NDR64 dcerpc_bind_ack unmarshalling failures
Stefan (metze) Metzmacher
metze at samba.org
Tue Apr 3 10:21:57 MDT 2012
Hi David,
> NDR64 DCERPC binds currently fail against Windows Server "8" Beta due
> to errors when unmarshalling bind_ack PDUs.
>
> dcerpc bind ack is currently defined as follows:
> typedef struct {
> uint16 max_xmit_frag;
> uint16 max_recv_frag;
> uint32 assoc_group_id;
> [value(strlen(secondary_address)+1)] uint16 secondary_address_size;
> [charset(DOS)] uint8 secondary_address[secondary_address_size];
> [flag(NDR_ALIGN4)] DATA_BLOB _pad1;
> uint8 num_results;
> dcerpc_ack_ctx ctx_list[num_results];
> [flag(NDR_REMAINING)] DATA_BLOB auth_info;
> } dcerpc_bind_ack;
>
> This is compiled by pidl into:
> static enum ndr_err_code ndr_pull_dcerpc_bind_ack(struct ndr_pull *ndr, int ndr_flags, struct dcerpc_bind_ack *r)
> {
> ...
> if (ndr_flags & NDR_SCALARS) {
> ...
> {
> uint32_t _flags_save_DATA_BLOB = ndr->flags;
> ndr_set_flags(&ndr->flags, LIBNDR_FLAG_REMAINING);
> NDR_CHECK(ndr_pull_DATA_BLOB(ndr, NDR_SCALARS, &r->auth_info));
> ndr->flags = _flags_save_DATA_BLOB;
> }
> NDR_CHECK(ndr_pull_trailer_align(ndr, 4));
>
> With the NDR_REMAINING flag set, ndr_pull_DATA_BLOB pulls all trailing
> packet bytes into r->auth_info, leaving ndr->offset == ndr->data_size.
> My Windows Server "8" Beta bind_ack response is 323 bytes which causes
> the subsequent ndr_pull_trailer_align() call to fail with
> NDR_ERR_BUFSIZE.
>
> Removing ndr_pull_trailer_align() from ParseStructPullPrimitives()
> results in successful NDR64 bind_ack unmarshalling and allows the
> bind to complete, however appears to be contrary to MS-RPCE
> 2.2.5.3.4.1 requirements.
>
> Any IDL experts able to point me in the right direction here?
What has that to do with NDR64? As far as I know NDR64 is only used for
the payload
not for the DCERPC pdus.
Can you post a capture?
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20120403/454877d9/attachment.pgp>
More information about the samba-technical
mailing list