[SCM] Samba Shared Repository - branch v4-4-test updated
Karolin Seeger
kseeger at samba.org
Tue Jun 28 14:55:04 UTC 2016
The branch, v4-4-test has been updated
via 8bac275 libutil: Support systemd 230
via 833bbdd s4/torture: add a test for dosmode and hidden files
via efd6eaf s3/smbd: only use stored dos attributes for open_match_attributes() check
via 7448b50 s3/smbd: make get_ea_dos_attribute() public
via c8d3d3c s3/smbd: move check for "hide files" to dos_mode_from_name()
via 3296ee7 s3/smbd: call dos_mode_from_name after get_ea_dos_attribute()
via 60587e8 s3/smbd: add helper func dos_mode_from_name()
via 9e4b9e5 dcerpc.idl: remove unused DCERPC_NCACN_PAYLOAD_MAX_SIZE
via 1a0775e s4:rpc_server: use a variable for the max total reassembled request payload
via 81d7c85 s4:librpc/rpc: allow a total reassembled response payload of 240 MBytes
via 2e69fda dcerpc.idl: add DCERPC_NCACN_{REQUEST,RESPONSE}_DEFAULT_MAX_SIZE
via ffd4a79 python/tests: add auth_pad test for the dcerpc raw_protocol test
via c63f1d1 s4:rpc_server: generate the correct error when we got an invalid auth_pad_length on BIND,ALTER,AUTH3
via cdc5165 librpc/rpc: ignore invalid auth_pad_length values in BIND, ALTER and AUTH3 pdus
via c7fd95c librpc/rpc: let dcerpc_pull_auth_trailer() check that auth_pad_length fits within the whole pdu.
via 23273a6 librpc/rpc: let dcerpc_pull_auth_trailer() only accept auth_length!=NULL or auth_data_only=true
via c382397 s4:librpc/rpc: don't ask for auth_length if we ask for auth data only
via 793b222 s4:rpc_server: parse auth data only for BIND,ALTER_REQ,AUTH3
from 84f54ce build: Build less of Samba when building --without-ntvfs-fileserver
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-4-test
- Log -----------------------------------------------------------------
commit 8bac275e33006ace713bce3aab9cc5f67e15a4b1
Author: Andreas Schneider <asn at samba.org>
Date: Wed Jun 22 11:13:15 2016 +0200
libutil: Support systemd 230
systemd 230 version finally deprecated
libsystemd-daemon/libsystemd-journal split and put everything in
libsystemd library.
Make sure HAVE_LIBSYSTEMD define is supported in the code (we already
have it defined by the waf).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11936
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Richard Sharpe <rsharpe at samba.org>
Autobuild-User(master): Richard Sharpe <sharpe at samba.org>
Autobuild-Date(master): Mon Jun 27 00:01:55 CEST 2016 on sn-devel-144
(cherry picked from commit 8813faffe3ce4b598b626afea4bf90405c8129d8)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-4-test): Tue Jun 28 16:54:43 CEST 2016 on sn-devel-144
commit 833bbdd3514955d8a47dfed8c2e3248ba5a65b3d
Author: Ralph Boehme <slow at samba.org>
Date: Thu Jun 23 19:13:05 2016 +0200
s4/torture: add a test for dosmode and hidden files
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11992
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 2db5c10ac59d5362e81c50d9a854071477de9c12)
commit efd6eaf2d02da60eb9ca3c9c65b50d8b3e147a41
Author: Ralph Boehme <slow at samba.org>
Date: Thu Jun 23 12:24:33 2016 +0200
s3/smbd: only use stored dos attributes for open_match_attributes() check
This changes the way we check for old vs new DOS attributes on open with
overwrite: only check against the DOS attributes actually set by a
client and stored in the DOS attributes xattr.
With this change "hide dot files" and "hide files" continue to work with
"store dos attributes = yes".
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11992
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 36b7cff3188bbc21048c12ec971d9c2ac3666226)
commit 7448b50a62e77e40de75ebd8bb65ef02747a6d8e
Author: Ralph Boehme <slow at samba.org>
Date: Mon Jun 27 11:39:47 2016 +0200
s3/smbd: make get_ea_dos_attribute() public
Needed in a subsequent commit to read the stored dosmode for a file.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11992
Signed-off-by: Ralph Boehme <slow at samba.org>
commit c8d3d3c3237255fdbc20ac96631abad9176acdcd
Author: Ralph Boehme <slow at samba.org>
Date: Thu Jun 23 17:14:55 2016 +0200
s3/smbd: move check for "hide files" to dos_mode_from_name()
Consolidate the "hide dot files" and "hide files" handling stuff in one
function. No change in overall behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11992
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit f2a53efb1aab0986d6a7d9621b1efff2127df4e6)
commit 3296ee715c082398bcec16694b509221852ccdf6
Author: Ralph Boehme <slow at samba.org>
Date: Thu Jun 23 16:40:15 2016 +0200
s3/smbd: call dos_mode_from_name after get_ea_dos_attribute()
This doesn't change overall behaviour in any way, it just prepares for
the next step where the IS_HIDDEN_PATH() stuff will be moved to the
function dos_mode_from_name().
It allows an optimisation by not checking "hide to files" patch if
FILE_ATTRIBUTE_HIDDEN was already set in the DOS xattr.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11992
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(backported from commit 1be877038c53c88802bc19c00a49c1974f17c4eb)
commit 60587e823de1fe0e0220e99c444506260fc61d32
Author: Ralph Boehme <slow at samba.org>
Date: Thu Jun 23 12:23:33 2016 +0200
s3/smbd: add helper func dos_mode_from_name()
This just moves the computation of "hide dot files" files to a helper
functions without changing overall behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11992
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit c8c67c9a2a6347e36f4628e2d0260bd6c58d8c65)
commit 9e4b9e5bfb65a6761f50f43f7dc9790788d77d82
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jun 22 20:38:01 2016 +0200
dcerpc.idl: remove unused DCERPC_NCACN_PAYLOAD_MAX_SIZE
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11948
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit d9e242e9035c15e49b041afc61e5a4a08877f289)
commit 1a0775e85f0e991c7d1ecf7e6ae36d365d1224b5
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jun 22 17:18:28 2016 +0200
s4:rpc_server: use a variable for the max total reassembled request payload
We still use the same limit of 4 MByte (DCERPC_NCACN_REQUEST_DEFAULT_MAX_SIZE)
by default.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11948
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Jun 23 04:51:16 CEST 2016 on sn-devel-144
(cherry picked from commit 3f36d31c848496bf509db573e4c12821905b448d)
commit 81d7c8513cc101e4a468b5a394989b15da4cdd18
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jun 22 17:18:28 2016 +0200
s4:librpc/rpc: allow a total reassembled response payload of 240 MBytes
This will replace DCERPC_NCACN_PAYLOAD_MAX_SIZE (4 MByte),
The limit of DCERPC_NCACN_PAYLOAD_MAX_SIZE (4 MByte) was too
strict for some workloads, e.g. DRSUAPI replication with large objects.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11948
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 7413e73c5331b760dc84b3843059230ec5fcfc7b)
commit 2e69fda2e061b9078f68eaa63fea08f95f8f799f
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jun 22 16:58:03 2016 +0200
dcerpc.idl: add DCERPC_NCACN_{REQUEST,RESPONSE}_DEFAULT_MAX_SIZE
This will replace DCERPC_NCACN_PAYLOAD_MAX_SIZE (4 MByte),
this limit is too strict for some workloads, e.g. DRSUAPI replication
with large objects.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11948
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 281e11b53f676647997fb9ce21227782529a62ad)
commit ffd4a79f498f07481457b6da72df3d199214972a
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jun 23 12:06:40 2016 +0200
python/tests: add auth_pad test for the dcerpc raw_protocol test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11982
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Jun 24 18:08:44 CEST 2016 on sn-devel-144
(cherry picked from commit c49f9abb19adca999d0b1d897d00d91f0ad91bbd)
commit c63f1d12b57aa0094cd6d15c055c92784b3d22e7
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jun 23 13:50:39 2016 +0200
s4:rpc_server: generate the correct error when we got an invalid auth_pad_length on BIND,ALTER,AUTH3
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11982
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 7d8edcc24148658e92729b3d155e432994e27525)
commit cdc516535cd973e42d0d7996a962d8c1cbf5ed5d
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Jun 20 16:26:56 2016 +0200
librpc/rpc: ignore invalid auth_pad_length values in BIND, ALTER and AUTH3 pdus
This is a workarround for a bug in old Samba releases.
For BIND_ACK <= 3.5.x and for ALTER_RESP <= 4.2.x (see bug #11061).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11982
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit aef032302863e5f3a888dbf4c52b21d561a0dff4)
commit c7fd95c39f26c8cd000f342b043ef1954c8e3325
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Jun 20 16:25:12 2016 +0200
librpc/rpc: let dcerpc_pull_auth_trailer() check that auth_pad_length fits within the whole pdu.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11982
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 3f7e3ed8a276f16aaed87c1f3cd5b9781aa7e1af)
commit 23273a664f4408aa9ba2409a87f0341a7b14072e
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Jun 20 16:17:45 2016 +0200
librpc/rpc: let dcerpc_pull_auth_trailer() only accept auth_length!=NULL or auth_data_only=true
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11982
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit f386e81b982cd551313eb9c0f7d2f70d65515d80)
commit c3823972fbe7d282926bcad873dde6c7b4a7d177
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Jun 20 16:16:23 2016 +0200
s4:librpc/rpc: don't ask for auth_length if we ask for auth data only
dcerpc_pull_auth_trailer() handles auth_length=NULL just fine.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11982
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit e05c732c6074df2524403ad7bb30eade91443525)
commit 793b22230e76cb936b3d00b45cc5be453545e22b
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Jun 20 16:11:37 2016 +0200
s4:rpc_server: parse auth data only for BIND,ALTER_REQ,AUTH3
We should tell dcerpc_pull_auth_trailer() that we only want
auth data.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11982
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 505a4e68d96e6fb3d8c7493632ecb4b0fc6caa9d)
-----------------------------------------------------------------------
Summary of changes:
lib/util/debug.c | 6 +-
librpc/idl/dcerpc.idl | 18 +-
librpc/rpc/dcerpc_util.c | 61 ++++
python/samba/tests/dcerpc/raw_protocol.py | 548 ++++++++++++++++++++++++++++++
selftest/target/Samba3.pm | 7 +
source3/selftest/tests.py | 2 +
source3/smbd/dosmode.c | 64 ++--
source3/smbd/open.c | 14 +-
source3/smbd/proto.h | 3 +
source4/librpc/rpc/dcerpc.c | 13 +-
source4/librpc/rpc/dcerpc.h | 3 +
source4/rpc_server/dcerpc_server.c | 18 +-
source4/rpc_server/dcerpc_server.h | 3 +
source4/rpc_server/dcesrv_auth.c | 27 +-
source4/selftest/tests.py | 5 +-
source4/torture/smb2/dosmode.c | 183 ++++++++++
source4/torture/smb2/smb2.c | 1 +
source4/torture/smb2/wscript_build | 2 +-
18 files changed, 925 insertions(+), 53 deletions(-)
create mode 100644 source4/torture/smb2/dosmode.c
Changeset truncated at 500 lines:
diff --git a/lib/util/debug.c b/lib/util/debug.c
index 4bb54d7..20a0ff3 100644
--- a/lib/util/debug.c
+++ b/lib/util/debug.c
@@ -102,7 +102,7 @@ static struct {
.fd = 2 /* stderr by default */
};
-#if defined(WITH_SYSLOG) || defined(HAVE_LIBSYSTEMD_JOURNAL)
+#if defined(WITH_SYSLOG) || defined(HAVE_LIBSYSTEMD_JOURNAL) || defined(HAVE_LIBSYSTEMD)
static int debug_level_to_priority(int level)
{
/*
@@ -179,7 +179,7 @@ static void debug_syslog_log(int msg_level,
}
#endif /* WITH_SYSLOG */
-#ifdef HAVE_LIBSYSTEMD_JOURNAL
+#if defined(HAVE_LIBSYSTEMD_JOURNAL) || defined(HAVE_LIBSYSTEMD)
#include <systemd/sd-journal.h>
static void debug_systemd_log(int msg_level,
const char *msg, const char *msg_no_nl)
@@ -251,7 +251,7 @@ static struct debug_backend {
},
#endif
-#ifdef HAVE_LIBSYSTEMD_JOURNAL
+#if defined(HAVE_LIBSYSTEMD_JOURNAL) || defined(HAVE_LIBSYSTEMD)
{
.name = "systemd",
.log = debug_systemd_log,
diff --git a/librpc/idl/dcerpc.idl b/librpc/idl/dcerpc.idl
index 015eb3d..527804d 100644
--- a/librpc/idl/dcerpc.idl
+++ b/librpc/idl/dcerpc.idl
@@ -535,7 +535,23 @@ interface dcerpc
const uint32 DCERPC_FRAG_MAX_SIZE = 5840;
const uint8 DCERPC_AUTH_LEN_OFFSET = 10;
const uint8 DCERPC_NCACN_PAYLOAD_OFFSET = 16;
- const uint32 DCERPC_NCACN_PAYLOAD_MAX_SIZE = 0x400000; /* 4 MByte */
+
+ /*
+ * See [MS-RPCE] 3.3.3.5.4 Maximum Server Input Data Size
+ * 4 MByte is the default limit of reassembled request payload
+ */
+ const uint32 DCERPC_NCACN_REQUEST_DEFAULT_MAX_SIZE = 0x400000;
+
+ /*
+ * See [MS-RPCE] 3.3.2.5.2 Handling Responses
+ *
+ * Indicates that Windows accepts up to 0x7FFFFFFF ~2 GByte
+ *
+ * talloc has a limit of 256 MByte, so we need to use something smaller.
+ *
+ * For now we try our luck with 240 MByte.
+ */
+ const uint32 DCERPC_NCACN_RESPONSE_DEFAULT_MAX_SIZE = 0xf000000; /* 240 MByte */
/* little-endian flag */
const uint8 DCERPC_DREP_LE = 0x10;
diff --git a/librpc/rpc/dcerpc_util.c b/librpc/rpc/dcerpc_util.c
index 43e1b7f..df14948 100644
--- a/librpc/rpc/dcerpc_util.c
+++ b/librpc/rpc/dcerpc_util.c
@@ -95,10 +95,19 @@ NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet *pkt,
uint16_t data_and_pad;
uint16_t auth_length;
uint32_t tmp_length;
+ uint32_t max_pad_len = 0;
ZERO_STRUCTP(auth);
if (_auth_length != NULL) {
*_auth_length = 0;
+
+ if (auth_data_only) {
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+ } else {
+ if (!auth_data_only) {
+ return NT_STATUS_INTERNAL_ERROR;
+ }
}
/* Paranoia checks for auth_length. The caller should check this... */
@@ -149,6 +158,58 @@ NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet *pkt,
return ndr_map_error2ntstatus(ndr_err);
}
+ /*
+ * Make sure the padding would not exceed
+ * the frag_length.
+ *
+ * Here we assume at least 24 bytes for the
+ * payload specific header the value of
+ * DCERPC_{REQUEST,RESPONSE}_LENGTH.
+ *
+ * We use this also for BIND_*, ALTER_* and AUTH3 pdus.
+ *
+ * We need this check before we ignore possible
+ * invalid values. See also bug #11982.
+ *
+ * This check is mainly used to generate the correct
+ * error for BIND_*, ALTER_* and AUTH3 pdus.
+ *
+ * We always have the 'if (data_and_pad < auth->auth_pad_length)'
+ * protection for REQUEST and RESPONSE pdus, where the
+ * auth_pad_length field is actually used by the caller.
+ */
+ tmp_length = DCERPC_REQUEST_LENGTH;
+ tmp_length += DCERPC_AUTH_TRAILER_LENGTH;
+ tmp_length += pkt->auth_length;
+ if (tmp_length < pkt->frag_length) {
+ max_pad_len = pkt->frag_length - tmp_length;
+ }
+ if (max_pad_len < auth->auth_pad_length) {
+ DEBUG(1, (__location__ ": ERROR: pad length to large. "
+ "max %u got %u\n",
+ (unsigned)max_pad_len,
+ (unsigned)auth->auth_pad_length));
+ talloc_free(ndr);
+ ZERO_STRUCTP(auth);
+ return NT_STATUS_RPC_PROTOCOL_ERROR;
+ }
+
+ /*
+ * This is a workarround for a bug in old
+ * Samba releases. For BIND_ACK <= 3.5.x
+ * and for ALTER_RESP <= 4.2.x (see bug #11061)
+ *
+ * See also bug #11982.
+ */
+ if (auth_data_only && data_and_pad == 0 &&
+ auth->auth_pad_length > 0) {
+ /*
+ * we need to ignore invalid auth_pad_length
+ * values for BIND_*, ALTER_* and AUTH3 pdus.
+ */
+ auth->auth_pad_length = 0;
+ }
+
if (data_and_pad < auth->auth_pad_length) {
DEBUG(1, (__location__ ": ERROR: pad length mismatch. "
"Calculated %u got %u\n",
diff --git a/python/samba/tests/dcerpc/raw_protocol.py b/python/samba/tests/dcerpc/raw_protocol.py
index ccd0f6b..8b0bc4e 100755
--- a/python/samba/tests/dcerpc/raw_protocol.py
+++ b/python/samba/tests/dcerpc/raw_protocol.py
@@ -2616,6 +2616,554 @@ class TestDCERPC_BIND(RawDCERPCTest):
self.assertIsNone(rep)
self.assertNotConnected()
+ def test_spnego_auth_pad_ok(self):
+ ndr32 = base.transfer_syntax_ndr()
+
+ tsf1_list = [ndr32]
+ ctx1 = dcerpc.ctx_list()
+ ctx1.context_id = 1
+ ctx1.num_transfer_syntaxes = len(tsf1_list)
+ ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
+ ctx1.transfer_syntaxes = tsf1_list
+ ctx_list = [ctx1]
+
+ c = Credentials()
+ c.set_anonymous()
+ g = gensec.Security.start_client(self.settings)
+ g.set_credentials(c)
+ g.want_feature(gensec.FEATURE_DCE_STYLE)
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
+ auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
+ auth_context_id = 2
+ g.start_mech_by_authtype(auth_type, auth_level)
+ from_server = ""
+ (finished, to_server) = g.update(from_server)
+ self.assertFalse(finished)
+
+ auth_info = self.generate_auth(auth_type=auth_type,
+ auth_level=auth_level,
+ auth_context_id=auth_context_id,
+ auth_blob=to_server)
+
+ req = self.generate_bind(call_id=0,
+ ctx_list=ctx_list,
+ auth_info=auth_info)
+ req_pdu = samba.ndr.ndr_pack(req)
+
+ auth_pad_ok = len(req_pdu)
+ auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
+ auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
+ auth_pad_ok -= len(to_server)
+
+ auth_info = self.generate_auth(auth_type=auth_type,
+ auth_level=auth_level,
+ auth_context_id=auth_context_id,
+ auth_pad_length=auth_pad_ok,
+ auth_blob=to_server)
+
+ req = self.generate_bind(call_id=0,
+ ctx_list=ctx_list,
+ auth_info=auth_info)
+ self.send_pdu(req)
+ rep = self.recv_pdu()
+ self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
+ self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
+ self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
+ self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertEquals(rep.u.secondary_address_size, 4)
+ self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
+ self.assertEquals(len(rep.u._pad1), 2)
+ #self.assertEquals(rep.u._pad1, '\0' * 2)
+ self.assertEquals(rep.u.num_results, 1)
+ self.assertEquals(rep.u.ctx_list[0].result,
+ dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
+ self.assertEquals(rep.u.ctx_list[0].reason,
+ dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
+ self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
+ self.assertNotEquals(len(rep.u.auth_info), 0)
+ a = self.parse_auth(rep.u.auth_info)
+
+ from_server = a.credentials
+ (finished, to_server) = g.update(from_server)
+ self.assertFalse(finished)
+
+ auth_info = self.generate_auth(auth_type=auth_type,
+ auth_level=auth_level,
+ auth_context_id=auth_context_id,
+ auth_blob=to_server)
+ req = self.generate_alter(call_id=0,
+ ctx_list=ctx_list,
+ assoc_group_id=rep.u.assoc_group_id,
+ auth_info=auth_info)
+ req_pdu = samba.ndr.ndr_pack(req)
+
+ auth_pad_ok = len(req_pdu)
+ auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
+ auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
+ auth_pad_ok -= len(to_server)
+ auth_info = self.generate_auth(auth_type=auth_type,
+ auth_level=auth_level,
+ auth_context_id=auth_context_id,
+ auth_pad_length=auth_pad_ok,
+ auth_blob=to_server)
+ req = self.generate_alter(call_id=0,
+ ctx_list=ctx_list,
+ assoc_group_id=rep.u.assoc_group_id,
+ auth_info=auth_info)
+ self.send_pdu(req)
+ rep = self.recv_pdu()
+ self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
+ self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
+ self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
+ self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertEquals(rep.u.secondary_address_size, 0)
+ self.assertEquals(len(rep.u._pad1), 2)
+ # Windows sends garbage
+ #self.assertEquals(rep.u._pad1, '\0' * 2)
+ self.assertEquals(rep.u.num_results, 1)
+ self.assertEquals(rep.u.ctx_list[0].result,
+ dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
+ self.assertEquals(rep.u.ctx_list[0].reason,
+ dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
+ self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
+ self.assertNotEquals(len(rep.u.auth_info), 0)
+ a = self.parse_auth(rep.u.auth_info)
+
+ from_server = a.credentials
+ (finished, to_server) = g.update(from_server)
+ self.assertTrue(finished)
+
+ # And now try a request without auth_info
+ req = self.generate_request(call_id = 2,
+ context_id=ctx1.context_id,
+ opnum=0,
+ stub="")
+ self.send_pdu(req)
+ rep = self.recv_pdu()
+ self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
+ auth_length=0)
+ self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertEquals(rep.u.context_id, req.u.context_id)
+ self.assertEquals(rep.u.cancel_count, 0)
+ self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
+
+ # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
+ auth_info = self.generate_auth(auth_type=auth_type,
+ auth_level=auth_level,
+ auth_context_id=auth_context_id,
+ auth_blob="\x01"+"\x00"*15)
+ req = self.generate_request(call_id = 3,
+ context_id=ctx1.context_id,
+ opnum=0,
+ stub="",
+ auth_info=auth_info)
+ self.send_pdu(req)
+ rep = self.recv_pdu()
+ # We don't get an auth_info back
+ self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
+ auth_length=0)
+ self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertEquals(rep.u.context_id, req.u.context_id)
+ self.assertEquals(rep.u.cancel_count, 0)
+ self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
+
+ self._disconnect("disconnect")
+ self.assertNotConnected()
+
+ def test_spnego_auth_pad_fail_bind(self):
+ ndr32 = base.transfer_syntax_ndr()
+
+ tsf1_list = [ndr32]
+ ctx1 = dcerpc.ctx_list()
+ ctx1.context_id = 1
+ ctx1.num_transfer_syntaxes = len(tsf1_list)
+ ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
+ ctx1.transfer_syntaxes = tsf1_list
+ ctx_list = [ctx1]
+
+ c = Credentials()
+ c.set_anonymous()
+ g = gensec.Security.start_client(self.settings)
+ g.set_credentials(c)
+ g.want_feature(gensec.FEATURE_DCE_STYLE)
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
+ auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
+ auth_context_id = 2
+ g.start_mech_by_authtype(auth_type, auth_level)
+ from_server = ""
+ (finished, to_server) = g.update(from_server)
+ self.assertFalse(finished)
+
+ auth_info = self.generate_auth(auth_type=auth_type,
+ auth_level=auth_level,
+ auth_context_id=auth_context_id,
+ auth_blob=to_server)
+
+ req = self.generate_bind(call_id=0,
+ ctx_list=ctx_list,
+ auth_info=auth_info)
+ req_pdu = samba.ndr.ndr_pack(req)
+
+ auth_pad_ok = len(req_pdu)
+ auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
+ auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
+ auth_pad_ok -= len(to_server)
+ auth_pad_bad = auth_pad_ok + 1
+ auth_info = self.generate_auth(auth_type=auth_type,
+ auth_level=auth_level,
+ auth_context_id=auth_context_id,
+ auth_pad_length=auth_pad_bad,
+ auth_blob=to_server)
+
+ req = self.generate_bind(call_id=0,
+ ctx_list=ctx_list,
+ auth_info=auth_info)
+ self.send_pdu(req)
+ rep = self.recv_pdu()
+ self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
+ auth_length=0)
+ self.assertEquals(rep.u.reject_reason,
+ dcerpc.DCERPC_BIND_NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED)
+ self.assertEquals(rep.u.num_versions, 1)
+ self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
+ self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
+ self.assertEquals(len(rep.u._pad), 3)
+ self.assertEquals(rep.u._pad, '\0' * 3)
+
+ # wait for a disconnect
+ rep = self.recv_pdu()
+ self.assertIsNone(rep)
+ self.assertNotConnected()
+
+ def test_spnego_auth_pad_fail_alter(self):
+ ndr32 = base.transfer_syntax_ndr()
+
+ tsf1_list = [ndr32]
+ ctx1 = dcerpc.ctx_list()
+ ctx1.context_id = 1
+ ctx1.num_transfer_syntaxes = len(tsf1_list)
+ ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
+ ctx1.transfer_syntaxes = tsf1_list
+ ctx_list = [ctx1]
+
+ c = Credentials()
+ c.set_anonymous()
+ g = gensec.Security.start_client(self.settings)
+ g.set_credentials(c)
+ g.want_feature(gensec.FEATURE_DCE_STYLE)
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
+ auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
+ auth_context_id = 2
+ g.start_mech_by_authtype(auth_type, auth_level)
+ from_server = ""
+ (finished, to_server) = g.update(from_server)
+ self.assertFalse(finished)
+
+ auth_info = self.generate_auth(auth_type=auth_type,
+ auth_level=auth_level,
+ auth_context_id=auth_context_id,
+ auth_blob=to_server)
+
+ req = self.generate_bind(call_id=0,
+ ctx_list=ctx_list,
+ auth_info=auth_info)
+ req_pdu = samba.ndr.ndr_pack(req)
+
+ auth_pad_ok = len(req_pdu)
+ auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
+ auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
+ auth_pad_ok -= len(to_server)
+
+ auth_info = self.generate_auth(auth_type=auth_type,
+ auth_level=auth_level,
+ auth_context_id=auth_context_id,
+ auth_pad_length=auth_pad_ok,
+ auth_blob=to_server)
+
+ req = self.generate_bind(call_id=0,
+ ctx_list=ctx_list,
+ auth_info=auth_info)
+ self.send_pdu(req)
+ rep = self.recv_pdu()
+ self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
+ self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
+ self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
+ self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
+ self.assertEquals(rep.u.secondary_address_size, 4)
+ self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
+ self.assertEquals(len(rep.u._pad1), 2)
+ #self.assertEquals(rep.u._pad1, '\0' * 2)
+ self.assertEquals(rep.u.num_results, 1)
+ self.assertEquals(rep.u.ctx_list[0].result,
+ dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
+ self.assertEquals(rep.u.ctx_list[0].reason,
+ dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
+ self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
+ self.assertNotEquals(len(rep.u.auth_info), 0)
+ a = self.parse_auth(rep.u.auth_info)
+
+ from_server = a.credentials
+ (finished, to_server) = g.update(from_server)
+ self.assertFalse(finished)
+
+ auth_info = self.generate_auth(auth_type=auth_type,
+ auth_level=auth_level,
+ auth_context_id=auth_context_id,
+ auth_blob=to_server)
+ req = self.generate_alter(call_id=0,
+ ctx_list=ctx_list,
+ assoc_group_id=rep.u.assoc_group_id,
+ auth_info=auth_info)
+ req_pdu = samba.ndr.ndr_pack(req)
+
+ auth_pad_ok = len(req_pdu)
+ auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
+ auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
+ auth_pad_ok -= len(to_server)
+ auth_pad_bad = auth_pad_ok + 1
+ auth_info = self.generate_auth(auth_type=auth_type,
+ auth_level=auth_level,
+ auth_context_id=auth_context_id,
+ auth_pad_length=auth_pad_bad,
+ auth_blob=to_server)
+ req = self.generate_alter(call_id=0,
+ ctx_list=ctx_list,
+ assoc_group_id=rep.u.assoc_group_id,
+ auth_info=auth_info)
+ self.send_pdu(req)
+ rep = self.recv_pdu()
+ self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
+ pfc_flags=req.pfc_flags |
+ dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
+ auth_length=0)
+ self.assertNotEquals(rep.u.alloc_hint, 0)
+ self.assertEquals(rep.u.context_id, 0)
+ self.assertEquals(rep.u.cancel_count, 0)
+ self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
+ self.assertEquals(len(rep.u._pad), 4)
+ self.assertEquals(rep.u._pad, '\0' * 4)
+
+ # wait for a disconnect
+ rep = self.recv_pdu()
+ self.assertIsNone(rep)
+ self.assertNotConnected()
+
+ def test_ntlmssp_auth_pad_ok(self):
+ ndr32 = base.transfer_syntax_ndr()
+
+ tsf1_list = [ndr32]
+ ctx1 = dcerpc.ctx_list()
+ ctx1.context_id = 1
+ ctx1.num_transfer_syntaxes = len(tsf1_list)
+ ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
+ ctx1.transfer_syntaxes = tsf1_list
+ ctx_list = [ctx1]
+
+ c = Credentials()
+ c.set_anonymous()
+ g = gensec.Security.start_client(self.settings)
+ g.set_credentials(c)
+ g.want_feature(gensec.FEATURE_DCE_STYLE)
+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
--
Samba Shared Repository
More information about the samba-cvs
mailing list