dcerpc_util: don't allow auth_padding for BIND, ALTER_CONTEXT and AUTH3 pdus

This is how Windows 2022 (and 2025 preview) behaves...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

librpc/rpc/dcerpc_util.c

@@ -324,12 +324,21 @@ NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet *pkt,
 	 * protection for REQUEST and RESPONSE pdus, where the
 	 * auth_pad_length field is actually used by the caller.
 	 */
+	switch (pkt->ptype) {
+	case DCERPC_PKT_BIND:
+	case DCERPC_PKT_ALTER:
+	case DCERPC_PKT_AUTH3:
+		max_pad_len = 0;
+		break;
+	default:
 		tmp_length = DCERPC_REQUEST_LENGTH;
 		tmp_length += DCERPC_AUTH_TRAILER_LENGTH;
 		tmp_length += pkt->auth_length;
 		if (tmp_length < pkt->frag_length) {
 			max_pad_len = pkt->frag_length - tmp_length;
 		}
+		break;
+	}
 	if (max_pad_len < auth->auth_pad_length) {
 		DEBUG(1, (__location__ ": ERROR: pad length too large. "
 			  "max %"PRIu32" got %"PRIu8"\n",

source4/selftest/tests.py

@@ -1370,12 +1370,10 @@ planoldpythontestsuite("ad_dc", "samba.tests.dcerpc.dnsserver", extra_args=['-U"
 
 planoldpythontestsuite("chgdcpass", "samba.tests.dcerpc.raw_protocol",
                        environ={"MAX_NUM_AUTH": "8",
-                                "ALLOW_BIND_AUTH_PAD": "1",
                                 "USERNAME": "$DC_USERNAME",
                                 "PASSWORD": "$DC_PASSWORD"})
 planoldpythontestsuite("ad_member", "samba.tests.dcerpc.raw_protocol",
                        environ={"MAX_NUM_AUTH": "8",
-                                "ALLOW_BIND_AUTH_PAD": "1",
                                 "AUTH_LEVEL_CONNECT_LSA": "1",
                                 "USERNAME": "$DC_USERNAME",
                                 "PASSWORD": "$DC_PASSWORD"})