raw_packet,
+ const struct ncacn_packet *pkt);
+NTSTATUS dcerpc_ncacn_push_pkt_auth(const struct dcerpc_auth *auth_state,
+ struct gensec_security *gensec,
+ TALLOC_CTX *mem_ctx,
+ DATA_BLOB *raw_packet,
+ size_t sig_size,
+ uint8_t payload_offset,
+ const DATA_BLOB *payload,
+ const struct ncacn_packet *pkt);
+struct tevent_req *dcerpc_read_ncacn_packet_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct tstream_context *stream);
+NTSTATUS dcerpc_read_ncacn_packet_recv(struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ struct ncacn_packet **pkt,
+ DATA_BLOB *buffer);
+
+#endif
diff --git a/librpc/rpc/dcerpc_util.c b/librpc/rpc/dcerpc_util.c
index 925fb70ad7c..c878a2af094 100644
--- a/librpc/rpc/dcerpc_util.c
+++ b/librpc/rpc/dcerpc_util.c
@@ -29,10 +29,6 @@
#include "librpc/gen_ndr/ndr_dcerpc.h"
#include "rpc_common.h"
#include "lib/util/bitmap.h"
-#include "auth/gensec/gensec.h"
-#include "lib/util/mkdir_p.h"
-#include "lib/crypto/gnutls_helpers.h"
-#include <gnutls/crypto.h>
#undef strncasecmp
@@ -486,340 +482,6 @@ NTSTATUS dcerpc_verify_ncacn_packet_header(const struct ncacn_packet *pkt,
return NT_STATUS_OK;
}
-NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state,
- struct gensec_security *gensec,
- TALLOC_CTX *mem_ctx,
- enum dcerpc_pkt_type ptype,
- uint8_t required_flags,
- uint8_t optional_flags,
- uint8_t payload_offset,
- DATA_BLOB *payload_and_verifier,
- DATA_BLOB *raw_packet,
- const struct ncacn_packet *pkt)
-{
- NTSTATUS status;
- struct dcerpc_auth auth;
- uint32_t auth_length;
-
- if (auth_state == NULL) {
- return NT_STATUS_INTERNAL_ERROR;
- }
-
- status = dcerpc_verify_ncacn_packet_header(pkt, ptype,
- payload_and_verifier->length,
- required_flags, optional_flags);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- switch (auth_state->auth_level) {
- case DCERPC_AUTH_LEVEL_PRIVACY:
- case DCERPC_AUTH_LEVEL_INTEGRITY:
- case DCERPC_AUTH_LEVEL_PACKET:
- break;
-
- case DCERPC_AUTH_LEVEL_CONNECT:
- if (pkt->auth_length != 0) {
- break;
- }
- return NT_STATUS_OK;
- case DCERPC_AUTH_LEVEL_NONE:
- if (pkt->auth_length != 0) {
- return NT_STATUS_ACCESS_DENIED;
- }
- return NT_STATUS_OK;
-
- default:
- return NT_STATUS_RPC_UNSUPPORTED_AUTHN_LEVEL;
- }
-
- if (pkt->auth_length == 0) {
- return NT_STATUS_RPC_PROTOCOL_ERROR;
- }
-
- if (gensec == NULL) {
- return NT_STATUS_INTERNAL_ERROR;
- }
-
- status = dcerpc_pull_auth_trailer(pkt, mem_ctx,
- payload_and_verifier,
- &auth, &auth_length, false);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- if (payload_and_verifier->length < auth_length) {
- /*
- * should be checked in dcerpc_pull_auth_trailer()
- */
- return NT_STATUS_INTERNAL_ERROR;
- }
-
- payload_and_verifier->length -= auth_length;
-
- if (payload_and_verifier->length < auth.auth_pad_length) {
- /*
- * should be checked in dcerpc_pull_auth_trailer()
- */
- return NT_STATUS_INTERNAL_ERROR;
- }
-
- if (auth.auth_type != auth_state->auth_type) {
- return NT_STATUS_ACCESS_DENIED;
- }
-
- if (auth.auth_level != auth_state->auth_level) {
- return NT_STATUS_ACCESS_DENIED;
- }
-
- if (auth.auth_context_id != auth_state->auth_context_id) {
- return NT_STATUS_ACCESS_DENIED;
- }
-
- /* check signature or unseal the packet */
- switch (auth_state->auth_level) {
- case DCERPC_AUTH_LEVEL_PRIVACY:
- status = gensec_unseal_packet(gensec,
- raw_packet->data + payload_offset,
- payload_and_verifier->length,
- raw_packet->data,
- raw_packet->length -
- auth.credentials.length,
- &auth.credentials);
- if (!NT_STATUS_IS_OK(status)) {
- return NT_STATUS_RPC_SEC_PKG_ERROR;
- }
- memcpy(payload_and_verifier->data,
- raw_packet->data + payload_offset,
- payload_and_verifier->length);
- break;
-
- case DCERPC_AUTH_LEVEL_INTEGRITY:
- case DCERPC_AUTH_LEVEL_PACKET:
- status = gensec_check_packet(gensec,
- payload_and_verifier->data,
- payload_and_verifier->length,
- raw_packet->data,
- raw_packet->length -
- auth.credentials.length,
- &auth.credentials);
- if (!NT_STATUS_IS_OK(status)) {
- return NT_STATUS_RPC_SEC_PKG_ERROR;
- }
- break;
-
- case DCERPC_AUTH_LEVEL_CONNECT:
- /* for now we ignore possible signatures here */
- break;
-
- default:
- return NT_STATUS_RPC_UNSUPPORTED_AUTHN_LEVEL;
- }
-
- /*
- * remove the indicated amount of padding
- *
- * A possible overflow is checked above.
- */
- payload_and_verifier->length -= auth.auth_pad_length;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS dcerpc_ncacn_push_pkt_auth(const struct dcerpc_auth *auth_state,
- struct gensec_security *gensec,
- TALLOC_CTX *mem_ctx,
- DATA_BLOB *raw_packet,
- size_t sig_size,
- uint8_t payload_offset,
- const DATA_BLOB *payload,
- const struct ncacn_packet *pkt)
-{
- TALLOC_CTX *frame = talloc_stackframe();
- NTSTATUS status;
- enum ndr_err_code ndr_err;
- struct ndr_push *ndr = NULL;
- uint32_t payload_length;
- uint32_t whole_length;
- DATA_BLOB blob = data_blob_null;
- DATA_BLOB sig = data_blob_null;
- struct dcerpc_auth _out_auth_info;
- struct dcerpc_auth *out_auth_info = NULL;
-
- *raw_packet = data_blob_null;
-
- if (auth_state == NULL) {
- TALLOC_FREE(frame);
- return NT_STATUS_INTERNAL_ERROR;
- }
-
- switch (auth_state->auth_level) {
- case DCERPC_AUTH_LEVEL_PRIVACY:
- case DCERPC_AUTH_LEVEL_INTEGRITY:
- case DCERPC_AUTH_LEVEL_PACKET:
- if (sig_size == 0) {
- TALLOC_FREE(frame);
- return NT_STATUS_INTERNAL_ERROR;
- }
-
- if (gensec == NULL) {
- TALLOC_FREE(frame);
- return NT_STATUS_INTERNAL_ERROR;
- }
-
- _out_auth_info = (struct dcerpc_auth) {
- .auth_type = auth_state->auth_type,
- .auth_level = auth_state->auth_level,
- .auth_context_id = auth_state->auth_context_id,
- };
- out_auth_info = &_out_auth_info;
- break;
-
- case DCERPC_AUTH_LEVEL_CONNECT:
- /*
- * TODO: let the gensec mech decide if it wants to generate a
- * signature that might be needed for schannel...
- */
- if (sig_size != 0) {
- TALLOC_FREE(frame);
- return NT_STATUS_INTERNAL_ERROR;
- }
-
- if (gensec == NULL) {
- TALLOC_FREE(frame);
- return NT_STATUS_INTERNAL_ERROR;
- }
- break;
-
- case DCERPC_AUTH_LEVEL_NONE:
- if (sig_size != 0) {
- TALLOC_FREE(frame);
- return NT_STATUS_INTERNAL_ERROR;
- }
- break;
-
- default:
- TALLOC_FREE(frame);
- return NT_STATUS_INTERNAL_ERROR;
- }
-
- ndr = ndr_push_init_ctx(frame);
- if (ndr == NULL) {
- TALLOC_FREE(frame);
- return NT_STATUS_NO_MEMORY;
- }
-
- ndr_err = ndr_push_ncacn_packet(ndr, NDR_SCALARS|NDR_BUFFERS, pkt);
- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- TALLOC_FREE(frame);
- return ndr_map_error2ntstatus(ndr_err);
- }
-
- if (out_auth_info != NULL) {
- /*
- * pad to 16 byte multiple in the payload portion of the
- * packet. This matches what w2k3 does. Note that we can't use
- * ndr_push_align() as that is relative to the start of the
- * whole packet, whereas w2k8 wants it relative to the start
- * of the stub.
- */
- out_auth_info->auth_pad_length =
- DCERPC_AUTH_PAD_LENGTH(payload->length);
- ndr_err = ndr_push_zero(ndr, out_auth_info->auth_pad_length);
- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- TALLOC_FREE(frame);
- return ndr_map_error2ntstatus(ndr_err);
- }
-
- payload_length = payload->length +
- out_auth_info->auth_pad_length;
-
- ndr_err = ndr_push_dcerpc_auth(ndr, NDR_SCALARS|NDR_BUFFERS,
- out_auth_info);
- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- TALLOC_FREE(frame);
- return ndr_map_error2ntstatus(ndr_err);
- }
-
- whole_length = ndr->offset;
-
- ndr_err = ndr_push_zero(ndr, sig_size);
- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- TALLOC_FREE(frame);
- return ndr_map_error2ntstatus(ndr_err);
- }
- } else {
- payload_length = payload->length;
- whole_length = ndr->offset;
- }
-
- /* extract the whole packet as a blob */
- blob = ndr_push_blob(ndr);
-
- /*
- * Setup the frag and auth length in the packet buffer.
- * This is needed if the GENSEC mech does AEAD signing
- * of the packet headers. The signature itself will be
- * appended later.
- */
- dcerpc_set_frag_length(&blob, blob.length);
- dcerpc_set_auth_length(&blob, sig_size);
-
- /* sign or seal the packet */
- switch (auth_state->auth_level) {
- case DCERPC_AUTH_LEVEL_PRIVACY:
- status = gensec_seal_packet(gensec,
- frame,
- blob.data + payload_offset,
- payload_length,
- blob.data,
- whole_length,
- &sig);
- if (!NT_STATUS_IS_OK(status)) {
- TALLOC_FREE(frame);
- return status;
- }
- break;
-
- case DCERPC_AUTH_LEVEL_INTEGRITY:
- case DCERPC_AUTH_LEVEL_PACKET:
- status = gensec_sign_packet(gensec,
- frame,
- blob.data + payload_offset,
- payload_length,
- blob.data,
- whole_length,
- &sig);
- if (!NT_STATUS_IS_OK(status)) {
- TALLOC_FREE(frame);
- return status;
- }
- break;
-
- case DCERPC_AUTH_LEVEL_CONNECT:
- case DCERPC_AUTH_LEVEL_NONE:
- break;
-
- default:
- TALLOC_FREE(frame);
- return NT_STATUS_INTERNAL_ERROR;
- }
-
- if (sig.length != sig_size) {
- TALLOC_FREE(frame);
- return NT_STATUS_RPC_SEC_PKG_ERROR;
- }
-
- if (sig_size != 0) {
- memcpy(blob.data + whole_length, sig.data, sig_size);
- }
-
- *raw_packet = blob;
- talloc_steal(mem_ctx, raw_packet->data);
- TALLOC_FREE(frame);
- return NT_STATUS_OK;
-}
-
struct dcerpc_read_ncacn_packet_state {
#if 0
struct {
@@ -1474,129 +1136,3 @@ void dcerpc_log_packet(const char *packet_log_dir,
free(name);
}
}
-
-
-#ifdef DEVELOPER
-
-/*
- * Save valid, well-formed DCE/RPC stubs to use as a seed for
- * ndr_fuzz_X
- */
-void dcerpc_save_ndr_fuzz_seed(TALLOC_CTX *mem_ctx,
- DATA_BLOB raw_blob,
- const char *dump_dir,
- const char *iface_name,
- int flags,
- int opnum,
- bool ndr64)
-{
- char *fname = NULL;
- const char *sub_dir = NULL;
- TALLOC_CTX *temp_ctx = talloc_new(mem_ctx);
- DATA_BLOB blob;
- int ret, rc;
- uint8_t digest[20];
- DATA_BLOB digest_blob;
- char *digest_hex;
- uint16_t fuzz_flags = 0;
-
- /*
- * We want to save the 'stub' in a per-pipe subdirectory, with
- * the ndr_fuzz_X header 4 byte header. For the sake of
- * convenience (this is a developer only function), we mkdir
- * -p the sub-directories when they are needed.
- */
-
- if (dump_dir == NULL) {
- return;
- }
-
- temp_ctx = talloc_stackframe();
-
- sub_dir = talloc_asprintf(temp_ctx, "%s/%s",
- dump_dir,
- iface_name);
- if (sub_dir == NULL) {
- talloc_free(temp_ctx);
- return;
- }
- ret = mkdir_p(sub_dir, 0755);
- if (ret && errno != EEXIST) {
- DBG_ERR("could not create %s\n", sub_dir);
- talloc_free(temp_ctx);
- return;
- }
-
- blob.length = raw_blob.length + 4;
- blob.data = talloc_array(sub_dir,
- uint8_t,
- blob.length);
- if (blob.data == NULL) {
- DBG_ERR("could not allocate for fuzz seeds! (%s)\n",
- iface_name);
- talloc_free(temp_ctx);
- return;
- }
-
- if (ndr64) {
- fuzz_flags = 4;
- }
- if (flags & NDR_IN) {
- fuzz_flags |= 1;
- } else if (flags & NDR_OUT) {
- fuzz_flags |= 2;
- }
-
- SSVAL(blob.data, 0, fuzz_flags);
- SSVAL(blob.data, 2, opnum);
-
- memcpy(&blob.data[4],
- raw_blob.data,
- raw_blob.length);
-
- /*
- * This matches how oss-fuzz names the corpus input files, due
- * to a preference from libFuzzer
- */
- rc = gnutls_hash_fast(GNUTLS_DIG_SHA1,
- blob.data,
- blob.length,
- digest);
- if (rc < 0) {
- /*
- * This prints a better error message, eg if SHA1 is
- * disabled
- */
- NTSTATUS status = gnutls_error_to_ntstatus(rc,
- NT_STATUS_HASH_NOT_SUPPORTED);
- DBG_ERR("Failed to generate SHA1 to save fuzz seed: %s",
- nt_errstr(status));
- talloc_free(temp_ctx);
- return;
- }
-
- digest_blob.data = digest;
- digest_blob.length = sizeof(digest);
- digest_hex = data_blob_hex_string_lower(temp_ctx, &digest_blob);
-
- fname = talloc_asprintf(temp_ctx, "%s/%s",
- sub_dir,
- digest_hex);
- if (fname == NULL) {
- talloc_free(temp_ctx);
- return;
- }
-
- /*
- * If this fails, it is most likely because that file already
- * exists. This is fine, it means we already have this
- * sample
- */
- file_save(fname,
- blob.data,
- blob.length);
-
- talloc_free(temp_ctx);
-}
-
-#endif /*if DEVELOPER, enveloping _dcesrv_save_ndr_fuzz_seed() */
diff --git a/librpc/rpc/dcerpc_util.h b/librpc/rpc/dcerpc_util.h
index 0ecaf428c3c..a9bc7bd3832 100644
--- a/librpc/rpc/dcerpc_util.h
+++ b/librpc/rpc/dcerpc_util.h
@@ -74,24 +74,6 @@ NTSTATUS dcerpc_verify_ncacn_packet_header(const struct ncacn_packet *pkt,
size_t max_auth_info,
uint8_t required_flags,
uint8_t optional_flags);
-NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state,
- struct gensec_security *gensec,
- TALLOC_CTX *mem_ctx,
- enum dcerpc_pkt_type ptype,
- uint8_t required_flags,
- uint8_t optional_flags,
- uint8_t payload_offset,
- DATA_BLOB *payload_and_verifier,
- DATA_BLOB *raw_packet,
- const struct ncacn_packet *pkt);
-NTSTATUS dcerpc_ncacn_push_pkt_auth(const struct dcerpc_auth *auth_state,
- struct gensec_security *gensec,
- TALLOC_CTX *mem_ctx,
- DATA_BLOB *raw_packet,
- size_t sig_size,
- uint8_t payload_offset,
- const DATA_BLOB *payload,
- const struct ncacn_packet *pkt);
struct tevent_req *dcerpc_read_ncacn_packet_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct tstream_context *stream);
diff --git a/librpc/rpc/dcesrv_auth.c b/librpc/rpc/dcesrv_auth.c
index f7919ebf575..8dda86d88e2 100644
--- a/librpc/rpc/dcesrv_auth.c
+++ b/librpc/rpc/dcesrv_auth.c
@@ -24,6 +24,7 @@
#include "librpc/rpc/dcesrv_core.h"
#include "librpc/rpc/dcesrv_core_proto.h"
#include "librpc/rpc/dcerpc_util.h"
+#include "librpc/rpc/dcerpc_pkt_auth.h"
#include "librpc/gen_ndr/ndr_dcerpc.h"
#include "auth/credentials/credentials.h"
#include "auth/gensec/gensec.h"
diff --git a/librpc/wscript_build b/librpc/wscript_build
index e4632d538a4..59d6c31363d 100644
--- a/librpc/wscript_build
+++ b/librpc/wscript_build
@@ -655,12 +655,24 @@ bld.SAMBA_LIBRARY('ndr',
)
bld.SAMBA_LIBRARY('dcerpc-binding',
- source='rpc/dcerpc_error.c rpc/binding.c rpc/dcerpc_util.c rpc/binding_handle.c',
- deps='ndr tevent NDR_DCERPC LIBTSOCKET tevent-util gensec',
+ source='''
+ rpc/dcerpc_error.c
+ rpc/binding.c
+ rpc/dcerpc_util.c
+ rpc/binding_handle.c
+ ''',
+ deps='ndr tevent NDR_DCERPC LIBTSOCKET tevent-util',
pc_files=[],
public_headers='rpc/rpc_common.h',
vnum='0.0.1')
+bld.SAMBA_LIBRARY('dcerpc-pkt-auth',
+ private_library=True,
+ source='''
+ rpc/dcerpc_pkt_auth.c
+ ''',
+ deps='dcerpc-binding gensec')
+
bld.SAMBA_LIBRARY('dcerpc-server-core',
source='''
rpc/dcesrv_core.c
@@ -669,7 +681,14 @@ bld.SAMBA_LIBRARY('dcerpc-server-core',
rpc/dcesrv_reply.c
rpc/dcesrv_handles.c
''',
- deps='ndr dcerpc-binding samba-util-core gnutls GNUTLS_HELPERS',
+ deps='''
+ ndr
+ dcerpc-binding
+ samba-util-core
+ gnutls
+ GNUTLS_HELPERS
+ dcerpc-pkt-auth
+ ''',
pc_files=[],
public_headers='rpc/dcesrv_core.h',
autoproto='rpc/dcesrv_core_proto.h',
diff --git a/source3/wscript_build b/source3/wscript_build
index 5d04fcb41d1..a143477a506 100644
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -1034,9 +1034,11 @@ bld.SAMBA3_LIBRARY('cli_spoolss',
rpc_client/init_spoolss.c
''',
deps='''
- RPC_NDR_SPOOLSS
- smbconf
- secrets3''',
+ RPC_NDR_SPOOLSS
+ smbconf
+ secrets3
+ gensec
+ ''',
private_library=True)
bld.SAMBA3_SUBSYSTEM('LIBCLI_WINREG',
diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c
index f97263dcc5b..4847e8a0200 100644
--- a/source4/librpc/rpc/dcerpc.c
+++ b/source4/librpc/rpc/dcerpc.c
@@ -27,6 +27,7 @@
#include "librpc/rpc/dcerpc.h"
#include "librpc/rpc/dcerpc_proto.h"
#include "librpc/rpc/dcerpc_util.h"
+#include "librpc/rpc/dcerpc_pkt_auth.h"
#include "librpc/gen_ndr/ndr_misc.h"
#include "librpc/gen_ndr/ndr_dcerpc.h"
#include "auth/gensec/gensec.h"
diff --git a/source4/librpc/wscript_build b/source4/librpc/wscript_build
index ea9c4853d7a..511008d919d 100644
--- a/source4/librpc/wscript_build
+++ b/source4/librpc/wscript_build
@@ -157,7 +157,26 @@ bld.SAMBA_LIBRARY('dcerpc',
rpc/dcerpc_roh_channel_in.c rpc/dcerpc_roh_channel_out.c rpc/dcerpc_roh.c
rpc/dcerpc_connect.c rpc/dcerpc_secondary.c''',
pc_files='dcerpc.pc',
- deps='samba_socket LIBCLI_RESOLVE LIBCLI_SMB LIBCLI_SMB2 ndr NDR_DCERPC RPC_NDR_EPMAPPER NDR_SCHANNEL RPC_NDR_NETLOGON RPC_NDR_MGMT gensec LIBCLI_AUTH smbclient-raw LP_RESOLVE tevent-util dcerpc-binding param_options http',
+ deps='''
+ samba_socket
+ LIBCLI_RESOLVE
+ LIBCLI_SMB
+ LIBCLI_SMB2
+ ndr
+ NDR_DCERPC
+ RPC_NDR_EPMAPPER
+ NDR_SCHANNEL
+ RPC_NDR_NETLOGON
+ RPC_NDR_MGMT
+ gensec
+ LIBCLI_AUTH
+ smbclient-raw
+ LP_RESOLVE
+ tevent-util
+ dcerpc-binding
+ dcerpc-pkt-auth
+ param_options
+ http''',
autoproto='rpc/dcerpc_proto.h',
public_deps='samba-credentials tevent talloc',
public_headers='''rpc/dcerpc.h''',
--
2.25.1
From fba123a44e0afd9d2377e3e45b0b2d88aecb2136 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 13 Nov 2020 11:25:41 +0100
Subject: [PATCH 3/9] CVE-2021-23192: dcesrv_core: add better debugging to
dcesrv_fault_disconnect()
It's better to see the location that triggered the fault.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
---
librpc/rpc/dcesrv_core.c | 29 ++++++++++++++++++++++++-----
1 file changed, 24 insertions(+), 5 deletions(-)
diff --git a/librpc/rpc/dcesrv_core.c b/librpc/rpc/dcesrv_core.c
index 74730f22c7c..0c2d83b4b17 100644
--- a/librpc/rpc/dcesrv_core.c
+++ b/librpc/rpc/dcesrv_core.c
@@ -705,19 +705,38 @@ static NTSTATUS dcesrv_bind_nak(struct dcesrv_call_state *call, uint32_t reason)
return NT_STATUS_OK;
}
-static NTSTATUS dcesrv_fault_disconnect(struct dcesrv_call_state *call,
- uint32_t fault_code)
+static NTSTATUS _dcesrv_fault_disconnect_flags(struct dcesrv_call_state *call,
+ uint32_t fault_code,
+ uint8_t extra_flags,
+ const char *func,
+ const char *location)
{
+ const char *reason = NULL;
+
+ reason = talloc_asprintf(call, "%s:%s: fault=%u (%s) flags=0x%x",
+ func, location,
+ fault_code,
+ dcerpc_errstr(call, fault_code),
+ extra_flags);
+ if (reason == NULL) {
+ reason = location;
+ }
+
/*
* We add the call to the pending_call_list
* in order to defer the termination.
*/
- dcesrv_call_disconnect_after(call, "dcesrv_fault_disconnect");
- return dcesrv_fault_with_flags(call, fault_code,
- DCERPC_PFC_FLAG_DID_NOT_EXECUTE);
+ dcesrv_call_disconnect_after(call, reason);
+
+ return dcesrv_fault_with_flags(call, fault_code, extra_flags);
}
+#define dcesrv_fault_disconnect(call, fault_code) \
+ _dcesrv_fault_disconnect_flags(call, fault_code, \
+ DCERPC_PFC_FLAG_DID_NOT_EXECUTE, \
+ __func__, __location__)
+
static int dcesrv_connection_context_destructor(struct dcesrv_connection_context *c)
{
DLIST_REMOVE(c->conn->contexts, c);
--
2.25.1
From 937d9c1b4926aa4b511d1eb4f9b1729fb20ac9fa Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 13 Nov 2020 11:27:19 +0100
Subject: [PATCH 4/9] CVE-2021-23192: dcesrv_core: add
dcesrv_fault_disconnect0() that skips DCERPC_PFC_FLAG_DID_NOT_EXECUTE
That makes the callers much simpler and allow better debugging.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
---
librpc/rpc/dcesrv_core.c | 47 ++++++++++++++--------------------------
1 file changed, 16 insertions(+), 31 deletions(-)
diff --git a/librpc/rpc/dcesrv_core.c b/librpc/rpc/dcesrv_core.c
index 0c2d83b4b17..ffaa9019d4b 100644
--- a/librpc/rpc/dcesrv_core.c
+++ b/librpc/rpc/dcesrv_core.c
@@ -736,6 +736,9 @@ static NTSTATUS _dcesrv_fault_disconnect_flags(struct dcesrv_call_state *call,
_dcesrv_fault_disconnect_flags(call, fault_code, \
DCERPC_PFC_FLAG_DID_NOT_EXECUTE, \
__func__, __location__)
+#define dcesrv_fault_disconnect0(call, fault_code) \
+ _dcesrv_fault_disconnect_flags(call, fault_code, 0, \
+ __func__, __location__)
static int dcesrv_connection_context_destructor(struct dcesrv_connection_context *c)
{
@@ -2097,10 +2100,7 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn,
* Note that we don't check against the negotiated
* max_recv_frag, but a hard coded value.
*/
- dcesrv_call_disconnect_after(call,
- "dcesrv_auth_request - frag_length too large");
- return dcesrv_fault(call,
- DCERPC_NCA_S_PROTO_ERROR);
+ return dcesrv_fault_disconnect0(call, DCERPC_NCA_S_PROTO_ERROR);
}
if (call->pkt.pfc_flags & DCERPC_PFC_FLAG_FIRST) {
@@ -2110,10 +2110,7 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn,
* if DCERPC_PFC_FLAG_CONC_MPX was negotiated.
*/
if (!(dce_conn->state_flags & DCESRV_CALL_STATE_FLAG_MULTIPLEXED)) {
- dcesrv_call_disconnect_after(call,
- "dcesrv_auth_request - "
- "existing pending call without CONN_MPX");
- return dcesrv_fault(call,
+ return dcesrv_fault_disconnect0(call,
DCERPC_NCA_S_PROTO_ERROR);
}
}
@@ -2131,10 +2128,7 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn,
TALLOC_FREE(call);
call = dce_conn->incoming_fragmented_call_list;
}
- dcesrv_call_disconnect_after(call,
- "dcesrv_auth_request - "
- "existing fragmented call");
- return dcesrv_fault(call,
+ return dcesrv_fault_disconnect0(call,
DCERPC_NCA_S_PROTO_ERROR);
}
if (call->pkt.pfc_flags & DCERPC_PFC_FLAG_PENDING_CANCEL) {
@@ -2155,10 +2149,7 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn,
existing = dcesrv_find_fragmented_call(dce_conn,
call->pkt.call_id);
if (existing == NULL) {
- dcesrv_call_disconnect_after(call,
- "dcesrv_auth_request - "
- "no existing fragmented call");
- return dcesrv_fault(call,
+ return dcesrv_fault_disconnect0(call,
DCERPC_NCA_S_PROTO_ERROR);
}
er = &existing->pkt.u.request;
@@ -2211,12 +2202,10 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn,
* here, because we don't want to set
* DCERPC_PFC_FLAG_DID_NOT_EXECUTE
*/
- dcesrv_call_disconnect_after(call,
- "dcesrv_auth_request - failed");
if (call->fault_code == 0) {
call->fault_code = DCERPC_FAULT_ACCESS_DENIED;
}
- return dcesrv_fault(call, call->fault_code);
+ return dcesrv_fault_disconnect0(call, call->fault_code);
}
}
@@ -2233,20 +2222,17 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn,
*/
available = dce_conn->max_total_request_size;
if (er->stub_and_verifier.length > available) {
- dcesrv_call_disconnect_after(existing,
- "dcesrv_auth_request - existing payload too large");
- return dcesrv_fault(existing, DCERPC_FAULT_ACCESS_DENIED);
+ return dcesrv_fault_disconnect0(existing,
+ DCERPC_FAULT_ACCESS_DENIED);
}
available -= er->stub_and_verifier.length;
if (nr->alloc_hint > available) {
- dcesrv_call_disconnect_after(existing,
- "dcesrv_auth_request - alloc hint too large");
- return dcesrv_fault(existing, DCERPC_FAULT_ACCESS_DENIED);
+ return dcesrv_fault_disconnect0(existing,
+ DCERPC_FAULT_ACCESS_DENIED);
}
if (nr->stub_and_verifier.length > available) {
- dcesrv_call_disconnect_after(existing,
- "dcesrv_auth_request - new payload too large");
- return dcesrv_fault(existing, DCERPC_FAULT_ACCESS_DENIED);
+ return dcesrv_fault_disconnect0(existing,
+ DCERPC_FAULT_ACCESS_DENIED);
}
alloc_hint = er->stub_and_verifier.length + nr->alloc_hint;
/* allocate at least 1 byte */
@@ -2285,9 +2271,8 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn,
* Up to 4 MByte are allowed by all fragments
*/
if (call->pkt.u.request.alloc_hint > dce_conn->max_total_request_size) {
- dcesrv_call_disconnect_after(call,
- "dcesrv_auth_request - initial alloc hint too large");
- return dcesrv_fault(call, DCERPC_FAULT_ACCESS_DENIED);
+ return dcesrv_fault_disconnect0(call,
+ DCERPC_FAULT_ACCESS_DENIED);
}
dcesrv_call_set_list(call, DCESRV_LIST_FRAGMENTED_CALL_LIST);
return NT_STATUS_OK;
--
2.25.1
From 480bfd0a809705966d782839f02f899fc3f68241 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 11 Nov 2020 16:59:06 +0100
Subject: [PATCH 5/9] CVE-2021-23192: python/tests/dcerpc: change
assertNotEquals() into assertNotEqual()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
---
python/samba/tests/dcerpc/raw_protocol.py | 288 +++++++++++-----------
python/samba/tests/dcerpc/raw_testcase.py | 14 +-
2 files changed, 151 insertions(+), 151 deletions(-)
diff --git a/python/samba/tests/dcerpc/raw_protocol.py b/python/samba/tests/dcerpc/raw_protocol.py
index dc13d41c6a2..cbd398d5290 100755
--- a/python/samba/tests/dcerpc/raw_protocol.py
+++ b/python/samba/tests/dcerpc/raw_protocol.py
@@ -65,7 +65,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
pfc_flags=rep_pfc_flags, auth_length=0)
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
self.assertEqual(rep.u.secondary_address_size, 4)
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
self.assertPadding(rep.u._pad1, 2)
@@ -86,7 +86,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
rep = self.recv_pdu()
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id)
self.assertEqual(rep.u.cancel_count, 0)
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
@@ -108,7 +108,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
auth_length=0)
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
self.assertEqual(rep.u.secondary_address_size, 4)
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
self.assertPadding(rep.u._pad1, 2)
@@ -128,7 +128,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
pfc_flags=rep_pfc_flags, auth_length=0)
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
self.assertEqual(rep.u.secondary_address_size, 0)
self.assertEqual(rep.u.secondary_address, "")
self.assertPadding(rep.u._pad1, 2)
@@ -149,7 +149,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
rep = self.recv_pdu()
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id)
self.assertEqual(rep.u.cancel_count, 0)
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
@@ -396,7 +396,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
auth_length=0)
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
self.assertEqual(rep.u.secondary_address_size, 4)
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
self.assertPadding(rep.u._pad1, 2)
@@ -469,7 +469,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
auth_length=0)
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
self.assertEqual(rep.u.secondary_address_size, 4)
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
self.assertPadding(rep.u._pad1, 2)
@@ -489,7 +489,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
pfc_flags=req.pfc_flags |
dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, 0)
self.assertEqual(rep.u.cancel_count, 0)
self.assertEqual(rep.u.flags, 0)
@@ -521,7 +521,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
auth_length=0)
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
self.assertEqual(rep.u.secondary_address_size, 4)
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
self.assertPadding(rep.u._pad1, 2)
@@ -541,7 +541,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
auth_length=0)
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
self.assertEqual(rep.u.secondary_address_size, 0)
self.assertPadding(rep.u._pad1, 2)
self.assertEqual(rep.u.num_results, 1)
@@ -562,7 +562,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
pfc_flags=req.pfc_flags |
dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, ctx1.context_id)
self.assertEqual(rep.u.cancel_count, 0)
self.assertEqual(rep.u.flags, 0)
@@ -589,7 +589,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
auth_length=0)
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
self.assertEqual(rep.u.secondary_address_size, 4)
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
self.assertPadding(rep.u._pad1, 2)
@@ -609,7 +609,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
auth_length=0)
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
self.assertEqual(rep.u.secondary_address_size, 0)
self.assertPadding(rep.u._pad1, 2)
self.assertEqual(rep.u.num_results, 1)
@@ -630,7 +630,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
pfc_flags=req.pfc_flags |
dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, 0)
self.assertEqual(rep.u.cancel_count, 0)
self.assertEqual(rep.u.flags, 0)
@@ -646,7 +646,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
auth_length=0)
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
self.assertEqual(rep.u.secondary_address_size, 0)
self.assertPadding(rep.u._pad1, 2)
self.assertEqual(rep.u.num_results, 1)
@@ -705,7 +705,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
auth_length=0)
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
self.assertEqual(rep.u.secondary_address_size, 4)
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
self.assertPadding(rep.u._pad1, 2)
@@ -732,7 +732,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
pfc_flags=req.pfc_flags |
dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, 0)
self.assertEqual(rep.u.cancel_count, 0)
self.assertEqual(rep.u.flags, 0)
@@ -765,7 +765,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
auth_length=0)
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
self.assertEqual(rep.u.secondary_address_size, 4)
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
self.assertPadding(rep.u._pad1, 2)
@@ -794,7 +794,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
pfc_flags=req.pfc_flags |
dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, 0)
self.assertEqual(rep.u.cancel_count, 0)
self.assertEqual(rep.u.flags, 0)
@@ -826,7 +826,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
auth_length=0)
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
self.assertEqual(rep.u.secondary_address_size, 4)
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
self.assertPadding(rep.u._pad1, 2)
@@ -855,7 +855,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
auth_length=0)
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
self.assertEqual(rep.u.secondary_address_size, 0)
self.assertPadding(rep.u._pad1, 2)
self.assertEqual(rep.u.num_results, 1)
@@ -876,7 +876,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
pfc_flags=req.pfc_flags |
dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, ctx1a.context_id)
self.assertEqual(rep.u.cancel_count, 0)
self.assertEqual(rep.u.flags, 0)
@@ -902,7 +902,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
auth_length=0)
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
self.assertEqual(rep.u.secondary_address_size, 4)
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
self.assertPadding(rep.u._pad1, 2)
@@ -928,7 +928,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
auth_length=0)
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
self.assertEqual(rep.u.secondary_address_size, 0)
self.assertPadding(rep.u._pad1, 2)
self.assertEqual(rep.u.num_results, 1)
@@ -947,7 +947,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
rep = self.recv_pdu()
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id)
self.assertEqual(rep.u.cancel_count, 0)
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
@@ -966,7 +966,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
auth_length=0)
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
self.assertEqual(rep.u.secondary_address_size, 0)
self.assertPadding(rep.u._pad1, 2)
self.assertEqual(rep.u.num_results, 1)
@@ -985,7 +985,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
rep = self.recv_pdu()
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id)
self.assertEqual(rep.u.cancel_count, 0)
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
@@ -1004,7 +1004,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
auth_length=0)
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
self.assertEqual(rep.u.secondary_address_size, 0)
self.assertPadding(rep.u._pad1, 2)
self.assertEqual(rep.u.num_results, 1)
@@ -1023,7 +1023,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
rep = self.recv_pdu()
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id)
self.assertEqual(rep.u.cancel_count, 0)
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
@@ -1049,7 +1049,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
auth_length=0)
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
self.assertEqual(rep.u.secondary_address_size, 0)
self.assertPadding(rep.u._pad1, 2)
self.assertEqual(rep.u.num_results, 2)
@@ -1073,7 +1073,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
rep = self.recv_pdu()
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id)
self.assertEqual(rep.u.cancel_count, 0)
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
@@ -1085,7 +1085,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
auth_length=0)
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
self.assertEqual(rep.u.secondary_address_size, 0)
self.assertPadding(rep.u._pad1, 2)
self.assertEqual(rep.u.num_results, 2)
@@ -1109,7 +1109,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
rep = self.recv_pdu()
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id)
self.assertEqual(rep.u.cancel_count, 0)
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
@@ -1122,7 +1122,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
rep = self.recv_pdu()
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id)
self.assertEqual(rep.u.cancel_count, 0)
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
@@ -1134,7 +1134,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
auth_length=0)
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
self.assertEqual(rep.u.secondary_address_size, 0)
self.assertPadding(rep.u._pad1, 2)
self.assertEqual(rep.u.num_results, 2)
@@ -1158,7 +1158,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
rep = self.recv_pdu()
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id)
self.assertEqual(rep.u.cancel_count, 0)
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
@@ -1171,7 +1171,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
rep = self.recv_pdu()
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id)
self.assertEqual(rep.u.cancel_count, 0)
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
@@ -1197,7 +1197,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
auth_length=0)
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
self.assertEqual(rep.u.secondary_address_size, 0)
self.assertPadding(rep.u._pad1, 2)
self.assertEqual(rep.u.num_results, 2)
@@ -1221,7 +1221,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
rep = self.recv_pdu()
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id)
self.assertEqual(rep.u.cancel_count, 0)
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
@@ -1233,7 +1233,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
auth_length=0)
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
self.assertEqual(rep.u.secondary_address_size, 0)
self.assertPadding(rep.u._pad1, 2)
self.assertEqual(rep.u.num_results, 2)
@@ -1257,7 +1257,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
rep = self.recv_pdu()
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id)
self.assertEqual(rep.u.cancel_count, 0)
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
@@ -1282,7 +1282,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
auth_length=0)
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
self.assertEqual(rep.u.secondary_address_size, 4)
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
self.assertPadding(rep.u._pad1, 2)
@@ -1318,7 +1318,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
auth_length=0)
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
self.assertEqual(rep.u.secondary_address_size, 4)
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
self.assertPadding(rep.u._pad1, 2)
@@ -1352,7 +1352,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
auth_length=0)
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
self.assertEqual(rep.u.secondary_address_size, 4)
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
self.assertPadding(rep.u._pad1, 2)
@@ -1424,7 +1424,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
auth_length=0)
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
self.assertEqual(rep.u.secondary_address_size, 4)
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
self.assertPadding(rep.u._pad1, 2)
@@ -1459,7 +1459,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
auth_length=0)
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
self.assertEqual(rep.u.secondary_address_size, 4)
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
self.assertPadding(rep.u._pad1, 2)
@@ -1494,7 +1494,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
auth_length=0)
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
self.assertEqual(rep.u.secondary_address_size, 4)
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
self.assertPadding(rep.u._pad1, 2)
@@ -1617,7 +1617,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
self.assertEqual(rep.u.secondary_address_size, 4)
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
self.assertPadding(rep.u._pad1, 2)
@@ -1638,7 +1638,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
rep = self.recv_pdu()
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id)
self.assertEqual(rep.u.cancel_count, 0)
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
@@ -1658,7 +1658,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
# We get a fault back
self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id)
self.assertEqual(rep.u.cancel_count, 0)
self.assertEqual(rep.u.flags, 0)
@@ -1708,7 +1708,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
auth_length=0)
self.assertEqual(rep.u.max_xmit_frag, rep_both)
self.assertEqual(rep.u.max_recv_frag, rep_both)
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
self.assertEqual(rep.u.secondary_address_size, 4)
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
self.assertPadding(rep.u._pad1, 2)
@@ -1760,7 +1760,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
rep = self.recv_pdu(ndr_print=True, hexdump=True)
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id)
self.assertEqual(rep.u.cancel_count, 0)
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
@@ -1775,7 +1775,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
rep = self.recv_pdu()
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id)
self.assertEqual(rep.u.cancel_count, 0)
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
@@ -1791,7 +1791,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
# We get a fault
self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, 0)
self.assertEqual(rep.u.cancel_count, 0)
self.assertEqual(rep.u.flags, 0)
@@ -1866,7 +1866,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
auth_length=0)
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
self.assertEqual(rep.u.secondary_address_size, 4)
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
self.assertPadding(rep.u._pad1, 2)
@@ -1888,7 +1888,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
rep = self.recv_pdu()
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id)
self.assertEqual(rep.u.cancel_count, 0)
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
@@ -1902,7 +1902,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
rep = self.recv_pdu()
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id)
self.assertEqual(rep.u.cancel_count, 0)
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
@@ -1916,7 +1916,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
rep = self.recv_pdu()
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id)
self.assertEqual(rep.u.cancel_count, 0)
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
@@ -1994,7 +1994,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
# We get a fault back
self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id)
self.assertEqual(rep.u.cancel_count, 0)
self.assertEqual(rep.u.flags, 0)
@@ -2014,7 +2014,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
# We get a fault back
self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id)
self.assertEqual(rep.u.cancel_count, 0)
self.assertEqual(rep.u.flags, 0)
@@ -2036,7 +2036,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
# We get a fault back
self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id)
self.assertEqual(rep.u.cancel_count, 0)
self.assertEqual(rep.u.flags, 0)
@@ -2052,7 +2052,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
rep = self.recv_pdu()
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id)
self.assertEqual(rep.u.cancel_count, 0)
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
@@ -2098,7 +2098,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
# We get a fault back
self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, 0)
self.assertEqual(rep.u.cancel_count, 0)
self.assertEqual(rep.u.flags, 0)
@@ -2128,7 +2128,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
# We get a fault back
self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id)
self.assertEqual(rep.u.cancel_count, 0)
self.assertEqual(rep.u.flags, 0)
@@ -2195,7 +2195,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
dcerpc.DCERPC_PFC_FLAG_LAST |
dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, 0)
self.assertEqual(rep.u.cancel_count, 0)
self.assertEqual(rep.u.flags, 0)
@@ -2243,7 +2243,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
rep = self.recv_pdu()
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id)
self.assertEqual(rep.u.cancel_count, 0)
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
@@ -2277,7 +2277,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
rep = self.recv_pdu()
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id)
self.assertEqual(rep.u.cancel_count, 0)
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
@@ -2313,7 +2313,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
dcerpc.DCERPC_PFC_FLAG_LAST,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id)
self.assertEqual(rep.u.cancel_count, 0)
self.assertEqual(rep.u.flags, 0)
@@ -2341,7 +2341,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
rep = self.recv_pdu()
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id)
self.assertEqual(rep.u.cancel_count, 0)
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
@@ -2376,7 +2376,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
rep = self.recv_pdu()
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id)
self.assertEqual(rep.u.cancel_count, 0)
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
@@ -2390,7 +2390,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
rep = self.recv_pdu()
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id)
self.assertEqual(rep.u.cancel_count, 0)
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
@@ -2415,7 +2415,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
rep = self.recv_pdu()
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id & 0xff)
self.assertEqual(rep.u.cancel_count, 0)
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
@@ -2450,7 +2450,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
rep = self.recv_pdu()
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id & 0xff)
self.assertEqual(rep.u.cancel_count, 0)
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
@@ -2464,7 +2464,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
rep = self.recv_pdu()
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id & 0xff)
self.assertEqual(rep.u.cancel_count, 0)
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
@@ -2503,7 +2503,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
rep = self.recv_pdu()
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id & 0xff)
self.assertEqual(rep.u.cancel_count, 0)
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
@@ -2517,7 +2517,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
rep = self.recv_pdu()
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id & 0xff)
self.assertEqual(rep.u.cancel_count, 0)
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
@@ -2552,7 +2552,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
rep = self.recv_pdu()
self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req1.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req1.u.context_id)
self.assertEqual(rep.u.cancel_count, 0)
self.assertEqual(rep.u.flags, 0)
@@ -2600,7 +2600,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
rep = self.recv_pdu()
self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req2.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, 0)
self.assertEqual(rep.u.cancel_count, 0)
self.assertEqual(rep.u.flags, 0)
@@ -2650,7 +2650,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
self.assertEqual(rep.u.secondary_address_size, 4)
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
self.assertPadding(rep.u._pad1, 2)
@@ -2660,7 +2660,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
self.assertEqual(rep.u.ctx_list[0].reason,
dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
- self.assertNotEquals(len(rep.u.auth_info), 0)
+ self.assertNotEqual(len(rep.u.auth_info), 0)
a = self.parse_auth(rep.u.auth_info)
from_server = a.credentials
@@ -2691,7 +2691,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
self.assertEqual(rep.u.ctx_list[0].reason,
dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
- self.assertNotEquals(len(rep.u.auth_info), 0)
+ self.assertNotEqual(len(rep.u.auth_info), 0)
a = self.parse_auth(rep.u.auth_info)
from_server = a.credentials
@@ -2707,7 +2707,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
rep = self.recv_pdu()
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id & 0xff)
self.assertEqual(rep.u.cancel_count, 0)
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
@@ -2727,7 +2727,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
# We don't get an auth_info back
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id & 0xff)
self.assertEqual(rep.u.cancel_count, 0)
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
@@ -2747,7 +2747,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
# We get a fault back
self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id)
self.assertEqual(rep.u.cancel_count, 0)
self.assertEqual(rep.u.flags, 0)
@@ -2805,7 +2805,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
self.assertEqual(rep.u.secondary_address_size, 4)
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
self.assertPadding(rep.u._pad1, 2)
@@ -2815,7 +2815,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
self.assertEqual(rep.u.ctx_list[0].reason,
dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
- self.assertNotEquals(len(rep.u.auth_info), 0)
+ self.assertNotEqual(len(rep.u.auth_info), 0)
a = self.parse_auth(rep.u.auth_info)
from_server = a.credentials
@@ -2846,7 +2846,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
self.assertEqual(rep.u.ctx_list[0].reason,
dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
- self.assertNotEquals(len(rep.u.auth_info), 0)
+ self.assertNotEqual(len(rep.u.auth_info), 0)
a = self.parse_auth(rep.u.auth_info)
from_server = a.credentials
@@ -2868,7 +2868,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
# We get a fault back
self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id)
self.assertEqual(rep.u.cancel_count, 0)
self.assertEqual(rep.u.flags, 0)
@@ -2926,7 +2926,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
assoc_group_id = rep.u.assoc_group_id
self.assertEqual(rep.u.secondary_address_size, 4)
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
@@ -2937,7 +2937,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
self.assertEqual(rep.u.ctx_list[0].reason,
dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
- self.assertNotEquals(len(rep.u.auth_info), 0)
+ self.assertNotEqual(len(rep.u.auth_info), 0)
a = self.parse_auth(rep.u.auth_info)
from_server = a.credentials
@@ -2961,7 +2961,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
pfc_flags=req.pfc_flags |
dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, 0)
self.assertEqual(rep.u.cancel_count, 0)
self.assertEqual(rep.u.flags, 0)
@@ -3009,7 +3009,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
self.assertEqual(rep.u.secondary_address_size, 4)
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
self.assertPadding(rep.u._pad1, 2)
@@ -3019,7 +3019,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
self.assertEqual(rep.u.ctx_list[0].reason,
dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
- self.assertNotEquals(len(rep.u.auth_info), 0)
+ self.assertNotEqual(len(rep.u.auth_info), 0)
a = self.parse_auth(rep.u.auth_info)
from_server = a.credentials
@@ -3047,7 +3047,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
# We get a fault back
self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id)
self.assertEqual(rep.u.cancel_count, 0)
self.assertEqual(rep.u.flags, 0)
@@ -3098,7 +3098,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
self.assertEqual(rep.u.secondary_address_size, 4)
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
self.assertPadding(rep.u._pad1, 2)
@@ -3108,7 +3108,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
self.assertEqual(rep.u.ctx_list[0].reason,
dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
- self.assertNotEquals(len(rep.u.auth_info), 0)
+ self.assertNotEqual(len(rep.u.auth_info), 0)
a = self.parse_auth(rep.u.auth_info)
from_server = a.credentials
@@ -3137,7 +3137,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
self.assertEqual(rep.u.ctx_list[0].reason,
dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
- self.assertNotEquals(len(rep.u.auth_info), 0)
+ self.assertNotEqual(len(rep.u.auth_info), 0)
a = self.parse_auth(rep.u.auth_info)
from_server = a.credentials
@@ -3153,7 +3153,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
rep = self.recv_pdu()
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id & 0xff)
self.assertEqual(rep.u.cancel_count, 0)
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
@@ -3173,7 +3173,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
# We don't get an auth_info back
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id)
self.assertEqual(rep.u.cancel_count, 0)
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
@@ -3205,7 +3205,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
pfc_flags=req.pfc_flags |
dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, 0)
self.assertEqual(rep.u.cancel_count, 0)
self.assertEqual(rep.u.flags, 0)
@@ -3256,7 +3256,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
self.assertEqual(rep.u.secondary_address_size, 4)
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
self.assertPadding(rep.u._pad1, 2)
@@ -3266,7 +3266,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
self.assertEqual(rep.u.ctx_list[0].reason,
dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
- self.assertNotEquals(len(rep.u.auth_info), 0)
+ self.assertNotEqual(len(rep.u.auth_info), 0)
a = self.parse_auth(rep.u.auth_info)
from_server = a.credentials
@@ -3295,7 +3295,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
self.assertEqual(rep.u.ctx_list[0].reason,
dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
- self.assertNotEquals(len(rep.u.auth_info), 0)
+ self.assertNotEqual(len(rep.u.auth_info), 0)
a = self.parse_auth(rep.u.auth_info)
from_server = a.credentials
@@ -3311,7 +3311,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
rep = self.recv_pdu()
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id)
self.assertEqual(rep.u.cancel_count, 0)
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
@@ -3331,7 +3331,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
# We don't get an auth_info back
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id)
self.assertEqual(rep.u.cancel_count, 0)
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
@@ -3362,7 +3362,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
pfc_flags=req.pfc_flags |
dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, 0)
self.assertEqual(rep.u.cancel_count, 0)
self.assertEqual(rep.u.flags, 0)
@@ -3409,7 +3409,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
self.assertEqual(rep.u.secondary_address_size, 4)
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
self.assertPadding(rep.u._pad1, 2)
@@ -3419,7 +3419,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
self.assertEqual(rep.u.ctx_list[0].reason,
dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
- self.assertNotEquals(len(rep.u.auth_info), 0)
+ self.assertNotEqual(len(rep.u.auth_info), 0)
a = self.parse_auth(rep.u.auth_info)
from_server = a.credentials
@@ -3440,7 +3440,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
pfc_flags=req.pfc_flags |
dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, 0)
self.assertEqual(rep.u.cancel_count, 0)
self.assertEqual(rep.u.flags, 0)
@@ -3493,7 +3493,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
self.assertEqual(rep.u.secondary_address_size, 4)
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
self.assertPadding(rep.u._pad1, 2)
@@ -3503,7 +3503,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
self.assertEqual(rep.u.ctx_list[0].reason,
dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
- self.assertNotEquals(len(rep.u.auth_info), 0)
+ self.assertNotEqual(len(rep.u.auth_info), 0)
a = self.parse_auth(rep.u.auth_info)
from_server = a.credentials
@@ -3524,7 +3524,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
pfc_flags=req.pfc_flags |
dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, 0)
self.assertEqual(rep.u.cancel_count, 0)
self.assertEqual(rep.u.flags, 0)
@@ -3579,7 +3579,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
self.assertEqual(rep.u.secondary_address_size, 4)
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
self.assertPadding(rep.u._pad1, 2)
@@ -3589,7 +3589,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
self.assertEqual(rep.u.ctx_list[0].reason,
dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
- self.assertNotEquals(len(rep.u.auth_info), 0)
+ self.assertNotEqual(len(rep.u.auth_info), 0)
a = self.parse_auth(rep.u.auth_info)
from_server = a.credentials
@@ -3611,7 +3611,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
pfc_flags=req.pfc_flags |
dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, 0)
self.assertEqual(rep.u.cancel_count, 0)
self.assertEqual(rep.u.flags, 0)
@@ -3659,7 +3659,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
self.assertEqual(rep.u.secondary_address_size, 4)
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
self.assertPadding(rep.u._pad1, 2)
@@ -3669,7 +3669,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
self.assertEqual(rep.u.ctx_list[0].reason,
dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
- self.assertNotEquals(len(rep.u.auth_info), 0)
+ self.assertNotEqual(len(rep.u.auth_info), 0)
a = self.parse_auth(rep.u.auth_info)
from_server = a.credentials
@@ -3691,7 +3691,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
pfc_flags=req.pfc_flags |
dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, 0)
self.assertEqual(rep.u.cancel_count, 0)
self.assertEqual(rep.u.flags, 0)
@@ -3746,7 +3746,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
self.assertEqual(rep.u.secondary_address_size, 4)
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
self.assertPadding(rep.u._pad1, 2)
@@ -3756,7 +3756,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
self.assertEqual(rep.u.ctx_list[0].reason,
dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
- self.assertNotEquals(len(rep.u.auth_info), 0)
+ self.assertNotEqual(len(rep.u.auth_info), 0)
a = self.parse_auth(rep.u.auth_info)
from_server = a.credentials
@@ -3778,7 +3778,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
pfc_flags=req.pfc_flags |
dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, 0)
self.assertEqual(rep.u.cancel_count, 0)
self.assertEqual(rep.u.flags, 0)
@@ -3833,7 +3833,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
self.assertEqual(rep.u.secondary_address_size, 4)
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
self.assertPadding(rep.u._pad1, 2)
@@ -3843,7 +3843,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
self.assertEqual(rep.u.ctx_list[0].reason,
dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
- self.assertNotEquals(len(rep.u.auth_info), 0)
+ self.assertNotEqual(len(rep.u.auth_info), 0)
a = self.parse_auth(rep.u.auth_info)
from_server = a.credentials
@@ -3865,7 +3865,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
pfc_flags=req.pfc_flags |
dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, 0)
self.assertEqual(rep.u.cancel_count, 0)
self.assertEqual(rep.u.flags, 0)
@@ -3930,7 +3930,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
self.assertEqual(rep.u.secondary_address_size, 4)
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
self.assertPadding(rep.u._pad1, 2)
@@ -3940,7 +3940,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
self.assertEqual(rep.u.ctx_list[0].reason,
dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
- self.assertNotEquals(len(rep.u.auth_info), 0)
+ self.assertNotEqual(len(rep.u.auth_info), 0)
a = self.parse_auth(rep.u.auth_info)
from_server = a.credentials
@@ -3984,7 +3984,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
self.assertEqual(rep.u.ctx_list[0].reason,
dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
- self.assertNotEquals(len(rep.u.auth_info), 0)
+ self.assertNotEqual(len(rep.u.auth_info), 0)
a = self.parse_auth(rep.u.auth_info)
from_server = a.credentials
@@ -4000,7 +4000,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
rep = self.recv_pdu()
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id)
self.assertEqual(rep.u.cancel_count, 0)
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
@@ -4020,7 +4020,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
# We don't get an auth_info back
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id)
self.assertEqual(rep.u.cancel_count, 0)
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
@@ -4144,7 +4144,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
self.assertEqual(rep.u.secondary_address_size, 4)
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
self.assertPadding(rep.u._pad1, 2)
@@ -4154,7 +4154,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
self.assertEqual(rep.u.ctx_list[0].reason,
dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
- self.assertNotEquals(len(rep.u.auth_info), 0)
+ self.assertNotEqual(len(rep.u.auth_info), 0)
a = self.parse_auth(rep.u.auth_info)
from_server = a.credentials
@@ -4191,7 +4191,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
pfc_flags=req.pfc_flags |
dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, 0)
self.assertEqual(rep.u.cancel_count, 0)
self.assertEqual(rep.u.flags, 0)
@@ -4256,7 +4256,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
self.assertEqual(rep.u.secondary_address_size, 4)
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
self.assertPadding(rep.u._pad1, 2)
@@ -4266,7 +4266,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
self.assertEqual(rep.u.ctx_list[0].reason,
dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
- self.assertNotEquals(len(rep.u.auth_info), 0)
+ self.assertNotEqual(len(rep.u.auth_info), 0)
a = self.parse_auth(rep.u.auth_info)
from_server = a.credentials
@@ -4295,7 +4295,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
rep = self.recv_pdu()
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id)
self.assertEqual(rep.u.cancel_count, 0)
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
@@ -4315,7 +4315,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
# We don't get an auth_info back
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id)
self.assertEqual(rep.u.cancel_count, 0)
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
@@ -4375,7 +4375,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
self.assertEqual(rep.u.secondary_address_size, 4)
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
self.assertPadding(rep.u._pad1, 2)
@@ -4385,7 +4385,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
self.assertEqual(rep.u.ctx_list[0].reason,
dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
- self.assertNotEquals(len(rep.u.auth_info), 0)
+ self.assertNotEqual(len(rep.u.auth_info), 0)
a = self.parse_auth(rep.u.auth_info)
from_server = a.credentials
@@ -4406,7 +4406,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
pfc_flags=req.pfc_flags |
dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, 0)
self.assertEqual(rep.u.cancel_count, 0)
self.assertEqual(rep.u.flags, 0)
@@ -4521,7 +4521,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
pfc_flags=req.pfc_flags | response_fault_flags,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, ctx1.context_id)
self.assertEqual(rep.u.cancel_count, 0)
self.assertEqual(rep.u.flags, 0)
@@ -4688,7 +4688,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
(rep, rep_blob) = self.recv_pdu_raw()
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
auth_length=sig_size)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id & 0xff)
self.assertEqual(rep.u.cancel_count, 0)
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
@@ -4756,7 +4756,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
pfc_flags=req.pfc_flags |
dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, ctx1.context_id)
self.assertEqual(rep.u.cancel_count, 0)
self.assertEqual(rep.u.flags, 0)
@@ -4805,7 +4805,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
(rep, rep_blob) = self.recv_pdu_raw()
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
auth_length=sig_size)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id & 0xff)
self.assertEqual(rep.u.cancel_count, 0)
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
@@ -4870,7 +4870,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
(rep, rep_blob) = self.recv_pdu_raw()
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
auth_length=sig_size)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id & 0xff)
self.assertEqual(rep.u.cancel_count, 0)
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
diff --git a/python/samba/tests/dcerpc/raw_testcase.py b/python/samba/tests/dcerpc/raw_testcase.py
index f1c097ebe6d..ed77d329cd5 100644
--- a/python/samba/tests/dcerpc/raw_testcase.py
+++ b/python/samba/tests/dcerpc/raw_testcase.py
@@ -321,7 +321,7 @@ class RawDCERPCTest(TestCase):
pfc_flags=req.pfc_flags |
samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, 0)
self.assertEqual(rep.u.cancel_count, 0)
self.assertEqual(rep.u.flags, 0)
@@ -361,7 +361,7 @@ class RawDCERPCTest(TestCase):
if assoc_group_id != 0:
self.assertEqual(rep.u.assoc_group_id, assoc_group_id)
else:
- self.assertNotEquals(rep.u.assoc_group_id, 0)
+ self.assertNotEqual(rep.u.assoc_group_id, 0)
assoc_group_id = rep.u.assoc_group_id
sda_str = self.secondary_address
sda_len = len(sda_str) + 1
@@ -385,7 +385,7 @@ class RawDCERPCTest(TestCase):
self.assertEqual(rep.auth_length, 0)
self.assertEqual(len(rep.u.auth_info), 0)
return ack
- self.assertNotEquals(rep.auth_length, 0)
+ self.assertNotEqual(rep.auth_length, 0)
self.assertGreater(len(rep.u.auth_info), samba.dcerpc.dcerpc.DCERPC_AUTH_TRAILER_LENGTH)
self.assertEqual(rep.auth_length, len(rep.u.auth_info) - samba.dcerpc.dcerpc.DCERPC_AUTH_TRAILER_LENGTH)
@@ -426,7 +426,7 @@ class RawDCERPCTest(TestCase):
pfc_flags=req.pfc_flags |
samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, 0)
self.assertEqual(rep.u.cancel_count, 0)
self.assertEqual(rep.u.flags, 0)
@@ -451,7 +451,7 @@ class RawDCERPCTest(TestCase):
if finished:
self.assertEqual(rep.auth_length, 0)
else:
- self.assertNotEquals(rep.auth_length, 0)
+ self.assertNotEqual(rep.auth_length, 0)
self.assertGreaterEqual(len(rep.u.auth_info), samba.dcerpc.dcerpc.DCERPC_AUTH_TRAILER_LENGTH)
self.assertEqual(rep.auth_length, len(rep.u.auth_info) - samba.dcerpc.dcerpc.DCERPC_AUTH_TRAILER_LENGTH)
@@ -547,7 +547,7 @@ class RawDCERPCTest(TestCase):
if fault_status:
self.verify_pdu(rep, samba.dcerpc.dcerpc.DCERPC_PKT_FAULT, req.call_id,
pfc_flags=fault_pfc_flags, auth_length=0)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, fault_context_id)
self.assertEqual(rep.u.cancel_count, 0)
self.assertEqual(rep.u.flags, 0)
@@ -563,7 +563,7 @@ class RawDCERPCTest(TestCase):
self.verify_pdu(rep, samba.dcerpc.dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
auth_length=expected_auth_length)
- self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, req.u.context_id & 0xff)
self.assertEqual(rep.u.cancel_count, 0)
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
--
2.25.1
From 4ec27da793964c3c49995ada3da047bae0174d26 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 17 Nov 2020 09:50:58 +0100
Subject: [PATCH 6/9] CVE-2021-23192: python/tests/dcerpc: let
generate_request_auth() use g_auth_level in all places
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
---
python/samba/tests/dcerpc/raw_testcase.py | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/python/samba/tests/dcerpc/raw_testcase.py b/python/samba/tests/dcerpc/raw_testcase.py
index ed77d329cd5..53f7fa0a2a8 100644
--- a/python/samba/tests/dcerpc/raw_testcase.py
+++ b/python/samba/tests/dcerpc/raw_testcase.py
@@ -922,12 +922,12 @@ class RawDCERPCTest(TestCase):
req_data = req_blob[ofs_stub:ofs_trailer]
req_whole = req_blob[0:ofs_sig]
- if auth_context["auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_PRIVACY:
+ if auth_context["g_auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_PRIVACY:
# TODO: not yet supported here
self.assertTrue(False)
- elif auth_context["auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_PACKET:
+ elif auth_context["g_auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_PACKET:
req_sig = auth_context["gensec"].sign_packet(req_data, req_whole)
- elif auth_context["auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_CONNECT:
+ elif auth_context["g_auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_CONNECT:
self.assertEqual(auth_context["auth_type"],
dcerpc.DCERPC_AUTH_TYPE_NTLMSSP)
req_sig = b"\x01" +b"\x00" *15
--
2.25.1
From 188f01b8ac8b84e9e41a769731cb4426658920cb Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 17 Nov 2020 17:43:06 +0100
Subject: [PATCH 7/9] CVE-2021-23192: python/tests/dcerpc: fix
do_single_request(send_req=False)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
---
python/samba/tests/dcerpc/raw_testcase.py | 37 ++++++++++++-----------
1 file changed, 20 insertions(+), 17 deletions(-)
diff --git a/python/samba/tests/dcerpc/raw_testcase.py b/python/samba/tests/dcerpc/raw_testcase.py
index 53f7fa0a2a8..22b56704fa3 100644
--- a/python/samba/tests/dcerpc/raw_testcase.py
+++ b/python/samba/tests/dcerpc/raw_testcase.py
@@ -526,26 +526,25 @@ class RawDCERPCTest(TestCase):
if hexdump:
sys.stderr.write("stub_in: %d\n%s" % (len(stub_in), self.hexdump(stub_in)))
- pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST
- pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST
- if object is not None:
- pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_OBJECT_UUID
-
- req = self.generate_request_auth(call_id=call_id,
- context_id=ctx.context_id,
- pfc_flags=pfc_flags,
- object=object,
- opnum=io.opnum(),
- stub=stub_in,
- auth_context=auth_context)
- if send_req:
+ pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST
+ pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST
+ if object is not None:
+ pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_OBJECT_UUID
+
+ req = self.generate_request_auth(call_id=call_id,
+ context_id=ctx.context_id,
+ pfc_flags=pfc_flags,
+ object=object,
+ opnum=io.opnum(),
+ stub=stub_in,
+ auth_context=auth_context)
self.send_pdu(req, ndr_print=ndr_print, hexdump=hexdump)
if recv_rep:
(rep, rep_blob) = self.recv_pdu_raw(timeout=timeout,
ndr_print=ndr_print,
hexdump=hexdump)
if fault_status:
- self.verify_pdu(rep, samba.dcerpc.dcerpc.DCERPC_PKT_FAULT, req.call_id,
+ self.verify_pdu(rep, samba.dcerpc.dcerpc.DCERPC_PKT_FAULT, call_id,
pfc_flags=fault_pfc_flags, auth_length=0)
self.assertNotEqual(rep.u.alloc_hint, 0)
self.assertEqual(rep.u.context_id, fault_context_id)
@@ -559,12 +558,16 @@ class RawDCERPCTest(TestCase):
expected_auth_length = 0
if auth_context is not None and \
auth_context["auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_PACKET:
- expected_auth_length = req.auth_length
+ if send_req:
+ expected_auth_length = req.auth_length
+ else:
+ expected_auth_length = rep.auth_length
+
- self.verify_pdu(rep, samba.dcerpc.dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
+ self.verify_pdu(rep, samba.dcerpc.dcerpc.DCERPC_PKT_RESPONSE, call_id,
auth_length=expected_auth_length)
self.assertNotEqual(rep.u.alloc_hint, 0)
- self.assertEqual(rep.u.context_id, req.u.context_id & 0xff)
+ self.assertEqual(rep.u.context_id, ctx.context_id & 0xff)
self.assertEqual(rep.u.cancel_count, 0)
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
stub_out = self.check_response_auth(rep, rep_blob, auth_context)
--
2.25.1
From 7cf3a4a33282ed5b135fcdc47a5cc7cdca370ee7 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 17 Nov 2020 18:14:46 +0100
Subject: [PATCH 8/9] CVE-2021-23192: python/tests/dcerpc: add tests to check
how security contexts relate to fragmented requests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
---
python/samba/tests/dcerpc/raw_protocol.py | 1273 +++++++++++++++++++++
selftest/knownfail.d/dcerpc-auth-fraq | 20 +
2 files changed, 1293 insertions(+)
create mode 100644 selftest/knownfail.d/dcerpc-auth-fraq
diff --git a/python/samba/tests/dcerpc/raw_protocol.py b/python/samba/tests/dcerpc/raw_protocol.py
index cbd398d5290..3c9d0b136a5 100755
--- a/python/samba/tests/dcerpc/raw_protocol.py
+++ b/python/samba/tests/dcerpc/raw_protocol.py
@@ -1683,6 +1683,1279 @@ class TestDCERPC_BIND(RawDCERPCTest):
def test_auth_none_packet_request(self):
return self._test_auth_none_level_request(dcerpc.DCERPC_AUTH_LEVEL_PACKET)
+ def test_ntlmssp_multi_auth_first1_lastSame2(self):
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
+ expected_fault = dcerpc.DCERPC_FAULT_SEC_PKG_ERROR
+ auth_context_2nd = 2
+ expected_call_id = None
+ expected_context_id = None
+ not_executed = False
+ conc_mpx = False
+ forced_call_id = None
+ forced_context_id = None
+ forced_opnum = None
+ forced_auth_context_id = None
+ forced_auth_type = None
+ forced_auth_level = None
+ return self._test_generic_auth_first_last(auth_type,
+ expected_fault,
+ auth_context_2nd=auth_context_2nd,
+ expected_call_id=expected_call_id,
+ expected_context_id=expected_context_id,
+ not_executed=not_executed,
+ conc_mpx=conc_mpx,
+ forced_call_id=forced_call_id,
+ forced_context_id=forced_context_id,
+ forced_opnum=forced_opnum,
+ forced_auth_context_id=forced_auth_context_id,
+ forced_auth_type=forced_auth_type,
+ forced_auth_level=forced_auth_level)
+
+ def test_ntlmssp_multi_auth_first1_lastNext2(self):
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
+ auth_context_2nd = 2
+ expected_call_id = None
+ expected_context_id = None
+ not_executed = False
+ conc_mpx = False
+ forced_call_id = 4
+ forced_context_id = None
+ forced_opnum = None
+ forced_auth_context_id = None
+ forced_auth_type = None
+ forced_auth_level = None
+ return self._test_generic_auth_first_last(auth_type,
+ expected_fault,
+ auth_context_2nd=auth_context_2nd,
+ expected_call_id=expected_call_id,
+ expected_context_id=expected_context_id,
+ not_executed=not_executed,
+ conc_mpx=conc_mpx,
+ forced_call_id=forced_call_id,
+ forced_context_id=forced_context_id,
+ forced_opnum=forced_opnum,
+ forced_auth_context_id=forced_auth_context_id,
+ forced_auth_type=forced_auth_type,
+ forced_auth_level=forced_auth_level)
+
+ def test_ntlmssp_multi_auth_first1_lastSame111(self):
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
+ expected_fault = None
+ auth_context_2nd = 1
+ expected_call_id = None
+ expected_context_id = None
+ not_executed = False
+ conc_mpx = False
+ forced_call_id = None
+ forced_context_id = 111
+ forced_opnum = 111
+ forced_auth_context_id = 111
+ forced_auth_type = 111
+ forced_auth_level = 111
+ return self._test_generic_auth_first_last(auth_type,
+ expected_fault,
+ auth_context_2nd=auth_context_2nd,
+ expected_call_id=expected_call_id,
+ expected_context_id=expected_context_id,
+ not_executed=not_executed,
+ conc_mpx=conc_mpx,
+ forced_call_id=forced_call_id,
+ forced_context_id=forced_context_id,
+ forced_opnum=forced_opnum,
+ forced_auth_context_id=forced_auth_context_id,
+ forced_auth_type=forced_auth_type,
+ forced_auth_level=forced_auth_level)
+
+ def test_ntlmssp_multi_auth_first1_lastNext111(self):
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
+ auth_context_2nd = 1
+ expected_call_id = None
+ expected_context_id = None
+ not_executed = False
+ conc_mpx = False
+ forced_call_id = 4
+ forced_context_id = 111
+ forced_opnum = 111
+ forced_auth_context_id = 111
+ forced_auth_type = 111
+ forced_auth_level = 111
+ return self._test_generic_auth_first_last(auth_type,
+ expected_fault,
+ auth_context_2nd=auth_context_2nd,
+ expected_call_id=expected_call_id,
+ expected_context_id=expected_context_id,
+ not_executed=not_executed,
+ conc_mpx=conc_mpx,
+ forced_call_id=forced_call_id,
+ forced_context_id=forced_context_id,
+ forced_opnum=forced_opnum,
+ forced_auth_context_id=forced_auth_context_id,
+ forced_auth_type=forced_auth_type,
+ forced_auth_level=forced_auth_level)
+
+ def test_ntlmssp_multi_auth_MPX_first1_lastNext111(self):
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
+ auth_context_2nd = 1
+ expected_call_id = 4
+ expected_context_id = 0
+ not_executed = False
+ conc_mpx = True
+ forced_call_id = 4
+ forced_context_id = 111
+ forced_opnum = 111
+ forced_auth_context_id = 111
+ forced_auth_type = 111
+ forced_auth_level = 111
+ return self._test_generic_auth_first_last(auth_type,
+ expected_fault,
+ auth_context_2nd=auth_context_2nd,
+ expected_call_id=expected_call_id,
+ expected_context_id=expected_context_id,
+ not_executed=not_executed,
+ conc_mpx=conc_mpx,
+ forced_call_id=forced_call_id,
+ forced_context_id=forced_context_id,
+ forced_opnum=forced_opnum,
+ forced_auth_context_id=forced_auth_context_id,
+ forced_auth_type=forced_auth_type,
+ forced_auth_level=forced_auth_level)
+
+ def test_ntlmssp_multi_auth_first1_lastSameNone(self):
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
+ auth_context_2nd = None
+ expected_call_id = None
+ expected_context_id = None
+ not_executed = False
+ conc_mpx = False
+ forced_call_id = None
+ forced_context_id = None
+ forced_opnum = None
+ forced_auth_context_id = None
+ forced_auth_type = None
+ forced_auth_level = None
+ return self._test_generic_auth_first_last(auth_type,
+ expected_fault,
+ auth_context_2nd=auth_context_2nd,
+ expected_call_id=expected_call_id,
+ expected_context_id=expected_context_id,
+ not_executed=not_executed,
+ conc_mpx=conc_mpx,
+ forced_call_id=forced_call_id,
+ forced_context_id=forced_context_id,
+ forced_opnum=forced_opnum,
+ forced_auth_context_id=forced_auth_context_id,
+ forced_auth_type=forced_auth_type,
+ forced_auth_level=forced_auth_level)
+
+ def test_ntlmssp_multi_auth_MPX_first1_lastSameNone(self):
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
+ auth_context_2nd = None
+ expected_call_id = None
+ expected_context_id = None
+ not_executed = False
+ conc_mpx = True
+ forced_call_id = None
+ forced_context_id = None
+ forced_opnum = None
+ forced_auth_context_id = None
+ forced_auth_type = None
+ forced_auth_level = None
+ return self._test_generic_auth_first_last(auth_type,
+ expected_fault,
+ auth_context_2nd=auth_context_2nd,
+ expected_call_id=expected_call_id,
+ expected_context_id=expected_context_id,
+ not_executed=not_executed,
+ conc_mpx=conc_mpx,
+ forced_call_id=forced_call_id,
+ forced_context_id=forced_context_id,
+ forced_opnum=forced_opnum,
+ forced_auth_context_id=forced_auth_context_id,
+ forced_auth_type=forced_auth_type,
+ forced_auth_level=forced_auth_level)
+
+ def test_ntlmssp_multi_auth_first1_lastNextNone(self):
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
+ auth_context_2nd = None
+ expected_call_id = None
+ expected_context_id = None
+ not_executed = False
+ conc_mpx = False
+ forced_call_id = 4
+ forced_context_id = None
+ forced_opnum = None
+ forced_auth_context_id = None
+ forced_auth_type = None
+ forced_auth_level = None
+ return self._test_generic_auth_first_last(auth_type,
+ expected_fault,
+ auth_context_2nd=auth_context_2nd,
+ expected_call_id=expected_call_id,
+ expected_context_id=expected_context_id,
+ not_executed=not_executed,
+ conc_mpx=conc_mpx,
+ forced_call_id=forced_call_id,
+ forced_context_id=forced_context_id,
+ forced_opnum=forced_opnum,
+ forced_auth_context_id=forced_auth_context_id,
+ forced_auth_type=forced_auth_type,
+ forced_auth_level=forced_auth_level)
+
+ def test_ntlmssp_multi_auth_MPX_first1_lastNextNone(self):
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
+ auth_context_2nd = None
+ expected_call_id = 4
+ expected_context_id = 0
+ not_executed = False
+ conc_mpx = True
+ forced_call_id = 4
+ forced_context_id = None
+ forced_opnum = None
+ forced_auth_context_id = None
+ forced_auth_type = None
+ forced_auth_level = None
+ return self._test_generic_auth_first_last(auth_type,
+ expected_fault,
+ auth_context_2nd=auth_context_2nd,
+ expected_call_id=expected_call_id,
+ expected_context_id=expected_context_id,
+ not_executed=not_executed,
+ conc_mpx=conc_mpx,
+ forced_call_id=forced_call_id,
+ forced_context_id=forced_context_id,
+ forced_opnum=forced_opnum,
+ forced_auth_context_id=forced_auth_context_id,
+ forced_auth_type=forced_auth_type,
+ forced_auth_level=forced_auth_level)
+
+ def test_ntlmssp_multi_auth_first1_lastSameNone111(self):
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
+ auth_context_2nd = None
+ expected_call_id = None
+ expected_context_id = None
+ not_executed = False
+ conc_mpx = False
+ forced_call_id = None
+ forced_context_id = 111
+ forced_opnum = 111
+ forced_auth_context_id = None
+ forced_auth_type = None
+ forced_auth_level = None
+ return self._test_generic_auth_first_last(auth_type,
+ expected_fault,
+ auth_context_2nd=auth_context_2nd,
+ expected_call_id=expected_call_id,
+ expected_context_id=expected_context_id,
+ not_executed=not_executed,
+ conc_mpx=conc_mpx,
+ forced_call_id=forced_call_id,
+ forced_context_id=forced_context_id,
+ forced_opnum=forced_opnum,
+ forced_auth_context_id=forced_auth_context_id,
+ forced_auth_type=forced_auth_type,
+ forced_auth_level=forced_auth_level)
+
+ def test_ntlmssp_multi_auth_MPX_first1_lastSameNone111(self):
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
+ auth_context_2nd = None
+ expected_call_id = None
+ expected_context_id = None
+ not_executed = False
+ conc_mpx = True
+ forced_call_id = None
+ forced_context_id = 111
+ forced_opnum = 111
+ forced_auth_context_id = None
+ forced_auth_type = None
+ forced_auth_level = None
+ return self._test_generic_auth_first_last(auth_type,
+ expected_fault,
+ auth_context_2nd=auth_context_2nd,
+ expected_call_id=expected_call_id,
+ expected_context_id=expected_context_id,
+ not_executed=not_executed,
+ conc_mpx=conc_mpx,
+ forced_call_id=forced_call_id,
+ forced_context_id=forced_context_id,
+ forced_opnum=forced_opnum,
+ forced_auth_context_id=forced_auth_context_id,
+ forced_auth_type=forced_auth_type,
+ forced_auth_level=forced_auth_level)
+
+ def test_ntlmssp_multi_auth_first1_lastNextNone111(self):
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
+ auth_context_2nd = None
+ expected_call_id = None
+ expected_context_id = None
+ not_executed = False
+ conc_mpx = False
+ forced_call_id = 4
+ forced_context_id = 111
+ forced_opnum = 111
+ forced_auth_context_id = None
+ forced_auth_type = None
+ forced_auth_level = None
+ return self._test_generic_auth_first_last(auth_type,
+ expected_fault,
+ auth_context_2nd=auth_context_2nd,
+ expected_call_id=expected_call_id,
+ expected_context_id=expected_context_id,
+ not_executed=not_executed,
+ conc_mpx=conc_mpx,
+ forced_call_id=forced_call_id,
+ forced_context_id=forced_context_id,
+ forced_opnum=forced_opnum,
+ forced_auth_context_id=forced_auth_context_id,
+ forced_auth_type=forced_auth_type,
+ forced_auth_level=forced_auth_level)
+
+ def test_ntlmssp_multi_auth_MPX_first1_lastNextNone111(self):
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
+ auth_context_2nd = None
+ expected_call_id = 4
+ expected_context_id = 0
+ not_executed = False
+ conc_mpx = True
+ forced_call_id = 4
+ forced_context_id = 111
+ forced_opnum = 111
+ forced_auth_context_id = None
+ forced_auth_type = None
+ forced_auth_level = None
+ return self._test_generic_auth_first_last(auth_type,
+ expected_fault,
+ auth_context_2nd=auth_context_2nd,
+ expected_call_id=expected_call_id,
+ expected_context_id=expected_context_id,
+ not_executed=not_executed,
+ conc_mpx=conc_mpx,
+ forced_call_id=forced_call_id,
+ forced_context_id=forced_context_id,
+ forced_opnum=forced_opnum,
+ forced_auth_context_id=forced_auth_context_id,
+ forced_auth_type=forced_auth_type,
+ forced_auth_level=forced_auth_level)
+
+ def _test_generic_auth_first_2nd(self,
+ auth_type,
+ pfc_flags_2nd,
+ expected_fault,
+ auth_context_2nd=2,
+ skip_first=False,
+ expected_call_id=None,
+ expected_context_id=None,
+ conc_mpx=False,
+ not_executed=False,
+ forced_call_id=None,
+ forced_context_id=None,
+ forced_opnum=None,
+ forced_auth_context_id=None,
+ forced_auth_type=None,
+ forced_auth_level=None):
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
+ auth_level1 = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
+ auth_context_id1=1
+ auth_level2 = dcerpc.DCERPC_AUTH_LEVEL_PACKET
+ auth_context_id2=2
+
+ creds = self.get_user_creds()
+
+ abstract = samba.dcerpc.mgmt.abstract_syntax()
+ transfer = base.transfer_syntax_ndr()
+
+ tsf1_list = [transfer]
+ ctx = samba.dcerpc.dcerpc.ctx_list()
+ ctx.context_id = 1
+ ctx.num_transfer_syntaxes = len(tsf1_list)
+ ctx.abstract_syntax = abstract
+ ctx.transfer_syntaxes = tsf1_list
+
+ auth_context1 = self.get_auth_context_creds(creds=creds,
+ auth_type=auth_type,
+ auth_level=auth_level1,
+ auth_context_id=auth_context_id1,
+ hdr_signing=False)
+ auth_context2 = self.get_auth_context_creds(creds=creds,
+ auth_type=auth_type,
+ auth_level=auth_level2,
+ auth_context_id=auth_context_id2,
+ hdr_signing=False)
+
+ bind_pfc_flags = dcerpc.DCERPC_PFC_FLAG_FIRST | dcerpc.DCERPC_PFC_FLAG_LAST
+ if conc_mpx:
+ bind_pfc_flags |= dcerpc.DCERPC_PFC_FLAG_CONC_MPX
+
+ ack0 = self.do_generic_bind(call_id=0,
+ ctx=ctx,
+ pfc_flags=bind_pfc_flags)
+
+ ack1 = self.do_generic_bind(call_id=1,
+ ctx=ctx,
+ auth_context=auth_context1,
+ assoc_group_id = ack0.u.assoc_group_id,
+ start_with_alter=True)
+ if auth_context_2nd == 2:
+ ack2 = self.do_generic_bind(call_id=2,
+ ctx=ctx,
+ auth_context=auth_context2,
+ assoc_group_id = ack0.u.assoc_group_id,
+ start_with_alter=True)
+
+ ndr_print = self.do_ndr_print
+ hexdump = self.do_hexdump
+ inq_if_ids = samba.dcerpc.mgmt.inq_if_ids()
+ io = inq_if_ids
+ if ndr_print:
+ sys.stderr.write("in: %s" % samba.ndr.ndr_print_in(io))
+ stub_in = samba.ndr.ndr_pack_in(io)
+ stub_in += b'\xfe'*45 # add some padding in order to have some payload
+ if hexdump:
+ sys.stderr.write("stub_in: %d\n%s" % (len(stub_in), self.hexdump(stub_in)))
+
+ call_id = 3
+ context_id = ctx.context_id
+ opnum = io.opnum()
+
+ if not skip_first:
+ pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST
+ stub_in_tmp = stub_in[0:16]
+ req = self.generate_request_auth(call_id=call_id,
+ context_id=context_id,
+ pfc_flags=pfc_flags,
+ opnum=opnum,
+ alloc_hint=len(stub_in),
+ stub=stub_in_tmp,
+ auth_context=auth_context1)
+ self.send_pdu(req, ndr_print=ndr_print, hexdump=hexdump)
+ rep = self.recv_pdu(timeout=0.01)
+ self.assertIsNone(rep)
+ self.assertIsConnected()
+
+ # context_id, opnum and auth header values are completely ignored
+ if auth_context_2nd == 1:
+ auth_context_copy = auth_context1.copy()
+ elif auth_context_2nd == 2:
+ auth_context_copy = auth_context2.copy()
+ else:
+ auth_context_copy = None
+
+ expected_pfc_flags = dcerpc.DCERPC_PFC_FLAG_FIRST | dcerpc.DCERPC_PFC_FLAG_LAST
+ if expected_context_id is None:
+ expected_context_id = context_id
+ if expected_call_id is None:
+ expected_call_id = call_id
+ if not_executed:
+ expected_pfc_flags |= dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE
+
+ if forced_call_id is not None:
+ call_id = forced_call_id
+ if forced_context_id is not None:
+ context_id = forced_context_id
+ if forced_opnum is not None:
+ opnum = forced_opnum
+ if forced_auth_context_id is not None:
+ auth_context_copy["auth_context_id"] = forced_auth_context_id
+ if forced_auth_type is not None:
+ auth_context_copy["auth_type"] = forced_auth_type
+ if forced_auth_level is not None:
+ auth_context_copy["auth_level"] = forced_auth_level
+
+ pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST
+ stub_in_tmp = stub_in[16:-1]
+ req = self.generate_request_auth(call_id=call_id,
+ context_id=context_id,
+ pfc_flags=pfc_flags_2nd,
+ opnum=opnum,
+ alloc_hint=len(stub_in_tmp),
+ stub=stub_in_tmp,
+ auth_context=auth_context_copy)
+ self.send_pdu(req, ndr_print=ndr_print, hexdump=hexdump)
+ if expected_fault is None:
+ self.do_single_request(call_id=3, ctx=ctx, io=io, send_req=False, auth_context=auth_context1)
+ return
+ rep = self.recv_pdu()
+ self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, expected_call_id,
+ pfc_flags=expected_pfc_flags,
+ auth_length=0)
+ self.assertNotEqual(rep.u.alloc_hint, 0)
+ self.assertEqual(rep.u.context_id, expected_context_id)
+ self.assertEqual(rep.u.cancel_count, 0)
+ self.assertEqual(rep.u.flags, 0)
+ self.assertEqual(rep.u.status, expected_fault)
+ self.assertEqual(rep.u.reserved, 0)
+ self.assertEqual(len(rep.u.error_and_verifier), 0)
+
+ if not_executed:
+ # still alive
+ rep = self.recv_pdu(timeout=0.01)
+ self.assertIsNone(rep)
+ self.assertIsConnected()
+ return
+
+ # wait for a disconnect
+ rep = self.recv_pdu()
+ self.assertIsNone(rep)
+ self.assertNotConnected()
+
+ def _test_generic_auth_first_last(self,
+ auth_type,
+ expected_fault,
+ auth_context_2nd=2,
+ expected_call_id=None,
+ expected_context_id=None,
+ conc_mpx=False,
+ not_executed=False,
+ forced_call_id=None,
+ forced_context_id=None,
+ forced_opnum=None,
+ forced_auth_context_id=None,
+ forced_auth_type=None,
+ forced_auth_level=None):
+ pfc_flags_2nd = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST
+ return self._test_generic_auth_first_2nd(auth_type,
+ pfc_flags_2nd,
+ expected_fault,
+ auth_context_2nd=auth_context_2nd,
+ expected_call_id=expected_call_id,
+ expected_context_id=expected_context_id,
+ not_executed=not_executed,
+ conc_mpx=conc_mpx,
+ forced_call_id=forced_call_id,
+ forced_context_id=forced_context_id,
+ forced_opnum=forced_opnum,
+ forced_auth_context_id=forced_auth_context_id,
+ forced_auth_type=forced_auth_type,
+ forced_auth_level=forced_auth_level)
+
+ def _test_generic_auth_first_first(self,
+ auth_type,
+ expected_fault,
+ auth_context_2nd=2,
+ expected_call_id=None,
+ expected_context_id=None,
+ conc_mpx=False,
+ not_executed=False,
+ forced_call_id=None,
+ forced_context_id=None,
+ forced_opnum=None,
+ forced_auth_context_id=None,
+ forced_auth_type=None,
+ forced_auth_level=None):
+ pfc_flags_2nd = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST
+ return self._test_generic_auth_first_2nd(auth_type,
+ pfc_flags_2nd,
+ expected_fault,
+ auth_context_2nd=auth_context_2nd,
+ expected_call_id=expected_call_id,
+ expected_context_id=expected_context_id,
+ not_executed=not_executed,
+ conc_mpx=conc_mpx,
+ forced_call_id=forced_call_id,
+ forced_context_id=forced_context_id,
+ forced_opnum=forced_opnum,
+ forced_auth_context_id=forced_auth_context_id,
+ forced_auth_type=forced_auth_type,
+ forced_auth_level=forced_auth_level)
+
+ def test_ntlmssp_multi_auth_first1_firstSame2(self):
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
+ expected_fault = dcerpc.DCERPC_FAULT_SEC_PKG_ERROR
+ auth_context_2nd = 2
+ expected_call_id = None
+ expected_context_id = None
+ not_executed = False
+ conc_mpx = False
+ forced_call_id = None
+ forced_context_id = None
+ forced_opnum = None
+ forced_auth_context_id = None
+ forced_auth_type = None
+ forced_auth_level = None
+ return self._test_generic_auth_first_first(auth_type,
+ expected_fault,
+ auth_context_2nd=auth_context_2nd,
+ expected_call_id=expected_call_id,
+ expected_context_id=expected_context_id,
+ not_executed=not_executed,
+ conc_mpx=conc_mpx,
+ forced_call_id=forced_call_id,
+ forced_context_id=forced_context_id,
+ forced_opnum=forced_opnum,
+ forced_auth_context_id=forced_auth_context_id,
+ forced_auth_type=forced_auth_type,
+ forced_auth_level=forced_auth_level)
+
+ def test_ntlmssp_multi_auth_first1_firstNext2(self):
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
+ auth_context_2nd = 2
+ expected_call_id = 3
+ expected_context_id = None
+ not_executed = False
+ conc_mpx = False
+ forced_call_id = 4
+ forced_context_id = None
+ forced_opnum = None
+ forced_auth_context_id = None
+ forced_auth_type = None
+ forced_auth_level = None
+ return self._test_generic_auth_first_first(auth_type,
+ expected_fault,
+ auth_context_2nd=auth_context_2nd,
+ expected_call_id=expected_call_id,
+ expected_context_id=expected_context_id,
+ not_executed=not_executed,
+ conc_mpx=conc_mpx,
+ forced_call_id=forced_call_id,
+ forced_context_id=forced_context_id,
+ forced_opnum=forced_opnum,
+ forced_auth_context_id=forced_auth_context_id,
+ forced_auth_type=forced_auth_type,
+ forced_auth_level=forced_auth_level)
+
+ def test_ntlmssp_multi_auth_first1_firstSame111(self):
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
+ auth_context_2nd = 1
+ expected_call_id = None
+ expected_context_id = None
+ not_executed = False
+ conc_mpx = False
+ forced_call_id = None
+ forced_context_id = 111
+ forced_opnum = 111
+ forced_auth_context_id = 111
+ forced_auth_type = 111
+ forced_auth_level = 111
+ return self._test_generic_auth_first_first(auth_type,
+ expected_fault,
+ auth_context_2nd=auth_context_2nd,
+ expected_call_id=expected_call_id,
+ expected_context_id=expected_context_id,
+ not_executed=not_executed,
+ conc_mpx=conc_mpx,
+ forced_call_id=forced_call_id,
+ forced_context_id=forced_context_id,
+ forced_opnum=forced_opnum,
+ forced_auth_context_id=forced_auth_context_id,
+ forced_auth_type=forced_auth_type,
+ forced_auth_level=forced_auth_level)
+
+ def test_ntlmssp_multi_auth_MPX_first1_firstSame111(self):
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
+ auth_context_2nd = 1
+ expected_call_id = None
+ expected_context_id = None
+ not_executed = False
+ conc_mpx = True
+ forced_call_id = None
+ forced_context_id = 111
+ forced_opnum = 111
+ forced_auth_context_id = 111
+ forced_auth_type = 111
+ forced_auth_level = 111
+ return self._test_generic_auth_first_first(auth_type,
+ expected_fault,
+ auth_context_2nd=auth_context_2nd,
+ expected_call_id=expected_call_id,
+ expected_context_id=expected_context_id,
+ not_executed=not_executed,
+ conc_mpx=conc_mpx,
+ forced_call_id=forced_call_id,
+ forced_context_id=forced_context_id,
+ forced_opnum=forced_opnum,
+ forced_auth_context_id=forced_auth_context_id,
+ forced_auth_type=forced_auth_type,
+ forced_auth_level=forced_auth_level)
+
+ def test_ntlmssp_multi_auth_first1_firstNext111(self):
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
+ auth_context_2nd = 1
+ expected_call_id = 3
+ expected_context_id = None
+ not_executed = False
+ conc_mpx = False
+ forced_call_id = 4
+ forced_context_id = 111
+ forced_opnum = 111
+ forced_auth_context_id = 111
+ forced_auth_type = 111
+ forced_auth_level = 111
+ return self._test_generic_auth_first_first(auth_type,
+ expected_fault,
+ auth_context_2nd=auth_context_2nd,
+ expected_call_id=expected_call_id,
+ expected_context_id=expected_context_id,
+ not_executed=not_executed,
+ conc_mpx=conc_mpx,
+ forced_call_id=forced_call_id,
+ forced_context_id=forced_context_id,
+ forced_opnum=forced_opnum,
+ forced_auth_context_id=forced_auth_context_id,
+ forced_auth_type=forced_auth_type,
+ forced_auth_level=forced_auth_level)
+
+ def test_ntlmssp_multi_auth_MPX_first1_firstNext111(self):
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
+ auth_context_2nd = 1
+ expected_call_id = 4
+ expected_context_id = 0
+ not_executed = False
+ conc_mpx = True
+ forced_call_id = 4
+ forced_context_id = 111
+ forced_opnum = 111
+ forced_auth_context_id = 111
+ forced_auth_type = 111
+ forced_auth_level = 111
+ return self._test_generic_auth_first_first(auth_type,
+ expected_fault,
+ auth_context_2nd=auth_context_2nd,
+ expected_call_id=expected_call_id,
+ expected_context_id=expected_context_id,
+ not_executed=not_executed,
+ conc_mpx=conc_mpx,
+ forced_call_id=forced_call_id,
+ forced_context_id=forced_context_id,
+ forced_opnum=forced_opnum,
+ forced_auth_context_id=forced_auth_context_id,
+ forced_auth_type=forced_auth_type,
+ forced_auth_level=forced_auth_level)
+
+ def test_ntlmssp_multi_auth_first1_firstSameNone(self):
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
+ auth_context_2nd = None
+ expected_call_id = None
+ expected_context_id = None
+ not_executed = False
+ conc_mpx = False
+ forced_call_id = None
+ forced_context_id = None
+ forced_opnum = None
+ forced_auth_context_id = None
+ forced_auth_type = None
+ forced_auth_level = None
+ return self._test_generic_auth_first_first(auth_type,
+ expected_fault,
+ auth_context_2nd=auth_context_2nd,
+ expected_call_id=expected_call_id,
+ expected_context_id=expected_context_id,
+ not_executed=not_executed,
+ conc_mpx=conc_mpx,
+ forced_call_id=forced_call_id,
+ forced_context_id=forced_context_id,
+ forced_opnum=forced_opnum,
+ forced_auth_context_id=forced_auth_context_id,
+ forced_auth_type=forced_auth_type,
+ forced_auth_level=forced_auth_level)
+
+ def test_ntlmssp_multi_auth_MPX_first1_firstSameNone(self):
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
+ auth_context_2nd = None
+ expected_call_id = None
+ expected_context_id = None
+ not_executed = False
+ conc_mpx = True
+ forced_call_id = None
+ forced_context_id = None
+ forced_opnum = None
+ forced_auth_context_id = None
+ forced_auth_type = None
+ forced_auth_level = None
+ return self._test_generic_auth_first_first(auth_type,
+ expected_fault,
+ auth_context_2nd=auth_context_2nd,
+ expected_call_id=expected_call_id,
+ expected_context_id=expected_context_id,
+ not_executed=not_executed,
+ conc_mpx=conc_mpx,
+ forced_call_id=forced_call_id,
+ forced_context_id=forced_context_id,
+ forced_opnum=forced_opnum,
+ forced_auth_context_id=forced_auth_context_id,
+ forced_auth_type=forced_auth_type,
+ forced_auth_level=forced_auth_level)
+
+ def test_ntlmssp_multi_auth_first1_firstNextNone(self):
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
+ auth_context_2nd = None
+ expected_call_id = None
+ expected_context_id = None
+ not_executed = False
+ conc_mpx = False
+ forced_call_id = 4
+ forced_context_id = None
+ forced_opnum = None
+ forced_auth_context_id = None
+ forced_auth_type = None
+ forced_auth_level = None
+ return self._test_generic_auth_first_first(auth_type,
+ expected_fault,
+ auth_context_2nd=auth_context_2nd,
+ expected_call_id=expected_call_id,
+ expected_context_id=expected_context_id,
+ not_executed=not_executed,
+ conc_mpx=conc_mpx,
+ forced_call_id=forced_call_id,
+ forced_context_id=forced_context_id,
+ forced_opnum=forced_opnum,
+ forced_auth_context_id=forced_auth_context_id,
+ forced_auth_type=forced_auth_type,
+ forced_auth_level=forced_auth_level)
+
+ def test_ntlmssp_multi_auth_MPX_first1_firstNextNone(self):
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
+ auth_context_2nd = None
+ expected_call_id = 4
+ expected_context_id = 0
+ not_executed = False
+ conc_mpx = True
+ forced_call_id = 4
+ forced_context_id = None
+ forced_opnum = None
+ forced_auth_context_id = None
+ forced_auth_type = None
+ forced_auth_level = None
+ return self._test_generic_auth_first_first(auth_type,
+ expected_fault,
+ auth_context_2nd=auth_context_2nd,
+ expected_call_id=expected_call_id,
+ expected_context_id=expected_context_id,
+ not_executed=not_executed,
+ conc_mpx=conc_mpx,
+ forced_call_id=forced_call_id,
+ forced_context_id=forced_context_id,
+ forced_opnum=forced_opnum,
+ forced_auth_context_id=forced_auth_context_id,
+ forced_auth_type=forced_auth_type,
+ forced_auth_level=forced_auth_level)
+
+ def test_ntlmssp_multi_auth_first1_firstSameNone111(self):
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
+ auth_context_2nd = None
+ expected_call_id = None
+ expected_context_id = None
+ not_executed = False
+ conc_mpx = False
+ forced_call_id = None
+ forced_context_id = 111
+ forced_opnum = 111
+ forced_auth_context_id = None
+ forced_auth_type = None
+ forced_auth_level = None
+ return self._test_generic_auth_first_first(auth_type,
+ expected_fault,
+ auth_context_2nd=auth_context_2nd,
+ expected_call_id=expected_call_id,
+ expected_context_id=expected_context_id,
+ not_executed=not_executed,
+ conc_mpx=conc_mpx,
+ forced_call_id=forced_call_id,
+ forced_context_id=forced_context_id,
+ forced_opnum=forced_opnum,
+ forced_auth_context_id=forced_auth_context_id,
+ forced_auth_type=forced_auth_type,
+ forced_auth_level=forced_auth_level)
+
+ def test_ntlmssp_multi_auth_MPX_first1_firstSameNone111(self):
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
+ auth_context_2nd = None
+ expected_call_id = None
+ expected_context_id = None
+ not_executed = False
+ conc_mpx = True
+ forced_call_id = None
+ forced_context_id = 111
+ forced_opnum = 111
+ forced_auth_context_id = None
+ forced_auth_type = None
+ forced_auth_level = None
+ return self._test_generic_auth_first_first(auth_type,
+ expected_fault,
+ auth_context_2nd=auth_context_2nd,
+ expected_call_id=expected_call_id,
+ expected_context_id=expected_context_id,
+ not_executed=not_executed,
+ conc_mpx=conc_mpx,
+ forced_call_id=forced_call_id,
+ forced_context_id=forced_context_id,
+ forced_opnum=forced_opnum,
+ forced_auth_context_id=forced_auth_context_id,
+ forced_auth_type=forced_auth_type,
+ forced_auth_level=forced_auth_level)
+
+ def test_ntlmssp_multi_auth_first1_firstNextNone111(self):
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
+ auth_context_2nd = None
+ expected_call_id = None
+ expected_context_id = None
+ not_executed = False
+ conc_mpx = False
+ forced_call_id = 4
+ forced_context_id = 111
+ forced_opnum = 111
+ forced_auth_context_id = None
+ forced_auth_type = None
+ forced_auth_level = None
+ return self._test_generic_auth_first_first(auth_type,
+ expected_fault,
+ auth_context_2nd=auth_context_2nd,
+ expected_call_id=expected_call_id,
+ expected_context_id=expected_context_id,
+ not_executed=not_executed,
+ conc_mpx=conc_mpx,
+ forced_call_id=forced_call_id,
+ forced_context_id=forced_context_id,
+ forced_opnum=forced_opnum,
+ forced_auth_context_id=forced_auth_context_id,
+ forced_auth_type=forced_auth_type,
+ forced_auth_level=forced_auth_level)
+
+ def test_ntlmssp_multi_auth_MPX_first1_firstNextNone111(self):
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
+ auth_context_2nd = None
+ expected_call_id = 4
+ expected_context_id = 0
+ not_executed = False
+ conc_mpx = True
+ forced_call_id = 4
+ forced_context_id = 111
+ forced_opnum = 111
+ forced_auth_context_id = None
+ forced_auth_type = None
+ forced_auth_level = None
+ return self._test_generic_auth_first_first(auth_type,
+ expected_fault,
+ auth_context_2nd=auth_context_2nd,
+ expected_call_id=expected_call_id,
+ expected_context_id=expected_context_id,
+ not_executed=not_executed,
+ conc_mpx=conc_mpx,
+ forced_call_id=forced_call_id,
+ forced_context_id=forced_context_id,
+ forced_opnum=forced_opnum,
+ forced_auth_context_id=forced_auth_context_id,
+ forced_auth_type=forced_auth_type,
+ forced_auth_level=forced_auth_level)
+
+ def _test_generic_auth_middle(self,
+ auth_type,
+ expected_fault,
+ expected_context_id=None,
+ not_executed=False,
+ conc_mpx=False,
+ forced_context_id=None,
+ forced_opnum=None,
+ forced_auth_context_id=None,
+ forced_auth_type=None,
+ forced_auth_level=None):
+ auth_context_2nd = 1
+ skip_first = True
+ pfc_flags_2nd = 0
+ expected_call_id = None
+ forced_call_id = None
+ return self._test_generic_auth_first_2nd(auth_type,
+ pfc_flags_2nd,
+ expected_fault,
+ auth_context_2nd=auth_context_2nd,
+ skip_first=skip_first,
+ expected_call_id=expected_call_id,
+ expected_context_id=expected_context_id,
+ not_executed=not_executed,
+ conc_mpx=conc_mpx,
+ forced_call_id=forced_call_id,
+ forced_context_id=forced_context_id,
+ forced_opnum=forced_opnum,
+ forced_auth_context_id=forced_auth_context_id,
+ forced_auth_type=forced_auth_type,
+ forced_auth_level=forced_auth_level)
+
+ def test_ntlmssp_auth_middle_alone(self):
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
+ expected_context_id = 0
+ not_executed = False
+ conc_mpx = False
+ forced_context_id = None
+ forced_opnum = None
+ forced_auth_context_id = None
+ forced_auth_type = None
+ forced_auth_level = None
+ return self._test_generic_auth_middle(auth_type,
+ expected_fault,
+ expected_context_id=expected_context_id,
+ not_executed=not_executed,
+ conc_mpx=conc_mpx,
+ forced_context_id=forced_context_id,
+ forced_opnum=forced_opnum,
+ forced_auth_context_id=forced_auth_context_id,
+ forced_auth_type=forced_auth_type,
+ forced_auth_level=forced_auth_level)
+
+ def test_ntlmssp_auth_MPX_middle_alone(self):
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
+ expected_context_id = None
+ not_executed = False
+ conc_mpx = True
+ forced_context_id = None
+ forced_opnum = None
+ forced_auth_context_id = None
+ forced_auth_type = None
+ forced_auth_level = None
+ return self._test_generic_auth_middle(auth_type,
+ expected_fault,
+ expected_context_id=expected_context_id,
+ not_executed=not_executed,
+ conc_mpx=conc_mpx,
+ forced_context_id=forced_context_id,
+ forced_opnum=forced_opnum,
+ forced_auth_context_id=forced_auth_context_id,
+ forced_auth_type=forced_auth_type,
+ forced_auth_level=forced_auth_level)
+
+ def test_ntlmssp_auth_middle_all_111(self):
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
+ expected_context_id = 0
+ not_executed = False
+ conc_mpx = False
+ forced_context_id = 111
+ forced_opnum = 111
+ forced_auth_context_id = 111
+ forced_auth_type = 111
+ forced_auth_level = 111
+ return self._test_generic_auth_middle(auth_type,
+ expected_fault,
+ expected_context_id=expected_context_id,
+ not_executed=not_executed,
+ conc_mpx=conc_mpx,
+ forced_context_id=forced_context_id,
+ forced_opnum=forced_opnum,
+ forced_auth_context_id=forced_auth_context_id,
+ forced_auth_type=forced_auth_type,
+ forced_auth_level=forced_auth_level)
+
+ def test_ntlmssp_auth_MPX_middle_all_111(self):
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
+ expected_fault = dcerpc.DCERPC_NCA_S_UNKNOWN_IF
+ expected_context_id = 0
+ not_executed = True
+ conc_mpx = True
+ forced_context_id = 111
+ forced_opnum = 111
+ forced_auth_context_id = 111
+ forced_auth_type = 111
+ forced_auth_level = 111
+ return self._test_generic_auth_middle(auth_type,
+ expected_fault,
+ expected_context_id=expected_context_id,
+ not_executed=not_executed,
+ conc_mpx=conc_mpx,
+ forced_context_id=forced_context_id,
+ forced_opnum=forced_opnum,
+ forced_auth_context_id=forced_auth_context_id,
+ forced_auth_type=forced_auth_type,
+ forced_auth_level=forced_auth_level)
+
+ def test_ntlmssp_auth_middle_auth_all_111(self):
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
+ expected_context_id = 0
+ not_executed = False
+ conc_mpx = False
+ forced_context_id = None
+ forced_opnum = 111
+ forced_auth_context_id = 111
+ forced_auth_type = 111
+ forced_auth_level = 111
+ return self._test_generic_auth_middle(auth_type,
+ expected_fault,
+ expected_context_id=expected_context_id,
+ not_executed=not_executed,
+ conc_mpx=conc_mpx,
+ forced_context_id=forced_context_id,
+ forced_opnum=forced_opnum,
+ forced_auth_context_id=forced_auth_context_id,
+ forced_auth_type=forced_auth_type,
+ forced_auth_level=forced_auth_level)
+
+ def test_ntlmssp_auth_MPX_middle_auth_all_111(self):
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
+ expected_fault = dcerpc.DCERPC_FAULT_ACCESS_DENIED
+ expected_context_id = None
+ not_executed = False
+ conc_mpx = True
+ forced_context_id = None
+ forced_opnum = 111
+ forced_auth_context_id = 111
+ forced_auth_type = 111
+ forced_auth_level = 111
+ return self._test_generic_auth_middle(auth_type,
+ expected_fault,
+ expected_context_id=expected_context_id,
+ not_executed=not_executed,
+ conc_mpx=conc_mpx,
+ forced_context_id=forced_context_id,
+ forced_opnum=forced_opnum,
+ forced_auth_context_id=forced_auth_context_id,
+ forced_auth_type=forced_auth_type,
+ forced_auth_level=forced_auth_level)
+
+ def test_ntlmssp_auth_middle_auth_context_111(self):
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
+ expected_context_id = 0
+ not_executed = False
+ conc_mpx = False
+ forced_context_id = None
+ forced_opnum = None
+ forced_auth_context_id = 111
+ forced_auth_type = None
+ forced_auth_level = None
+ return self._test_generic_auth_middle(auth_type,
+ expected_fault,
+ expected_context_id=expected_context_id,
+ not_executed=not_executed,
+ conc_mpx=conc_mpx,
+ forced_context_id=forced_context_id,
+ forced_opnum=forced_opnum,
+ forced_auth_context_id=forced_auth_context_id,
+ forced_auth_type=forced_auth_type,
+ forced_auth_level=forced_auth_level)
+
+ def test_ntlmssp_auth_MPX_middle_auth_context_111(self):
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
+ expected_fault = dcerpc.DCERPC_FAULT_ACCESS_DENIED
+ expected_context_id = None
+ not_executed = False
+ conc_mpx = True
+ forced_context_id = None
+ forced_opnum = None
+ forced_auth_context_id = 111
+ forced_auth_type = None
+ forced_auth_level = None
+ return self._test_generic_auth_middle(auth_type,
+ expected_fault,
+ expected_context_id=expected_context_id,
+ not_executed=not_executed,
+ conc_mpx=conc_mpx,
+ forced_context_id=forced_context_id,
+ forced_opnum=forced_opnum,
+ forced_auth_context_id=forced_auth_context_id,
+ forced_auth_type=forced_auth_type,
+ forced_auth_level=forced_auth_level)
+
+ def test_ntlmssp_auth_middle_auth_type_111(self):
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
+ expected_context_id = 0
+ not_executed = False
+ conc_mpx = False
+ forced_context_id = None
+ forced_opnum = None
+ forced_auth_context_id = None
+ forced_auth_type = 111
+ forced_auth_level = None
+ return self._test_generic_auth_middle(auth_type,
+ expected_fault,
+ expected_context_id=expected_context_id,
+ not_executed=not_executed,
+ conc_mpx=conc_mpx,
+ forced_context_id=forced_context_id,
+ forced_opnum=forced_opnum,
+ forced_auth_context_id=forced_auth_context_id,
+ forced_auth_type=forced_auth_type,
+ forced_auth_level=forced_auth_level)
+
+ def test_ntlmssp_auth_MPX_middle_auth_type_111(self):
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
+ expected_fault = dcerpc.DCERPC_FAULT_ACCESS_DENIED
+ expected_context_id = None
+ not_executed = False
+ conc_mpx = True
+ forced_context_id = None
+ forced_opnum = None
+ forced_auth_context_id = None
+ forced_auth_type = 111
+ forced_auth_level = None
+ return self._test_generic_auth_middle(auth_type,
+ expected_fault,
+ expected_context_id=expected_context_id,
+ not_executed=not_executed,
+ conc_mpx=conc_mpx,
+ forced_context_id=forced_context_id,
+ forced_opnum=forced_opnum,
+ forced_auth_context_id=forced_auth_context_id,
+ forced_auth_type=forced_auth_type,
+ forced_auth_level=forced_auth_level)
+
+ def test_ntlmssp_auth_middle_auth_level_111(self):
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
+ expected_context_id = 0
+ not_executed = False
+ conc_mpx = False
+ forced_context_id = None
+ forced_opnum = None
+ forced_auth_context_id = None
+ forced_auth_type = None
+ forced_auth_level = 111
+ return self._test_generic_auth_middle(auth_type,
+ expected_fault,
+ expected_context_id=expected_context_id,
+ not_executed=not_executed,
+ conc_mpx=conc_mpx,
+ forced_context_id=forced_context_id,
+ forced_opnum=forced_opnum,
+ forced_auth_context_id=forced_auth_context_id,
+ forced_auth_type=forced_auth_type,
+ forced_auth_level=forced_auth_level)
+
+ def test_ntlmssp_auth_MPX_middle_auth_level_111(self):
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
+ expected_fault = dcerpc.DCERPC_FAULT_ACCESS_DENIED
+ expected_context_id = None
+ not_executed = False
+ conc_mpx = True
+ forced_context_id = None
+ forced_opnum = None
+ forced_auth_context_id = None
+ forced_auth_type = None
+ forced_auth_level = 111
+ return self._test_generic_auth_middle(auth_type,
+ expected_fault,
+ expected_context_id=expected_context_id,
+ not_executed=not_executed,
+ conc_mpx=conc_mpx,
+ forced_context_id=forced_context_id,
+ forced_opnum=forced_opnum,
+ forced_auth_context_id=forced_auth_context_id,
+ forced_auth_type=forced_auth_type,
+ forced_auth_level=forced_auth_level)
+
def _test_neg_xmit_check_values(self,
req_xmit=None,
req_recv=None,
diff --git a/selftest/knownfail.d/dcerpc-auth-fraq b/selftest/knownfail.d/dcerpc-auth-fraq
new file mode 100644
index 00000000000..f3c62b65e9e
--- /dev/null
+++ b/selftest/knownfail.d/dcerpc-auth-fraq
@@ -0,0 +1,20 @@
+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_all_111
+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_alone
+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_all_111
+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_context_111
+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_level_111
+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_type_111
+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_firstSame111
+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_firstSameNone
+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_firstSameNone111
+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_lastSameNone
+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_lastSameNone111
+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_firstSame2
+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNext111
+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNext2
+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNextNone
+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNextNone111
+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSame111
+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSame2
+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSameNone
+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSameNone111
--
2.25.1
From 43b09da3138606e2d0fbc033e8bc50fa82687946 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 16 Nov 2020 14:15:06 +0100
Subject: [PATCH 9/9] CVE-2021-23192: dcesrv_core: only the first fragment
specifies the auth_contexts
All other fragments blindly inherit it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
---
librpc/rpc/dcerpc_pkt_auth.c | 19 +++---
librpc/rpc/dcerpc_pkt_auth.h | 1 +
librpc/rpc/dcesrv_auth.c | 28 +++++++++
librpc/rpc/dcesrv_core.c | 86 +++++++++++++++++++++------
selftest/knownfail.d/dcerpc-auth-fraq | 20 -------
source4/librpc/rpc/dcerpc.c | 1 +
6 files changed, 109 insertions(+), 46 deletions(-)
delete mode 100644 selftest/knownfail.d/dcerpc-auth-fraq
diff --git a/librpc/rpc/dcerpc_pkt_auth.c b/librpc/rpc/dcerpc_pkt_auth.c
index 322d7497893..1cb191468b5 100644
--- a/librpc/rpc/dcerpc_pkt_auth.c
+++ b/librpc/rpc/dcerpc_pkt_auth.c
@@ -39,6 +39,7 @@
NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state,
struct gensec_security *gensec,
+ bool check_pkt_auth_fields,
TALLOC_CTX *mem_ctx,
enum dcerpc_pkt_type ptype,
uint8_t required_flags,
@@ -115,16 +116,18 @@ NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state,
return NT_STATUS_INTERNAL_ERROR;
}
- if (auth.auth_type != auth_state->auth_type) {
- return NT_STATUS_ACCESS_DENIED;
- }
+ if (check_pkt_auth_fields) {
+ if (auth.auth_type != auth_state->auth_type) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
- if (auth.auth_level != auth_state->auth_level) {
- return NT_STATUS_ACCESS_DENIED;
- }
+ if (auth.auth_level != auth_state->auth_level) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
- if (auth.auth_context_id != auth_state->auth_context_id) {
- return NT_STATUS_ACCESS_DENIED;
+ if (auth.auth_context_id != auth_state->auth_context_id) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
}
/* check signature or unseal the packet */
diff --git a/librpc/rpc/dcerpc_pkt_auth.h b/librpc/rpc/dcerpc_pkt_auth.h
index c0d23b91c05..1dcee12f53c 100644
--- a/librpc/rpc/dcerpc_pkt_auth.h
+++ b/librpc/rpc/dcerpc_pkt_auth.h
@@ -31,6 +31,7 @@
NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state,
struct gensec_security *gensec,
+ bool check_pkt_auth_fields,
TALLOC_CTX *mem_ctx,
enum dcerpc_pkt_type ptype,
uint8_t required_flags,
diff --git a/librpc/rpc/dcesrv_auth.c b/librpc/rpc/dcesrv_auth.c
index 8dda86d88e2..9d8df6c42e2 100644
--- a/librpc/rpc/dcesrv_auth.c
+++ b/librpc/rpc/dcesrv_auth.c
@@ -438,6 +438,10 @@ bool dcesrv_auth_prepare_auth3(struct dcesrv_call_state *call)
return false;
}
+ if (auth->auth_invalid) {
+ return false;
+ }
+
/* We can't work without an existing gensec state */
if (auth->gensec_security == NULL) {
return false;
@@ -524,6 +528,10 @@ bool dcesrv_auth_alter(struct dcesrv_call_state *call)
return false;
}
+ if (auth->auth_invalid) {
+ return false;
+ }
+
if (call->in_auth_info.auth_type != auth->auth_type) {
return false;
}
@@ -590,6 +598,7 @@ bool dcesrv_auth_pkt_pull(struct dcesrv_call_state *call,
.auth_level = auth->auth_level,
.auth_context_id = auth->auth_context_id,
};
+ bool check_pkt_auth_fields;
NTSTATUS status;
if (!auth->auth_started) {
@@ -605,8 +614,27 @@ bool dcesrv_auth_pkt_pull(struct dcesrv_call_state *call,
return false;
}
+ if (call->pkt.pfc_flags & DCERPC_PFC_FLAG_FIRST) {
+ /*
+ * The caller most likely checked this
+ * already, but we better double check.
+ */
+ check_pkt_auth_fields = true;
+ } else {
+ /*
+ * The caller already found first fragment
+ * and is passing the auth_state of it.
+ * A server is supposed to use the
+ * setting of the first fragment and
+ * completely ignore the values
+ * on the remaining fragments
+ */
+ check_pkt_auth_fields = false;
+ }
+
status = dcerpc_ncacn_pull_pkt_auth(&tmp_auth,
auth->gensec_security,
+ check_pkt_auth_fields,
call,
pkt->ptype,
required_flags,
diff --git a/librpc/rpc/dcesrv_core.c b/librpc/rpc/dcesrv_core.c
index ffaa9019d4b..0bab4c10641 100644
--- a/librpc/rpc/dcesrv_core.c
+++ b/librpc/rpc/dcesrv_core.c
@@ -1805,6 +1805,10 @@ static NTSTATUS dcesrv_request(struct dcesrv_call_state *call)
struct ndr_pull *pull;
NTSTATUS status;
+ if (auth->auth_invalid) {
+ return dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR);
+ }
+
if (!auth->auth_finished) {
return dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR);
}
@@ -1968,6 +1972,7 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn,
enum dcerpc_AuthType auth_type = 0;
enum dcerpc_AuthLevel auth_level = 0;
uint32_t auth_context_id = 0;
+ bool auth_invalid = false;
call = talloc_zero(dce_conn, struct dcesrv_call_state);
if (!call) {
@@ -1999,12 +2004,16 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn,
if (call->auth_state == NULL) {
struct dcesrv_auth *a = NULL;
+ bool check_type_level = true;
auth_type = dcerpc_get_auth_type(&blob);
auth_level = dcerpc_get_auth_level(&blob);
auth_context_id = dcerpc_get_auth_context_id(&blob);
if (call->pkt.ptype == DCERPC_PKT_REQUEST) {
+ if (!(call->pkt.pfc_flags & DCERPC_PFC_FLAG_FIRST)) {
+ check_type_level = false;
+ }
dce_conn->default_auth_level_connect = NULL;
if (auth_level == DCERPC_AUTH_LEVEL_CONNECT) {
dce_conn->got_explicit_auth_level_connect = true;
@@ -2014,14 +2023,19 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn,
for (a = dce_conn->auth_states; a != NULL; a = a->next) {
num_auth_ctx++;
- if (a->auth_type != auth_type) {
+ if (a->auth_context_id != auth_context_id) {
continue;
}
- if (a->auth_finished && a->auth_level != auth_level) {
- continue;
+
+ if (a->auth_type != auth_type) {
+ auth_invalid = true;
}
- if (a->auth_context_id != auth_context_id) {
- continue;
+ if (a->auth_level != auth_level) {
+ auth_invalid = true;
+ }
+
+ if (check_type_level && auth_invalid) {
+ a->auth_invalid = true;
}
DLIST_PROMOTE(dce_conn->auth_states, a);
@@ -2048,6 +2062,7 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn,
/*
* This can never be valid.
*/
+ auth_invalid = true;
a->auth_invalid = true;
}
call->auth_state = a;
@@ -2116,6 +2131,18 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn,
}
/* only one request is possible in the fragmented list */
if (dce_conn->incoming_fragmented_call_list != NULL) {
+ call->fault_code = DCERPC_NCA_S_PROTO_ERROR;
+
+ existing = dcesrv_find_fragmented_call(dce_conn,
+ call->pkt.call_id);
+ if (existing != NULL && call->auth_state != existing->auth_state) {
+ call->context = dcesrv_find_context(call->conn,
+ call->pkt.u.request.context_id);
+
+ if (call->pkt.auth_length != 0 && existing->context == call->context) {
+ call->fault_code = DCERPC_FAULT_SEC_PKG_ERROR;
+ }
+ }
if (!(dce_conn->state_flags & DCESRV_CALL_STATE_FLAG_MULTIPLEXED)) {
/*
* Without DCERPC_PFC_FLAG_CONC_MPX
@@ -2125,11 +2152,14 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn,
* This is important to get the
* call_id and context_id right.
*/
+ dce_conn->incoming_fragmented_call_list->fault_code = call->fault_code;
TALLOC_FREE(call);
call = dce_conn->incoming_fragmented_call_list;
}
- return dcesrv_fault_disconnect0(call,
- DCERPC_NCA_S_PROTO_ERROR);
+ if (existing != NULL) {
+ call->context = existing->context;
+ }
+ return dcesrv_fault_disconnect0(call, call->fault_code);
}
if (call->pkt.pfc_flags & DCERPC_PFC_FLAG_PENDING_CANCEL) {
return dcesrv_fault_disconnect(call,
@@ -2142,17 +2172,43 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn,
DCERPC_PFC_FLAG_DID_NOT_EXECUTE);
}
} else {
- const struct dcerpc_request *nr = &call->pkt.u.request;
- const struct dcerpc_request *er = NULL;
int cmp;
existing = dcesrv_find_fragmented_call(dce_conn,
call->pkt.call_id);
if (existing == NULL) {
+ if (!(dce_conn->state_flags & DCESRV_CALL_STATE_FLAG_MULTIPLEXED)) {
+ /*
+ * Without DCERPC_PFC_FLAG_CONC_MPX
+ * we need to return the FAULT on the
+ * already existing call.
+ *
+ * This is important to get the
+ * call_id and context_id right.
+ */
+ if (dce_conn->incoming_fragmented_call_list != NULL) {
+ TALLOC_FREE(call);
+ call = dce_conn->incoming_fragmented_call_list;
+ }
+ return dcesrv_fault_disconnect0(call,
+ DCERPC_NCA_S_PROTO_ERROR);
+ }
+ if (dce_conn->incoming_fragmented_call_list != NULL) {
+ return dcesrv_fault_disconnect0(call, DCERPC_NCA_S_PROTO_ERROR);
+ }
+ call->context = dcesrv_find_context(call->conn,
+ call->pkt.u.request.context_id);
+ if (call->context == NULL) {
+ return dcesrv_fault_with_flags(call, DCERPC_NCA_S_UNKNOWN_IF,
+ DCERPC_PFC_FLAG_DID_NOT_EXECUTE);
+ }
+ if (auth_invalid) {
+ return dcesrv_fault_disconnect0(call,
+ DCERPC_FAULT_ACCESS_DENIED);
+ }
return dcesrv_fault_disconnect0(call,
DCERPC_NCA_S_PROTO_ERROR);
}
- er = &existing->pkt.u.request;
if (call->pkt.ptype != existing->pkt.ptype) {
/* trying to play silly buggers are we? */
@@ -2165,14 +2221,8 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn,
return dcesrv_fault_disconnect(existing,
DCERPC_NCA_S_PROTO_ERROR);
}
- if (nr->context_id != er->context_id) {
- return dcesrv_fault_disconnect(existing,
- DCERPC_NCA_S_PROTO_ERROR);
- }
- if (nr->opnum != er->opnum) {
- return dcesrv_fault_disconnect(existing,
- DCERPC_NCA_S_PROTO_ERROR);
- }
+ call->auth_state = existing->auth_state;
+ call->context = existing->context;
}
}
diff --git a/selftest/knownfail.d/dcerpc-auth-fraq b/selftest/knownfail.d/dcerpc-auth-fraq
deleted file mode 100644
index f3c62b65e9e..00000000000
--- a/selftest/knownfail.d/dcerpc-auth-fraq
+++ /dev/null
@@ -1,20 +0,0 @@
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_all_111
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_alone
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_all_111
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_context_111
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_level_111
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_type_111
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_firstSame111
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_firstSameNone
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_firstSameNone111
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_lastSameNone
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_lastSameNone111
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_firstSame2
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNext111
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNext2
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNextNone
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNextNone111
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSame111
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSame2
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSameNone
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSameNone111
diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c
index 4847e8a0200..baf6df6e498 100644
--- a/source4/librpc/rpc/dcerpc.c
+++ b/source4/librpc/rpc/dcerpc.c
@@ -726,6 +726,7 @@ static NTSTATUS ncacn_pull_pkt_auth(struct dcecli_connection *c,
status = dcerpc_ncacn_pull_pkt_auth(&tmp_auth,
c->security_state.generic_state,
+ true, /* check_pkt_auth_fields */
mem_ctx,
ptype,
required_flags,
--
2.25.1
Reference in New Issue View Git Blame Copy Permalink