From 31c2f35bba003daee39756e83def0f3d45c19c6b Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 23 Sep 2024 16:09:39 +0200
Subject: [PATCH] dcesrv_core: disconnect after a fault with non
 AUTH_LEVEL_CONNECT bind

Without an auth context using DCERPC_AUTH_LEVEL_PACKET or higher
the fault to reject requests with an invalid auth level
should trigger a disconnect after sending the fault to
the client.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
---
 librpc/rpc/dcesrv_core.c                      |  22 ++++
 librpc/rpc/dcesrv_core.h                      |   1 +
 selftest/expectedfail.d/samba4.rpc.backupkey  |  28 +++++
 selftest/knownfail.d/samba4.rpc.backupkey     | 108 ------------------
 .../knownfail.d/test_lsa_multi_auth_connect   |   1 -
 5 files changed, 51 insertions(+), 109 deletions(-)
 create mode 100644 selftest/expectedfail.d/samba4.rpc.backupkey
 delete mode 100644 selftest/knownfail.d/samba4.rpc.backupkey
 delete mode 100644 selftest/knownfail.d/test_lsa_multi_auth_connect

diff --git a/librpc/rpc/dcesrv_core.c b/librpc/rpc/dcesrv_core.c
index c0a4150e3b3..16063299d83 100644
--- a/librpc/rpc/dcesrv_core.c
+++ b/librpc/rpc/dcesrv_core.c
@@ -2006,6 +2006,16 @@ static NTSTATUS dcesrv_request(struct dcesrv_call_state *call)
 				  auth->auth_level,
 				  derpc_transport_string_by_transport(transport),
 				  addr));
+			if (!call->conn->got_explicit_auth_level_non_connect) {
+				/*
+				 * If there was is no auth context with
+				 * a level higher than DCERPC_AUTH_LEVEL_CONNECT,
+				 * the connection should be disconnected
+				 * after sending the fault.
+				 */
+				return dcesrv_fault_disconnect0(call,
+						DCERPC_FAULT_ACCESS_DENIED);
+			}
 			return dcesrv_fault(call, DCERPC_FAULT_ACCESS_DENIED);
 		}
 		break;
@@ -2026,6 +2036,16 @@ static NTSTATUS dcesrv_request(struct dcesrv_call_state *call)
 			  auth->auth_level,
 			  derpc_transport_string_by_transport(transport),
 			  addr));
+		if (!call->conn->got_explicit_auth_level_non_connect) {
+			/*
+			 * If there was is no auth context with
+			 * a level higher than DCERPC_AUTH_LEVEL_CONNECT,
+			 * the connection should be disconnected
+			 * after sending the fault.
+			 */
+			return dcesrv_fault_disconnect0(call,
+					DCERPC_FAULT_ACCESS_DENIED);
+		}
 		return dcesrv_fault(call, DCERPC_FAULT_ACCESS_DENIED);
 	}
 
@@ -2197,6 +2217,8 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn,
 			dce_conn->default_auth_level_connect = NULL;
 			if (auth_level == DCERPC_AUTH_LEVEL_CONNECT) {
 				dce_conn->got_explicit_auth_level_connect = true;
+			} else if (auth_level >= DCERPC_AUTH_LEVEL_PACKET) {
+				dce_conn->got_explicit_auth_level_non_connect = true;
 			}
 		}
 
diff --git a/librpc/rpc/dcesrv_core.h b/librpc/rpc/dcesrv_core.h
index 3758c8d7de2..1a002d889c5 100644
--- a/librpc/rpc/dcesrv_core.h
+++ b/librpc/rpc/dcesrv_core.h
@@ -305,6 +305,7 @@ struct dcesrv_connection {
 	struct dcesrv_auth *default_auth_state;
 	size_t max_auth_states;
 	struct dcesrv_auth *auth_states;
+	bool got_explicit_auth_level_non_connect;
 	bool got_explicit_auth_level_connect;
 	struct dcesrv_auth *default_auth_level_connect;
 	bool client_hdr_signing;
diff --git a/selftest/expectedfail.d/samba4.rpc.backupkey b/selftest/expectedfail.d/samba4.rpc.backupkey
new file mode 100644
index 00000000000..86170ee223c
--- /dev/null
+++ b/selftest/expectedfail.d/samba4.rpc.backupkey
@@ -0,0 +1,28 @@
+# We require seal and the test also runs differently against Windows 2022 with sign
+^samba4.rpc.backupkey.with.sign.backupkey.restore_guid\(ad_dc_default\)
+^samba4.rpc.backupkey.with.sign.backupkey.restore_guid.version.3\(ad_dc_default\)
+^samba4.rpc.backupkey.with.sign.backupkey.restore_guid_2nd\(ad_dc_default\)
+^samba4.rpc.backupkey.with.sign.backupkey.unable_to_decrypt_secret\(ad_dc_default\)
+^samba4.rpc.backupkey.with.sign.backupkey.wrong_user_restore_guid\(ad_dc_default\)
+^samba4.rpc.backupkey.with.sign.backupkey.wrong_version_restore_guid\(ad_dc_default\)
+^samba4.rpc.backupkey.with.sign.backupkey.bad_magic_on_secret_restore_guid\(ad_dc_default\)
+^samba4.rpc.backupkey.with.sign.backupkey.bad_hash_on_secret_restore_guid\(ad_dc_default\)
+^samba4.rpc.backupkey.with.sign.backupkey.bad_magic_on_accesscheck_restore_guid\(ad_dc_default\)
+^samba4.rpc.backupkey.with.sign.backupkey.bad_cert_guid_restore_guid\(ad_dc_default\)
+^samba4.rpc.backupkey.with.sign.backupkey.empty_request_restore_guid\(ad_dc_default\)
+^samba4.rpc.backupkey.with.sign.backupkey.retreive_backup_key_guid_validate\(ad_dc_default\)
+^samba4.rpc.backupkey.with.sign.backupkey.server_wrap_encrypt_decrypt\(ad_dc_default\)
+^samba4.rpc.backupkey.with.sign.backupkey.server_wrap_decrypt_wrong_keyGUID\(ad_dc_default\)
+^samba4.rpc.backupkey.with.sign.backupkey.server_wrap_empty_request\(ad_dc_default\)
+^samba4.rpc.backupkey.with.sign.backupkey.server_wrap_decrypt_short_request\(ad_dc_default\)
+^samba4.rpc.backupkey.with.sign.backupkey.server_wrap_decrypt_wrong_magic\(ad_dc_default\)
+^samba4.rpc.backupkey.with.sign.backupkey.server_wrap_decrypt_wrong_r2\(ad_dc_default\)
+^samba4.rpc.backupkey.with.sign.backupkey.server_wrap_decrypt_wrong_payload_length\(ad_dc_default\)
+^samba4.rpc.backupkey.with.sign.backupkey.server_wrap_decrypt_short_payload_length\(ad_dc_default\)
+^samba4.rpc.backupkey.with.sign.backupkey.server_wrap_decrypt_zero_payload_length\(ad_dc_default\)
+^samba4.rpc.backupkey.with.sign.backupkey.server_wrap_decrypt_wrong_ciphertext_length\(ad_dc_default\)
+^samba4.rpc.backupkey.with.sign.backupkey.server_wrap_decrypt_short_ciphertext_length\(ad_dc_default\)
+^samba4.rpc.backupkey.with.sign.backupkey.server_wrap_decrypt_zero_ciphertext_length\(ad_dc_default\)
+^samba4.rpc.backupkey.with.sign.backupkey.server_wrap_encrypt_decrypt_remote_key\(ad_dc_default\)
+^samba4.rpc.backupkey.with.sign.backupkey.server_wrap_encrypt_decrypt_wrong_key\(ad_dc_default\)
+^samba4.rpc.backupkey.with.sign.backupkey.server_wrap_encrypt_decrypt_wrong_sid\(ad_dc_default\)
diff --git a/selftest/knownfail.d/samba4.rpc.backupkey b/selftest/knownfail.d/samba4.rpc.backupkey
deleted file mode 100644
index f48d3589e3f..00000000000
--- a/selftest/knownfail.d/samba4.rpc.backupkey
+++ /dev/null
@@ -1,108 +0,0 @@
-^samba4.rpc.backupkey.with..backupkey.restore_guid\(ad_dc_default\)
-^samba4.rpc.backupkey.with..backupkey.restore_guid.version.3\(ad_dc_default\)
-^samba4.rpc.backupkey.with..backupkey.restore_guid_2nd\(ad_dc_default\)
-^samba4.rpc.backupkey.with..backupkey.unable_to_decrypt_secret\(ad_dc_default\)
-^samba4.rpc.backupkey.with..backupkey.wrong_user_restore_guid\(ad_dc_default\)
-^samba4.rpc.backupkey.with..backupkey.wrong_version_restore_guid\(ad_dc_default\)
-^samba4.rpc.backupkey.with..backupkey.bad_magic_on_secret_restore_guid\(ad_dc_default\)
-^samba4.rpc.backupkey.with..backupkey.bad_hash_on_secret_restore_guid\(ad_dc_default\)
-^samba4.rpc.backupkey.with..backupkey.bad_magic_on_accesscheck_restore_guid\(ad_dc_default\)
-^samba4.rpc.backupkey.with..backupkey.bad_cert_guid_restore_guid\(ad_dc_default\)
-^samba4.rpc.backupkey.with..backupkey.empty_request_restore_guid\(ad_dc_default\)
-^samba4.rpc.backupkey.with..backupkey.retreive_backup_key_guid_validate\(ad_dc_default\)
-^samba4.rpc.backupkey.with..backupkey.server_wrap_encrypt_decrypt\(ad_dc_default\)
-^samba4.rpc.backupkey.with..backupkey.server_wrap_decrypt_wrong_keyGUID\(ad_dc_default\)
-^samba4.rpc.backupkey.with..backupkey.server_wrap_empty_request\(ad_dc_default\)
-^samba4.rpc.backupkey.with..backupkey.server_wrap_decrypt_short_request\(ad_dc_default\)
-^samba4.rpc.backupkey.with..backupkey.server_wrap_decrypt_wrong_magic\(ad_dc_default\)
-^samba4.rpc.backupkey.with..backupkey.server_wrap_decrypt_wrong_r2\(ad_dc_default\)
-^samba4.rpc.backupkey.with..backupkey.server_wrap_decrypt_wrong_payload_length\(ad_dc_default\)
-^samba4.rpc.backupkey.with..backupkey.server_wrap_decrypt_short_payload_length\(ad_dc_default\)
-^samba4.rpc.backupkey.with..backupkey.server_wrap_decrypt_zero_payload_length\(ad_dc_default\)
-^samba4.rpc.backupkey.with..backupkey.server_wrap_decrypt_wrong_ciphertext_length\(ad_dc_default\)
-^samba4.rpc.backupkey.with..backupkey.server_wrap_decrypt_short_ciphertext_length\(ad_dc_default\)
-^samba4.rpc.backupkey.with..backupkey.server_wrap_decrypt_zero_ciphertext_length\(ad_dc_default\)
-^samba4.rpc.backupkey.with..backupkey.server_wrap_encrypt_decrypt_remote_key\(ad_dc_default\)
-^samba4.rpc.backupkey.with..backupkey.server_wrap_encrypt_decrypt_wrong_key\(ad_dc_default\)
-^samba4.rpc.backupkey.with..backupkey.server_wrap_encrypt_decrypt_wrong_sid\(ad_dc_default\)
-^samba4.rpc.backupkey.with.validate.backupkey.restore_guid\(ad_dc_default\)
-^samba4.rpc.backupkey.with.validate.backupkey.restore_guid.version.3\(ad_dc_default\)
-^samba4.rpc.backupkey.with.validate.backupkey.restore_guid_2nd\(ad_dc_default\)
-^samba4.rpc.backupkey.with.validate.backupkey.unable_to_decrypt_secret\(ad_dc_default\)
-^samba4.rpc.backupkey.with.validate.backupkey.wrong_user_restore_guid\(ad_dc_default\)
-^samba4.rpc.backupkey.with.validate.backupkey.wrong_version_restore_guid\(ad_dc_default\)
-^samba4.rpc.backupkey.with.validate.backupkey.bad_magic_on_secret_restore_guid\(ad_dc_default\)
-^samba4.rpc.backupkey.with.validate.backupkey.bad_hash_on_secret_restore_guid\(ad_dc_default\)
-^samba4.rpc.backupkey.with.validate.backupkey.bad_magic_on_accesscheck_restore_guid\(ad_dc_default\)
-^samba4.rpc.backupkey.with.validate.backupkey.bad_cert_guid_restore_guid\(ad_dc_default\)
-^samba4.rpc.backupkey.with.validate.backupkey.empty_request_restore_guid\(ad_dc_default\)
-^samba4.rpc.backupkey.with.validate.backupkey.retreive_backup_key_guid_validate\(ad_dc_default\)
-^samba4.rpc.backupkey.with.validate.backupkey.server_wrap_encrypt_decrypt\(ad_dc_default\)
-^samba4.rpc.backupkey.with.validate.backupkey.server_wrap_decrypt_wrong_keyGUID\(ad_dc_default\)
-^samba4.rpc.backupkey.with.validate.backupkey.server_wrap_empty_request\(ad_dc_default\)
-^samba4.rpc.backupkey.with.validate.backupkey.server_wrap_decrypt_short_request\(ad_dc_default\)
-^samba4.rpc.backupkey.with.validate.backupkey.server_wrap_decrypt_wrong_magic\(ad_dc_default\)
-^samba4.rpc.backupkey.with.validate.backupkey.server_wrap_decrypt_wrong_r2\(ad_dc_default\)
-^samba4.rpc.backupkey.with.validate.backupkey.server_wrap_decrypt_wrong_payload_length\(ad_dc_default\)
-^samba4.rpc.backupkey.with.validate.backupkey.server_wrap_decrypt_short_payload_length\(ad_dc_default\)
-^samba4.rpc.backupkey.with.validate.backupkey.server_wrap_decrypt_zero_payload_length\(ad_dc_default\)
-^samba4.rpc.backupkey.with.validate.backupkey.server_wrap_decrypt_wrong_ciphertext_length\(ad_dc_default\)
-^samba4.rpc.backupkey.with.validate.backupkey.server_wrap_decrypt_short_ciphertext_length\(ad_dc_default\)
-^samba4.rpc.backupkey.with.validate.backupkey.server_wrap_decrypt_zero_ciphertext_length\(ad_dc_default\)
-^samba4.rpc.backupkey.with.validate.backupkey.server_wrap_encrypt_decrypt_remote_key\(ad_dc_default\)
-^samba4.rpc.backupkey.with.validate.backupkey.server_wrap_encrypt_decrypt_wrong_key\(ad_dc_default\)
-^samba4.rpc.backupkey.with.validate.backupkey.server_wrap_encrypt_decrypt_wrong_sid\(ad_dc_default\)
-^samba4.rpc.backupkey.with.bigendian.backupkey.restore_guid\(ad_dc_default\)
-^samba4.rpc.backupkey.with.bigendian.backupkey.restore_guid.version.3\(ad_dc_default\)
-^samba4.rpc.backupkey.with.bigendian.backupkey.restore_guid_2nd\(ad_dc_default\)
-^samba4.rpc.backupkey.with.bigendian.backupkey.unable_to_decrypt_secret\(ad_dc_default\)
-^samba4.rpc.backupkey.with.bigendian.backupkey.wrong_user_restore_guid\(ad_dc_default\)
-^samba4.rpc.backupkey.with.bigendian.backupkey.wrong_version_restore_guid\(ad_dc_default\)
-^samba4.rpc.backupkey.with.bigendian.backupkey.bad_magic_on_secret_restore_guid\(ad_dc_default\)
-^samba4.rpc.backupkey.with.bigendian.backupkey.bad_hash_on_secret_restore_guid\(ad_dc_default\)
-^samba4.rpc.backupkey.with.bigendian.backupkey.bad_magic_on_accesscheck_restore_guid\(ad_dc_default\)
-^samba4.rpc.backupkey.with.bigendian.backupkey.bad_cert_guid_restore_guid\(ad_dc_default\)
-^samba4.rpc.backupkey.with.bigendian.backupkey.empty_request_restore_guid\(ad_dc_default\)
-^samba4.rpc.backupkey.with.bigendian.backupkey.retreive_backup_key_guid_validate\(ad_dc_default\)
-^samba4.rpc.backupkey.with.bigendian.backupkey.server_wrap_encrypt_decrypt\(ad_dc_default\)
-^samba4.rpc.backupkey.with.bigendian.backupkey.server_wrap_decrypt_wrong_keyGUID\(ad_dc_default\)
-^samba4.rpc.backupkey.with.bigendian.backupkey.server_wrap_empty_request\(ad_dc_default\)
-^samba4.rpc.backupkey.with.bigendian.backupkey.server_wrap_decrypt_short_request\(ad_dc_default\)
-^samba4.rpc.backupkey.with.bigendian.backupkey.server_wrap_decrypt_wrong_magic\(ad_dc_default\)
-^samba4.rpc.backupkey.with.bigendian.backupkey.server_wrap_decrypt_wrong_r2\(ad_dc_default\)
-^samba4.rpc.backupkey.with.bigendian.backupkey.server_wrap_decrypt_wrong_payload_length\(ad_dc_default\)
-^samba4.rpc.backupkey.with.bigendian.backupkey.server_wrap_decrypt_short_payload_length\(ad_dc_default\)
-^samba4.rpc.backupkey.with.bigendian.backupkey.server_wrap_decrypt_zero_payload_length\(ad_dc_default\)
-^samba4.rpc.backupkey.with.bigendian.backupkey.server_wrap_decrypt_wrong_ciphertext_length\(ad_dc_default\)
-^samba4.rpc.backupkey.with.bigendian.backupkey.server_wrap_decrypt_short_ciphertext_length\(ad_dc_default\)
-^samba4.rpc.backupkey.with.bigendian.backupkey.server_wrap_decrypt_zero_ciphertext_length\(ad_dc_default\)
-^samba4.rpc.backupkey.with.bigendian.backupkey.server_wrap_encrypt_decrypt_remote_key\(ad_dc_default\)
-^samba4.rpc.backupkey.with.bigendian.backupkey.server_wrap_encrypt_decrypt_wrong_key\(ad_dc_default\)
-^samba4.rpc.backupkey.with.bigendian.backupkey.server_wrap_encrypt_decrypt_wrong_sid\(ad_dc_default\)
-^samba4.rpc.backupkey.with.sign.backupkey.restore_guid\(ad_dc_default\)
-^samba4.rpc.backupkey.with.sign.backupkey.restore_guid.version.3\(ad_dc_default\)
-^samba4.rpc.backupkey.with.sign.backupkey.restore_guid_2nd\(ad_dc_default\)
-^samba4.rpc.backupkey.with.sign.backupkey.unable_to_decrypt_secret\(ad_dc_default\)
-^samba4.rpc.backupkey.with.sign.backupkey.wrong_user_restore_guid\(ad_dc_default\)
-^samba4.rpc.backupkey.with.sign.backupkey.wrong_version_restore_guid\(ad_dc_default\)
-^samba4.rpc.backupkey.with.sign.backupkey.bad_magic_on_secret_restore_guid\(ad_dc_default\)
-^samba4.rpc.backupkey.with.sign.backupkey.bad_hash_on_secret_restore_guid\(ad_dc_default\)
-^samba4.rpc.backupkey.with.sign.backupkey.bad_magic_on_accesscheck_restore_guid\(ad_dc_default\)
-^samba4.rpc.backupkey.with.sign.backupkey.bad_cert_guid_restore_guid\(ad_dc_default\)
-^samba4.rpc.backupkey.with.sign.backupkey.empty_request_restore_guid\(ad_dc_default\)
-^samba4.rpc.backupkey.with.sign.backupkey.retreive_backup_key_guid_validate\(ad_dc_default\)
-^samba4.rpc.backupkey.with.sign.backupkey.server_wrap_encrypt_decrypt\(ad_dc_default\)
-^samba4.rpc.backupkey.with.sign.backupkey.server_wrap_decrypt_wrong_keyGUID\(ad_dc_default\)
-^samba4.rpc.backupkey.with.sign.backupkey.server_wrap_empty_request\(ad_dc_default\)
-^samba4.rpc.backupkey.with.sign.backupkey.server_wrap_decrypt_short_request\(ad_dc_default\)
-^samba4.rpc.backupkey.with.sign.backupkey.server_wrap_decrypt_wrong_magic\(ad_dc_default\)
-^samba4.rpc.backupkey.with.sign.backupkey.server_wrap_decrypt_wrong_r2\(ad_dc_default\)
-^samba4.rpc.backupkey.with.sign.backupkey.server_wrap_decrypt_wrong_payload_length\(ad_dc_default\)
-^samba4.rpc.backupkey.with.sign.backupkey.server_wrap_decrypt_short_payload_length\(ad_dc_default\)
-^samba4.rpc.backupkey.with.sign.backupkey.server_wrap_decrypt_zero_payload_length\(ad_dc_default\)
-^samba4.rpc.backupkey.with.sign.backupkey.server_wrap_decrypt_wrong_ciphertext_length\(ad_dc_default\)
-^samba4.rpc.backupkey.with.sign.backupkey.server_wrap_decrypt_short_ciphertext_length\(ad_dc_default\)
-^samba4.rpc.backupkey.with.sign.backupkey.server_wrap_decrypt_zero_ciphertext_length\(ad_dc_default\)
-^samba4.rpc.backupkey.with.sign.backupkey.server_wrap_encrypt_decrypt_remote_key\(ad_dc_default\)
-^samba4.rpc.backupkey.with.sign.backupkey.server_wrap_encrypt_decrypt_wrong_key\(ad_dc_default\)
-^samba4.rpc.backupkey.with.sign.backupkey.server_wrap_encrypt_decrypt_wrong_sid\(ad_dc_default\)
diff --git a/selftest/knownfail.d/test_lsa_multi_auth_connect b/selftest/knownfail.d/test_lsa_multi_auth_connect
deleted file mode 100644
index 0cd69dcfb90..00000000000
--- a/selftest/knownfail.d/test_lsa_multi_auth_connect
+++ /dev/null
@@ -1 +0,0 @@
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_lsa_multi_auth_connect...chgdcpass