From 5efc2a0ea9781da0f6230b952cc71bb6c64e1767 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 12 Nov 2020 17:22:19 +0100 Subject: [PATCH] tests/dcerpc/raw_protocol: add more tests for auth_pad alignment BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356 Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider (cherry picked from commit 0bc562eb26cad3a5cb8da2da54db86932791f3de) --- python/samba/tests/dcerpc/raw_protocol.py | 19 +++++++++++++++++-- selftest/knownfail.d/dcerpc-auth-pad | 1 + 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/python/samba/tests/dcerpc/raw_protocol.py b/python/samba/tests/dcerpc/raw_protocol.py index 95b3533cfad..0cc26cf4d56 100755 --- a/python/samba/tests/dcerpc/raw_protocol.py +++ b/python/samba/tests/dcerpc/raw_protocol.py @@ -6720,6 +6720,7 @@ class TestDCERPC_BIND(RawDCERPCTest): def _test_spnego_level_bind(self, auth_level, g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY, + auth_pad_alignment=dcerpc.DCERPC_AUTH_PAD_ALIGNMENT, alter_fault=None, request_fault=None, response_fault_flags=0): @@ -6749,10 +6750,10 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertIsNotNone(g) stub_bin = b'\x00' * 17 - mod_len = len(stub_bin) % dcerpc.DCERPC_AUTH_PAD_ALIGNMENT + mod_len = len(stub_bin) % auth_pad_alignment auth_pad_length = 0 if mod_len > 0: - auth_pad_length = dcerpc.DCERPC_AUTH_PAD_ALIGNMENT - mod_len + auth_pad_length = auth_pad_alignment - mod_len stub_bin += b'\x00' * auth_pad_length if g_auth_level >= dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY: @@ -6882,6 +6883,20 @@ class TestDCERPC_BIND(RawDCERPCTest): request_fault=dcerpc.DCERPC_NCA_S_OP_RNG_ERROR, response_fault_flags=dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE) + def test_spnego_integrity_bind_auth_align4(self): + return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY, + g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY, + auth_pad_alignment=4, + request_fault=dcerpc.DCERPC_NCA_S_OP_RNG_ERROR, + response_fault_flags=dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE) + + def test_spnego_integrity_bind_auth_align2(self): + return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY, + g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY, + auth_pad_alignment=2, + request_fault=dcerpc.DCERPC_NCA_S_PROTO_ERROR, + response_fault_flags=0) + def test_spnego_privacy_bind_none(self): # This fails... return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY, diff --git a/selftest/knownfail.d/dcerpc-auth-pad b/selftest/knownfail.d/dcerpc-auth-pad index f1daffa3771..add136710e0 100644 --- a/selftest/knownfail.d/dcerpc-auth-pad +++ b/selftest/knownfail.d/dcerpc-auth-pad @@ -17,3 +17,4 @@ ^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_tail_pad_ntlm_auth3 ^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_tail_pad_spnego_alter ^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_tail_pad_spnego_auth3 +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_spnego_integrity_bind_auth_align2