4997 lines
222 KiB
Diff
4997 lines
222 KiB
Diff
From d6310598bd205240950410d59a3453f45c45d644 Mon Sep 17 00:00:00 2001
|
|
From: Volker Lendecke <vl@samba.org>
|
|
Date: Fri, 2 Apr 2021 12:20:38 +0200
|
|
Subject: [PATCH 1/9] rpc: Give dcerpc_util.c its own header
|
|
|
|
Signed-off-by: Volker Lendecke <vl@samba.org>
|
|
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875
|
|
|
|
(cherry picked from commit 8945d99758d8bedd374f1c51304b87a6cf10498c)
|
|
---
|
|
librpc/rpc/dcerpc_util.c | 1 +
|
|
librpc/rpc/dcerpc_util.h | 103 ++++++++++++++++++++
|
|
librpc/rpc/dcesrv_auth.c | 1 +
|
|
librpc/rpc/dcesrv_core.c | 1 +
|
|
librpc/rpc/dcesrv_reply.c | 1 +
|
|
librpc/rpc/rpc_common.h | 74 --------------
|
|
source3/librpc/rpc/dcerpc_helpers.c | 1 +
|
|
source3/rpc_client/cli_pipe.c | 1 +
|
|
source3/rpc_client/rpc_transport_np.c | 1 +
|
|
source3/rpc_server/rpc_ncacn_np.c | 1 +
|
|
source4/librpc/rpc/dcerpc.c | 1 +
|
|
source4/librpc/rpc/dcerpc_roh_channel_out.c | 1 +
|
|
12 files changed, 113 insertions(+), 74 deletions(-)
|
|
create mode 100644 librpc/rpc/dcerpc_util.h
|
|
|
|
diff --git a/librpc/rpc/dcerpc_util.c b/librpc/rpc/dcerpc_util.c
|
|
index 42e8e611019..925fb70ad7c 100644
|
|
--- a/librpc/rpc/dcerpc_util.c
|
|
+++ b/librpc/rpc/dcerpc_util.c
|
|
@@ -25,6 +25,7 @@
|
|
#include "lib/tsocket/tsocket.h"
|
|
#include "lib/util/tevent_ntstatus.h"
|
|
#include "librpc/rpc/dcerpc.h"
|
|
+#include "librpc/rpc/dcerpc_util.h"
|
|
#include "librpc/gen_ndr/ndr_dcerpc.h"
|
|
#include "rpc_common.h"
|
|
#include "lib/util/bitmap.h"
|
|
diff --git a/librpc/rpc/dcerpc_util.h b/librpc/rpc/dcerpc_util.h
|
|
new file mode 100644
|
|
index 00000000000..0ecaf428c3c
|
|
--- /dev/null
|
|
+++ b/librpc/rpc/dcerpc_util.h
|
|
@@ -0,0 +1,103 @@
|
|
+/*
|
|
+ Unix SMB/CIFS implementation.
|
|
+
|
|
+ Copyright (C) Stefan Metzmacher 2010-2011
|
|
+ Copyright (C) Andrew Tridgell 2010-2011
|
|
+ Copyright (C) Simo Sorce 2010
|
|
+
|
|
+ This program is free software; you can redistribute it and/or modify
|
|
+ it under the terms of the GNU General Public License as published by
|
|
+ the Free Software Foundation; either version 3 of the License, or
|
|
+ (at your option) any later version.
|
|
+
|
|
+ This program is distributed in the hope that it will be useful,
|
|
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
+ GNU General Public License for more details.
|
|
+
|
|
+ You should have received a copy of the GNU General Public License
|
|
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
+*/
|
|
+
|
|
+#ifndef __LIBRPC_RPC_DCERPC_UTIL_H__
|
|
+#define __LIBRPC_RPC_DCERPC_UTIL_H__
|
|
+
|
|
+#include "replace.h"
|
|
+#include <talloc.h>
|
|
+#include "lib/util/data_blob.h"
|
|
+#include "librpc/rpc/rpc_common.h"
|
|
+#include "librpc/gen_ndr/dcerpc.h"
|
|
+
|
|
+void dcerpc_set_frag_length(DATA_BLOB *blob, uint16_t v);
|
|
+uint16_t dcerpc_get_frag_length(const DATA_BLOB *blob);
|
|
+void dcerpc_set_auth_length(DATA_BLOB *blob, uint16_t v);
|
|
+uint16_t dcerpc_get_auth_length(const DATA_BLOB *blob);
|
|
+uint8_t dcerpc_get_endian_flag(DATA_BLOB *blob);
|
|
+uint8_t dcerpc_get_auth_type(const DATA_BLOB *blob);
|
|
+uint8_t dcerpc_get_auth_level(const DATA_BLOB *blob);
|
|
+uint32_t dcerpc_get_auth_context_id(const DATA_BLOB *blob);
|
|
+const char *dcerpc_default_transport_endpoint(TALLOC_CTX *mem_ctx,
|
|
+ enum dcerpc_transport_t transport,
|
|
+ const struct ndr_interface_table *table);
|
|
+
|
|
+NTSTATUS dcerpc_pull_ncacn_packet(TALLOC_CTX *mem_ctx,
|
|
+ const DATA_BLOB *blob,
|
|
+ struct ncacn_packet *r);
|
|
+
|
|
+/**
|
|
+* @brief Pull a dcerpc_auth structure, taking account of any auth
|
|
+* padding in the blob. For request/response packets we pass
|
|
+* the whole data blob, so auth_data_only must be set to false
|
|
+* as the blob contains data+pad+auth and no just pad+auth.
|
|
+*
|
|
+* @param pkt - The ncacn_packet strcuture
|
|
+* @param mem_ctx - The mem_ctx used to allocate dcerpc_auth elements
|
|
+* @param pkt_trailer - The packet trailer data, usually the trailing
|
|
+* auth_info blob, but in the request/response case
|
|
+* this is the stub_and_verifier blob.
|
|
+* @param auth - A preallocated dcerpc_auth *empty* structure
|
|
+* @param auth_length - The length of the auth trail, sum of auth header
|
|
+* lenght and pkt->auth_length
|
|
+* @param auth_data_only - Whether the pkt_trailer includes only the auth_blob
|
|
+* (+ padding) or also other data.
|
|
+*
|
|
+* @return - A NTSTATUS error code.
|
|
+*/
|
|
+NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet *pkt,
|
|
+ TALLOC_CTX *mem_ctx,
|
|
+ const DATA_BLOB *pkt_trailer,
|
|
+ struct dcerpc_auth *auth,
|
|
+ uint32_t *auth_length,
|
|
+ bool auth_data_only);
|
|
+NTSTATUS dcerpc_verify_ncacn_packet_header(const struct ncacn_packet *pkt,
|
|
+ enum dcerpc_pkt_type ptype,
|
|
+ size_t max_auth_info,
|
|
+ uint8_t required_flags,
|
|
+ uint8_t optional_flags);
|
|
+NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state,
|
|
+ struct gensec_security *gensec,
|
|
+ TALLOC_CTX *mem_ctx,
|
|
+ enum dcerpc_pkt_type ptype,
|
|
+ uint8_t required_flags,
|
|
+ uint8_t optional_flags,
|
|
+ uint8_t payload_offset,
|
|
+ DATA_BLOB *payload_and_verifier,
|
|
+ DATA_BLOB *raw_packet,
|
|
+ const struct ncacn_packet *pkt);
|
|
+NTSTATUS dcerpc_ncacn_push_pkt_auth(const struct dcerpc_auth *auth_state,
|
|
+ struct gensec_security *gensec,
|
|
+ TALLOC_CTX *mem_ctx,
|
|
+ DATA_BLOB *raw_packet,
|
|
+ size_t sig_size,
|
|
+ uint8_t payload_offset,
|
|
+ const DATA_BLOB *payload,
|
|
+ const struct ncacn_packet *pkt);
|
|
+struct tevent_req *dcerpc_read_ncacn_packet_send(TALLOC_CTX *mem_ctx,
|
|
+ struct tevent_context *ev,
|
|
+ struct tstream_context *stream);
|
|
+NTSTATUS dcerpc_read_ncacn_packet_recv(struct tevent_req *req,
|
|
+ TALLOC_CTX *mem_ctx,
|
|
+ struct ncacn_packet **pkt,
|
|
+ DATA_BLOB *buffer);
|
|
+
|
|
+#endif
|
|
diff --git a/librpc/rpc/dcesrv_auth.c b/librpc/rpc/dcesrv_auth.c
|
|
index 8ac90f2a2bd..f7919ebf575 100644
|
|
--- a/librpc/rpc/dcesrv_auth.c
|
|
+++ b/librpc/rpc/dcesrv_auth.c
|
|
@@ -23,6 +23,7 @@
|
|
#include "includes.h"
|
|
#include "librpc/rpc/dcesrv_core.h"
|
|
#include "librpc/rpc/dcesrv_core_proto.h"
|
|
+#include "librpc/rpc/dcerpc_util.h"
|
|
#include "librpc/gen_ndr/ndr_dcerpc.h"
|
|
#include "auth/credentials/credentials.h"
|
|
#include "auth/gensec/gensec.h"
|
|
diff --git a/librpc/rpc/dcesrv_core.c b/librpc/rpc/dcesrv_core.c
|
|
index 06f6c4b2382..74730f22c7c 100644
|
|
--- a/librpc/rpc/dcesrv_core.c
|
|
+++ b/librpc/rpc/dcesrv_core.c
|
|
@@ -24,6 +24,7 @@
|
|
#include "includes.h"
|
|
#include "librpc/rpc/dcesrv_core.h"
|
|
#include "librpc/rpc/dcesrv_core_proto.h"
|
|
+#include "librpc/rpc/dcerpc_util.h"
|
|
#include "librpc/gen_ndr/auth.h"
|
|
#include "auth/gensec/gensec.h"
|
|
#include "lib/util/dlinklist.h"
|
|
diff --git a/librpc/rpc/dcesrv_reply.c b/librpc/rpc/dcesrv_reply.c
|
|
index 96bd98f53e1..5b4429956e7 100644
|
|
--- a/librpc/rpc/dcesrv_reply.c
|
|
+++ b/librpc/rpc/dcesrv_reply.c
|
|
@@ -23,6 +23,7 @@
|
|
#include "includes.h"
|
|
#include "librpc/rpc/dcesrv_core.h"
|
|
#include "librpc/rpc/dcesrv_core_proto.h"
|
|
+#include "librpc/rpc/dcerpc_util.h"
|
|
#include "auth/gensec/gensec.h"
|
|
#include "lib/util/dlinklist.h"
|
|
#include "param/param.h"
|
|
diff --git a/librpc/rpc/rpc_common.h b/librpc/rpc/rpc_common.h
|
|
index 82fe2eb7e80..55a35f31096 100644
|
|
--- a/librpc/rpc/rpc_common.h
|
|
+++ b/librpc/rpc/rpc_common.h
|
|
@@ -165,80 +165,6 @@ const char *derpc_transport_string_by_transport(enum dcerpc_transport_t t);
|
|
enum dcerpc_transport_t dcerpc_transport_by_name(const char *name);
|
|
enum dcerpc_transport_t dcerpc_transport_by_tower(const struct epm_tower *tower);
|
|
|
|
-/* The following definitions come from ../librpc/rpc/dcerpc_util.c */
|
|
-
|
|
-void dcerpc_set_frag_length(DATA_BLOB *blob, uint16_t v);
|
|
-uint16_t dcerpc_get_frag_length(const DATA_BLOB *blob);
|
|
-void dcerpc_set_auth_length(DATA_BLOB *blob, uint16_t v);
|
|
-uint16_t dcerpc_get_auth_length(const DATA_BLOB *blob);
|
|
-uint8_t dcerpc_get_endian_flag(DATA_BLOB *blob);
|
|
-uint8_t dcerpc_get_auth_type(const DATA_BLOB *blob);
|
|
-uint8_t dcerpc_get_auth_level(const DATA_BLOB *blob);
|
|
-uint32_t dcerpc_get_auth_context_id(const DATA_BLOB *blob);
|
|
-const char *dcerpc_default_transport_endpoint(TALLOC_CTX *mem_ctx,
|
|
- enum dcerpc_transport_t transport,
|
|
- const struct ndr_interface_table *table);
|
|
-
|
|
-NTSTATUS dcerpc_pull_ncacn_packet(TALLOC_CTX *mem_ctx,
|
|
- const DATA_BLOB *blob,
|
|
- struct ncacn_packet *r);
|
|
-
|
|
-/**
|
|
-* @brief Pull a dcerpc_auth structure, taking account of any auth
|
|
-* padding in the blob. For request/response packets we pass
|
|
-* the whole data blob, so auth_data_only must be set to false
|
|
-* as the blob contains data+pad+auth and no just pad+auth.
|
|
-*
|
|
-* @param pkt - The ncacn_packet strcuture
|
|
-* @param mem_ctx - The mem_ctx used to allocate dcerpc_auth elements
|
|
-* @param pkt_trailer - The packet trailer data, usually the trailing
|
|
-* auth_info blob, but in the request/response case
|
|
-* this is the stub_and_verifier blob.
|
|
-* @param auth - A preallocated dcerpc_auth *empty* structure
|
|
-* @param auth_length - The length of the auth trail, sum of auth header
|
|
-* lenght and pkt->auth_length
|
|
-* @param auth_data_only - Whether the pkt_trailer includes only the auth_blob
|
|
-* (+ padding) or also other data.
|
|
-*
|
|
-* @return - A NTSTATUS error code.
|
|
-*/
|
|
-NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet *pkt,
|
|
- TALLOC_CTX *mem_ctx,
|
|
- const DATA_BLOB *pkt_trailer,
|
|
- struct dcerpc_auth *auth,
|
|
- uint32_t *auth_length,
|
|
- bool auth_data_only);
|
|
-NTSTATUS dcerpc_verify_ncacn_packet_header(const struct ncacn_packet *pkt,
|
|
- enum dcerpc_pkt_type ptype,
|
|
- size_t max_auth_info,
|
|
- uint8_t required_flags,
|
|
- uint8_t optional_flags);
|
|
-NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state,
|
|
- struct gensec_security *gensec,
|
|
- TALLOC_CTX *mem_ctx,
|
|
- enum dcerpc_pkt_type ptype,
|
|
- uint8_t required_flags,
|
|
- uint8_t optional_flags,
|
|
- uint8_t payload_offset,
|
|
- DATA_BLOB *payload_and_verifier,
|
|
- DATA_BLOB *raw_packet,
|
|
- const struct ncacn_packet *pkt);
|
|
-NTSTATUS dcerpc_ncacn_push_pkt_auth(const struct dcerpc_auth *auth_state,
|
|
- struct gensec_security *gensec,
|
|
- TALLOC_CTX *mem_ctx,
|
|
- DATA_BLOB *raw_packet,
|
|
- size_t sig_size,
|
|
- uint8_t payload_offset,
|
|
- const DATA_BLOB *payload,
|
|
- const struct ncacn_packet *pkt);
|
|
-struct tevent_req *dcerpc_read_ncacn_packet_send(TALLOC_CTX *mem_ctx,
|
|
- struct tevent_context *ev,
|
|
- struct tstream_context *stream);
|
|
-NTSTATUS dcerpc_read_ncacn_packet_recv(struct tevent_req *req,
|
|
- TALLOC_CTX *mem_ctx,
|
|
- struct ncacn_packet **pkt,
|
|
- DATA_BLOB *buffer);
|
|
-
|
|
/* The following definitions come from ../librpc/rpc/binding_handle.c */
|
|
|
|
struct dcerpc_binding_handle_ops {
|
|
diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c
|
|
index 1f67987561c..c609efd5b07 100644
|
|
--- a/source3/librpc/rpc/dcerpc_helpers.c
|
|
+++ b/source3/librpc/rpc/dcerpc_helpers.c
|
|
@@ -20,6 +20,7 @@
|
|
|
|
#include "includes.h"
|
|
#include "librpc/rpc/dcerpc.h"
|
|
+#include "librpc/rpc/dcerpc_util.h"
|
|
#include "librpc/gen_ndr/ndr_dcerpc.h"
|
|
#include "librpc/crypto/gse.h"
|
|
#include "auth/gensec/gensec.h"
|
|
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
|
|
index 8f52acadec8..3d16f1092db 100644
|
|
--- a/source3/rpc_client/cli_pipe.c
|
|
+++ b/source3/rpc_client/cli_pipe.c
|
|
@@ -30,6 +30,7 @@
|
|
#include "librpc/gen_ndr/ndr_dcerpc.h"
|
|
#include "librpc/gen_ndr/ndr_netlogon_c.h"
|
|
#include "librpc/rpc/dcerpc.h"
|
|
+#include "librpc/rpc/dcerpc_util.h"
|
|
#include "rpc_dce.h"
|
|
#include "cli_pipe.h"
|
|
#include "libsmb/libsmb.h"
|
|
diff --git a/source3/rpc_client/rpc_transport_np.c b/source3/rpc_client/rpc_transport_np.c
|
|
index 9dc5c5634fc..b24023661ff 100644
|
|
--- a/source3/rpc_client/rpc_transport_np.c
|
|
+++ b/source3/rpc_client/rpc_transport_np.c
|
|
@@ -19,6 +19,7 @@
|
|
|
|
#include "includes.h"
|
|
#include "../lib/util/tevent_ntstatus.h"
|
|
+#include "librpc/rpc/dcerpc_util.h"
|
|
#include "rpc_client/rpc_transport.h"
|
|
#include "librpc/ndr/ndr_table.h"
|
|
#include "libcli/smb/smbXcli_base.h"
|
|
diff --git a/source3/rpc_server/rpc_ncacn_np.c b/source3/rpc_server/rpc_ncacn_np.c
|
|
index 494b002e714..a874a2376d1 100644
|
|
--- a/source3/rpc_server/rpc_ncacn_np.c
|
|
+++ b/source3/rpc_server/rpc_ncacn_np.c
|
|
@@ -37,6 +37,7 @@
|
|
#include "rpc_server/rpc_config.h"
|
|
#include "librpc/ndr/ndr_table.h"
|
|
#include "rpc_server/rpc_server.h"
|
|
+#include "librpc/rpc/dcerpc_util.h"
|
|
|
|
#undef DBGC_CLASS
|
|
#define DBGC_CLASS DBGC_RPC_SRV
|
|
diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c
|
|
index 87a99a8df89..f97263dcc5b 100644
|
|
--- a/source4/librpc/rpc/dcerpc.c
|
|
+++ b/source4/librpc/rpc/dcerpc.c
|
|
@@ -26,6 +26,7 @@
|
|
#include "lib/events/events.h"
|
|
#include "librpc/rpc/dcerpc.h"
|
|
#include "librpc/rpc/dcerpc_proto.h"
|
|
+#include "librpc/rpc/dcerpc_util.h"
|
|
#include "librpc/gen_ndr/ndr_misc.h"
|
|
#include "librpc/gen_ndr/ndr_dcerpc.h"
|
|
#include "auth/gensec/gensec.h"
|
|
diff --git a/source4/librpc/rpc/dcerpc_roh_channel_out.c b/source4/librpc/rpc/dcerpc_roh_channel_out.c
|
|
index e431689d419..2abafb0bab5 100644
|
|
--- a/source4/librpc/rpc/dcerpc_roh_channel_out.c
|
|
+++ b/source4/librpc/rpc/dcerpc_roh_channel_out.c
|
|
@@ -37,6 +37,7 @@
|
|
#include "librpc/rpc/dcerpc.h"
|
|
#include "librpc/rpc/dcerpc_roh.h"
|
|
#include "librpc/rpc/dcerpc_proto.h"
|
|
+#include "librpc/rpc/dcerpc_util.h"
|
|
#include "libcli/http/http.h"
|
|
|
|
struct roh_request_state {
|
|
--
|
|
2.25.1
|
|
|
|
|
|
From fc8592c7e3aa24c3b6819641908f21311840e6cb Mon Sep 17 00:00:00 2001
|
|
From: Volker Lendecke <vl@samba.org>
|
|
Date: Fri, 2 Apr 2021 13:41:21 +0200
|
|
Subject: [PATCH 2/9] librpc: Remove the gensec dependency from library
|
|
dcerpc-binding
|
|
|
|
This means yet another library, but having to depend on gensec just
|
|
for dcerpc_parse_binding() and basic packet parsing seems like a bit
|
|
overkill to me.
|
|
|
|
Signed-off-by: Volker Lendecke <vl@samba.org>
|
|
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
|
|
Autobuild-User(master): Jeremy Allison <jra@samba.org>
|
|
Autobuild-Date(master): Tue Apr 6 23:33:14 UTC 2021 on sn-devel-184
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875
|
|
|
|
(cherry picked from commit 4d3b6506d30e4bf302f832493dad00a83b73d370)
|
|
---
|
|
libcli/auth/wscript_build | 10 +-
|
|
librpc/rpc/dcerpc_pkt_auth.c | 497 +++++++++++++++++++++++++++++++++++
|
|
librpc/rpc/dcerpc_pkt_auth.h | 58 ++++
|
|
librpc/rpc/dcerpc_util.c | 464 --------------------------------
|
|
librpc/rpc/dcerpc_util.h | 18 --
|
|
librpc/rpc/dcesrv_auth.c | 1 +
|
|
librpc/wscript_build | 25 +-
|
|
source3/wscript_build | 8 +-
|
|
source4/librpc/rpc/dcerpc.c | 1 +
|
|
source4/librpc/wscript_build | 21 +-
|
|
10 files changed, 613 insertions(+), 490 deletions(-)
|
|
create mode 100644 librpc/rpc/dcerpc_pkt_auth.c
|
|
create mode 100644 librpc/rpc/dcerpc_pkt_auth.h
|
|
|
|
diff --git a/libcli/auth/wscript_build b/libcli/auth/wscript_build
|
|
index 2a6a7468e45..24ab68fac1e 100644
|
|
--- a/libcli/auth/wscript_build
|
|
+++ b/libcli/auth/wscript_build
|
|
@@ -30,7 +30,15 @@ bld.SAMBA_SUBSYSTEM('COMMON_SCHANNEL',
|
|
|
|
bld.SAMBA_SUBSYSTEM('NETLOGON_CREDS_CLI',
|
|
source='netlogon_creds_cli.c',
|
|
- deps='dbwrap util_tdb tevent-util samba-hostconfig RPC_NDR_NETLOGON NDR_NETLOGON'
|
|
+ deps='''
|
|
+ dbwrap
|
|
+ util_tdb
|
|
+ tevent-util
|
|
+ samba-hostconfig
|
|
+ gensec
|
|
+ RPC_NDR_NETLOGON
|
|
+ NDR_NETLOGON
|
|
+ '''
|
|
)
|
|
|
|
bld.SAMBA_SUBSYSTEM('PAM_ERRORS',
|
|
diff --git a/librpc/rpc/dcerpc_pkt_auth.c b/librpc/rpc/dcerpc_pkt_auth.c
|
|
new file mode 100644
|
|
index 00000000000..322d7497893
|
|
--- /dev/null
|
|
+++ b/librpc/rpc/dcerpc_pkt_auth.c
|
|
@@ -0,0 +1,497 @@
|
|
+/*
|
|
+ Unix SMB/CIFS implementation.
|
|
+ raw dcerpc operations
|
|
+
|
|
+ Copyright (C) Andrew Tridgell 2003-2005
|
|
+ Copyright (C) Jelmer Vernooij 2004-2005
|
|
+
|
|
+ This program is free software; you can redistribute it and/or modify
|
|
+ it under the terms of the GNU General Public License as published by
|
|
+ the Free Software Foundation; either version 3 of the License, or
|
|
+ (at your option) any later version.
|
|
+
|
|
+ This program is distributed in the hope that it will be useful,
|
|
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
+ GNU General Public License for more details.
|
|
+
|
|
+ You should have received a copy of the GNU General Public License
|
|
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
+*/
|
|
+
|
|
+#include "replace.h"
|
|
+#include "system/network.h"
|
|
+#include <tevent.h>
|
|
+#include "lib/util/talloc_stack.h"
|
|
+#include "lib/util/debug.h"
|
|
+#include "lib/util/byteorder.h"
|
|
+#include "lib/util/samba_util.h"
|
|
+#include "librpc/rpc/dcerpc.h"
|
|
+#include "librpc/rpc/dcerpc_util.h"
|
|
+#include "librpc/rpc/dcerpc_pkt_auth.h"
|
|
+#include "librpc/gen_ndr/ndr_dcerpc.h"
|
|
+#include "rpc_common.h"
|
|
+#include "lib/util/bitmap.h"
|
|
+#include "auth/gensec/gensec.h"
|
|
+#include "lib/util/mkdir_p.h"
|
|
+#include "lib/crypto/gnutls_helpers.h"
|
|
+#include <gnutls/crypto.h>
|
|
+
|
|
+NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state,
|
|
+ struct gensec_security *gensec,
|
|
+ TALLOC_CTX *mem_ctx,
|
|
+ enum dcerpc_pkt_type ptype,
|
|
+ uint8_t required_flags,
|
|
+ uint8_t optional_flags,
|
|
+ uint8_t payload_offset,
|
|
+ DATA_BLOB *payload_and_verifier,
|
|
+ DATA_BLOB *raw_packet,
|
|
+ const struct ncacn_packet *pkt)
|
|
+{
|
|
+ NTSTATUS status;
|
|
+ struct dcerpc_auth auth;
|
|
+ uint32_t auth_length;
|
|
+
|
|
+ if (auth_state == NULL) {
|
|
+ return NT_STATUS_INTERNAL_ERROR;
|
|
+ }
|
|
+
|
|
+ status = dcerpc_verify_ncacn_packet_header(pkt, ptype,
|
|
+ payload_and_verifier->length,
|
|
+ required_flags, optional_flags);
|
|
+ if (!NT_STATUS_IS_OK(status)) {
|
|
+ return status;
|
|
+ }
|
|
+
|
|
+ switch (auth_state->auth_level) {
|
|
+ case DCERPC_AUTH_LEVEL_PRIVACY:
|
|
+ case DCERPC_AUTH_LEVEL_INTEGRITY:
|
|
+ case DCERPC_AUTH_LEVEL_PACKET:
|
|
+ break;
|
|
+
|
|
+ case DCERPC_AUTH_LEVEL_CONNECT:
|
|
+ if (pkt->auth_length != 0) {
|
|
+ break;
|
|
+ }
|
|
+ return NT_STATUS_OK;
|
|
+ case DCERPC_AUTH_LEVEL_NONE:
|
|
+ if (pkt->auth_length != 0) {
|
|
+ return NT_STATUS_ACCESS_DENIED;
|
|
+ }
|
|
+ return NT_STATUS_OK;
|
|
+
|
|
+ default:
|
|
+ return NT_STATUS_RPC_UNSUPPORTED_AUTHN_LEVEL;
|
|
+ }
|
|
+
|
|
+ if (pkt->auth_length == 0) {
|
|
+ return NT_STATUS_RPC_PROTOCOL_ERROR;
|
|
+ }
|
|
+
|
|
+ if (gensec == NULL) {
|
|
+ return NT_STATUS_INTERNAL_ERROR;
|
|
+ }
|
|
+
|
|
+ status = dcerpc_pull_auth_trailer(pkt, mem_ctx,
|
|
+ payload_and_verifier,
|
|
+ &auth, &auth_length, false);
|
|
+ if (!NT_STATUS_IS_OK(status)) {
|
|
+ return status;
|
|
+ }
|
|
+
|
|
+ if (payload_and_verifier->length < auth_length) {
|
|
+ /*
|
|
+ * should be checked in dcerpc_pull_auth_trailer()
|
|
+ */
|
|
+ return NT_STATUS_INTERNAL_ERROR;
|
|
+ }
|
|
+
|
|
+ payload_and_verifier->length -= auth_length;
|
|
+
|
|
+ if (payload_and_verifier->length < auth.auth_pad_length) {
|
|
+ /*
|
|
+ * should be checked in dcerpc_pull_auth_trailer()
|
|
+ */
|
|
+ return NT_STATUS_INTERNAL_ERROR;
|
|
+ }
|
|
+
|
|
+ if (auth.auth_type != auth_state->auth_type) {
|
|
+ return NT_STATUS_ACCESS_DENIED;
|
|
+ }
|
|
+
|
|
+ if (auth.auth_level != auth_state->auth_level) {
|
|
+ return NT_STATUS_ACCESS_DENIED;
|
|
+ }
|
|
+
|
|
+ if (auth.auth_context_id != auth_state->auth_context_id) {
|
|
+ return NT_STATUS_ACCESS_DENIED;
|
|
+ }
|
|
+
|
|
+ /* check signature or unseal the packet */
|
|
+ switch (auth_state->auth_level) {
|
|
+ case DCERPC_AUTH_LEVEL_PRIVACY:
|
|
+ status = gensec_unseal_packet(gensec,
|
|
+ raw_packet->data + payload_offset,
|
|
+ payload_and_verifier->length,
|
|
+ raw_packet->data,
|
|
+ raw_packet->length -
|
|
+ auth.credentials.length,
|
|
+ &auth.credentials);
|
|
+ if (!NT_STATUS_IS_OK(status)) {
|
|
+ return NT_STATUS_RPC_SEC_PKG_ERROR;
|
|
+ }
|
|
+ memcpy(payload_and_verifier->data,
|
|
+ raw_packet->data + payload_offset,
|
|
+ payload_and_verifier->length);
|
|
+ break;
|
|
+
|
|
+ case DCERPC_AUTH_LEVEL_INTEGRITY:
|
|
+ case DCERPC_AUTH_LEVEL_PACKET:
|
|
+ status = gensec_check_packet(gensec,
|
|
+ payload_and_verifier->data,
|
|
+ payload_and_verifier->length,
|
|
+ raw_packet->data,
|
|
+ raw_packet->length -
|
|
+ auth.credentials.length,
|
|
+ &auth.credentials);
|
|
+ if (!NT_STATUS_IS_OK(status)) {
|
|
+ return NT_STATUS_RPC_SEC_PKG_ERROR;
|
|
+ }
|
|
+ break;
|
|
+
|
|
+ case DCERPC_AUTH_LEVEL_CONNECT:
|
|
+ /* for now we ignore possible signatures here */
|
|
+ break;
|
|
+
|
|
+ default:
|
|
+ return NT_STATUS_RPC_UNSUPPORTED_AUTHN_LEVEL;
|
|
+ }
|
|
+
|
|
+ /*
|
|
+ * remove the indicated amount of padding
|
|
+ *
|
|
+ * A possible overflow is checked above.
|
|
+ */
|
|
+ payload_and_verifier->length -= auth.auth_pad_length;
|
|
+
|
|
+ return NT_STATUS_OK;
|
|
+}
|
|
+
|
|
+NTSTATUS dcerpc_ncacn_push_pkt_auth(const struct dcerpc_auth *auth_state,
|
|
+ struct gensec_security *gensec,
|
|
+ TALLOC_CTX *mem_ctx,
|
|
+ DATA_BLOB *raw_packet,
|
|
+ size_t sig_size,
|
|
+ uint8_t payload_offset,
|
|
+ const DATA_BLOB *payload,
|
|
+ const struct ncacn_packet *pkt)
|
|
+{
|
|
+ TALLOC_CTX *frame = talloc_stackframe();
|
|
+ NTSTATUS status;
|
|
+ enum ndr_err_code ndr_err;
|
|
+ struct ndr_push *ndr = NULL;
|
|
+ uint32_t payload_length;
|
|
+ uint32_t whole_length;
|
|
+ DATA_BLOB blob = data_blob_null;
|
|
+ DATA_BLOB sig = data_blob_null;
|
|
+ struct dcerpc_auth _out_auth_info;
|
|
+ struct dcerpc_auth *out_auth_info = NULL;
|
|
+
|
|
+ *raw_packet = data_blob_null;
|
|
+
|
|
+ if (auth_state == NULL) {
|
|
+ TALLOC_FREE(frame);
|
|
+ return NT_STATUS_INTERNAL_ERROR;
|
|
+ }
|
|
+
|
|
+ switch (auth_state->auth_level) {
|
|
+ case DCERPC_AUTH_LEVEL_PRIVACY:
|
|
+ case DCERPC_AUTH_LEVEL_INTEGRITY:
|
|
+ case DCERPC_AUTH_LEVEL_PACKET:
|
|
+ if (sig_size == 0) {
|
|
+ TALLOC_FREE(frame);
|
|
+ return NT_STATUS_INTERNAL_ERROR;
|
|
+ }
|
|
+
|
|
+ if (gensec == NULL) {
|
|
+ TALLOC_FREE(frame);
|
|
+ return NT_STATUS_INTERNAL_ERROR;
|
|
+ }
|
|
+
|
|
+ _out_auth_info = (struct dcerpc_auth) {
|
|
+ .auth_type = auth_state->auth_type,
|
|
+ .auth_level = auth_state->auth_level,
|
|
+ .auth_context_id = auth_state->auth_context_id,
|
|
+ };
|
|
+ out_auth_info = &_out_auth_info;
|
|
+ break;
|
|
+
|
|
+ case DCERPC_AUTH_LEVEL_CONNECT:
|
|
+ /*
|
|
+ * TODO: let the gensec mech decide if it wants to generate a
|
|
+ * signature that might be needed for schannel...
|
|
+ */
|
|
+ if (sig_size != 0) {
|
|
+ TALLOC_FREE(frame);
|
|
+ return NT_STATUS_INTERNAL_ERROR;
|
|
+ }
|
|
+
|
|
+ if (gensec == NULL) {
|
|
+ TALLOC_FREE(frame);
|
|
+ return NT_STATUS_INTERNAL_ERROR;
|
|
+ }
|
|
+ break;
|
|
+
|
|
+ case DCERPC_AUTH_LEVEL_NONE:
|
|
+ if (sig_size != 0) {
|
|
+ TALLOC_FREE(frame);
|
|
+ return NT_STATUS_INTERNAL_ERROR;
|
|
+ }
|
|
+ break;
|
|
+
|
|
+ default:
|
|
+ TALLOC_FREE(frame);
|
|
+ return NT_STATUS_INTERNAL_ERROR;
|
|
+ }
|
|
+
|
|
+ ndr = ndr_push_init_ctx(frame);
|
|
+ if (ndr == NULL) {
|
|
+ TALLOC_FREE(frame);
|
|
+ return NT_STATUS_NO_MEMORY;
|
|
+ }
|
|
+
|
|
+ ndr_err = ndr_push_ncacn_packet(ndr, NDR_SCALARS|NDR_BUFFERS, pkt);
|
|
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
|
|
+ TALLOC_FREE(frame);
|
|
+ return ndr_map_error2ntstatus(ndr_err);
|
|
+ }
|
|
+
|
|
+ if (out_auth_info != NULL) {
|
|
+ /*
|
|
+ * pad to 16 byte multiple in the payload portion of the
|
|
+ * packet. This matches what w2k3 does. Note that we can't use
|
|
+ * ndr_push_align() as that is relative to the start of the
|
|
+ * whole packet, whereas w2k8 wants it relative to the start
|
|
+ * of the stub.
|
|
+ */
|
|
+ out_auth_info->auth_pad_length =
|
|
+ DCERPC_AUTH_PAD_LENGTH(payload->length);
|
|
+ ndr_err = ndr_push_zero(ndr, out_auth_info->auth_pad_length);
|
|
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
|
|
+ TALLOC_FREE(frame);
|
|
+ return ndr_map_error2ntstatus(ndr_err);
|
|
+ }
|
|
+
|
|
+ payload_length = payload->length +
|
|
+ out_auth_info->auth_pad_length;
|
|
+
|
|
+ ndr_err = ndr_push_dcerpc_auth(ndr, NDR_SCALARS|NDR_BUFFERS,
|
|
+ out_auth_info);
|
|
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
|
|
+ TALLOC_FREE(frame);
|
|
+ return ndr_map_error2ntstatus(ndr_err);
|
|
+ }
|
|
+
|
|
+ whole_length = ndr->offset;
|
|
+
|
|
+ ndr_err = ndr_push_zero(ndr, sig_size);
|
|
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
|
|
+ TALLOC_FREE(frame);
|
|
+ return ndr_map_error2ntstatus(ndr_err);
|
|
+ }
|
|
+ } else {
|
|
+ payload_length = payload->length;
|
|
+ whole_length = ndr->offset;
|
|
+ }
|
|
+
|
|
+ /* extract the whole packet as a blob */
|
|
+ blob = ndr_push_blob(ndr);
|
|
+
|
|
+ /*
|
|
+ * Setup the frag and auth length in the packet buffer.
|
|
+ * This is needed if the GENSEC mech does AEAD signing
|
|
+ * of the packet headers. The signature itself will be
|
|
+ * appended later.
|
|
+ */
|
|
+ dcerpc_set_frag_length(&blob, blob.length);
|
|
+ dcerpc_set_auth_length(&blob, sig_size);
|
|
+
|
|
+ /* sign or seal the packet */
|
|
+ switch (auth_state->auth_level) {
|
|
+ case DCERPC_AUTH_LEVEL_PRIVACY:
|
|
+ status = gensec_seal_packet(gensec,
|
|
+ frame,
|
|
+ blob.data + payload_offset,
|
|
+ payload_length,
|
|
+ blob.data,
|
|
+ whole_length,
|
|
+ &sig);
|
|
+ if (!NT_STATUS_IS_OK(status)) {
|
|
+ TALLOC_FREE(frame);
|
|
+ return status;
|
|
+ }
|
|
+ break;
|
|
+
|
|
+ case DCERPC_AUTH_LEVEL_INTEGRITY:
|
|
+ case DCERPC_AUTH_LEVEL_PACKET:
|
|
+ status = gensec_sign_packet(gensec,
|
|
+ frame,
|
|
+ blob.data + payload_offset,
|
|
+ payload_length,
|
|
+ blob.data,
|
|
+ whole_length,
|
|
+ &sig);
|
|
+ if (!NT_STATUS_IS_OK(status)) {
|
|
+ TALLOC_FREE(frame);
|
|
+ return status;
|
|
+ }
|
|
+ break;
|
|
+
|
|
+ case DCERPC_AUTH_LEVEL_CONNECT:
|
|
+ case DCERPC_AUTH_LEVEL_NONE:
|
|
+ break;
|
|
+
|
|
+ default:
|
|
+ TALLOC_FREE(frame);
|
|
+ return NT_STATUS_INTERNAL_ERROR;
|
|
+ }
|
|
+
|
|
+ if (sig.length != sig_size) {
|
|
+ TALLOC_FREE(frame);
|
|
+ return NT_STATUS_RPC_SEC_PKG_ERROR;
|
|
+ }
|
|
+
|
|
+ if (sig_size != 0) {
|
|
+ memcpy(blob.data + whole_length, sig.data, sig_size);
|
|
+ }
|
|
+
|
|
+ *raw_packet = blob;
|
|
+ talloc_steal(mem_ctx, raw_packet->data);
|
|
+ TALLOC_FREE(frame);
|
|
+ return NT_STATUS_OK;
|
|
+}
|
|
+
|
|
+#ifdef DEVELOPER
|
|
+
|
|
+/*
|
|
+ * Save valid, well-formed DCE/RPC stubs to use as a seed for
|
|
+ * ndr_fuzz_X
|
|
+ */
|
|
+void dcerpc_save_ndr_fuzz_seed(TALLOC_CTX *mem_ctx,
|
|
+ DATA_BLOB raw_blob,
|
|
+ const char *dump_dir,
|
|
+ const char *iface_name,
|
|
+ int flags,
|
|
+ int opnum,
|
|
+ bool ndr64)
|
|
+{
|
|
+ char *fname = NULL;
|
|
+ const char *sub_dir = NULL;
|
|
+ TALLOC_CTX *temp_ctx = talloc_new(mem_ctx);
|
|
+ DATA_BLOB blob;
|
|
+ int ret, rc;
|
|
+ uint8_t digest[20];
|
|
+ DATA_BLOB digest_blob;
|
|
+ char *digest_hex;
|
|
+ uint16_t fuzz_flags = 0;
|
|
+
|
|
+ /*
|
|
+ * We want to save the 'stub' in a per-pipe subdirectory, with
|
|
+ * the ndr_fuzz_X header 4 byte header. For the sake of
|
|
+ * convenience (this is a developer only function), we mkdir
|
|
+ * -p the sub-directories when they are needed.
|
|
+ */
|
|
+
|
|
+ if (dump_dir == NULL) {
|
|
+ return;
|
|
+ }
|
|
+
|
|
+ temp_ctx = talloc_stackframe();
|
|
+
|
|
+ sub_dir = talloc_asprintf(temp_ctx, "%s/%s",
|
|
+ dump_dir,
|
|
+ iface_name);
|
|
+ if (sub_dir == NULL) {
|
|
+ talloc_free(temp_ctx);
|
|
+ return;
|
|
+ }
|
|
+ ret = mkdir_p(sub_dir, 0755);
|
|
+ if (ret && errno != EEXIST) {
|
|
+ DBG_ERR("could not create %s\n", sub_dir);
|
|
+ talloc_free(temp_ctx);
|
|
+ return;
|
|
+ }
|
|
+
|
|
+ blob.length = raw_blob.length + 4;
|
|
+ blob.data = talloc_array(sub_dir,
|
|
+ uint8_t,
|
|
+ blob.length);
|
|
+ if (blob.data == NULL) {
|
|
+ DBG_ERR("could not allocate for fuzz seeds! (%s)\n",
|
|
+ iface_name);
|
|
+ talloc_free(temp_ctx);
|
|
+ return;
|
|
+ }
|
|
+
|
|
+ if (ndr64) {
|
|
+ fuzz_flags = 4;
|
|
+ }
|
|
+ if (flags & NDR_IN) {
|
|
+ fuzz_flags |= 1;
|
|
+ } else if (flags & NDR_OUT) {
|
|
+ fuzz_flags |= 2;
|
|
+ }
|
|
+
|
|
+ SSVAL(blob.data, 0, fuzz_flags);
|
|
+ SSVAL(blob.data, 2, opnum);
|
|
+
|
|
+ memcpy(&blob.data[4],
|
|
+ raw_blob.data,
|
|
+ raw_blob.length);
|
|
+
|
|
+ /*
|
|
+ * This matches how oss-fuzz names the corpus input files, due
|
|
+ * to a preference from libFuzzer
|
|
+ */
|
|
+ rc = gnutls_hash_fast(GNUTLS_DIG_SHA1,
|
|
+ blob.data,
|
|
+ blob.length,
|
|
+ digest);
|
|
+ if (rc < 0) {
|
|
+ /*
|
|
+ * This prints a better error message, eg if SHA1 is
|
|
+ * disabled
|
|
+ */
|
|
+ NTSTATUS status = gnutls_error_to_ntstatus(rc,
|
|
+ NT_STATUS_HASH_NOT_SUPPORTED);
|
|
+ DBG_ERR("Failed to generate SHA1 to save fuzz seed: %s",
|
|
+ nt_errstr(status));
|
|
+ talloc_free(temp_ctx);
|
|
+ return;
|
|
+ }
|
|
+
|
|
+ digest_blob.data = digest;
|
|
+ digest_blob.length = sizeof(digest);
|
|
+ digest_hex = data_blob_hex_string_lower(temp_ctx, &digest_blob);
|
|
+
|
|
+ fname = talloc_asprintf(temp_ctx, "%s/%s",
|
|
+ sub_dir,
|
|
+ digest_hex);
|
|
+ if (fname == NULL) {
|
|
+ talloc_free(temp_ctx);
|
|
+ return;
|
|
+ }
|
|
+
|
|
+ /*
|
|
+ * If this fails, it is most likely because that file already
|
|
+ * exists. This is fine, it means we already have this
|
|
+ * sample
|
|
+ */
|
|
+ file_save(fname,
|
|
+ blob.data,
|
|
+ blob.length);
|
|
+
|
|
+ talloc_free(temp_ctx);
|
|
+}
|
|
+
|
|
+#endif /*if DEVELOPER, enveloping _dcesrv_save_ndr_fuzz_seed() */
|
|
diff --git a/librpc/rpc/dcerpc_pkt_auth.h b/librpc/rpc/dcerpc_pkt_auth.h
|
|
new file mode 100644
|
|
index 00000000000..c0d23b91c05
|
|
--- /dev/null
|
|
+++ b/librpc/rpc/dcerpc_pkt_auth.h
|
|
@@ -0,0 +1,58 @@
|
|
+/*
|
|
+ Unix SMB/CIFS implementation.
|
|
+
|
|
+ Copyright (C) Stefan Metzmacher 2010-2011
|
|
+ Copyright (C) Andrew Tridgell 2010-2011
|
|
+ Copyright (C) Simo Sorce 2010
|
|
+
|
|
+ This program is free software; you can redistribute it and/or modify
|
|
+ it under the terms of the GNU General Public License as published by
|
|
+ the Free Software Foundation; either version 3 of the License, or
|
|
+ (at your option) any later version.
|
|
+
|
|
+ This program is distributed in the hope that it will be useful,
|
|
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
+ GNU General Public License for more details.
|
|
+
|
|
+ You should have received a copy of the GNU General Public License
|
|
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
+*/
|
|
+
|
|
+#ifndef __LIBRPC_RPC_DCERPC_PKT_AUTH_H__
|
|
+#define __LIBRPC_RPC_DCERPC_PKT_AUTH_H__
|
|
+
|
|
+#include "replace.h"
|
|
+#include <talloc.h>
|
|
+#include "lib/util/data_blob.h"
|
|
+#include "libcli/util/ntstatus.h"
|
|
+#include "librpc/rpc/rpc_common.h"
|
|
+#include "librpc/gen_ndr/dcerpc.h"
|
|
+
|
|
+NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state,
|
|
+ struct gensec_security *gensec,
|
|
+ TALLOC_CTX *mem_ctx,
|
|
+ enum dcerpc_pkt_type ptype,
|
|
+ uint8_t required_flags,
|
|
+ uint8_t optional_flags,
|
|
+ uint8_t payload_offset,
|
|
+ DATA_BLOB *payload_and_verifier,
|
|
+ DATA_BLOB *raw_packet,
|
|
+ const struct ncacn_packet *pkt);
|
|
+NTSTATUS dcerpc_ncacn_push_pkt_auth(const struct dcerpc_auth *auth_state,
|
|
+ struct gensec_security *gensec,
|
|
+ TALLOC_CTX *mem_ctx,
|
|
+ DATA_BLOB *raw_packet,
|
|
+ size_t sig_size,
|
|
+ uint8_t payload_offset,
|
|
+ const DATA_BLOB *payload,
|
|
+ const struct ncacn_packet *pkt);
|
|
+struct tevent_req *dcerpc_read_ncacn_packet_send(TALLOC_CTX *mem_ctx,
|
|
+ struct tevent_context *ev,
|
|
+ struct tstream_context *stream);
|
|
+NTSTATUS dcerpc_read_ncacn_packet_recv(struct tevent_req *req,
|
|
+ TALLOC_CTX *mem_ctx,
|
|
+ struct ncacn_packet **pkt,
|
|
+ DATA_BLOB *buffer);
|
|
+
|
|
+#endif
|
|
diff --git a/librpc/rpc/dcerpc_util.c b/librpc/rpc/dcerpc_util.c
|
|
index 925fb70ad7c..c878a2af094 100644
|
|
--- a/librpc/rpc/dcerpc_util.c
|
|
+++ b/librpc/rpc/dcerpc_util.c
|
|
@@ -29,10 +29,6 @@
|
|
#include "librpc/gen_ndr/ndr_dcerpc.h"
|
|
#include "rpc_common.h"
|
|
#include "lib/util/bitmap.h"
|
|
-#include "auth/gensec/gensec.h"
|
|
-#include "lib/util/mkdir_p.h"
|
|
-#include "lib/crypto/gnutls_helpers.h"
|
|
-#include <gnutls/crypto.h>
|
|
|
|
#undef strncasecmp
|
|
|
|
@@ -486,340 +482,6 @@ NTSTATUS dcerpc_verify_ncacn_packet_header(const struct ncacn_packet *pkt,
|
|
return NT_STATUS_OK;
|
|
}
|
|
|
|
-NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state,
|
|
- struct gensec_security *gensec,
|
|
- TALLOC_CTX *mem_ctx,
|
|
- enum dcerpc_pkt_type ptype,
|
|
- uint8_t required_flags,
|
|
- uint8_t optional_flags,
|
|
- uint8_t payload_offset,
|
|
- DATA_BLOB *payload_and_verifier,
|
|
- DATA_BLOB *raw_packet,
|
|
- const struct ncacn_packet *pkt)
|
|
-{
|
|
- NTSTATUS status;
|
|
- struct dcerpc_auth auth;
|
|
- uint32_t auth_length;
|
|
-
|
|
- if (auth_state == NULL) {
|
|
- return NT_STATUS_INTERNAL_ERROR;
|
|
- }
|
|
-
|
|
- status = dcerpc_verify_ncacn_packet_header(pkt, ptype,
|
|
- payload_and_verifier->length,
|
|
- required_flags, optional_flags);
|
|
- if (!NT_STATUS_IS_OK(status)) {
|
|
- return status;
|
|
- }
|
|
-
|
|
- switch (auth_state->auth_level) {
|
|
- case DCERPC_AUTH_LEVEL_PRIVACY:
|
|
- case DCERPC_AUTH_LEVEL_INTEGRITY:
|
|
- case DCERPC_AUTH_LEVEL_PACKET:
|
|
- break;
|
|
-
|
|
- case DCERPC_AUTH_LEVEL_CONNECT:
|
|
- if (pkt->auth_length != 0) {
|
|
- break;
|
|
- }
|
|
- return NT_STATUS_OK;
|
|
- case DCERPC_AUTH_LEVEL_NONE:
|
|
- if (pkt->auth_length != 0) {
|
|
- return NT_STATUS_ACCESS_DENIED;
|
|
- }
|
|
- return NT_STATUS_OK;
|
|
-
|
|
- default:
|
|
- return NT_STATUS_RPC_UNSUPPORTED_AUTHN_LEVEL;
|
|
- }
|
|
-
|
|
- if (pkt->auth_length == 0) {
|
|
- return NT_STATUS_RPC_PROTOCOL_ERROR;
|
|
- }
|
|
-
|
|
- if (gensec == NULL) {
|
|
- return NT_STATUS_INTERNAL_ERROR;
|
|
- }
|
|
-
|
|
- status = dcerpc_pull_auth_trailer(pkt, mem_ctx,
|
|
- payload_and_verifier,
|
|
- &auth, &auth_length, false);
|
|
- if (!NT_STATUS_IS_OK(status)) {
|
|
- return status;
|
|
- }
|
|
-
|
|
- if (payload_and_verifier->length < auth_length) {
|
|
- /*
|
|
- * should be checked in dcerpc_pull_auth_trailer()
|
|
- */
|
|
- return NT_STATUS_INTERNAL_ERROR;
|
|
- }
|
|
-
|
|
- payload_and_verifier->length -= auth_length;
|
|
-
|
|
- if (payload_and_verifier->length < auth.auth_pad_length) {
|
|
- /*
|
|
- * should be checked in dcerpc_pull_auth_trailer()
|
|
- */
|
|
- return NT_STATUS_INTERNAL_ERROR;
|
|
- }
|
|
-
|
|
- if (auth.auth_type != auth_state->auth_type) {
|
|
- return NT_STATUS_ACCESS_DENIED;
|
|
- }
|
|
-
|
|
- if (auth.auth_level != auth_state->auth_level) {
|
|
- return NT_STATUS_ACCESS_DENIED;
|
|
- }
|
|
-
|
|
- if (auth.auth_context_id != auth_state->auth_context_id) {
|
|
- return NT_STATUS_ACCESS_DENIED;
|
|
- }
|
|
-
|
|
- /* check signature or unseal the packet */
|
|
- switch (auth_state->auth_level) {
|
|
- case DCERPC_AUTH_LEVEL_PRIVACY:
|
|
- status = gensec_unseal_packet(gensec,
|
|
- raw_packet->data + payload_offset,
|
|
- payload_and_verifier->length,
|
|
- raw_packet->data,
|
|
- raw_packet->length -
|
|
- auth.credentials.length,
|
|
- &auth.credentials);
|
|
- if (!NT_STATUS_IS_OK(status)) {
|
|
- return NT_STATUS_RPC_SEC_PKG_ERROR;
|
|
- }
|
|
- memcpy(payload_and_verifier->data,
|
|
- raw_packet->data + payload_offset,
|
|
- payload_and_verifier->length);
|
|
- break;
|
|
-
|
|
- case DCERPC_AUTH_LEVEL_INTEGRITY:
|
|
- case DCERPC_AUTH_LEVEL_PACKET:
|
|
- status = gensec_check_packet(gensec,
|
|
- payload_and_verifier->data,
|
|
- payload_and_verifier->length,
|
|
- raw_packet->data,
|
|
- raw_packet->length -
|
|
- auth.credentials.length,
|
|
- &auth.credentials);
|
|
- if (!NT_STATUS_IS_OK(status)) {
|
|
- return NT_STATUS_RPC_SEC_PKG_ERROR;
|
|
- }
|
|
- break;
|
|
-
|
|
- case DCERPC_AUTH_LEVEL_CONNECT:
|
|
- /* for now we ignore possible signatures here */
|
|
- break;
|
|
-
|
|
- default:
|
|
- return NT_STATUS_RPC_UNSUPPORTED_AUTHN_LEVEL;
|
|
- }
|
|
-
|
|
- /*
|
|
- * remove the indicated amount of padding
|
|
- *
|
|
- * A possible overflow is checked above.
|
|
- */
|
|
- payload_and_verifier->length -= auth.auth_pad_length;
|
|
-
|
|
- return NT_STATUS_OK;
|
|
-}
|
|
-
|
|
-NTSTATUS dcerpc_ncacn_push_pkt_auth(const struct dcerpc_auth *auth_state,
|
|
- struct gensec_security *gensec,
|
|
- TALLOC_CTX *mem_ctx,
|
|
- DATA_BLOB *raw_packet,
|
|
- size_t sig_size,
|
|
- uint8_t payload_offset,
|
|
- const DATA_BLOB *payload,
|
|
- const struct ncacn_packet *pkt)
|
|
-{
|
|
- TALLOC_CTX *frame = talloc_stackframe();
|
|
- NTSTATUS status;
|
|
- enum ndr_err_code ndr_err;
|
|
- struct ndr_push *ndr = NULL;
|
|
- uint32_t payload_length;
|
|
- uint32_t whole_length;
|
|
- DATA_BLOB blob = data_blob_null;
|
|
- DATA_BLOB sig = data_blob_null;
|
|
- struct dcerpc_auth _out_auth_info;
|
|
- struct dcerpc_auth *out_auth_info = NULL;
|
|
-
|
|
- *raw_packet = data_blob_null;
|
|
-
|
|
- if (auth_state == NULL) {
|
|
- TALLOC_FREE(frame);
|
|
- return NT_STATUS_INTERNAL_ERROR;
|
|
- }
|
|
-
|
|
- switch (auth_state->auth_level) {
|
|
- case DCERPC_AUTH_LEVEL_PRIVACY:
|
|
- case DCERPC_AUTH_LEVEL_INTEGRITY:
|
|
- case DCERPC_AUTH_LEVEL_PACKET:
|
|
- if (sig_size == 0) {
|
|
- TALLOC_FREE(frame);
|
|
- return NT_STATUS_INTERNAL_ERROR;
|
|
- }
|
|
-
|
|
- if (gensec == NULL) {
|
|
- TALLOC_FREE(frame);
|
|
- return NT_STATUS_INTERNAL_ERROR;
|
|
- }
|
|
-
|
|
- _out_auth_info = (struct dcerpc_auth) {
|
|
- .auth_type = auth_state->auth_type,
|
|
- .auth_level = auth_state->auth_level,
|
|
- .auth_context_id = auth_state->auth_context_id,
|
|
- };
|
|
- out_auth_info = &_out_auth_info;
|
|
- break;
|
|
-
|
|
- case DCERPC_AUTH_LEVEL_CONNECT:
|
|
- /*
|
|
- * TODO: let the gensec mech decide if it wants to generate a
|
|
- * signature that might be needed for schannel...
|
|
- */
|
|
- if (sig_size != 0) {
|
|
- TALLOC_FREE(frame);
|
|
- return NT_STATUS_INTERNAL_ERROR;
|
|
- }
|
|
-
|
|
- if (gensec == NULL) {
|
|
- TALLOC_FREE(frame);
|
|
- return NT_STATUS_INTERNAL_ERROR;
|
|
- }
|
|
- break;
|
|
-
|
|
- case DCERPC_AUTH_LEVEL_NONE:
|
|
- if (sig_size != 0) {
|
|
- TALLOC_FREE(frame);
|
|
- return NT_STATUS_INTERNAL_ERROR;
|
|
- }
|
|
- break;
|
|
-
|
|
- default:
|
|
- TALLOC_FREE(frame);
|
|
- return NT_STATUS_INTERNAL_ERROR;
|
|
- }
|
|
-
|
|
- ndr = ndr_push_init_ctx(frame);
|
|
- if (ndr == NULL) {
|
|
- TALLOC_FREE(frame);
|
|
- return NT_STATUS_NO_MEMORY;
|
|
- }
|
|
-
|
|
- ndr_err = ndr_push_ncacn_packet(ndr, NDR_SCALARS|NDR_BUFFERS, pkt);
|
|
- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
|
|
- TALLOC_FREE(frame);
|
|
- return ndr_map_error2ntstatus(ndr_err);
|
|
- }
|
|
-
|
|
- if (out_auth_info != NULL) {
|
|
- /*
|
|
- * pad to 16 byte multiple in the payload portion of the
|
|
- * packet. This matches what w2k3 does. Note that we can't use
|
|
- * ndr_push_align() as that is relative to the start of the
|
|
- * whole packet, whereas w2k8 wants it relative to the start
|
|
- * of the stub.
|
|
- */
|
|
- out_auth_info->auth_pad_length =
|
|
- DCERPC_AUTH_PAD_LENGTH(payload->length);
|
|
- ndr_err = ndr_push_zero(ndr, out_auth_info->auth_pad_length);
|
|
- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
|
|
- TALLOC_FREE(frame);
|
|
- return ndr_map_error2ntstatus(ndr_err);
|
|
- }
|
|
-
|
|
- payload_length = payload->length +
|
|
- out_auth_info->auth_pad_length;
|
|
-
|
|
- ndr_err = ndr_push_dcerpc_auth(ndr, NDR_SCALARS|NDR_BUFFERS,
|
|
- out_auth_info);
|
|
- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
|
|
- TALLOC_FREE(frame);
|
|
- return ndr_map_error2ntstatus(ndr_err);
|
|
- }
|
|
-
|
|
- whole_length = ndr->offset;
|
|
-
|
|
- ndr_err = ndr_push_zero(ndr, sig_size);
|
|
- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
|
|
- TALLOC_FREE(frame);
|
|
- return ndr_map_error2ntstatus(ndr_err);
|
|
- }
|
|
- } else {
|
|
- payload_length = payload->length;
|
|
- whole_length = ndr->offset;
|
|
- }
|
|
-
|
|
- /* extract the whole packet as a blob */
|
|
- blob = ndr_push_blob(ndr);
|
|
-
|
|
- /*
|
|
- * Setup the frag and auth length in the packet buffer.
|
|
- * This is needed if the GENSEC mech does AEAD signing
|
|
- * of the packet headers. The signature itself will be
|
|
- * appended later.
|
|
- */
|
|
- dcerpc_set_frag_length(&blob, blob.length);
|
|
- dcerpc_set_auth_length(&blob, sig_size);
|
|
-
|
|
- /* sign or seal the packet */
|
|
- switch (auth_state->auth_level) {
|
|
- case DCERPC_AUTH_LEVEL_PRIVACY:
|
|
- status = gensec_seal_packet(gensec,
|
|
- frame,
|
|
- blob.data + payload_offset,
|
|
- payload_length,
|
|
- blob.data,
|
|
- whole_length,
|
|
- &sig);
|
|
- if (!NT_STATUS_IS_OK(status)) {
|
|
- TALLOC_FREE(frame);
|
|
- return status;
|
|
- }
|
|
- break;
|
|
-
|
|
- case DCERPC_AUTH_LEVEL_INTEGRITY:
|
|
- case DCERPC_AUTH_LEVEL_PACKET:
|
|
- status = gensec_sign_packet(gensec,
|
|
- frame,
|
|
- blob.data + payload_offset,
|
|
- payload_length,
|
|
- blob.data,
|
|
- whole_length,
|
|
- &sig);
|
|
- if (!NT_STATUS_IS_OK(status)) {
|
|
- TALLOC_FREE(frame);
|
|
- return status;
|
|
- }
|
|
- break;
|
|
-
|
|
- case DCERPC_AUTH_LEVEL_CONNECT:
|
|
- case DCERPC_AUTH_LEVEL_NONE:
|
|
- break;
|
|
-
|
|
- default:
|
|
- TALLOC_FREE(frame);
|
|
- return NT_STATUS_INTERNAL_ERROR;
|
|
- }
|
|
-
|
|
- if (sig.length != sig_size) {
|
|
- TALLOC_FREE(frame);
|
|
- return NT_STATUS_RPC_SEC_PKG_ERROR;
|
|
- }
|
|
-
|
|
- if (sig_size != 0) {
|
|
- memcpy(blob.data + whole_length, sig.data, sig_size);
|
|
- }
|
|
-
|
|
- *raw_packet = blob;
|
|
- talloc_steal(mem_ctx, raw_packet->data);
|
|
- TALLOC_FREE(frame);
|
|
- return NT_STATUS_OK;
|
|
-}
|
|
-
|
|
struct dcerpc_read_ncacn_packet_state {
|
|
#if 0
|
|
struct {
|
|
@@ -1474,129 +1136,3 @@ void dcerpc_log_packet(const char *packet_log_dir,
|
|
free(name);
|
|
}
|
|
}
|
|
-
|
|
-
|
|
-#ifdef DEVELOPER
|
|
-
|
|
-/*
|
|
- * Save valid, well-formed DCE/RPC stubs to use as a seed for
|
|
- * ndr_fuzz_X
|
|
- */
|
|
-void dcerpc_save_ndr_fuzz_seed(TALLOC_CTX *mem_ctx,
|
|
- DATA_BLOB raw_blob,
|
|
- const char *dump_dir,
|
|
- const char *iface_name,
|
|
- int flags,
|
|
- int opnum,
|
|
- bool ndr64)
|
|
-{
|
|
- char *fname = NULL;
|
|
- const char *sub_dir = NULL;
|
|
- TALLOC_CTX *temp_ctx = talloc_new(mem_ctx);
|
|
- DATA_BLOB blob;
|
|
- int ret, rc;
|
|
- uint8_t digest[20];
|
|
- DATA_BLOB digest_blob;
|
|
- char *digest_hex;
|
|
- uint16_t fuzz_flags = 0;
|
|
-
|
|
- /*
|
|
- * We want to save the 'stub' in a per-pipe subdirectory, with
|
|
- * the ndr_fuzz_X header 4 byte header. For the sake of
|
|
- * convenience (this is a developer only function), we mkdir
|
|
- * -p the sub-directories when they are needed.
|
|
- */
|
|
-
|
|
- if (dump_dir == NULL) {
|
|
- return;
|
|
- }
|
|
-
|
|
- temp_ctx = talloc_stackframe();
|
|
-
|
|
- sub_dir = talloc_asprintf(temp_ctx, "%s/%s",
|
|
- dump_dir,
|
|
- iface_name);
|
|
- if (sub_dir == NULL) {
|
|
- talloc_free(temp_ctx);
|
|
- return;
|
|
- }
|
|
- ret = mkdir_p(sub_dir, 0755);
|
|
- if (ret && errno != EEXIST) {
|
|
- DBG_ERR("could not create %s\n", sub_dir);
|
|
- talloc_free(temp_ctx);
|
|
- return;
|
|
- }
|
|
-
|
|
- blob.length = raw_blob.length + 4;
|
|
- blob.data = talloc_array(sub_dir,
|
|
- uint8_t,
|
|
- blob.length);
|
|
- if (blob.data == NULL) {
|
|
- DBG_ERR("could not allocate for fuzz seeds! (%s)\n",
|
|
- iface_name);
|
|
- talloc_free(temp_ctx);
|
|
- return;
|
|
- }
|
|
-
|
|
- if (ndr64) {
|
|
- fuzz_flags = 4;
|
|
- }
|
|
- if (flags & NDR_IN) {
|
|
- fuzz_flags |= 1;
|
|
- } else if (flags & NDR_OUT) {
|
|
- fuzz_flags |= 2;
|
|
- }
|
|
-
|
|
- SSVAL(blob.data, 0, fuzz_flags);
|
|
- SSVAL(blob.data, 2, opnum);
|
|
-
|
|
- memcpy(&blob.data[4],
|
|
- raw_blob.data,
|
|
- raw_blob.length);
|
|
-
|
|
- /*
|
|
- * This matches how oss-fuzz names the corpus input files, due
|
|
- * to a preference from libFuzzer
|
|
- */
|
|
- rc = gnutls_hash_fast(GNUTLS_DIG_SHA1,
|
|
- blob.data,
|
|
- blob.length,
|
|
- digest);
|
|
- if (rc < 0) {
|
|
- /*
|
|
- * This prints a better error message, eg if SHA1 is
|
|
- * disabled
|
|
- */
|
|
- NTSTATUS status = gnutls_error_to_ntstatus(rc,
|
|
- NT_STATUS_HASH_NOT_SUPPORTED);
|
|
- DBG_ERR("Failed to generate SHA1 to save fuzz seed: %s",
|
|
- nt_errstr(status));
|
|
- talloc_free(temp_ctx);
|
|
- return;
|
|
- }
|
|
-
|
|
- digest_blob.data = digest;
|
|
- digest_blob.length = sizeof(digest);
|
|
- digest_hex = data_blob_hex_string_lower(temp_ctx, &digest_blob);
|
|
-
|
|
- fname = talloc_asprintf(temp_ctx, "%s/%s",
|
|
- sub_dir,
|
|
- digest_hex);
|
|
- if (fname == NULL) {
|
|
- talloc_free(temp_ctx);
|
|
- return;
|
|
- }
|
|
-
|
|
- /*
|
|
- * If this fails, it is most likely because that file already
|
|
- * exists. This is fine, it means we already have this
|
|
- * sample
|
|
- */
|
|
- file_save(fname,
|
|
- blob.data,
|
|
- blob.length);
|
|
-
|
|
- talloc_free(temp_ctx);
|
|
-}
|
|
-
|
|
-#endif /*if DEVELOPER, enveloping _dcesrv_save_ndr_fuzz_seed() */
|
|
diff --git a/librpc/rpc/dcerpc_util.h b/librpc/rpc/dcerpc_util.h
|
|
index 0ecaf428c3c..a9bc7bd3832 100644
|
|
--- a/librpc/rpc/dcerpc_util.h
|
|
+++ b/librpc/rpc/dcerpc_util.h
|
|
@@ -74,24 +74,6 @@ NTSTATUS dcerpc_verify_ncacn_packet_header(const struct ncacn_packet *pkt,
|
|
size_t max_auth_info,
|
|
uint8_t required_flags,
|
|
uint8_t optional_flags);
|
|
-NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state,
|
|
- struct gensec_security *gensec,
|
|
- TALLOC_CTX *mem_ctx,
|
|
- enum dcerpc_pkt_type ptype,
|
|
- uint8_t required_flags,
|
|
- uint8_t optional_flags,
|
|
- uint8_t payload_offset,
|
|
- DATA_BLOB *payload_and_verifier,
|
|
- DATA_BLOB *raw_packet,
|
|
- const struct ncacn_packet *pkt);
|
|
-NTSTATUS dcerpc_ncacn_push_pkt_auth(const struct dcerpc_auth *auth_state,
|
|
- struct gensec_security *gensec,
|
|
- TALLOC_CTX *mem_ctx,
|
|
- DATA_BLOB *raw_packet,
|
|
- size_t sig_size,
|
|
- uint8_t payload_offset,
|
|
- const DATA_BLOB *payload,
|
|
- const struct ncacn_packet *pkt);
|
|
struct tevent_req *dcerpc_read_ncacn_packet_send(TALLOC_CTX *mem_ctx,
|
|
struct tevent_context *ev,
|
|
struct tstream_context *stream);
|
|
diff --git a/librpc/rpc/dcesrv_auth.c b/librpc/rpc/dcesrv_auth.c
|
|
index f7919ebf575..8dda86d88e2 100644
|
|
--- a/librpc/rpc/dcesrv_auth.c
|
|
+++ b/librpc/rpc/dcesrv_auth.c
|
|
@@ -24,6 +24,7 @@
|
|
#include "librpc/rpc/dcesrv_core.h"
|
|
#include "librpc/rpc/dcesrv_core_proto.h"
|
|
#include "librpc/rpc/dcerpc_util.h"
|
|
+#include "librpc/rpc/dcerpc_pkt_auth.h"
|
|
#include "librpc/gen_ndr/ndr_dcerpc.h"
|
|
#include "auth/credentials/credentials.h"
|
|
#include "auth/gensec/gensec.h"
|
|
diff --git a/librpc/wscript_build b/librpc/wscript_build
|
|
index e4632d538a4..59d6c31363d 100644
|
|
--- a/librpc/wscript_build
|
|
+++ b/librpc/wscript_build
|
|
@@ -655,12 +655,24 @@ bld.SAMBA_LIBRARY('ndr',
|
|
)
|
|
|
|
bld.SAMBA_LIBRARY('dcerpc-binding',
|
|
- source='rpc/dcerpc_error.c rpc/binding.c rpc/dcerpc_util.c rpc/binding_handle.c',
|
|
- deps='ndr tevent NDR_DCERPC LIBTSOCKET tevent-util gensec',
|
|
+ source='''
|
|
+ rpc/dcerpc_error.c
|
|
+ rpc/binding.c
|
|
+ rpc/dcerpc_util.c
|
|
+ rpc/binding_handle.c
|
|
+ ''',
|
|
+ deps='ndr tevent NDR_DCERPC LIBTSOCKET tevent-util',
|
|
pc_files=[],
|
|
public_headers='rpc/rpc_common.h',
|
|
vnum='0.0.1')
|
|
|
|
+bld.SAMBA_LIBRARY('dcerpc-pkt-auth',
|
|
+ private_library=True,
|
|
+ source='''
|
|
+ rpc/dcerpc_pkt_auth.c
|
|
+ ''',
|
|
+ deps='dcerpc-binding gensec')
|
|
+
|
|
bld.SAMBA_LIBRARY('dcerpc-server-core',
|
|
source='''
|
|
rpc/dcesrv_core.c
|
|
@@ -669,7 +681,14 @@ bld.SAMBA_LIBRARY('dcerpc-server-core',
|
|
rpc/dcesrv_reply.c
|
|
rpc/dcesrv_handles.c
|
|
''',
|
|
- deps='ndr dcerpc-binding samba-util-core gnutls GNUTLS_HELPERS',
|
|
+ deps='''
|
|
+ ndr
|
|
+ dcerpc-binding
|
|
+ samba-util-core
|
|
+ gnutls
|
|
+ GNUTLS_HELPERS
|
|
+ dcerpc-pkt-auth
|
|
+ ''',
|
|
pc_files=[],
|
|
public_headers='rpc/dcesrv_core.h',
|
|
autoproto='rpc/dcesrv_core_proto.h',
|
|
diff --git a/source3/wscript_build b/source3/wscript_build
|
|
index 5d04fcb41d1..a143477a506 100644
|
|
--- a/source3/wscript_build
|
|
+++ b/source3/wscript_build
|
|
@@ -1034,9 +1034,11 @@ bld.SAMBA3_LIBRARY('cli_spoolss',
|
|
rpc_client/init_spoolss.c
|
|
''',
|
|
deps='''
|
|
- RPC_NDR_SPOOLSS
|
|
- smbconf
|
|
- secrets3''',
|
|
+ RPC_NDR_SPOOLSS
|
|
+ smbconf
|
|
+ secrets3
|
|
+ gensec
|
|
+ ''',
|
|
private_library=True)
|
|
|
|
bld.SAMBA3_SUBSYSTEM('LIBCLI_WINREG',
|
|
diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c
|
|
index f97263dcc5b..4847e8a0200 100644
|
|
--- a/source4/librpc/rpc/dcerpc.c
|
|
+++ b/source4/librpc/rpc/dcerpc.c
|
|
@@ -27,6 +27,7 @@
|
|
#include "librpc/rpc/dcerpc.h"
|
|
#include "librpc/rpc/dcerpc_proto.h"
|
|
#include "librpc/rpc/dcerpc_util.h"
|
|
+#include "librpc/rpc/dcerpc_pkt_auth.h"
|
|
#include "librpc/gen_ndr/ndr_misc.h"
|
|
#include "librpc/gen_ndr/ndr_dcerpc.h"
|
|
#include "auth/gensec/gensec.h"
|
|
diff --git a/source4/librpc/wscript_build b/source4/librpc/wscript_build
|
|
index ea9c4853d7a..511008d919d 100644
|
|
--- a/source4/librpc/wscript_build
|
|
+++ b/source4/librpc/wscript_build
|
|
@@ -157,7 +157,26 @@ bld.SAMBA_LIBRARY('dcerpc',
|
|
rpc/dcerpc_roh_channel_in.c rpc/dcerpc_roh_channel_out.c rpc/dcerpc_roh.c
|
|
rpc/dcerpc_connect.c rpc/dcerpc_secondary.c''',
|
|
pc_files='dcerpc.pc',
|
|
- deps='samba_socket LIBCLI_RESOLVE LIBCLI_SMB LIBCLI_SMB2 ndr NDR_DCERPC RPC_NDR_EPMAPPER NDR_SCHANNEL RPC_NDR_NETLOGON RPC_NDR_MGMT gensec LIBCLI_AUTH smbclient-raw LP_RESOLVE tevent-util dcerpc-binding param_options http',
|
|
+ deps='''
|
|
+ samba_socket
|
|
+ LIBCLI_RESOLVE
|
|
+ LIBCLI_SMB
|
|
+ LIBCLI_SMB2
|
|
+ ndr
|
|
+ NDR_DCERPC
|
|
+ RPC_NDR_EPMAPPER
|
|
+ NDR_SCHANNEL
|
|
+ RPC_NDR_NETLOGON
|
|
+ RPC_NDR_MGMT
|
|
+ gensec
|
|
+ LIBCLI_AUTH
|
|
+ smbclient-raw
|
|
+ LP_RESOLVE
|
|
+ tevent-util
|
|
+ dcerpc-binding
|
|
+ dcerpc-pkt-auth
|
|
+ param_options
|
|
+ http''',
|
|
autoproto='rpc/dcerpc_proto.h',
|
|
public_deps='samba-credentials tevent talloc',
|
|
public_headers='''rpc/dcerpc.h''',
|
|
--
|
|
2.25.1
|
|
|
|
|
|
From fba123a44e0afd9d2377e3e45b0b2d88aecb2136 Mon Sep 17 00:00:00 2001
|
|
From: Stefan Metzmacher <metze@samba.org>
|
|
Date: Fri, 13 Nov 2020 11:25:41 +0100
|
|
Subject: [PATCH 3/9] CVE-2021-23192: dcesrv_core: add better debugging to
|
|
dcesrv_fault_disconnect()
|
|
|
|
It's better to see the location that triggered the fault.
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875
|
|
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
|
|
---
|
|
librpc/rpc/dcesrv_core.c | 29 ++++++++++++++++++++++++-----
|
|
1 file changed, 24 insertions(+), 5 deletions(-)
|
|
|
|
diff --git a/librpc/rpc/dcesrv_core.c b/librpc/rpc/dcesrv_core.c
|
|
index 74730f22c7c..0c2d83b4b17 100644
|
|
--- a/librpc/rpc/dcesrv_core.c
|
|
+++ b/librpc/rpc/dcesrv_core.c
|
|
@@ -705,19 +705,38 @@ static NTSTATUS dcesrv_bind_nak(struct dcesrv_call_state *call, uint32_t reason)
|
|
return NT_STATUS_OK;
|
|
}
|
|
|
|
-static NTSTATUS dcesrv_fault_disconnect(struct dcesrv_call_state *call,
|
|
- uint32_t fault_code)
|
|
+static NTSTATUS _dcesrv_fault_disconnect_flags(struct dcesrv_call_state *call,
|
|
+ uint32_t fault_code,
|
|
+ uint8_t extra_flags,
|
|
+ const char *func,
|
|
+ const char *location)
|
|
{
|
|
+ const char *reason = NULL;
|
|
+
|
|
+ reason = talloc_asprintf(call, "%s:%s: fault=%u (%s) flags=0x%x",
|
|
+ func, location,
|
|
+ fault_code,
|
|
+ dcerpc_errstr(call, fault_code),
|
|
+ extra_flags);
|
|
+ if (reason == NULL) {
|
|
+ reason = location;
|
|
+ }
|
|
+
|
|
/*
|
|
* We add the call to the pending_call_list
|
|
* in order to defer the termination.
|
|
*/
|
|
- dcesrv_call_disconnect_after(call, "dcesrv_fault_disconnect");
|
|
|
|
- return dcesrv_fault_with_flags(call, fault_code,
|
|
- DCERPC_PFC_FLAG_DID_NOT_EXECUTE);
|
|
+ dcesrv_call_disconnect_after(call, reason);
|
|
+
|
|
+ return dcesrv_fault_with_flags(call, fault_code, extra_flags);
|
|
}
|
|
|
|
+#define dcesrv_fault_disconnect(call, fault_code) \
|
|
+ _dcesrv_fault_disconnect_flags(call, fault_code, \
|
|
+ DCERPC_PFC_FLAG_DID_NOT_EXECUTE, \
|
|
+ __func__, __location__)
|
|
+
|
|
static int dcesrv_connection_context_destructor(struct dcesrv_connection_context *c)
|
|
{
|
|
DLIST_REMOVE(c->conn->contexts, c);
|
|
--
|
|
2.25.1
|
|
|
|
|
|
From 937d9c1b4926aa4b511d1eb4f9b1729fb20ac9fa Mon Sep 17 00:00:00 2001
|
|
From: Stefan Metzmacher <metze@samba.org>
|
|
Date: Fri, 13 Nov 2020 11:27:19 +0100
|
|
Subject: [PATCH 4/9] CVE-2021-23192: dcesrv_core: add
|
|
dcesrv_fault_disconnect0() that skips DCERPC_PFC_FLAG_DID_NOT_EXECUTE
|
|
|
|
That makes the callers much simpler and allow better debugging.
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875
|
|
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
|
|
---
|
|
librpc/rpc/dcesrv_core.c | 47 ++++++++++++++--------------------------
|
|
1 file changed, 16 insertions(+), 31 deletions(-)
|
|
|
|
diff --git a/librpc/rpc/dcesrv_core.c b/librpc/rpc/dcesrv_core.c
|
|
index 0c2d83b4b17..ffaa9019d4b 100644
|
|
--- a/librpc/rpc/dcesrv_core.c
|
|
+++ b/librpc/rpc/dcesrv_core.c
|
|
@@ -736,6 +736,9 @@ static NTSTATUS _dcesrv_fault_disconnect_flags(struct dcesrv_call_state *call,
|
|
_dcesrv_fault_disconnect_flags(call, fault_code, \
|
|
DCERPC_PFC_FLAG_DID_NOT_EXECUTE, \
|
|
__func__, __location__)
|
|
+#define dcesrv_fault_disconnect0(call, fault_code) \
|
|
+ _dcesrv_fault_disconnect_flags(call, fault_code, 0, \
|
|
+ __func__, __location__)
|
|
|
|
static int dcesrv_connection_context_destructor(struct dcesrv_connection_context *c)
|
|
{
|
|
@@ -2097,10 +2100,7 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn,
|
|
* Note that we don't check against the negotiated
|
|
* max_recv_frag, but a hard coded value.
|
|
*/
|
|
- dcesrv_call_disconnect_after(call,
|
|
- "dcesrv_auth_request - frag_length too large");
|
|
- return dcesrv_fault(call,
|
|
- DCERPC_NCA_S_PROTO_ERROR);
|
|
+ return dcesrv_fault_disconnect0(call, DCERPC_NCA_S_PROTO_ERROR);
|
|
}
|
|
|
|
if (call->pkt.pfc_flags & DCERPC_PFC_FLAG_FIRST) {
|
|
@@ -2110,10 +2110,7 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn,
|
|
* if DCERPC_PFC_FLAG_CONC_MPX was negotiated.
|
|
*/
|
|
if (!(dce_conn->state_flags & DCESRV_CALL_STATE_FLAG_MULTIPLEXED)) {
|
|
- dcesrv_call_disconnect_after(call,
|
|
- "dcesrv_auth_request - "
|
|
- "existing pending call without CONN_MPX");
|
|
- return dcesrv_fault(call,
|
|
+ return dcesrv_fault_disconnect0(call,
|
|
DCERPC_NCA_S_PROTO_ERROR);
|
|
}
|
|
}
|
|
@@ -2131,10 +2128,7 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn,
|
|
TALLOC_FREE(call);
|
|
call = dce_conn->incoming_fragmented_call_list;
|
|
}
|
|
- dcesrv_call_disconnect_after(call,
|
|
- "dcesrv_auth_request - "
|
|
- "existing fragmented call");
|
|
- return dcesrv_fault(call,
|
|
+ return dcesrv_fault_disconnect0(call,
|
|
DCERPC_NCA_S_PROTO_ERROR);
|
|
}
|
|
if (call->pkt.pfc_flags & DCERPC_PFC_FLAG_PENDING_CANCEL) {
|
|
@@ -2155,10 +2149,7 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn,
|
|
existing = dcesrv_find_fragmented_call(dce_conn,
|
|
call->pkt.call_id);
|
|
if (existing == NULL) {
|
|
- dcesrv_call_disconnect_after(call,
|
|
- "dcesrv_auth_request - "
|
|
- "no existing fragmented call");
|
|
- return dcesrv_fault(call,
|
|
+ return dcesrv_fault_disconnect0(call,
|
|
DCERPC_NCA_S_PROTO_ERROR);
|
|
}
|
|
er = &existing->pkt.u.request;
|
|
@@ -2211,12 +2202,10 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn,
|
|
* here, because we don't want to set
|
|
* DCERPC_PFC_FLAG_DID_NOT_EXECUTE
|
|
*/
|
|
- dcesrv_call_disconnect_after(call,
|
|
- "dcesrv_auth_request - failed");
|
|
if (call->fault_code == 0) {
|
|
call->fault_code = DCERPC_FAULT_ACCESS_DENIED;
|
|
}
|
|
- return dcesrv_fault(call, call->fault_code);
|
|
+ return dcesrv_fault_disconnect0(call, call->fault_code);
|
|
}
|
|
}
|
|
|
|
@@ -2233,20 +2222,17 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn,
|
|
*/
|
|
available = dce_conn->max_total_request_size;
|
|
if (er->stub_and_verifier.length > available) {
|
|
- dcesrv_call_disconnect_after(existing,
|
|
- "dcesrv_auth_request - existing payload too large");
|
|
- return dcesrv_fault(existing, DCERPC_FAULT_ACCESS_DENIED);
|
|
+ return dcesrv_fault_disconnect0(existing,
|
|
+ DCERPC_FAULT_ACCESS_DENIED);
|
|
}
|
|
available -= er->stub_and_verifier.length;
|
|
if (nr->alloc_hint > available) {
|
|
- dcesrv_call_disconnect_after(existing,
|
|
- "dcesrv_auth_request - alloc hint too large");
|
|
- return dcesrv_fault(existing, DCERPC_FAULT_ACCESS_DENIED);
|
|
+ return dcesrv_fault_disconnect0(existing,
|
|
+ DCERPC_FAULT_ACCESS_DENIED);
|
|
}
|
|
if (nr->stub_and_verifier.length > available) {
|
|
- dcesrv_call_disconnect_after(existing,
|
|
- "dcesrv_auth_request - new payload too large");
|
|
- return dcesrv_fault(existing, DCERPC_FAULT_ACCESS_DENIED);
|
|
+ return dcesrv_fault_disconnect0(existing,
|
|
+ DCERPC_FAULT_ACCESS_DENIED);
|
|
}
|
|
alloc_hint = er->stub_and_verifier.length + nr->alloc_hint;
|
|
/* allocate at least 1 byte */
|
|
@@ -2285,9 +2271,8 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn,
|
|
* Up to 4 MByte are allowed by all fragments
|
|
*/
|
|
if (call->pkt.u.request.alloc_hint > dce_conn->max_total_request_size) {
|
|
- dcesrv_call_disconnect_after(call,
|
|
- "dcesrv_auth_request - initial alloc hint too large");
|
|
- return dcesrv_fault(call, DCERPC_FAULT_ACCESS_DENIED);
|
|
+ return dcesrv_fault_disconnect0(call,
|
|
+ DCERPC_FAULT_ACCESS_DENIED);
|
|
}
|
|
dcesrv_call_set_list(call, DCESRV_LIST_FRAGMENTED_CALL_LIST);
|
|
return NT_STATUS_OK;
|
|
--
|
|
2.25.1
|
|
|
|
|
|
From 480bfd0a809705966d782839f02f899fc3f68241 Mon Sep 17 00:00:00 2001
|
|
From: Stefan Metzmacher <metze@samba.org>
|
|
Date: Wed, 11 Nov 2020 16:59:06 +0100
|
|
Subject: [PATCH 5/9] CVE-2021-23192: python/tests/dcerpc: change
|
|
assertNotEquals() into assertNotEqual()
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875
|
|
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
|
|
---
|
|
python/samba/tests/dcerpc/raw_protocol.py | 288 +++++++++++-----------
|
|
python/samba/tests/dcerpc/raw_testcase.py | 14 +-
|
|
2 files changed, 151 insertions(+), 151 deletions(-)
|
|
|
|
diff --git a/python/samba/tests/dcerpc/raw_protocol.py b/python/samba/tests/dcerpc/raw_protocol.py
|
|
index dc13d41c6a2..cbd398d5290 100755
|
|
--- a/python/samba/tests/dcerpc/raw_protocol.py
|
|
+++ b/python/samba/tests/dcerpc/raw_protocol.py
|
|
@@ -65,7 +65,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
pfc_flags=rep_pfc_flags, auth_length=0)
|
|
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
|
|
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
|
|
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
self.assertEqual(rep.u.secondary_address_size, 4)
|
|
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
|
|
self.assertPadding(rep.u._pad1, 2)
|
|
@@ -86,7 +86,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
rep = self.recv_pdu()
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
|
|
@@ -108,7 +108,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
auth_length=0)
|
|
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
|
|
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
|
|
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
self.assertEqual(rep.u.secondary_address_size, 4)
|
|
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
|
|
self.assertPadding(rep.u._pad1, 2)
|
|
@@ -128,7 +128,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
pfc_flags=rep_pfc_flags, auth_length=0)
|
|
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
|
|
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
|
|
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
self.assertEqual(rep.u.secondary_address_size, 0)
|
|
self.assertEqual(rep.u.secondary_address, "")
|
|
self.assertPadding(rep.u._pad1, 2)
|
|
@@ -149,7 +149,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
rep = self.recv_pdu()
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
|
|
@@ -396,7 +396,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
auth_length=0)
|
|
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
|
|
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
|
|
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
self.assertEqual(rep.u.secondary_address_size, 4)
|
|
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
|
|
self.assertPadding(rep.u._pad1, 2)
|
|
@@ -469,7 +469,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
auth_length=0)
|
|
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
|
|
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
|
|
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
self.assertEqual(rep.u.secondary_address_size, 4)
|
|
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
|
|
self.assertPadding(rep.u._pad1, 2)
|
|
@@ -489,7 +489,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
pfc_flags=req.pfc_flags |
|
|
dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, 0)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertEqual(rep.u.flags, 0)
|
|
@@ -521,7 +521,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
auth_length=0)
|
|
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
|
|
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
|
|
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
self.assertEqual(rep.u.secondary_address_size, 4)
|
|
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
|
|
self.assertPadding(rep.u._pad1, 2)
|
|
@@ -541,7 +541,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
auth_length=0)
|
|
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
|
|
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
|
|
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
self.assertEqual(rep.u.secondary_address_size, 0)
|
|
self.assertPadding(rep.u._pad1, 2)
|
|
self.assertEqual(rep.u.num_results, 1)
|
|
@@ -562,7 +562,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
pfc_flags=req.pfc_flags |
|
|
dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, ctx1.context_id)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertEqual(rep.u.flags, 0)
|
|
@@ -589,7 +589,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
auth_length=0)
|
|
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
|
|
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
|
|
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
self.assertEqual(rep.u.secondary_address_size, 4)
|
|
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
|
|
self.assertPadding(rep.u._pad1, 2)
|
|
@@ -609,7 +609,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
auth_length=0)
|
|
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
|
|
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
|
|
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
self.assertEqual(rep.u.secondary_address_size, 0)
|
|
self.assertPadding(rep.u._pad1, 2)
|
|
self.assertEqual(rep.u.num_results, 1)
|
|
@@ -630,7 +630,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
pfc_flags=req.pfc_flags |
|
|
dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, 0)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertEqual(rep.u.flags, 0)
|
|
@@ -646,7 +646,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
auth_length=0)
|
|
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
|
|
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
|
|
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
self.assertEqual(rep.u.secondary_address_size, 0)
|
|
self.assertPadding(rep.u._pad1, 2)
|
|
self.assertEqual(rep.u.num_results, 1)
|
|
@@ -705,7 +705,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
auth_length=0)
|
|
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
|
|
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
|
|
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
self.assertEqual(rep.u.secondary_address_size, 4)
|
|
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
|
|
self.assertPadding(rep.u._pad1, 2)
|
|
@@ -732,7 +732,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
pfc_flags=req.pfc_flags |
|
|
dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, 0)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertEqual(rep.u.flags, 0)
|
|
@@ -765,7 +765,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
auth_length=0)
|
|
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
|
|
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
|
|
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
self.assertEqual(rep.u.secondary_address_size, 4)
|
|
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
|
|
self.assertPadding(rep.u._pad1, 2)
|
|
@@ -794,7 +794,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
pfc_flags=req.pfc_flags |
|
|
dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, 0)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertEqual(rep.u.flags, 0)
|
|
@@ -826,7 +826,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
auth_length=0)
|
|
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
|
|
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
|
|
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
self.assertEqual(rep.u.secondary_address_size, 4)
|
|
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
|
|
self.assertPadding(rep.u._pad1, 2)
|
|
@@ -855,7 +855,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
auth_length=0)
|
|
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
|
|
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
|
|
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
self.assertEqual(rep.u.secondary_address_size, 0)
|
|
self.assertPadding(rep.u._pad1, 2)
|
|
self.assertEqual(rep.u.num_results, 1)
|
|
@@ -876,7 +876,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
pfc_flags=req.pfc_flags |
|
|
dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, ctx1a.context_id)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertEqual(rep.u.flags, 0)
|
|
@@ -902,7 +902,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
auth_length=0)
|
|
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
|
|
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
|
|
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
self.assertEqual(rep.u.secondary_address_size, 4)
|
|
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
|
|
self.assertPadding(rep.u._pad1, 2)
|
|
@@ -928,7 +928,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
auth_length=0)
|
|
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
|
|
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
|
|
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
self.assertEqual(rep.u.secondary_address_size, 0)
|
|
self.assertPadding(rep.u._pad1, 2)
|
|
self.assertEqual(rep.u.num_results, 1)
|
|
@@ -947,7 +947,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
rep = self.recv_pdu()
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
|
|
@@ -966,7 +966,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
auth_length=0)
|
|
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
|
|
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
|
|
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
self.assertEqual(rep.u.secondary_address_size, 0)
|
|
self.assertPadding(rep.u._pad1, 2)
|
|
self.assertEqual(rep.u.num_results, 1)
|
|
@@ -985,7 +985,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
rep = self.recv_pdu()
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
|
|
@@ -1004,7 +1004,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
auth_length=0)
|
|
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
|
|
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
|
|
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
self.assertEqual(rep.u.secondary_address_size, 0)
|
|
self.assertPadding(rep.u._pad1, 2)
|
|
self.assertEqual(rep.u.num_results, 1)
|
|
@@ -1023,7 +1023,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
rep = self.recv_pdu()
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
|
|
@@ -1049,7 +1049,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
auth_length=0)
|
|
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
|
|
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
|
|
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
self.assertEqual(rep.u.secondary_address_size, 0)
|
|
self.assertPadding(rep.u._pad1, 2)
|
|
self.assertEqual(rep.u.num_results, 2)
|
|
@@ -1073,7 +1073,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
rep = self.recv_pdu()
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
|
|
@@ -1085,7 +1085,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
auth_length=0)
|
|
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
|
|
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
|
|
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
self.assertEqual(rep.u.secondary_address_size, 0)
|
|
self.assertPadding(rep.u._pad1, 2)
|
|
self.assertEqual(rep.u.num_results, 2)
|
|
@@ -1109,7 +1109,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
rep = self.recv_pdu()
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
|
|
@@ -1122,7 +1122,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
rep = self.recv_pdu()
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
|
|
@@ -1134,7 +1134,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
auth_length=0)
|
|
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
|
|
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
|
|
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
self.assertEqual(rep.u.secondary_address_size, 0)
|
|
self.assertPadding(rep.u._pad1, 2)
|
|
self.assertEqual(rep.u.num_results, 2)
|
|
@@ -1158,7 +1158,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
rep = self.recv_pdu()
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
|
|
@@ -1171,7 +1171,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
rep = self.recv_pdu()
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
|
|
@@ -1197,7 +1197,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
auth_length=0)
|
|
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
|
|
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
|
|
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
self.assertEqual(rep.u.secondary_address_size, 0)
|
|
self.assertPadding(rep.u._pad1, 2)
|
|
self.assertEqual(rep.u.num_results, 2)
|
|
@@ -1221,7 +1221,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
rep = self.recv_pdu()
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
|
|
@@ -1233,7 +1233,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
auth_length=0)
|
|
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
|
|
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
|
|
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
self.assertEqual(rep.u.secondary_address_size, 0)
|
|
self.assertPadding(rep.u._pad1, 2)
|
|
self.assertEqual(rep.u.num_results, 2)
|
|
@@ -1257,7 +1257,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
rep = self.recv_pdu()
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
|
|
@@ -1282,7 +1282,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
auth_length=0)
|
|
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
|
|
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
|
|
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
self.assertEqual(rep.u.secondary_address_size, 4)
|
|
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
|
|
self.assertPadding(rep.u._pad1, 2)
|
|
@@ -1318,7 +1318,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
auth_length=0)
|
|
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
|
|
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
|
|
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
self.assertEqual(rep.u.secondary_address_size, 4)
|
|
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
|
|
self.assertPadding(rep.u._pad1, 2)
|
|
@@ -1352,7 +1352,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
auth_length=0)
|
|
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
|
|
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
|
|
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
self.assertEqual(rep.u.secondary_address_size, 4)
|
|
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
|
|
self.assertPadding(rep.u._pad1, 2)
|
|
@@ -1424,7 +1424,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
auth_length=0)
|
|
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
|
|
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
|
|
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
self.assertEqual(rep.u.secondary_address_size, 4)
|
|
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
|
|
self.assertPadding(rep.u._pad1, 2)
|
|
@@ -1459,7 +1459,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
auth_length=0)
|
|
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
|
|
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
|
|
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
self.assertEqual(rep.u.secondary_address_size, 4)
|
|
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
|
|
self.assertPadding(rep.u._pad1, 2)
|
|
@@ -1494,7 +1494,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
auth_length=0)
|
|
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
|
|
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
|
|
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
self.assertEqual(rep.u.secondary_address_size, 4)
|
|
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
|
|
self.assertPadding(rep.u._pad1, 2)
|
|
@@ -1617,7 +1617,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
|
|
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
|
|
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
|
|
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
self.assertEqual(rep.u.secondary_address_size, 4)
|
|
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
|
|
self.assertPadding(rep.u._pad1, 2)
|
|
@@ -1638,7 +1638,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
rep = self.recv_pdu()
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
|
|
@@ -1658,7 +1658,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
# We get a fault back
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertEqual(rep.u.flags, 0)
|
|
@@ -1708,7 +1708,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
auth_length=0)
|
|
self.assertEqual(rep.u.max_xmit_frag, rep_both)
|
|
self.assertEqual(rep.u.max_recv_frag, rep_both)
|
|
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
self.assertEqual(rep.u.secondary_address_size, 4)
|
|
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
|
|
self.assertPadding(rep.u._pad1, 2)
|
|
@@ -1760,7 +1760,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
rep = self.recv_pdu(ndr_print=True, hexdump=True)
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
|
|
@@ -1775,7 +1775,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
rep = self.recv_pdu()
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
|
|
@@ -1791,7 +1791,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
# We get a fault
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, 0)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertEqual(rep.u.flags, 0)
|
|
@@ -1866,7 +1866,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
auth_length=0)
|
|
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
|
|
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
|
|
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
self.assertEqual(rep.u.secondary_address_size, 4)
|
|
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
|
|
self.assertPadding(rep.u._pad1, 2)
|
|
@@ -1888,7 +1888,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
rep = self.recv_pdu()
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
|
|
@@ -1902,7 +1902,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
rep = self.recv_pdu()
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
|
|
@@ -1916,7 +1916,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
rep = self.recv_pdu()
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
|
|
@@ -1994,7 +1994,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
# We get a fault back
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertEqual(rep.u.flags, 0)
|
|
@@ -2014,7 +2014,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
# We get a fault back
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertEqual(rep.u.flags, 0)
|
|
@@ -2036,7 +2036,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
# We get a fault back
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertEqual(rep.u.flags, 0)
|
|
@@ -2052,7 +2052,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
rep = self.recv_pdu()
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
|
|
@@ -2098,7 +2098,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
# We get a fault back
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, 0)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertEqual(rep.u.flags, 0)
|
|
@@ -2128,7 +2128,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
# We get a fault back
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertEqual(rep.u.flags, 0)
|
|
@@ -2195,7 +2195,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
dcerpc.DCERPC_PFC_FLAG_LAST |
|
|
dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, 0)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertEqual(rep.u.flags, 0)
|
|
@@ -2243,7 +2243,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
rep = self.recv_pdu()
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
|
|
@@ -2277,7 +2277,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
rep = self.recv_pdu()
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
|
|
@@ -2313,7 +2313,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
|
|
dcerpc.DCERPC_PFC_FLAG_LAST,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertEqual(rep.u.flags, 0)
|
|
@@ -2341,7 +2341,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
rep = self.recv_pdu()
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
|
|
@@ -2376,7 +2376,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
rep = self.recv_pdu()
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
|
|
@@ -2390,7 +2390,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
rep = self.recv_pdu()
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
|
|
@@ -2415,7 +2415,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
rep = self.recv_pdu()
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id & 0xff)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
|
|
@@ -2450,7 +2450,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
rep = self.recv_pdu()
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id & 0xff)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
|
|
@@ -2464,7 +2464,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
rep = self.recv_pdu()
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id & 0xff)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
|
|
@@ -2503,7 +2503,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
rep = self.recv_pdu()
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id & 0xff)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
|
|
@@ -2517,7 +2517,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
rep = self.recv_pdu()
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id & 0xff)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
|
|
@@ -2552,7 +2552,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
rep = self.recv_pdu()
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req1.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req1.u.context_id)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertEqual(rep.u.flags, 0)
|
|
@@ -2600,7 +2600,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
rep = self.recv_pdu()
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req2.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, 0)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertEqual(rep.u.flags, 0)
|
|
@@ -2650,7 +2650,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
|
|
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
|
|
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
|
|
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
self.assertEqual(rep.u.secondary_address_size, 4)
|
|
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
|
|
self.assertPadding(rep.u._pad1, 2)
|
|
@@ -2660,7 +2660,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
self.assertEqual(rep.u.ctx_list[0].reason,
|
|
dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
|
|
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
|
|
- self.assertNotEquals(len(rep.u.auth_info), 0)
|
|
+ self.assertNotEqual(len(rep.u.auth_info), 0)
|
|
a = self.parse_auth(rep.u.auth_info)
|
|
|
|
from_server = a.credentials
|
|
@@ -2691,7 +2691,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
self.assertEqual(rep.u.ctx_list[0].reason,
|
|
dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
|
|
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
|
|
- self.assertNotEquals(len(rep.u.auth_info), 0)
|
|
+ self.assertNotEqual(len(rep.u.auth_info), 0)
|
|
a = self.parse_auth(rep.u.auth_info)
|
|
|
|
from_server = a.credentials
|
|
@@ -2707,7 +2707,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
rep = self.recv_pdu()
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id & 0xff)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
|
|
@@ -2727,7 +2727,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
# We don't get an auth_info back
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id & 0xff)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
|
|
@@ -2747,7 +2747,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
# We get a fault back
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertEqual(rep.u.flags, 0)
|
|
@@ -2805,7 +2805,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
|
|
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
|
|
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
|
|
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
self.assertEqual(rep.u.secondary_address_size, 4)
|
|
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
|
|
self.assertPadding(rep.u._pad1, 2)
|
|
@@ -2815,7 +2815,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
self.assertEqual(rep.u.ctx_list[0].reason,
|
|
dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
|
|
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
|
|
- self.assertNotEquals(len(rep.u.auth_info), 0)
|
|
+ self.assertNotEqual(len(rep.u.auth_info), 0)
|
|
a = self.parse_auth(rep.u.auth_info)
|
|
|
|
from_server = a.credentials
|
|
@@ -2846,7 +2846,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
self.assertEqual(rep.u.ctx_list[0].reason,
|
|
dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
|
|
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
|
|
- self.assertNotEquals(len(rep.u.auth_info), 0)
|
|
+ self.assertNotEqual(len(rep.u.auth_info), 0)
|
|
a = self.parse_auth(rep.u.auth_info)
|
|
|
|
from_server = a.credentials
|
|
@@ -2868,7 +2868,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
# We get a fault back
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertEqual(rep.u.flags, 0)
|
|
@@ -2926,7 +2926,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
|
|
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
|
|
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
|
|
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
assoc_group_id = rep.u.assoc_group_id
|
|
self.assertEqual(rep.u.secondary_address_size, 4)
|
|
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
|
|
@@ -2937,7 +2937,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
self.assertEqual(rep.u.ctx_list[0].reason,
|
|
dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
|
|
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
|
|
- self.assertNotEquals(len(rep.u.auth_info), 0)
|
|
+ self.assertNotEqual(len(rep.u.auth_info), 0)
|
|
a = self.parse_auth(rep.u.auth_info)
|
|
|
|
from_server = a.credentials
|
|
@@ -2961,7 +2961,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
pfc_flags=req.pfc_flags |
|
|
dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, 0)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertEqual(rep.u.flags, 0)
|
|
@@ -3009,7 +3009,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
|
|
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
|
|
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
|
|
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
self.assertEqual(rep.u.secondary_address_size, 4)
|
|
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
|
|
self.assertPadding(rep.u._pad1, 2)
|
|
@@ -3019,7 +3019,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
self.assertEqual(rep.u.ctx_list[0].reason,
|
|
dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
|
|
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
|
|
- self.assertNotEquals(len(rep.u.auth_info), 0)
|
|
+ self.assertNotEqual(len(rep.u.auth_info), 0)
|
|
a = self.parse_auth(rep.u.auth_info)
|
|
|
|
from_server = a.credentials
|
|
@@ -3047,7 +3047,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
# We get a fault back
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertEqual(rep.u.flags, 0)
|
|
@@ -3098,7 +3098,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
|
|
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
|
|
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
|
|
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
self.assertEqual(rep.u.secondary_address_size, 4)
|
|
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
|
|
self.assertPadding(rep.u._pad1, 2)
|
|
@@ -3108,7 +3108,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
self.assertEqual(rep.u.ctx_list[0].reason,
|
|
dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
|
|
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
|
|
- self.assertNotEquals(len(rep.u.auth_info), 0)
|
|
+ self.assertNotEqual(len(rep.u.auth_info), 0)
|
|
a = self.parse_auth(rep.u.auth_info)
|
|
|
|
from_server = a.credentials
|
|
@@ -3137,7 +3137,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
self.assertEqual(rep.u.ctx_list[0].reason,
|
|
dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
|
|
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
|
|
- self.assertNotEquals(len(rep.u.auth_info), 0)
|
|
+ self.assertNotEqual(len(rep.u.auth_info), 0)
|
|
a = self.parse_auth(rep.u.auth_info)
|
|
|
|
from_server = a.credentials
|
|
@@ -3153,7 +3153,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
rep = self.recv_pdu()
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id & 0xff)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
|
|
@@ -3173,7 +3173,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
# We don't get an auth_info back
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
|
|
@@ -3205,7 +3205,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
pfc_flags=req.pfc_flags |
|
|
dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, 0)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertEqual(rep.u.flags, 0)
|
|
@@ -3256,7 +3256,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
|
|
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
|
|
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
|
|
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
self.assertEqual(rep.u.secondary_address_size, 4)
|
|
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
|
|
self.assertPadding(rep.u._pad1, 2)
|
|
@@ -3266,7 +3266,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
self.assertEqual(rep.u.ctx_list[0].reason,
|
|
dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
|
|
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
|
|
- self.assertNotEquals(len(rep.u.auth_info), 0)
|
|
+ self.assertNotEqual(len(rep.u.auth_info), 0)
|
|
a = self.parse_auth(rep.u.auth_info)
|
|
|
|
from_server = a.credentials
|
|
@@ -3295,7 +3295,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
self.assertEqual(rep.u.ctx_list[0].reason,
|
|
dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
|
|
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
|
|
- self.assertNotEquals(len(rep.u.auth_info), 0)
|
|
+ self.assertNotEqual(len(rep.u.auth_info), 0)
|
|
a = self.parse_auth(rep.u.auth_info)
|
|
|
|
from_server = a.credentials
|
|
@@ -3311,7 +3311,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
rep = self.recv_pdu()
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
|
|
@@ -3331,7 +3331,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
# We don't get an auth_info back
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
|
|
@@ -3362,7 +3362,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
pfc_flags=req.pfc_flags |
|
|
dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, 0)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertEqual(rep.u.flags, 0)
|
|
@@ -3409,7 +3409,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
|
|
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
|
|
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
|
|
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
self.assertEqual(rep.u.secondary_address_size, 4)
|
|
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
|
|
self.assertPadding(rep.u._pad1, 2)
|
|
@@ -3419,7 +3419,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
self.assertEqual(rep.u.ctx_list[0].reason,
|
|
dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
|
|
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
|
|
- self.assertNotEquals(len(rep.u.auth_info), 0)
|
|
+ self.assertNotEqual(len(rep.u.auth_info), 0)
|
|
a = self.parse_auth(rep.u.auth_info)
|
|
|
|
from_server = a.credentials
|
|
@@ -3440,7 +3440,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
pfc_flags=req.pfc_flags |
|
|
dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, 0)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertEqual(rep.u.flags, 0)
|
|
@@ -3493,7 +3493,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
|
|
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
|
|
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
|
|
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
self.assertEqual(rep.u.secondary_address_size, 4)
|
|
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
|
|
self.assertPadding(rep.u._pad1, 2)
|
|
@@ -3503,7 +3503,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
self.assertEqual(rep.u.ctx_list[0].reason,
|
|
dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
|
|
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
|
|
- self.assertNotEquals(len(rep.u.auth_info), 0)
|
|
+ self.assertNotEqual(len(rep.u.auth_info), 0)
|
|
a = self.parse_auth(rep.u.auth_info)
|
|
|
|
from_server = a.credentials
|
|
@@ -3524,7 +3524,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
pfc_flags=req.pfc_flags |
|
|
dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, 0)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertEqual(rep.u.flags, 0)
|
|
@@ -3579,7 +3579,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
|
|
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
|
|
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
|
|
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
self.assertEqual(rep.u.secondary_address_size, 4)
|
|
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
|
|
self.assertPadding(rep.u._pad1, 2)
|
|
@@ -3589,7 +3589,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
self.assertEqual(rep.u.ctx_list[0].reason,
|
|
dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
|
|
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
|
|
- self.assertNotEquals(len(rep.u.auth_info), 0)
|
|
+ self.assertNotEqual(len(rep.u.auth_info), 0)
|
|
a = self.parse_auth(rep.u.auth_info)
|
|
|
|
from_server = a.credentials
|
|
@@ -3611,7 +3611,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
pfc_flags=req.pfc_flags |
|
|
dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, 0)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertEqual(rep.u.flags, 0)
|
|
@@ -3659,7 +3659,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
|
|
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
|
|
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
|
|
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
self.assertEqual(rep.u.secondary_address_size, 4)
|
|
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
|
|
self.assertPadding(rep.u._pad1, 2)
|
|
@@ -3669,7 +3669,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
self.assertEqual(rep.u.ctx_list[0].reason,
|
|
dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
|
|
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
|
|
- self.assertNotEquals(len(rep.u.auth_info), 0)
|
|
+ self.assertNotEqual(len(rep.u.auth_info), 0)
|
|
a = self.parse_auth(rep.u.auth_info)
|
|
|
|
from_server = a.credentials
|
|
@@ -3691,7 +3691,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
pfc_flags=req.pfc_flags |
|
|
dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, 0)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertEqual(rep.u.flags, 0)
|
|
@@ -3746,7 +3746,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
|
|
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
|
|
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
|
|
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
self.assertEqual(rep.u.secondary_address_size, 4)
|
|
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
|
|
self.assertPadding(rep.u._pad1, 2)
|
|
@@ -3756,7 +3756,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
self.assertEqual(rep.u.ctx_list[0].reason,
|
|
dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
|
|
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
|
|
- self.assertNotEquals(len(rep.u.auth_info), 0)
|
|
+ self.assertNotEqual(len(rep.u.auth_info), 0)
|
|
a = self.parse_auth(rep.u.auth_info)
|
|
|
|
from_server = a.credentials
|
|
@@ -3778,7 +3778,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
pfc_flags=req.pfc_flags |
|
|
dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, 0)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertEqual(rep.u.flags, 0)
|
|
@@ -3833,7 +3833,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
|
|
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
|
|
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
|
|
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
self.assertEqual(rep.u.secondary_address_size, 4)
|
|
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
|
|
self.assertPadding(rep.u._pad1, 2)
|
|
@@ -3843,7 +3843,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
self.assertEqual(rep.u.ctx_list[0].reason,
|
|
dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
|
|
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
|
|
- self.assertNotEquals(len(rep.u.auth_info), 0)
|
|
+ self.assertNotEqual(len(rep.u.auth_info), 0)
|
|
a = self.parse_auth(rep.u.auth_info)
|
|
|
|
from_server = a.credentials
|
|
@@ -3865,7 +3865,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
pfc_flags=req.pfc_flags |
|
|
dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, 0)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertEqual(rep.u.flags, 0)
|
|
@@ -3930,7 +3930,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
|
|
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
|
|
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
|
|
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
self.assertEqual(rep.u.secondary_address_size, 4)
|
|
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
|
|
self.assertPadding(rep.u._pad1, 2)
|
|
@@ -3940,7 +3940,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
self.assertEqual(rep.u.ctx_list[0].reason,
|
|
dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
|
|
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
|
|
- self.assertNotEquals(len(rep.u.auth_info), 0)
|
|
+ self.assertNotEqual(len(rep.u.auth_info), 0)
|
|
a = self.parse_auth(rep.u.auth_info)
|
|
|
|
from_server = a.credentials
|
|
@@ -3984,7 +3984,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
self.assertEqual(rep.u.ctx_list[0].reason,
|
|
dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
|
|
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
|
|
- self.assertNotEquals(len(rep.u.auth_info), 0)
|
|
+ self.assertNotEqual(len(rep.u.auth_info), 0)
|
|
a = self.parse_auth(rep.u.auth_info)
|
|
|
|
from_server = a.credentials
|
|
@@ -4000,7 +4000,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
rep = self.recv_pdu()
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
|
|
@@ -4020,7 +4020,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
# We don't get an auth_info back
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
|
|
@@ -4144,7 +4144,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
|
|
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
|
|
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
|
|
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
self.assertEqual(rep.u.secondary_address_size, 4)
|
|
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
|
|
self.assertPadding(rep.u._pad1, 2)
|
|
@@ -4154,7 +4154,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
self.assertEqual(rep.u.ctx_list[0].reason,
|
|
dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
|
|
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
|
|
- self.assertNotEquals(len(rep.u.auth_info), 0)
|
|
+ self.assertNotEqual(len(rep.u.auth_info), 0)
|
|
a = self.parse_auth(rep.u.auth_info)
|
|
|
|
from_server = a.credentials
|
|
@@ -4191,7 +4191,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
pfc_flags=req.pfc_flags |
|
|
dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, 0)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertEqual(rep.u.flags, 0)
|
|
@@ -4256,7 +4256,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
|
|
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
|
|
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
|
|
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
self.assertEqual(rep.u.secondary_address_size, 4)
|
|
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
|
|
self.assertPadding(rep.u._pad1, 2)
|
|
@@ -4266,7 +4266,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
self.assertEqual(rep.u.ctx_list[0].reason,
|
|
dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
|
|
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
|
|
- self.assertNotEquals(len(rep.u.auth_info), 0)
|
|
+ self.assertNotEqual(len(rep.u.auth_info), 0)
|
|
a = self.parse_auth(rep.u.auth_info)
|
|
|
|
from_server = a.credentials
|
|
@@ -4295,7 +4295,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
rep = self.recv_pdu()
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
|
|
@@ -4315,7 +4315,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
# We don't get an auth_info back
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
|
|
@@ -4375,7 +4375,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
|
|
self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
|
|
self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
|
|
- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
|
|
self.assertEqual(rep.u.secondary_address_size, 4)
|
|
self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
|
|
self.assertPadding(rep.u._pad1, 2)
|
|
@@ -4385,7 +4385,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
self.assertEqual(rep.u.ctx_list[0].reason,
|
|
dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
|
|
self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
|
|
- self.assertNotEquals(len(rep.u.auth_info), 0)
|
|
+ self.assertNotEqual(len(rep.u.auth_info), 0)
|
|
a = self.parse_auth(rep.u.auth_info)
|
|
|
|
from_server = a.credentials
|
|
@@ -4406,7 +4406,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
pfc_flags=req.pfc_flags |
|
|
dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, 0)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertEqual(rep.u.flags, 0)
|
|
@@ -4521,7 +4521,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
|
|
pfc_flags=req.pfc_flags | response_fault_flags,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, ctx1.context_id)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertEqual(rep.u.flags, 0)
|
|
@@ -4688,7 +4688,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
(rep, rep_blob) = self.recv_pdu_raw()
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
|
|
auth_length=sig_size)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id & 0xff)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
|
|
@@ -4756,7 +4756,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
pfc_flags=req.pfc_flags |
|
|
dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, ctx1.context_id)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertEqual(rep.u.flags, 0)
|
|
@@ -4805,7 +4805,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
(rep, rep_blob) = self.recv_pdu_raw()
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
|
|
auth_length=sig_size)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id & 0xff)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
|
|
@@ -4870,7 +4870,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
(rep, rep_blob) = self.recv_pdu_raw()
|
|
self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
|
|
auth_length=sig_size)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id & 0xff)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
|
|
diff --git a/python/samba/tests/dcerpc/raw_testcase.py b/python/samba/tests/dcerpc/raw_testcase.py
|
|
index f1c097ebe6d..ed77d329cd5 100644
|
|
--- a/python/samba/tests/dcerpc/raw_testcase.py
|
|
+++ b/python/samba/tests/dcerpc/raw_testcase.py
|
|
@@ -321,7 +321,7 @@ class RawDCERPCTest(TestCase):
|
|
pfc_flags=req.pfc_flags |
|
|
samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, 0)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertEqual(rep.u.flags, 0)
|
|
@@ -361,7 +361,7 @@ class RawDCERPCTest(TestCase):
|
|
if assoc_group_id != 0:
|
|
self.assertEqual(rep.u.assoc_group_id, assoc_group_id)
|
|
else:
|
|
- self.assertNotEquals(rep.u.assoc_group_id, 0)
|
|
+ self.assertNotEqual(rep.u.assoc_group_id, 0)
|
|
assoc_group_id = rep.u.assoc_group_id
|
|
sda_str = self.secondary_address
|
|
sda_len = len(sda_str) + 1
|
|
@@ -385,7 +385,7 @@ class RawDCERPCTest(TestCase):
|
|
self.assertEqual(rep.auth_length, 0)
|
|
self.assertEqual(len(rep.u.auth_info), 0)
|
|
return ack
|
|
- self.assertNotEquals(rep.auth_length, 0)
|
|
+ self.assertNotEqual(rep.auth_length, 0)
|
|
self.assertGreater(len(rep.u.auth_info), samba.dcerpc.dcerpc.DCERPC_AUTH_TRAILER_LENGTH)
|
|
self.assertEqual(rep.auth_length, len(rep.u.auth_info) - samba.dcerpc.dcerpc.DCERPC_AUTH_TRAILER_LENGTH)
|
|
|
|
@@ -426,7 +426,7 @@ class RawDCERPCTest(TestCase):
|
|
pfc_flags=req.pfc_flags |
|
|
samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
|
|
auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, 0)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertEqual(rep.u.flags, 0)
|
|
@@ -451,7 +451,7 @@ class RawDCERPCTest(TestCase):
|
|
if finished:
|
|
self.assertEqual(rep.auth_length, 0)
|
|
else:
|
|
- self.assertNotEquals(rep.auth_length, 0)
|
|
+ self.assertNotEqual(rep.auth_length, 0)
|
|
self.assertGreaterEqual(len(rep.u.auth_info), samba.dcerpc.dcerpc.DCERPC_AUTH_TRAILER_LENGTH)
|
|
self.assertEqual(rep.auth_length, len(rep.u.auth_info) - samba.dcerpc.dcerpc.DCERPC_AUTH_TRAILER_LENGTH)
|
|
|
|
@@ -547,7 +547,7 @@ class RawDCERPCTest(TestCase):
|
|
if fault_status:
|
|
self.verify_pdu(rep, samba.dcerpc.dcerpc.DCERPC_PKT_FAULT, req.call_id,
|
|
pfc_flags=fault_pfc_flags, auth_length=0)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, fault_context_id)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertEqual(rep.u.flags, 0)
|
|
@@ -563,7 +563,7 @@ class RawDCERPCTest(TestCase):
|
|
|
|
self.verify_pdu(rep, samba.dcerpc.dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
|
|
auth_length=expected_auth_length)
|
|
- self.assertNotEquals(rep.u.alloc_hint, 0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, req.u.context_id & 0xff)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
|
|
--
|
|
2.25.1
|
|
|
|
|
|
From 4ec27da793964c3c49995ada3da047bae0174d26 Mon Sep 17 00:00:00 2001
|
|
From: Stefan Metzmacher <metze@samba.org>
|
|
Date: Tue, 17 Nov 2020 09:50:58 +0100
|
|
Subject: [PATCH 6/9] CVE-2021-23192: python/tests/dcerpc: let
|
|
generate_request_auth() use g_auth_level in all places
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875
|
|
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
|
|
---
|
|
python/samba/tests/dcerpc/raw_testcase.py | 6 +++---
|
|
1 file changed, 3 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/python/samba/tests/dcerpc/raw_testcase.py b/python/samba/tests/dcerpc/raw_testcase.py
|
|
index ed77d329cd5..53f7fa0a2a8 100644
|
|
--- a/python/samba/tests/dcerpc/raw_testcase.py
|
|
+++ b/python/samba/tests/dcerpc/raw_testcase.py
|
|
@@ -922,12 +922,12 @@ class RawDCERPCTest(TestCase):
|
|
req_data = req_blob[ofs_stub:ofs_trailer]
|
|
req_whole = req_blob[0:ofs_sig]
|
|
|
|
- if auth_context["auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_PRIVACY:
|
|
+ if auth_context["g_auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_PRIVACY:
|
|
# TODO: not yet supported here
|
|
self.assertTrue(False)
|
|
- elif auth_context["auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_PACKET:
|
|
+ elif auth_context["g_auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_PACKET:
|
|
req_sig = auth_context["gensec"].sign_packet(req_data, req_whole)
|
|
- elif auth_context["auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_CONNECT:
|
|
+ elif auth_context["g_auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_CONNECT:
|
|
self.assertEqual(auth_context["auth_type"],
|
|
dcerpc.DCERPC_AUTH_TYPE_NTLMSSP)
|
|
req_sig = b"\x01" +b"\x00" *15
|
|
--
|
|
2.25.1
|
|
|
|
|
|
From 188f01b8ac8b84e9e41a769731cb4426658920cb Mon Sep 17 00:00:00 2001
|
|
From: Stefan Metzmacher <metze@samba.org>
|
|
Date: Tue, 17 Nov 2020 17:43:06 +0100
|
|
Subject: [PATCH 7/9] CVE-2021-23192: python/tests/dcerpc: fix
|
|
do_single_request(send_req=False)
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875
|
|
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
|
|
---
|
|
python/samba/tests/dcerpc/raw_testcase.py | 37 ++++++++++++-----------
|
|
1 file changed, 20 insertions(+), 17 deletions(-)
|
|
|
|
diff --git a/python/samba/tests/dcerpc/raw_testcase.py b/python/samba/tests/dcerpc/raw_testcase.py
|
|
index 53f7fa0a2a8..22b56704fa3 100644
|
|
--- a/python/samba/tests/dcerpc/raw_testcase.py
|
|
+++ b/python/samba/tests/dcerpc/raw_testcase.py
|
|
@@ -526,26 +526,25 @@ class RawDCERPCTest(TestCase):
|
|
if hexdump:
|
|
sys.stderr.write("stub_in: %d\n%s" % (len(stub_in), self.hexdump(stub_in)))
|
|
|
|
- pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST
|
|
- pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST
|
|
- if object is not None:
|
|
- pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_OBJECT_UUID
|
|
-
|
|
- req = self.generate_request_auth(call_id=call_id,
|
|
- context_id=ctx.context_id,
|
|
- pfc_flags=pfc_flags,
|
|
- object=object,
|
|
- opnum=io.opnum(),
|
|
- stub=stub_in,
|
|
- auth_context=auth_context)
|
|
- if send_req:
|
|
+ pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST
|
|
+ pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST
|
|
+ if object is not None:
|
|
+ pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_OBJECT_UUID
|
|
+
|
|
+ req = self.generate_request_auth(call_id=call_id,
|
|
+ context_id=ctx.context_id,
|
|
+ pfc_flags=pfc_flags,
|
|
+ object=object,
|
|
+ opnum=io.opnum(),
|
|
+ stub=stub_in,
|
|
+ auth_context=auth_context)
|
|
self.send_pdu(req, ndr_print=ndr_print, hexdump=hexdump)
|
|
if recv_rep:
|
|
(rep, rep_blob) = self.recv_pdu_raw(timeout=timeout,
|
|
ndr_print=ndr_print,
|
|
hexdump=hexdump)
|
|
if fault_status:
|
|
- self.verify_pdu(rep, samba.dcerpc.dcerpc.DCERPC_PKT_FAULT, req.call_id,
|
|
+ self.verify_pdu(rep, samba.dcerpc.dcerpc.DCERPC_PKT_FAULT, call_id,
|
|
pfc_flags=fault_pfc_flags, auth_length=0)
|
|
self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
self.assertEqual(rep.u.context_id, fault_context_id)
|
|
@@ -559,12 +558,16 @@ class RawDCERPCTest(TestCase):
|
|
expected_auth_length = 0
|
|
if auth_context is not None and \
|
|
auth_context["auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_PACKET:
|
|
- expected_auth_length = req.auth_length
|
|
+ if send_req:
|
|
+ expected_auth_length = req.auth_length
|
|
+ else:
|
|
+ expected_auth_length = rep.auth_length
|
|
+
|
|
|
|
- self.verify_pdu(rep, samba.dcerpc.dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
|
|
+ self.verify_pdu(rep, samba.dcerpc.dcerpc.DCERPC_PKT_RESPONSE, call_id,
|
|
auth_length=expected_auth_length)
|
|
self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
- self.assertEqual(rep.u.context_id, req.u.context_id & 0xff)
|
|
+ self.assertEqual(rep.u.context_id, ctx.context_id & 0xff)
|
|
self.assertEqual(rep.u.cancel_count, 0)
|
|
self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
|
|
stub_out = self.check_response_auth(rep, rep_blob, auth_context)
|
|
--
|
|
2.25.1
|
|
|
|
|
|
From 7cf3a4a33282ed5b135fcdc47a5cc7cdca370ee7 Mon Sep 17 00:00:00 2001
|
|
From: Stefan Metzmacher <metze@samba.org>
|
|
Date: Tue, 17 Nov 2020 18:14:46 +0100
|
|
Subject: [PATCH 8/9] CVE-2021-23192: python/tests/dcerpc: add tests to check
|
|
how security contexts relate to fragmented requests
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875
|
|
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
|
|
---
|
|
python/samba/tests/dcerpc/raw_protocol.py | 1273 +++++++++++++++++++++
|
|
selftest/knownfail.d/dcerpc-auth-fraq | 20 +
|
|
2 files changed, 1293 insertions(+)
|
|
create mode 100644 selftest/knownfail.d/dcerpc-auth-fraq
|
|
|
|
diff --git a/python/samba/tests/dcerpc/raw_protocol.py b/python/samba/tests/dcerpc/raw_protocol.py
|
|
index cbd398d5290..3c9d0b136a5 100755
|
|
--- a/python/samba/tests/dcerpc/raw_protocol.py
|
|
+++ b/python/samba/tests/dcerpc/raw_protocol.py
|
|
@@ -1683,6 +1683,1279 @@ class TestDCERPC_BIND(RawDCERPCTest):
|
|
def test_auth_none_packet_request(self):
|
|
return self._test_auth_none_level_request(dcerpc.DCERPC_AUTH_LEVEL_PACKET)
|
|
|
|
+ def test_ntlmssp_multi_auth_first1_lastSame2(self):
|
|
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
|
|
+ expected_fault = dcerpc.DCERPC_FAULT_SEC_PKG_ERROR
|
|
+ auth_context_2nd = 2
|
|
+ expected_call_id = None
|
|
+ expected_context_id = None
|
|
+ not_executed = False
|
|
+ conc_mpx = False
|
|
+ forced_call_id = None
|
|
+ forced_context_id = None
|
|
+ forced_opnum = None
|
|
+ forced_auth_context_id = None
|
|
+ forced_auth_type = None
|
|
+ forced_auth_level = None
|
|
+ return self._test_generic_auth_first_last(auth_type,
|
|
+ expected_fault,
|
|
+ auth_context_2nd=auth_context_2nd,
|
|
+ expected_call_id=expected_call_id,
|
|
+ expected_context_id=expected_context_id,
|
|
+ not_executed=not_executed,
|
|
+ conc_mpx=conc_mpx,
|
|
+ forced_call_id=forced_call_id,
|
|
+ forced_context_id=forced_context_id,
|
|
+ forced_opnum=forced_opnum,
|
|
+ forced_auth_context_id=forced_auth_context_id,
|
|
+ forced_auth_type=forced_auth_type,
|
|
+ forced_auth_level=forced_auth_level)
|
|
+
|
|
+ def test_ntlmssp_multi_auth_first1_lastNext2(self):
|
|
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
|
|
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
|
|
+ auth_context_2nd = 2
|
|
+ expected_call_id = None
|
|
+ expected_context_id = None
|
|
+ not_executed = False
|
|
+ conc_mpx = False
|
|
+ forced_call_id = 4
|
|
+ forced_context_id = None
|
|
+ forced_opnum = None
|
|
+ forced_auth_context_id = None
|
|
+ forced_auth_type = None
|
|
+ forced_auth_level = None
|
|
+ return self._test_generic_auth_first_last(auth_type,
|
|
+ expected_fault,
|
|
+ auth_context_2nd=auth_context_2nd,
|
|
+ expected_call_id=expected_call_id,
|
|
+ expected_context_id=expected_context_id,
|
|
+ not_executed=not_executed,
|
|
+ conc_mpx=conc_mpx,
|
|
+ forced_call_id=forced_call_id,
|
|
+ forced_context_id=forced_context_id,
|
|
+ forced_opnum=forced_opnum,
|
|
+ forced_auth_context_id=forced_auth_context_id,
|
|
+ forced_auth_type=forced_auth_type,
|
|
+ forced_auth_level=forced_auth_level)
|
|
+
|
|
+ def test_ntlmssp_multi_auth_first1_lastSame111(self):
|
|
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
|
|
+ expected_fault = None
|
|
+ auth_context_2nd = 1
|
|
+ expected_call_id = None
|
|
+ expected_context_id = None
|
|
+ not_executed = False
|
|
+ conc_mpx = False
|
|
+ forced_call_id = None
|
|
+ forced_context_id = 111
|
|
+ forced_opnum = 111
|
|
+ forced_auth_context_id = 111
|
|
+ forced_auth_type = 111
|
|
+ forced_auth_level = 111
|
|
+ return self._test_generic_auth_first_last(auth_type,
|
|
+ expected_fault,
|
|
+ auth_context_2nd=auth_context_2nd,
|
|
+ expected_call_id=expected_call_id,
|
|
+ expected_context_id=expected_context_id,
|
|
+ not_executed=not_executed,
|
|
+ conc_mpx=conc_mpx,
|
|
+ forced_call_id=forced_call_id,
|
|
+ forced_context_id=forced_context_id,
|
|
+ forced_opnum=forced_opnum,
|
|
+ forced_auth_context_id=forced_auth_context_id,
|
|
+ forced_auth_type=forced_auth_type,
|
|
+ forced_auth_level=forced_auth_level)
|
|
+
|
|
+ def test_ntlmssp_multi_auth_first1_lastNext111(self):
|
|
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
|
|
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
|
|
+ auth_context_2nd = 1
|
|
+ expected_call_id = None
|
|
+ expected_context_id = None
|
|
+ not_executed = False
|
|
+ conc_mpx = False
|
|
+ forced_call_id = 4
|
|
+ forced_context_id = 111
|
|
+ forced_opnum = 111
|
|
+ forced_auth_context_id = 111
|
|
+ forced_auth_type = 111
|
|
+ forced_auth_level = 111
|
|
+ return self._test_generic_auth_first_last(auth_type,
|
|
+ expected_fault,
|
|
+ auth_context_2nd=auth_context_2nd,
|
|
+ expected_call_id=expected_call_id,
|
|
+ expected_context_id=expected_context_id,
|
|
+ not_executed=not_executed,
|
|
+ conc_mpx=conc_mpx,
|
|
+ forced_call_id=forced_call_id,
|
|
+ forced_context_id=forced_context_id,
|
|
+ forced_opnum=forced_opnum,
|
|
+ forced_auth_context_id=forced_auth_context_id,
|
|
+ forced_auth_type=forced_auth_type,
|
|
+ forced_auth_level=forced_auth_level)
|
|
+
|
|
+ def test_ntlmssp_multi_auth_MPX_first1_lastNext111(self):
|
|
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
|
|
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
|
|
+ auth_context_2nd = 1
|
|
+ expected_call_id = 4
|
|
+ expected_context_id = 0
|
|
+ not_executed = False
|
|
+ conc_mpx = True
|
|
+ forced_call_id = 4
|
|
+ forced_context_id = 111
|
|
+ forced_opnum = 111
|
|
+ forced_auth_context_id = 111
|
|
+ forced_auth_type = 111
|
|
+ forced_auth_level = 111
|
|
+ return self._test_generic_auth_first_last(auth_type,
|
|
+ expected_fault,
|
|
+ auth_context_2nd=auth_context_2nd,
|
|
+ expected_call_id=expected_call_id,
|
|
+ expected_context_id=expected_context_id,
|
|
+ not_executed=not_executed,
|
|
+ conc_mpx=conc_mpx,
|
|
+ forced_call_id=forced_call_id,
|
|
+ forced_context_id=forced_context_id,
|
|
+ forced_opnum=forced_opnum,
|
|
+ forced_auth_context_id=forced_auth_context_id,
|
|
+ forced_auth_type=forced_auth_type,
|
|
+ forced_auth_level=forced_auth_level)
|
|
+
|
|
+ def test_ntlmssp_multi_auth_first1_lastSameNone(self):
|
|
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
|
|
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
|
|
+ auth_context_2nd = None
|
|
+ expected_call_id = None
|
|
+ expected_context_id = None
|
|
+ not_executed = False
|
|
+ conc_mpx = False
|
|
+ forced_call_id = None
|
|
+ forced_context_id = None
|
|
+ forced_opnum = None
|
|
+ forced_auth_context_id = None
|
|
+ forced_auth_type = None
|
|
+ forced_auth_level = None
|
|
+ return self._test_generic_auth_first_last(auth_type,
|
|
+ expected_fault,
|
|
+ auth_context_2nd=auth_context_2nd,
|
|
+ expected_call_id=expected_call_id,
|
|
+ expected_context_id=expected_context_id,
|
|
+ not_executed=not_executed,
|
|
+ conc_mpx=conc_mpx,
|
|
+ forced_call_id=forced_call_id,
|
|
+ forced_context_id=forced_context_id,
|
|
+ forced_opnum=forced_opnum,
|
|
+ forced_auth_context_id=forced_auth_context_id,
|
|
+ forced_auth_type=forced_auth_type,
|
|
+ forced_auth_level=forced_auth_level)
|
|
+
|
|
+ def test_ntlmssp_multi_auth_MPX_first1_lastSameNone(self):
|
|
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
|
|
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
|
|
+ auth_context_2nd = None
|
|
+ expected_call_id = None
|
|
+ expected_context_id = None
|
|
+ not_executed = False
|
|
+ conc_mpx = True
|
|
+ forced_call_id = None
|
|
+ forced_context_id = None
|
|
+ forced_opnum = None
|
|
+ forced_auth_context_id = None
|
|
+ forced_auth_type = None
|
|
+ forced_auth_level = None
|
|
+ return self._test_generic_auth_first_last(auth_type,
|
|
+ expected_fault,
|
|
+ auth_context_2nd=auth_context_2nd,
|
|
+ expected_call_id=expected_call_id,
|
|
+ expected_context_id=expected_context_id,
|
|
+ not_executed=not_executed,
|
|
+ conc_mpx=conc_mpx,
|
|
+ forced_call_id=forced_call_id,
|
|
+ forced_context_id=forced_context_id,
|
|
+ forced_opnum=forced_opnum,
|
|
+ forced_auth_context_id=forced_auth_context_id,
|
|
+ forced_auth_type=forced_auth_type,
|
|
+ forced_auth_level=forced_auth_level)
|
|
+
|
|
+ def test_ntlmssp_multi_auth_first1_lastNextNone(self):
|
|
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
|
|
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
|
|
+ auth_context_2nd = None
|
|
+ expected_call_id = None
|
|
+ expected_context_id = None
|
|
+ not_executed = False
|
|
+ conc_mpx = False
|
|
+ forced_call_id = 4
|
|
+ forced_context_id = None
|
|
+ forced_opnum = None
|
|
+ forced_auth_context_id = None
|
|
+ forced_auth_type = None
|
|
+ forced_auth_level = None
|
|
+ return self._test_generic_auth_first_last(auth_type,
|
|
+ expected_fault,
|
|
+ auth_context_2nd=auth_context_2nd,
|
|
+ expected_call_id=expected_call_id,
|
|
+ expected_context_id=expected_context_id,
|
|
+ not_executed=not_executed,
|
|
+ conc_mpx=conc_mpx,
|
|
+ forced_call_id=forced_call_id,
|
|
+ forced_context_id=forced_context_id,
|
|
+ forced_opnum=forced_opnum,
|
|
+ forced_auth_context_id=forced_auth_context_id,
|
|
+ forced_auth_type=forced_auth_type,
|
|
+ forced_auth_level=forced_auth_level)
|
|
+
|
|
+ def test_ntlmssp_multi_auth_MPX_first1_lastNextNone(self):
|
|
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
|
|
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
|
|
+ auth_context_2nd = None
|
|
+ expected_call_id = 4
|
|
+ expected_context_id = 0
|
|
+ not_executed = False
|
|
+ conc_mpx = True
|
|
+ forced_call_id = 4
|
|
+ forced_context_id = None
|
|
+ forced_opnum = None
|
|
+ forced_auth_context_id = None
|
|
+ forced_auth_type = None
|
|
+ forced_auth_level = None
|
|
+ return self._test_generic_auth_first_last(auth_type,
|
|
+ expected_fault,
|
|
+ auth_context_2nd=auth_context_2nd,
|
|
+ expected_call_id=expected_call_id,
|
|
+ expected_context_id=expected_context_id,
|
|
+ not_executed=not_executed,
|
|
+ conc_mpx=conc_mpx,
|
|
+ forced_call_id=forced_call_id,
|
|
+ forced_context_id=forced_context_id,
|
|
+ forced_opnum=forced_opnum,
|
|
+ forced_auth_context_id=forced_auth_context_id,
|
|
+ forced_auth_type=forced_auth_type,
|
|
+ forced_auth_level=forced_auth_level)
|
|
+
|
|
+ def test_ntlmssp_multi_auth_first1_lastSameNone111(self):
|
|
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
|
|
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
|
|
+ auth_context_2nd = None
|
|
+ expected_call_id = None
|
|
+ expected_context_id = None
|
|
+ not_executed = False
|
|
+ conc_mpx = False
|
|
+ forced_call_id = None
|
|
+ forced_context_id = 111
|
|
+ forced_opnum = 111
|
|
+ forced_auth_context_id = None
|
|
+ forced_auth_type = None
|
|
+ forced_auth_level = None
|
|
+ return self._test_generic_auth_first_last(auth_type,
|
|
+ expected_fault,
|
|
+ auth_context_2nd=auth_context_2nd,
|
|
+ expected_call_id=expected_call_id,
|
|
+ expected_context_id=expected_context_id,
|
|
+ not_executed=not_executed,
|
|
+ conc_mpx=conc_mpx,
|
|
+ forced_call_id=forced_call_id,
|
|
+ forced_context_id=forced_context_id,
|
|
+ forced_opnum=forced_opnum,
|
|
+ forced_auth_context_id=forced_auth_context_id,
|
|
+ forced_auth_type=forced_auth_type,
|
|
+ forced_auth_level=forced_auth_level)
|
|
+
|
|
+ def test_ntlmssp_multi_auth_MPX_first1_lastSameNone111(self):
|
|
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
|
|
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
|
|
+ auth_context_2nd = None
|
|
+ expected_call_id = None
|
|
+ expected_context_id = None
|
|
+ not_executed = False
|
|
+ conc_mpx = True
|
|
+ forced_call_id = None
|
|
+ forced_context_id = 111
|
|
+ forced_opnum = 111
|
|
+ forced_auth_context_id = None
|
|
+ forced_auth_type = None
|
|
+ forced_auth_level = None
|
|
+ return self._test_generic_auth_first_last(auth_type,
|
|
+ expected_fault,
|
|
+ auth_context_2nd=auth_context_2nd,
|
|
+ expected_call_id=expected_call_id,
|
|
+ expected_context_id=expected_context_id,
|
|
+ not_executed=not_executed,
|
|
+ conc_mpx=conc_mpx,
|
|
+ forced_call_id=forced_call_id,
|
|
+ forced_context_id=forced_context_id,
|
|
+ forced_opnum=forced_opnum,
|
|
+ forced_auth_context_id=forced_auth_context_id,
|
|
+ forced_auth_type=forced_auth_type,
|
|
+ forced_auth_level=forced_auth_level)
|
|
+
|
|
+ def test_ntlmssp_multi_auth_first1_lastNextNone111(self):
|
|
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
|
|
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
|
|
+ auth_context_2nd = None
|
|
+ expected_call_id = None
|
|
+ expected_context_id = None
|
|
+ not_executed = False
|
|
+ conc_mpx = False
|
|
+ forced_call_id = 4
|
|
+ forced_context_id = 111
|
|
+ forced_opnum = 111
|
|
+ forced_auth_context_id = None
|
|
+ forced_auth_type = None
|
|
+ forced_auth_level = None
|
|
+ return self._test_generic_auth_first_last(auth_type,
|
|
+ expected_fault,
|
|
+ auth_context_2nd=auth_context_2nd,
|
|
+ expected_call_id=expected_call_id,
|
|
+ expected_context_id=expected_context_id,
|
|
+ not_executed=not_executed,
|
|
+ conc_mpx=conc_mpx,
|
|
+ forced_call_id=forced_call_id,
|
|
+ forced_context_id=forced_context_id,
|
|
+ forced_opnum=forced_opnum,
|
|
+ forced_auth_context_id=forced_auth_context_id,
|
|
+ forced_auth_type=forced_auth_type,
|
|
+ forced_auth_level=forced_auth_level)
|
|
+
|
|
+ def test_ntlmssp_multi_auth_MPX_first1_lastNextNone111(self):
|
|
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
|
|
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
|
|
+ auth_context_2nd = None
|
|
+ expected_call_id = 4
|
|
+ expected_context_id = 0
|
|
+ not_executed = False
|
|
+ conc_mpx = True
|
|
+ forced_call_id = 4
|
|
+ forced_context_id = 111
|
|
+ forced_opnum = 111
|
|
+ forced_auth_context_id = None
|
|
+ forced_auth_type = None
|
|
+ forced_auth_level = None
|
|
+ return self._test_generic_auth_first_last(auth_type,
|
|
+ expected_fault,
|
|
+ auth_context_2nd=auth_context_2nd,
|
|
+ expected_call_id=expected_call_id,
|
|
+ expected_context_id=expected_context_id,
|
|
+ not_executed=not_executed,
|
|
+ conc_mpx=conc_mpx,
|
|
+ forced_call_id=forced_call_id,
|
|
+ forced_context_id=forced_context_id,
|
|
+ forced_opnum=forced_opnum,
|
|
+ forced_auth_context_id=forced_auth_context_id,
|
|
+ forced_auth_type=forced_auth_type,
|
|
+ forced_auth_level=forced_auth_level)
|
|
+
|
|
+ def _test_generic_auth_first_2nd(self,
|
|
+ auth_type,
|
|
+ pfc_flags_2nd,
|
|
+ expected_fault,
|
|
+ auth_context_2nd=2,
|
|
+ skip_first=False,
|
|
+ expected_call_id=None,
|
|
+ expected_context_id=None,
|
|
+ conc_mpx=False,
|
|
+ not_executed=False,
|
|
+ forced_call_id=None,
|
|
+ forced_context_id=None,
|
|
+ forced_opnum=None,
|
|
+ forced_auth_context_id=None,
|
|
+ forced_auth_type=None,
|
|
+ forced_auth_level=None):
|
|
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
|
|
+ auth_level1 = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
|
|
+ auth_context_id1=1
|
|
+ auth_level2 = dcerpc.DCERPC_AUTH_LEVEL_PACKET
|
|
+ auth_context_id2=2
|
|
+
|
|
+ creds = self.get_user_creds()
|
|
+
|
|
+ abstract = samba.dcerpc.mgmt.abstract_syntax()
|
|
+ transfer = base.transfer_syntax_ndr()
|
|
+
|
|
+ tsf1_list = [transfer]
|
|
+ ctx = samba.dcerpc.dcerpc.ctx_list()
|
|
+ ctx.context_id = 1
|
|
+ ctx.num_transfer_syntaxes = len(tsf1_list)
|
|
+ ctx.abstract_syntax = abstract
|
|
+ ctx.transfer_syntaxes = tsf1_list
|
|
+
|
|
+ auth_context1 = self.get_auth_context_creds(creds=creds,
|
|
+ auth_type=auth_type,
|
|
+ auth_level=auth_level1,
|
|
+ auth_context_id=auth_context_id1,
|
|
+ hdr_signing=False)
|
|
+ auth_context2 = self.get_auth_context_creds(creds=creds,
|
|
+ auth_type=auth_type,
|
|
+ auth_level=auth_level2,
|
|
+ auth_context_id=auth_context_id2,
|
|
+ hdr_signing=False)
|
|
+
|
|
+ bind_pfc_flags = dcerpc.DCERPC_PFC_FLAG_FIRST | dcerpc.DCERPC_PFC_FLAG_LAST
|
|
+ if conc_mpx:
|
|
+ bind_pfc_flags |= dcerpc.DCERPC_PFC_FLAG_CONC_MPX
|
|
+
|
|
+ ack0 = self.do_generic_bind(call_id=0,
|
|
+ ctx=ctx,
|
|
+ pfc_flags=bind_pfc_flags)
|
|
+
|
|
+ ack1 = self.do_generic_bind(call_id=1,
|
|
+ ctx=ctx,
|
|
+ auth_context=auth_context1,
|
|
+ assoc_group_id = ack0.u.assoc_group_id,
|
|
+ start_with_alter=True)
|
|
+ if auth_context_2nd == 2:
|
|
+ ack2 = self.do_generic_bind(call_id=2,
|
|
+ ctx=ctx,
|
|
+ auth_context=auth_context2,
|
|
+ assoc_group_id = ack0.u.assoc_group_id,
|
|
+ start_with_alter=True)
|
|
+
|
|
+ ndr_print = self.do_ndr_print
|
|
+ hexdump = self.do_hexdump
|
|
+ inq_if_ids = samba.dcerpc.mgmt.inq_if_ids()
|
|
+ io = inq_if_ids
|
|
+ if ndr_print:
|
|
+ sys.stderr.write("in: %s" % samba.ndr.ndr_print_in(io))
|
|
+ stub_in = samba.ndr.ndr_pack_in(io)
|
|
+ stub_in += b'\xfe'*45 # add some padding in order to have some payload
|
|
+ if hexdump:
|
|
+ sys.stderr.write("stub_in: %d\n%s" % (len(stub_in), self.hexdump(stub_in)))
|
|
+
|
|
+ call_id = 3
|
|
+ context_id = ctx.context_id
|
|
+ opnum = io.opnum()
|
|
+
|
|
+ if not skip_first:
|
|
+ pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST
|
|
+ stub_in_tmp = stub_in[0:16]
|
|
+ req = self.generate_request_auth(call_id=call_id,
|
|
+ context_id=context_id,
|
|
+ pfc_flags=pfc_flags,
|
|
+ opnum=opnum,
|
|
+ alloc_hint=len(stub_in),
|
|
+ stub=stub_in_tmp,
|
|
+ auth_context=auth_context1)
|
|
+ self.send_pdu(req, ndr_print=ndr_print, hexdump=hexdump)
|
|
+ rep = self.recv_pdu(timeout=0.01)
|
|
+ self.assertIsNone(rep)
|
|
+ self.assertIsConnected()
|
|
+
|
|
+ # context_id, opnum and auth header values are completely ignored
|
|
+ if auth_context_2nd == 1:
|
|
+ auth_context_copy = auth_context1.copy()
|
|
+ elif auth_context_2nd == 2:
|
|
+ auth_context_copy = auth_context2.copy()
|
|
+ else:
|
|
+ auth_context_copy = None
|
|
+
|
|
+ expected_pfc_flags = dcerpc.DCERPC_PFC_FLAG_FIRST | dcerpc.DCERPC_PFC_FLAG_LAST
|
|
+ if expected_context_id is None:
|
|
+ expected_context_id = context_id
|
|
+ if expected_call_id is None:
|
|
+ expected_call_id = call_id
|
|
+ if not_executed:
|
|
+ expected_pfc_flags |= dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE
|
|
+
|
|
+ if forced_call_id is not None:
|
|
+ call_id = forced_call_id
|
|
+ if forced_context_id is not None:
|
|
+ context_id = forced_context_id
|
|
+ if forced_opnum is not None:
|
|
+ opnum = forced_opnum
|
|
+ if forced_auth_context_id is not None:
|
|
+ auth_context_copy["auth_context_id"] = forced_auth_context_id
|
|
+ if forced_auth_type is not None:
|
|
+ auth_context_copy["auth_type"] = forced_auth_type
|
|
+ if forced_auth_level is not None:
|
|
+ auth_context_copy["auth_level"] = forced_auth_level
|
|
+
|
|
+ pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST
|
|
+ stub_in_tmp = stub_in[16:-1]
|
|
+ req = self.generate_request_auth(call_id=call_id,
|
|
+ context_id=context_id,
|
|
+ pfc_flags=pfc_flags_2nd,
|
|
+ opnum=opnum,
|
|
+ alloc_hint=len(stub_in_tmp),
|
|
+ stub=stub_in_tmp,
|
|
+ auth_context=auth_context_copy)
|
|
+ self.send_pdu(req, ndr_print=ndr_print, hexdump=hexdump)
|
|
+ if expected_fault is None:
|
|
+ self.do_single_request(call_id=3, ctx=ctx, io=io, send_req=False, auth_context=auth_context1)
|
|
+ return
|
|
+ rep = self.recv_pdu()
|
|
+ self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, expected_call_id,
|
|
+ pfc_flags=expected_pfc_flags,
|
|
+ auth_length=0)
|
|
+ self.assertNotEqual(rep.u.alloc_hint, 0)
|
|
+ self.assertEqual(rep.u.context_id, expected_context_id)
|
|
+ self.assertEqual(rep.u.cancel_count, 0)
|
|
+ self.assertEqual(rep.u.flags, 0)
|
|
+ self.assertEqual(rep.u.status, expected_fault)
|
|
+ self.assertEqual(rep.u.reserved, 0)
|
|
+ self.assertEqual(len(rep.u.error_and_verifier), 0)
|
|
+
|
|
+ if not_executed:
|
|
+ # still alive
|
|
+ rep = self.recv_pdu(timeout=0.01)
|
|
+ self.assertIsNone(rep)
|
|
+ self.assertIsConnected()
|
|
+ return
|
|
+
|
|
+ # wait for a disconnect
|
|
+ rep = self.recv_pdu()
|
|
+ self.assertIsNone(rep)
|
|
+ self.assertNotConnected()
|
|
+
|
|
+ def _test_generic_auth_first_last(self,
|
|
+ auth_type,
|
|
+ expected_fault,
|
|
+ auth_context_2nd=2,
|
|
+ expected_call_id=None,
|
|
+ expected_context_id=None,
|
|
+ conc_mpx=False,
|
|
+ not_executed=False,
|
|
+ forced_call_id=None,
|
|
+ forced_context_id=None,
|
|
+ forced_opnum=None,
|
|
+ forced_auth_context_id=None,
|
|
+ forced_auth_type=None,
|
|
+ forced_auth_level=None):
|
|
+ pfc_flags_2nd = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST
|
|
+ return self._test_generic_auth_first_2nd(auth_type,
|
|
+ pfc_flags_2nd,
|
|
+ expected_fault,
|
|
+ auth_context_2nd=auth_context_2nd,
|
|
+ expected_call_id=expected_call_id,
|
|
+ expected_context_id=expected_context_id,
|
|
+ not_executed=not_executed,
|
|
+ conc_mpx=conc_mpx,
|
|
+ forced_call_id=forced_call_id,
|
|
+ forced_context_id=forced_context_id,
|
|
+ forced_opnum=forced_opnum,
|
|
+ forced_auth_context_id=forced_auth_context_id,
|
|
+ forced_auth_type=forced_auth_type,
|
|
+ forced_auth_level=forced_auth_level)
|
|
+
|
|
+ def _test_generic_auth_first_first(self,
|
|
+ auth_type,
|
|
+ expected_fault,
|
|
+ auth_context_2nd=2,
|
|
+ expected_call_id=None,
|
|
+ expected_context_id=None,
|
|
+ conc_mpx=False,
|
|
+ not_executed=False,
|
|
+ forced_call_id=None,
|
|
+ forced_context_id=None,
|
|
+ forced_opnum=None,
|
|
+ forced_auth_context_id=None,
|
|
+ forced_auth_type=None,
|
|
+ forced_auth_level=None):
|
|
+ pfc_flags_2nd = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST
|
|
+ return self._test_generic_auth_first_2nd(auth_type,
|
|
+ pfc_flags_2nd,
|
|
+ expected_fault,
|
|
+ auth_context_2nd=auth_context_2nd,
|
|
+ expected_call_id=expected_call_id,
|
|
+ expected_context_id=expected_context_id,
|
|
+ not_executed=not_executed,
|
|
+ conc_mpx=conc_mpx,
|
|
+ forced_call_id=forced_call_id,
|
|
+ forced_context_id=forced_context_id,
|
|
+ forced_opnum=forced_opnum,
|
|
+ forced_auth_context_id=forced_auth_context_id,
|
|
+ forced_auth_type=forced_auth_type,
|
|
+ forced_auth_level=forced_auth_level)
|
|
+
|
|
+ def test_ntlmssp_multi_auth_first1_firstSame2(self):
|
|
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
|
|
+ expected_fault = dcerpc.DCERPC_FAULT_SEC_PKG_ERROR
|
|
+ auth_context_2nd = 2
|
|
+ expected_call_id = None
|
|
+ expected_context_id = None
|
|
+ not_executed = False
|
|
+ conc_mpx = False
|
|
+ forced_call_id = None
|
|
+ forced_context_id = None
|
|
+ forced_opnum = None
|
|
+ forced_auth_context_id = None
|
|
+ forced_auth_type = None
|
|
+ forced_auth_level = None
|
|
+ return self._test_generic_auth_first_first(auth_type,
|
|
+ expected_fault,
|
|
+ auth_context_2nd=auth_context_2nd,
|
|
+ expected_call_id=expected_call_id,
|
|
+ expected_context_id=expected_context_id,
|
|
+ not_executed=not_executed,
|
|
+ conc_mpx=conc_mpx,
|
|
+ forced_call_id=forced_call_id,
|
|
+ forced_context_id=forced_context_id,
|
|
+ forced_opnum=forced_opnum,
|
|
+ forced_auth_context_id=forced_auth_context_id,
|
|
+ forced_auth_type=forced_auth_type,
|
|
+ forced_auth_level=forced_auth_level)
|
|
+
|
|
+ def test_ntlmssp_multi_auth_first1_firstNext2(self):
|
|
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
|
|
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
|
|
+ auth_context_2nd = 2
|
|
+ expected_call_id = 3
|
|
+ expected_context_id = None
|
|
+ not_executed = False
|
|
+ conc_mpx = False
|
|
+ forced_call_id = 4
|
|
+ forced_context_id = None
|
|
+ forced_opnum = None
|
|
+ forced_auth_context_id = None
|
|
+ forced_auth_type = None
|
|
+ forced_auth_level = None
|
|
+ return self._test_generic_auth_first_first(auth_type,
|
|
+ expected_fault,
|
|
+ auth_context_2nd=auth_context_2nd,
|
|
+ expected_call_id=expected_call_id,
|
|
+ expected_context_id=expected_context_id,
|
|
+ not_executed=not_executed,
|
|
+ conc_mpx=conc_mpx,
|
|
+ forced_call_id=forced_call_id,
|
|
+ forced_context_id=forced_context_id,
|
|
+ forced_opnum=forced_opnum,
|
|
+ forced_auth_context_id=forced_auth_context_id,
|
|
+ forced_auth_type=forced_auth_type,
|
|
+ forced_auth_level=forced_auth_level)
|
|
+
|
|
+ def test_ntlmssp_multi_auth_first1_firstSame111(self):
|
|
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
|
|
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
|
|
+ auth_context_2nd = 1
|
|
+ expected_call_id = None
|
|
+ expected_context_id = None
|
|
+ not_executed = False
|
|
+ conc_mpx = False
|
|
+ forced_call_id = None
|
|
+ forced_context_id = 111
|
|
+ forced_opnum = 111
|
|
+ forced_auth_context_id = 111
|
|
+ forced_auth_type = 111
|
|
+ forced_auth_level = 111
|
|
+ return self._test_generic_auth_first_first(auth_type,
|
|
+ expected_fault,
|
|
+ auth_context_2nd=auth_context_2nd,
|
|
+ expected_call_id=expected_call_id,
|
|
+ expected_context_id=expected_context_id,
|
|
+ not_executed=not_executed,
|
|
+ conc_mpx=conc_mpx,
|
|
+ forced_call_id=forced_call_id,
|
|
+ forced_context_id=forced_context_id,
|
|
+ forced_opnum=forced_opnum,
|
|
+ forced_auth_context_id=forced_auth_context_id,
|
|
+ forced_auth_type=forced_auth_type,
|
|
+ forced_auth_level=forced_auth_level)
|
|
+
|
|
+ def test_ntlmssp_multi_auth_MPX_first1_firstSame111(self):
|
|
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
|
|
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
|
|
+ auth_context_2nd = 1
|
|
+ expected_call_id = None
|
|
+ expected_context_id = None
|
|
+ not_executed = False
|
|
+ conc_mpx = True
|
|
+ forced_call_id = None
|
|
+ forced_context_id = 111
|
|
+ forced_opnum = 111
|
|
+ forced_auth_context_id = 111
|
|
+ forced_auth_type = 111
|
|
+ forced_auth_level = 111
|
|
+ return self._test_generic_auth_first_first(auth_type,
|
|
+ expected_fault,
|
|
+ auth_context_2nd=auth_context_2nd,
|
|
+ expected_call_id=expected_call_id,
|
|
+ expected_context_id=expected_context_id,
|
|
+ not_executed=not_executed,
|
|
+ conc_mpx=conc_mpx,
|
|
+ forced_call_id=forced_call_id,
|
|
+ forced_context_id=forced_context_id,
|
|
+ forced_opnum=forced_opnum,
|
|
+ forced_auth_context_id=forced_auth_context_id,
|
|
+ forced_auth_type=forced_auth_type,
|
|
+ forced_auth_level=forced_auth_level)
|
|
+
|
|
+ def test_ntlmssp_multi_auth_first1_firstNext111(self):
|
|
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
|
|
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
|
|
+ auth_context_2nd = 1
|
|
+ expected_call_id = 3
|
|
+ expected_context_id = None
|
|
+ not_executed = False
|
|
+ conc_mpx = False
|
|
+ forced_call_id = 4
|
|
+ forced_context_id = 111
|
|
+ forced_opnum = 111
|
|
+ forced_auth_context_id = 111
|
|
+ forced_auth_type = 111
|
|
+ forced_auth_level = 111
|
|
+ return self._test_generic_auth_first_first(auth_type,
|
|
+ expected_fault,
|
|
+ auth_context_2nd=auth_context_2nd,
|
|
+ expected_call_id=expected_call_id,
|
|
+ expected_context_id=expected_context_id,
|
|
+ not_executed=not_executed,
|
|
+ conc_mpx=conc_mpx,
|
|
+ forced_call_id=forced_call_id,
|
|
+ forced_context_id=forced_context_id,
|
|
+ forced_opnum=forced_opnum,
|
|
+ forced_auth_context_id=forced_auth_context_id,
|
|
+ forced_auth_type=forced_auth_type,
|
|
+ forced_auth_level=forced_auth_level)
|
|
+
|
|
+ def test_ntlmssp_multi_auth_MPX_first1_firstNext111(self):
|
|
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
|
|
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
|
|
+ auth_context_2nd = 1
|
|
+ expected_call_id = 4
|
|
+ expected_context_id = 0
|
|
+ not_executed = False
|
|
+ conc_mpx = True
|
|
+ forced_call_id = 4
|
|
+ forced_context_id = 111
|
|
+ forced_opnum = 111
|
|
+ forced_auth_context_id = 111
|
|
+ forced_auth_type = 111
|
|
+ forced_auth_level = 111
|
|
+ return self._test_generic_auth_first_first(auth_type,
|
|
+ expected_fault,
|
|
+ auth_context_2nd=auth_context_2nd,
|
|
+ expected_call_id=expected_call_id,
|
|
+ expected_context_id=expected_context_id,
|
|
+ not_executed=not_executed,
|
|
+ conc_mpx=conc_mpx,
|
|
+ forced_call_id=forced_call_id,
|
|
+ forced_context_id=forced_context_id,
|
|
+ forced_opnum=forced_opnum,
|
|
+ forced_auth_context_id=forced_auth_context_id,
|
|
+ forced_auth_type=forced_auth_type,
|
|
+ forced_auth_level=forced_auth_level)
|
|
+
|
|
+ def test_ntlmssp_multi_auth_first1_firstSameNone(self):
|
|
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
|
|
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
|
|
+ auth_context_2nd = None
|
|
+ expected_call_id = None
|
|
+ expected_context_id = None
|
|
+ not_executed = False
|
|
+ conc_mpx = False
|
|
+ forced_call_id = None
|
|
+ forced_context_id = None
|
|
+ forced_opnum = None
|
|
+ forced_auth_context_id = None
|
|
+ forced_auth_type = None
|
|
+ forced_auth_level = None
|
|
+ return self._test_generic_auth_first_first(auth_type,
|
|
+ expected_fault,
|
|
+ auth_context_2nd=auth_context_2nd,
|
|
+ expected_call_id=expected_call_id,
|
|
+ expected_context_id=expected_context_id,
|
|
+ not_executed=not_executed,
|
|
+ conc_mpx=conc_mpx,
|
|
+ forced_call_id=forced_call_id,
|
|
+ forced_context_id=forced_context_id,
|
|
+ forced_opnum=forced_opnum,
|
|
+ forced_auth_context_id=forced_auth_context_id,
|
|
+ forced_auth_type=forced_auth_type,
|
|
+ forced_auth_level=forced_auth_level)
|
|
+
|
|
+ def test_ntlmssp_multi_auth_MPX_first1_firstSameNone(self):
|
|
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
|
|
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
|
|
+ auth_context_2nd = None
|
|
+ expected_call_id = None
|
|
+ expected_context_id = None
|
|
+ not_executed = False
|
|
+ conc_mpx = True
|
|
+ forced_call_id = None
|
|
+ forced_context_id = None
|
|
+ forced_opnum = None
|
|
+ forced_auth_context_id = None
|
|
+ forced_auth_type = None
|
|
+ forced_auth_level = None
|
|
+ return self._test_generic_auth_first_first(auth_type,
|
|
+ expected_fault,
|
|
+ auth_context_2nd=auth_context_2nd,
|
|
+ expected_call_id=expected_call_id,
|
|
+ expected_context_id=expected_context_id,
|
|
+ not_executed=not_executed,
|
|
+ conc_mpx=conc_mpx,
|
|
+ forced_call_id=forced_call_id,
|
|
+ forced_context_id=forced_context_id,
|
|
+ forced_opnum=forced_opnum,
|
|
+ forced_auth_context_id=forced_auth_context_id,
|
|
+ forced_auth_type=forced_auth_type,
|
|
+ forced_auth_level=forced_auth_level)
|
|
+
|
|
+ def test_ntlmssp_multi_auth_first1_firstNextNone(self):
|
|
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
|
|
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
|
|
+ auth_context_2nd = None
|
|
+ expected_call_id = None
|
|
+ expected_context_id = None
|
|
+ not_executed = False
|
|
+ conc_mpx = False
|
|
+ forced_call_id = 4
|
|
+ forced_context_id = None
|
|
+ forced_opnum = None
|
|
+ forced_auth_context_id = None
|
|
+ forced_auth_type = None
|
|
+ forced_auth_level = None
|
|
+ return self._test_generic_auth_first_first(auth_type,
|
|
+ expected_fault,
|
|
+ auth_context_2nd=auth_context_2nd,
|
|
+ expected_call_id=expected_call_id,
|
|
+ expected_context_id=expected_context_id,
|
|
+ not_executed=not_executed,
|
|
+ conc_mpx=conc_mpx,
|
|
+ forced_call_id=forced_call_id,
|
|
+ forced_context_id=forced_context_id,
|
|
+ forced_opnum=forced_opnum,
|
|
+ forced_auth_context_id=forced_auth_context_id,
|
|
+ forced_auth_type=forced_auth_type,
|
|
+ forced_auth_level=forced_auth_level)
|
|
+
|
|
+ def test_ntlmssp_multi_auth_MPX_first1_firstNextNone(self):
|
|
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
|
|
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
|
|
+ auth_context_2nd = None
|
|
+ expected_call_id = 4
|
|
+ expected_context_id = 0
|
|
+ not_executed = False
|
|
+ conc_mpx = True
|
|
+ forced_call_id = 4
|
|
+ forced_context_id = None
|
|
+ forced_opnum = None
|
|
+ forced_auth_context_id = None
|
|
+ forced_auth_type = None
|
|
+ forced_auth_level = None
|
|
+ return self._test_generic_auth_first_first(auth_type,
|
|
+ expected_fault,
|
|
+ auth_context_2nd=auth_context_2nd,
|
|
+ expected_call_id=expected_call_id,
|
|
+ expected_context_id=expected_context_id,
|
|
+ not_executed=not_executed,
|
|
+ conc_mpx=conc_mpx,
|
|
+ forced_call_id=forced_call_id,
|
|
+ forced_context_id=forced_context_id,
|
|
+ forced_opnum=forced_opnum,
|
|
+ forced_auth_context_id=forced_auth_context_id,
|
|
+ forced_auth_type=forced_auth_type,
|
|
+ forced_auth_level=forced_auth_level)
|
|
+
|
|
+ def test_ntlmssp_multi_auth_first1_firstSameNone111(self):
|
|
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
|
|
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
|
|
+ auth_context_2nd = None
|
|
+ expected_call_id = None
|
|
+ expected_context_id = None
|
|
+ not_executed = False
|
|
+ conc_mpx = False
|
|
+ forced_call_id = None
|
|
+ forced_context_id = 111
|
|
+ forced_opnum = 111
|
|
+ forced_auth_context_id = None
|
|
+ forced_auth_type = None
|
|
+ forced_auth_level = None
|
|
+ return self._test_generic_auth_first_first(auth_type,
|
|
+ expected_fault,
|
|
+ auth_context_2nd=auth_context_2nd,
|
|
+ expected_call_id=expected_call_id,
|
|
+ expected_context_id=expected_context_id,
|
|
+ not_executed=not_executed,
|
|
+ conc_mpx=conc_mpx,
|
|
+ forced_call_id=forced_call_id,
|
|
+ forced_context_id=forced_context_id,
|
|
+ forced_opnum=forced_opnum,
|
|
+ forced_auth_context_id=forced_auth_context_id,
|
|
+ forced_auth_type=forced_auth_type,
|
|
+ forced_auth_level=forced_auth_level)
|
|
+
|
|
+ def test_ntlmssp_multi_auth_MPX_first1_firstSameNone111(self):
|
|
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
|
|
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
|
|
+ auth_context_2nd = None
|
|
+ expected_call_id = None
|
|
+ expected_context_id = None
|
|
+ not_executed = False
|
|
+ conc_mpx = True
|
|
+ forced_call_id = None
|
|
+ forced_context_id = 111
|
|
+ forced_opnum = 111
|
|
+ forced_auth_context_id = None
|
|
+ forced_auth_type = None
|
|
+ forced_auth_level = None
|
|
+ return self._test_generic_auth_first_first(auth_type,
|
|
+ expected_fault,
|
|
+ auth_context_2nd=auth_context_2nd,
|
|
+ expected_call_id=expected_call_id,
|
|
+ expected_context_id=expected_context_id,
|
|
+ not_executed=not_executed,
|
|
+ conc_mpx=conc_mpx,
|
|
+ forced_call_id=forced_call_id,
|
|
+ forced_context_id=forced_context_id,
|
|
+ forced_opnum=forced_opnum,
|
|
+ forced_auth_context_id=forced_auth_context_id,
|
|
+ forced_auth_type=forced_auth_type,
|
|
+ forced_auth_level=forced_auth_level)
|
|
+
|
|
+ def test_ntlmssp_multi_auth_first1_firstNextNone111(self):
|
|
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
|
|
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
|
|
+ auth_context_2nd = None
|
|
+ expected_call_id = None
|
|
+ expected_context_id = None
|
|
+ not_executed = False
|
|
+ conc_mpx = False
|
|
+ forced_call_id = 4
|
|
+ forced_context_id = 111
|
|
+ forced_opnum = 111
|
|
+ forced_auth_context_id = None
|
|
+ forced_auth_type = None
|
|
+ forced_auth_level = None
|
|
+ return self._test_generic_auth_first_first(auth_type,
|
|
+ expected_fault,
|
|
+ auth_context_2nd=auth_context_2nd,
|
|
+ expected_call_id=expected_call_id,
|
|
+ expected_context_id=expected_context_id,
|
|
+ not_executed=not_executed,
|
|
+ conc_mpx=conc_mpx,
|
|
+ forced_call_id=forced_call_id,
|
|
+ forced_context_id=forced_context_id,
|
|
+ forced_opnum=forced_opnum,
|
|
+ forced_auth_context_id=forced_auth_context_id,
|
|
+ forced_auth_type=forced_auth_type,
|
|
+ forced_auth_level=forced_auth_level)
|
|
+
|
|
+ def test_ntlmssp_multi_auth_MPX_first1_firstNextNone111(self):
|
|
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
|
|
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
|
|
+ auth_context_2nd = None
|
|
+ expected_call_id = 4
|
|
+ expected_context_id = 0
|
|
+ not_executed = False
|
|
+ conc_mpx = True
|
|
+ forced_call_id = 4
|
|
+ forced_context_id = 111
|
|
+ forced_opnum = 111
|
|
+ forced_auth_context_id = None
|
|
+ forced_auth_type = None
|
|
+ forced_auth_level = None
|
|
+ return self._test_generic_auth_first_first(auth_type,
|
|
+ expected_fault,
|
|
+ auth_context_2nd=auth_context_2nd,
|
|
+ expected_call_id=expected_call_id,
|
|
+ expected_context_id=expected_context_id,
|
|
+ not_executed=not_executed,
|
|
+ conc_mpx=conc_mpx,
|
|
+ forced_call_id=forced_call_id,
|
|
+ forced_context_id=forced_context_id,
|
|
+ forced_opnum=forced_opnum,
|
|
+ forced_auth_context_id=forced_auth_context_id,
|
|
+ forced_auth_type=forced_auth_type,
|
|
+ forced_auth_level=forced_auth_level)
|
|
+
|
|
+ def _test_generic_auth_middle(self,
|
|
+ auth_type,
|
|
+ expected_fault,
|
|
+ expected_context_id=None,
|
|
+ not_executed=False,
|
|
+ conc_mpx=False,
|
|
+ forced_context_id=None,
|
|
+ forced_opnum=None,
|
|
+ forced_auth_context_id=None,
|
|
+ forced_auth_type=None,
|
|
+ forced_auth_level=None):
|
|
+ auth_context_2nd = 1
|
|
+ skip_first = True
|
|
+ pfc_flags_2nd = 0
|
|
+ expected_call_id = None
|
|
+ forced_call_id = None
|
|
+ return self._test_generic_auth_first_2nd(auth_type,
|
|
+ pfc_flags_2nd,
|
|
+ expected_fault,
|
|
+ auth_context_2nd=auth_context_2nd,
|
|
+ skip_first=skip_first,
|
|
+ expected_call_id=expected_call_id,
|
|
+ expected_context_id=expected_context_id,
|
|
+ not_executed=not_executed,
|
|
+ conc_mpx=conc_mpx,
|
|
+ forced_call_id=forced_call_id,
|
|
+ forced_context_id=forced_context_id,
|
|
+ forced_opnum=forced_opnum,
|
|
+ forced_auth_context_id=forced_auth_context_id,
|
|
+ forced_auth_type=forced_auth_type,
|
|
+ forced_auth_level=forced_auth_level)
|
|
+
|
|
+ def test_ntlmssp_auth_middle_alone(self):
|
|
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
|
|
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
|
|
+ expected_context_id = 0
|
|
+ not_executed = False
|
|
+ conc_mpx = False
|
|
+ forced_context_id = None
|
|
+ forced_opnum = None
|
|
+ forced_auth_context_id = None
|
|
+ forced_auth_type = None
|
|
+ forced_auth_level = None
|
|
+ return self._test_generic_auth_middle(auth_type,
|
|
+ expected_fault,
|
|
+ expected_context_id=expected_context_id,
|
|
+ not_executed=not_executed,
|
|
+ conc_mpx=conc_mpx,
|
|
+ forced_context_id=forced_context_id,
|
|
+ forced_opnum=forced_opnum,
|
|
+ forced_auth_context_id=forced_auth_context_id,
|
|
+ forced_auth_type=forced_auth_type,
|
|
+ forced_auth_level=forced_auth_level)
|
|
+
|
|
+ def test_ntlmssp_auth_MPX_middle_alone(self):
|
|
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
|
|
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
|
|
+ expected_context_id = None
|
|
+ not_executed = False
|
|
+ conc_mpx = True
|
|
+ forced_context_id = None
|
|
+ forced_opnum = None
|
|
+ forced_auth_context_id = None
|
|
+ forced_auth_type = None
|
|
+ forced_auth_level = None
|
|
+ return self._test_generic_auth_middle(auth_type,
|
|
+ expected_fault,
|
|
+ expected_context_id=expected_context_id,
|
|
+ not_executed=not_executed,
|
|
+ conc_mpx=conc_mpx,
|
|
+ forced_context_id=forced_context_id,
|
|
+ forced_opnum=forced_opnum,
|
|
+ forced_auth_context_id=forced_auth_context_id,
|
|
+ forced_auth_type=forced_auth_type,
|
|
+ forced_auth_level=forced_auth_level)
|
|
+
|
|
+ def test_ntlmssp_auth_middle_all_111(self):
|
|
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
|
|
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
|
|
+ expected_context_id = 0
|
|
+ not_executed = False
|
|
+ conc_mpx = False
|
|
+ forced_context_id = 111
|
|
+ forced_opnum = 111
|
|
+ forced_auth_context_id = 111
|
|
+ forced_auth_type = 111
|
|
+ forced_auth_level = 111
|
|
+ return self._test_generic_auth_middle(auth_type,
|
|
+ expected_fault,
|
|
+ expected_context_id=expected_context_id,
|
|
+ not_executed=not_executed,
|
|
+ conc_mpx=conc_mpx,
|
|
+ forced_context_id=forced_context_id,
|
|
+ forced_opnum=forced_opnum,
|
|
+ forced_auth_context_id=forced_auth_context_id,
|
|
+ forced_auth_type=forced_auth_type,
|
|
+ forced_auth_level=forced_auth_level)
|
|
+
|
|
+ def test_ntlmssp_auth_MPX_middle_all_111(self):
|
|
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
|
|
+ expected_fault = dcerpc.DCERPC_NCA_S_UNKNOWN_IF
|
|
+ expected_context_id = 0
|
|
+ not_executed = True
|
|
+ conc_mpx = True
|
|
+ forced_context_id = 111
|
|
+ forced_opnum = 111
|
|
+ forced_auth_context_id = 111
|
|
+ forced_auth_type = 111
|
|
+ forced_auth_level = 111
|
|
+ return self._test_generic_auth_middle(auth_type,
|
|
+ expected_fault,
|
|
+ expected_context_id=expected_context_id,
|
|
+ not_executed=not_executed,
|
|
+ conc_mpx=conc_mpx,
|
|
+ forced_context_id=forced_context_id,
|
|
+ forced_opnum=forced_opnum,
|
|
+ forced_auth_context_id=forced_auth_context_id,
|
|
+ forced_auth_type=forced_auth_type,
|
|
+ forced_auth_level=forced_auth_level)
|
|
+
|
|
+ def test_ntlmssp_auth_middle_auth_all_111(self):
|
|
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
|
|
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
|
|
+ expected_context_id = 0
|
|
+ not_executed = False
|
|
+ conc_mpx = False
|
|
+ forced_context_id = None
|
|
+ forced_opnum = 111
|
|
+ forced_auth_context_id = 111
|
|
+ forced_auth_type = 111
|
|
+ forced_auth_level = 111
|
|
+ return self._test_generic_auth_middle(auth_type,
|
|
+ expected_fault,
|
|
+ expected_context_id=expected_context_id,
|
|
+ not_executed=not_executed,
|
|
+ conc_mpx=conc_mpx,
|
|
+ forced_context_id=forced_context_id,
|
|
+ forced_opnum=forced_opnum,
|
|
+ forced_auth_context_id=forced_auth_context_id,
|
|
+ forced_auth_type=forced_auth_type,
|
|
+ forced_auth_level=forced_auth_level)
|
|
+
|
|
+ def test_ntlmssp_auth_MPX_middle_auth_all_111(self):
|
|
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
|
|
+ expected_fault = dcerpc.DCERPC_FAULT_ACCESS_DENIED
|
|
+ expected_context_id = None
|
|
+ not_executed = False
|
|
+ conc_mpx = True
|
|
+ forced_context_id = None
|
|
+ forced_opnum = 111
|
|
+ forced_auth_context_id = 111
|
|
+ forced_auth_type = 111
|
|
+ forced_auth_level = 111
|
|
+ return self._test_generic_auth_middle(auth_type,
|
|
+ expected_fault,
|
|
+ expected_context_id=expected_context_id,
|
|
+ not_executed=not_executed,
|
|
+ conc_mpx=conc_mpx,
|
|
+ forced_context_id=forced_context_id,
|
|
+ forced_opnum=forced_opnum,
|
|
+ forced_auth_context_id=forced_auth_context_id,
|
|
+ forced_auth_type=forced_auth_type,
|
|
+ forced_auth_level=forced_auth_level)
|
|
+
|
|
+ def test_ntlmssp_auth_middle_auth_context_111(self):
|
|
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
|
|
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
|
|
+ expected_context_id = 0
|
|
+ not_executed = False
|
|
+ conc_mpx = False
|
|
+ forced_context_id = None
|
|
+ forced_opnum = None
|
|
+ forced_auth_context_id = 111
|
|
+ forced_auth_type = None
|
|
+ forced_auth_level = None
|
|
+ return self._test_generic_auth_middle(auth_type,
|
|
+ expected_fault,
|
|
+ expected_context_id=expected_context_id,
|
|
+ not_executed=not_executed,
|
|
+ conc_mpx=conc_mpx,
|
|
+ forced_context_id=forced_context_id,
|
|
+ forced_opnum=forced_opnum,
|
|
+ forced_auth_context_id=forced_auth_context_id,
|
|
+ forced_auth_type=forced_auth_type,
|
|
+ forced_auth_level=forced_auth_level)
|
|
+
|
|
+ def test_ntlmssp_auth_MPX_middle_auth_context_111(self):
|
|
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
|
|
+ expected_fault = dcerpc.DCERPC_FAULT_ACCESS_DENIED
|
|
+ expected_context_id = None
|
|
+ not_executed = False
|
|
+ conc_mpx = True
|
|
+ forced_context_id = None
|
|
+ forced_opnum = None
|
|
+ forced_auth_context_id = 111
|
|
+ forced_auth_type = None
|
|
+ forced_auth_level = None
|
|
+ return self._test_generic_auth_middle(auth_type,
|
|
+ expected_fault,
|
|
+ expected_context_id=expected_context_id,
|
|
+ not_executed=not_executed,
|
|
+ conc_mpx=conc_mpx,
|
|
+ forced_context_id=forced_context_id,
|
|
+ forced_opnum=forced_opnum,
|
|
+ forced_auth_context_id=forced_auth_context_id,
|
|
+ forced_auth_type=forced_auth_type,
|
|
+ forced_auth_level=forced_auth_level)
|
|
+
|
|
+ def test_ntlmssp_auth_middle_auth_type_111(self):
|
|
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
|
|
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
|
|
+ expected_context_id = 0
|
|
+ not_executed = False
|
|
+ conc_mpx = False
|
|
+ forced_context_id = None
|
|
+ forced_opnum = None
|
|
+ forced_auth_context_id = None
|
|
+ forced_auth_type = 111
|
|
+ forced_auth_level = None
|
|
+ return self._test_generic_auth_middle(auth_type,
|
|
+ expected_fault,
|
|
+ expected_context_id=expected_context_id,
|
|
+ not_executed=not_executed,
|
|
+ conc_mpx=conc_mpx,
|
|
+ forced_context_id=forced_context_id,
|
|
+ forced_opnum=forced_opnum,
|
|
+ forced_auth_context_id=forced_auth_context_id,
|
|
+ forced_auth_type=forced_auth_type,
|
|
+ forced_auth_level=forced_auth_level)
|
|
+
|
|
+ def test_ntlmssp_auth_MPX_middle_auth_type_111(self):
|
|
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
|
|
+ expected_fault = dcerpc.DCERPC_FAULT_ACCESS_DENIED
|
|
+ expected_context_id = None
|
|
+ not_executed = False
|
|
+ conc_mpx = True
|
|
+ forced_context_id = None
|
|
+ forced_opnum = None
|
|
+ forced_auth_context_id = None
|
|
+ forced_auth_type = 111
|
|
+ forced_auth_level = None
|
|
+ return self._test_generic_auth_middle(auth_type,
|
|
+ expected_fault,
|
|
+ expected_context_id=expected_context_id,
|
|
+ not_executed=not_executed,
|
|
+ conc_mpx=conc_mpx,
|
|
+ forced_context_id=forced_context_id,
|
|
+ forced_opnum=forced_opnum,
|
|
+ forced_auth_context_id=forced_auth_context_id,
|
|
+ forced_auth_type=forced_auth_type,
|
|
+ forced_auth_level=forced_auth_level)
|
|
+
|
|
+ def test_ntlmssp_auth_middle_auth_level_111(self):
|
|
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
|
|
+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
|
|
+ expected_context_id = 0
|
|
+ not_executed = False
|
|
+ conc_mpx = False
|
|
+ forced_context_id = None
|
|
+ forced_opnum = None
|
|
+ forced_auth_context_id = None
|
|
+ forced_auth_type = None
|
|
+ forced_auth_level = 111
|
|
+ return self._test_generic_auth_middle(auth_type,
|
|
+ expected_fault,
|
|
+ expected_context_id=expected_context_id,
|
|
+ not_executed=not_executed,
|
|
+ conc_mpx=conc_mpx,
|
|
+ forced_context_id=forced_context_id,
|
|
+ forced_opnum=forced_opnum,
|
|
+ forced_auth_context_id=forced_auth_context_id,
|
|
+ forced_auth_type=forced_auth_type,
|
|
+ forced_auth_level=forced_auth_level)
|
|
+
|
|
+ def test_ntlmssp_auth_MPX_middle_auth_level_111(self):
|
|
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
|
|
+ expected_fault = dcerpc.DCERPC_FAULT_ACCESS_DENIED
|
|
+ expected_context_id = None
|
|
+ not_executed = False
|
|
+ conc_mpx = True
|
|
+ forced_context_id = None
|
|
+ forced_opnum = None
|
|
+ forced_auth_context_id = None
|
|
+ forced_auth_type = None
|
|
+ forced_auth_level = 111
|
|
+ return self._test_generic_auth_middle(auth_type,
|
|
+ expected_fault,
|
|
+ expected_context_id=expected_context_id,
|
|
+ not_executed=not_executed,
|
|
+ conc_mpx=conc_mpx,
|
|
+ forced_context_id=forced_context_id,
|
|
+ forced_opnum=forced_opnum,
|
|
+ forced_auth_context_id=forced_auth_context_id,
|
|
+ forced_auth_type=forced_auth_type,
|
|
+ forced_auth_level=forced_auth_level)
|
|
+
|
|
def _test_neg_xmit_check_values(self,
|
|
req_xmit=None,
|
|
req_recv=None,
|
|
diff --git a/selftest/knownfail.d/dcerpc-auth-fraq b/selftest/knownfail.d/dcerpc-auth-fraq
|
|
new file mode 100644
|
|
index 00000000000..f3c62b65e9e
|
|
--- /dev/null
|
|
+++ b/selftest/knownfail.d/dcerpc-auth-fraq
|
|
@@ -0,0 +1,20 @@
|
|
+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_all_111
|
|
+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_alone
|
|
+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_all_111
|
|
+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_context_111
|
|
+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_level_111
|
|
+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_type_111
|
|
+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_firstSame111
|
|
+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_firstSameNone
|
|
+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_firstSameNone111
|
|
+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_lastSameNone
|
|
+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_lastSameNone111
|
|
+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_firstSame2
|
|
+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNext111
|
|
+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNext2
|
|
+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNextNone
|
|
+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNextNone111
|
|
+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSame111
|
|
+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSame2
|
|
+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSameNone
|
|
+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSameNone111
|
|
--
|
|
2.25.1
|
|
|
|
|
|
From 43b09da3138606e2d0fbc033e8bc50fa82687946 Mon Sep 17 00:00:00 2001
|
|
From: Stefan Metzmacher <metze@samba.org>
|
|
Date: Mon, 16 Nov 2020 14:15:06 +0100
|
|
Subject: [PATCH 9/9] CVE-2021-23192: dcesrv_core: only the first fragment
|
|
specifies the auth_contexts
|
|
|
|
All other fragments blindly inherit it.
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875
|
|
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
|
|
---
|
|
librpc/rpc/dcerpc_pkt_auth.c | 19 +++---
|
|
librpc/rpc/dcerpc_pkt_auth.h | 1 +
|
|
librpc/rpc/dcesrv_auth.c | 28 +++++++++
|
|
librpc/rpc/dcesrv_core.c | 86 +++++++++++++++++++++------
|
|
selftest/knownfail.d/dcerpc-auth-fraq | 20 -------
|
|
source4/librpc/rpc/dcerpc.c | 1 +
|
|
6 files changed, 109 insertions(+), 46 deletions(-)
|
|
delete mode 100644 selftest/knownfail.d/dcerpc-auth-fraq
|
|
|
|
diff --git a/librpc/rpc/dcerpc_pkt_auth.c b/librpc/rpc/dcerpc_pkt_auth.c
|
|
index 322d7497893..1cb191468b5 100644
|
|
--- a/librpc/rpc/dcerpc_pkt_auth.c
|
|
+++ b/librpc/rpc/dcerpc_pkt_auth.c
|
|
@@ -39,6 +39,7 @@
|
|
|
|
NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state,
|
|
struct gensec_security *gensec,
|
|
+ bool check_pkt_auth_fields,
|
|
TALLOC_CTX *mem_ctx,
|
|
enum dcerpc_pkt_type ptype,
|
|
uint8_t required_flags,
|
|
@@ -115,16 +116,18 @@ NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state,
|
|
return NT_STATUS_INTERNAL_ERROR;
|
|
}
|
|
|
|
- if (auth.auth_type != auth_state->auth_type) {
|
|
- return NT_STATUS_ACCESS_DENIED;
|
|
- }
|
|
+ if (check_pkt_auth_fields) {
|
|
+ if (auth.auth_type != auth_state->auth_type) {
|
|
+ return NT_STATUS_ACCESS_DENIED;
|
|
+ }
|
|
|
|
- if (auth.auth_level != auth_state->auth_level) {
|
|
- return NT_STATUS_ACCESS_DENIED;
|
|
- }
|
|
+ if (auth.auth_level != auth_state->auth_level) {
|
|
+ return NT_STATUS_ACCESS_DENIED;
|
|
+ }
|
|
|
|
- if (auth.auth_context_id != auth_state->auth_context_id) {
|
|
- return NT_STATUS_ACCESS_DENIED;
|
|
+ if (auth.auth_context_id != auth_state->auth_context_id) {
|
|
+ return NT_STATUS_ACCESS_DENIED;
|
|
+ }
|
|
}
|
|
|
|
/* check signature or unseal the packet */
|
|
diff --git a/librpc/rpc/dcerpc_pkt_auth.h b/librpc/rpc/dcerpc_pkt_auth.h
|
|
index c0d23b91c05..1dcee12f53c 100644
|
|
--- a/librpc/rpc/dcerpc_pkt_auth.h
|
|
+++ b/librpc/rpc/dcerpc_pkt_auth.h
|
|
@@ -31,6 +31,7 @@
|
|
|
|
NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state,
|
|
struct gensec_security *gensec,
|
|
+ bool check_pkt_auth_fields,
|
|
TALLOC_CTX *mem_ctx,
|
|
enum dcerpc_pkt_type ptype,
|
|
uint8_t required_flags,
|
|
diff --git a/librpc/rpc/dcesrv_auth.c b/librpc/rpc/dcesrv_auth.c
|
|
index 8dda86d88e2..9d8df6c42e2 100644
|
|
--- a/librpc/rpc/dcesrv_auth.c
|
|
+++ b/librpc/rpc/dcesrv_auth.c
|
|
@@ -438,6 +438,10 @@ bool dcesrv_auth_prepare_auth3(struct dcesrv_call_state *call)
|
|
return false;
|
|
}
|
|
|
|
+ if (auth->auth_invalid) {
|
|
+ return false;
|
|
+ }
|
|
+
|
|
/* We can't work without an existing gensec state */
|
|
if (auth->gensec_security == NULL) {
|
|
return false;
|
|
@@ -524,6 +528,10 @@ bool dcesrv_auth_alter(struct dcesrv_call_state *call)
|
|
return false;
|
|
}
|
|
|
|
+ if (auth->auth_invalid) {
|
|
+ return false;
|
|
+ }
|
|
+
|
|
if (call->in_auth_info.auth_type != auth->auth_type) {
|
|
return false;
|
|
}
|
|
@@ -590,6 +598,7 @@ bool dcesrv_auth_pkt_pull(struct dcesrv_call_state *call,
|
|
.auth_level = auth->auth_level,
|
|
.auth_context_id = auth->auth_context_id,
|
|
};
|
|
+ bool check_pkt_auth_fields;
|
|
NTSTATUS status;
|
|
|
|
if (!auth->auth_started) {
|
|
@@ -605,8 +614,27 @@ bool dcesrv_auth_pkt_pull(struct dcesrv_call_state *call,
|
|
return false;
|
|
}
|
|
|
|
+ if (call->pkt.pfc_flags & DCERPC_PFC_FLAG_FIRST) {
|
|
+ /*
|
|
+ * The caller most likely checked this
|
|
+ * already, but we better double check.
|
|
+ */
|
|
+ check_pkt_auth_fields = true;
|
|
+ } else {
|
|
+ /*
|
|
+ * The caller already found first fragment
|
|
+ * and is passing the auth_state of it.
|
|
+ * A server is supposed to use the
|
|
+ * setting of the first fragment and
|
|
+ * completely ignore the values
|
|
+ * on the remaining fragments
|
|
+ */
|
|
+ check_pkt_auth_fields = false;
|
|
+ }
|
|
+
|
|
status = dcerpc_ncacn_pull_pkt_auth(&tmp_auth,
|
|
auth->gensec_security,
|
|
+ check_pkt_auth_fields,
|
|
call,
|
|
pkt->ptype,
|
|
required_flags,
|
|
diff --git a/librpc/rpc/dcesrv_core.c b/librpc/rpc/dcesrv_core.c
|
|
index ffaa9019d4b..0bab4c10641 100644
|
|
--- a/librpc/rpc/dcesrv_core.c
|
|
+++ b/librpc/rpc/dcesrv_core.c
|
|
@@ -1805,6 +1805,10 @@ static NTSTATUS dcesrv_request(struct dcesrv_call_state *call)
|
|
struct ndr_pull *pull;
|
|
NTSTATUS status;
|
|
|
|
+ if (auth->auth_invalid) {
|
|
+ return dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR);
|
|
+ }
|
|
+
|
|
if (!auth->auth_finished) {
|
|
return dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR);
|
|
}
|
|
@@ -1968,6 +1972,7 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn,
|
|
enum dcerpc_AuthType auth_type = 0;
|
|
enum dcerpc_AuthLevel auth_level = 0;
|
|
uint32_t auth_context_id = 0;
|
|
+ bool auth_invalid = false;
|
|
|
|
call = talloc_zero(dce_conn, struct dcesrv_call_state);
|
|
if (!call) {
|
|
@@ -1999,12 +2004,16 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn,
|
|
|
|
if (call->auth_state == NULL) {
|
|
struct dcesrv_auth *a = NULL;
|
|
+ bool check_type_level = true;
|
|
|
|
auth_type = dcerpc_get_auth_type(&blob);
|
|
auth_level = dcerpc_get_auth_level(&blob);
|
|
auth_context_id = dcerpc_get_auth_context_id(&blob);
|
|
|
|
if (call->pkt.ptype == DCERPC_PKT_REQUEST) {
|
|
+ if (!(call->pkt.pfc_flags & DCERPC_PFC_FLAG_FIRST)) {
|
|
+ check_type_level = false;
|
|
+ }
|
|
dce_conn->default_auth_level_connect = NULL;
|
|
if (auth_level == DCERPC_AUTH_LEVEL_CONNECT) {
|
|
dce_conn->got_explicit_auth_level_connect = true;
|
|
@@ -2014,14 +2023,19 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn,
|
|
for (a = dce_conn->auth_states; a != NULL; a = a->next) {
|
|
num_auth_ctx++;
|
|
|
|
- if (a->auth_type != auth_type) {
|
|
+ if (a->auth_context_id != auth_context_id) {
|
|
continue;
|
|
}
|
|
- if (a->auth_finished && a->auth_level != auth_level) {
|
|
- continue;
|
|
+
|
|
+ if (a->auth_type != auth_type) {
|
|
+ auth_invalid = true;
|
|
}
|
|
- if (a->auth_context_id != auth_context_id) {
|
|
- continue;
|
|
+ if (a->auth_level != auth_level) {
|
|
+ auth_invalid = true;
|
|
+ }
|
|
+
|
|
+ if (check_type_level && auth_invalid) {
|
|
+ a->auth_invalid = true;
|
|
}
|
|
|
|
DLIST_PROMOTE(dce_conn->auth_states, a);
|
|
@@ -2048,6 +2062,7 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn,
|
|
/*
|
|
* This can never be valid.
|
|
*/
|
|
+ auth_invalid = true;
|
|
a->auth_invalid = true;
|
|
}
|
|
call->auth_state = a;
|
|
@@ -2116,6 +2131,18 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn,
|
|
}
|
|
/* only one request is possible in the fragmented list */
|
|
if (dce_conn->incoming_fragmented_call_list != NULL) {
|
|
+ call->fault_code = DCERPC_NCA_S_PROTO_ERROR;
|
|
+
|
|
+ existing = dcesrv_find_fragmented_call(dce_conn,
|
|
+ call->pkt.call_id);
|
|
+ if (existing != NULL && call->auth_state != existing->auth_state) {
|
|
+ call->context = dcesrv_find_context(call->conn,
|
|
+ call->pkt.u.request.context_id);
|
|
+
|
|
+ if (call->pkt.auth_length != 0 && existing->context == call->context) {
|
|
+ call->fault_code = DCERPC_FAULT_SEC_PKG_ERROR;
|
|
+ }
|
|
+ }
|
|
if (!(dce_conn->state_flags & DCESRV_CALL_STATE_FLAG_MULTIPLEXED)) {
|
|
/*
|
|
* Without DCERPC_PFC_FLAG_CONC_MPX
|
|
@@ -2125,11 +2152,14 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn,
|
|
* This is important to get the
|
|
* call_id and context_id right.
|
|
*/
|
|
+ dce_conn->incoming_fragmented_call_list->fault_code = call->fault_code;
|
|
TALLOC_FREE(call);
|
|
call = dce_conn->incoming_fragmented_call_list;
|
|
}
|
|
- return dcesrv_fault_disconnect0(call,
|
|
- DCERPC_NCA_S_PROTO_ERROR);
|
|
+ if (existing != NULL) {
|
|
+ call->context = existing->context;
|
|
+ }
|
|
+ return dcesrv_fault_disconnect0(call, call->fault_code);
|
|
}
|
|
if (call->pkt.pfc_flags & DCERPC_PFC_FLAG_PENDING_CANCEL) {
|
|
return dcesrv_fault_disconnect(call,
|
|
@@ -2142,17 +2172,43 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn,
|
|
DCERPC_PFC_FLAG_DID_NOT_EXECUTE);
|
|
}
|
|
} else {
|
|
- const struct dcerpc_request *nr = &call->pkt.u.request;
|
|
- const struct dcerpc_request *er = NULL;
|
|
int cmp;
|
|
|
|
existing = dcesrv_find_fragmented_call(dce_conn,
|
|
call->pkt.call_id);
|
|
if (existing == NULL) {
|
|
+ if (!(dce_conn->state_flags & DCESRV_CALL_STATE_FLAG_MULTIPLEXED)) {
|
|
+ /*
|
|
+ * Without DCERPC_PFC_FLAG_CONC_MPX
|
|
+ * we need to return the FAULT on the
|
|
+ * already existing call.
|
|
+ *
|
|
+ * This is important to get the
|
|
+ * call_id and context_id right.
|
|
+ */
|
|
+ if (dce_conn->incoming_fragmented_call_list != NULL) {
|
|
+ TALLOC_FREE(call);
|
|
+ call = dce_conn->incoming_fragmented_call_list;
|
|
+ }
|
|
+ return dcesrv_fault_disconnect0(call,
|
|
+ DCERPC_NCA_S_PROTO_ERROR);
|
|
+ }
|
|
+ if (dce_conn->incoming_fragmented_call_list != NULL) {
|
|
+ return dcesrv_fault_disconnect0(call, DCERPC_NCA_S_PROTO_ERROR);
|
|
+ }
|
|
+ call->context = dcesrv_find_context(call->conn,
|
|
+ call->pkt.u.request.context_id);
|
|
+ if (call->context == NULL) {
|
|
+ return dcesrv_fault_with_flags(call, DCERPC_NCA_S_UNKNOWN_IF,
|
|
+ DCERPC_PFC_FLAG_DID_NOT_EXECUTE);
|
|
+ }
|
|
+ if (auth_invalid) {
|
|
+ return dcesrv_fault_disconnect0(call,
|
|
+ DCERPC_FAULT_ACCESS_DENIED);
|
|
+ }
|
|
return dcesrv_fault_disconnect0(call,
|
|
DCERPC_NCA_S_PROTO_ERROR);
|
|
}
|
|
- er = &existing->pkt.u.request;
|
|
|
|
if (call->pkt.ptype != existing->pkt.ptype) {
|
|
/* trying to play silly buggers are we? */
|
|
@@ -2165,14 +2221,8 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn,
|
|
return dcesrv_fault_disconnect(existing,
|
|
DCERPC_NCA_S_PROTO_ERROR);
|
|
}
|
|
- if (nr->context_id != er->context_id) {
|
|
- return dcesrv_fault_disconnect(existing,
|
|
- DCERPC_NCA_S_PROTO_ERROR);
|
|
- }
|
|
- if (nr->opnum != er->opnum) {
|
|
- return dcesrv_fault_disconnect(existing,
|
|
- DCERPC_NCA_S_PROTO_ERROR);
|
|
- }
|
|
+ call->auth_state = existing->auth_state;
|
|
+ call->context = existing->context;
|
|
}
|
|
}
|
|
|
|
diff --git a/selftest/knownfail.d/dcerpc-auth-fraq b/selftest/knownfail.d/dcerpc-auth-fraq
|
|
deleted file mode 100644
|
|
index f3c62b65e9e..00000000000
|
|
--- a/selftest/knownfail.d/dcerpc-auth-fraq
|
|
+++ /dev/null
|
|
@@ -1,20 +0,0 @@
|
|
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_all_111
|
|
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_alone
|
|
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_all_111
|
|
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_context_111
|
|
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_level_111
|
|
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_type_111
|
|
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_firstSame111
|
|
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_firstSameNone
|
|
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_firstSameNone111
|
|
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_lastSameNone
|
|
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_lastSameNone111
|
|
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_firstSame2
|
|
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNext111
|
|
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNext2
|
|
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNextNone
|
|
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNextNone111
|
|
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSame111
|
|
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSame2
|
|
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSameNone
|
|
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSameNone111
|
|
diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c
|
|
index 4847e8a0200..baf6df6e498 100644
|
|
--- a/source4/librpc/rpc/dcerpc.c
|
|
+++ b/source4/librpc/rpc/dcerpc.c
|
|
@@ -726,6 +726,7 @@ static NTSTATUS ncacn_pull_pkt_auth(struct dcecli_connection *c,
|
|
|
|
status = dcerpc_ncacn_pull_pkt_auth(&tmp_auth,
|
|
c->security_state.generic_state,
|
|
+ true, /* check_pkt_auth_fields */
|
|
mem_ctx,
|
|
ptype,
|
|
required_flags,
|
|
--
|
|
2.25.1
|
|
|