1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

dcerpc_util: let dcerpc_pull_auth_trailer() expose the reject reason

If dcerpc_pull_auth_trailer() returns NT_STATUS_RPC_PROTOCOL_ERROR
it will return the BIND reject code in auth->auth_context_id.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This commit is contained in:
Stefan Metzmacher 2020-11-11 17:59:45 +01:00 committed by Andreas Schneider
parent 890fff1ca0
commit 7a6a1aae6f
3 changed files with 11 additions and 5 deletions

View File

@ -279,7 +279,7 @@ NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet *pkt,
auth_length = DCERPC_AUTH_TRAILER_LENGTH + pkt->auth_length;
if (pkt_trailer->length < auth_length) {
return NT_STATUS_RPC_PROTOCOL_ERROR;
return NT_STATUS_INTERNAL_ERROR;
}
data_and_pad = pkt_trailer->length - auth_length;
@ -287,6 +287,7 @@ NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet *pkt,
if ((auth_offset % 4) != 0) {
DBG_WARNING("auth_offset[%u] not 4 byte aligned\n",
(unsigned)auth_offset);
auth->auth_context_id = DCERPC_BIND_NAK_REASON_NOT_SPECIFIED;
return NT_STATUS_RPC_PROTOCOL_ERROR;
}
@ -350,6 +351,7 @@ NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet *pkt,
auth->auth_pad_length));
talloc_free(ndr);
ZERO_STRUCTP(auth);
auth->auth_context_id = DCERPC_BIND_NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED;
return NT_STATUS_RPC_PROTOCOL_ERROR;
}
@ -379,6 +381,7 @@ NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet *pkt,
auth->auth_pad_length);
talloc_free(ndr);
ZERO_STRUCTP(auth);
auth->auth_context_id = DCERPC_BIND_NAK_REASON_NOT_SPECIFIED;
return NT_STATUS_RPC_PROTOCOL_ERROR;
}

View File

@ -320,8 +320,13 @@ bool dcesrv_auth_bind(struct dcesrv_call_state *call)
*/
auth->auth_type = DCERPC_AUTH_TYPE_NONE;
auth->auth_level = DCERPC_AUTH_LEVEL_NONE;
auth->auth_context_id =
DCERPC_BIND_NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED;
if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROTOCOL_ERROR)) {
auth->auth_context_id =
call->in_auth_info.auth_context_id;
} else {
auth->auth_context_id =
DCERPC_BIND_NAK_REASON_NOT_SPECIFIED;
}
return false;
}

View File

@ -6,8 +6,6 @@
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_mid_pad_ntlm_auth3
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_mid_pad_spnego_alter
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_mid_pad_spnego_auth3
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_bind_align2_ntlm
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_bind_align2_spnego
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_auth3_align2_ntlm
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_auth3_align2_spnego
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_ntlm_2889_alter