mirror of
https://github.com/samba-team/samba.git
synced 2025-01-07 17:18:11 +03:00
dcerpc_util: let dcerpc_pull_auth_trailer() ignore data_and_pad for bind, alter, auth3
Sometimes Windows sends 3 presentation contexts (NDR32, NDR64,
BindTimeFeatureNegotiation) in the first BIND of an association.
Binding an additional connection to the association seems to
reuse the BIND buffer and just changes the num_contexts field from
3 to 2 and leaves the BindTimeFeatureNegotiation context as padding
in places.
Note, the auth_pad_length field is send as 0 in that case,
which means we need to ignore it completely, as well as any
padding before the auth header.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 85b2dcd938
)
This commit is contained in:
parent
178e654eca
commit
f27161ef53
@ -362,10 +362,9 @@ NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet *pkt,
|
|||||||
*
|
*
|
||||||
* See also bug #11982.
|
* See also bug #11982.
|
||||||
*/
|
*/
|
||||||
if (auth_data_only && data_and_pad == 0 &&
|
if (auth_data_only) {
|
||||||
auth->auth_pad_length > 0) {
|
|
||||||
/*
|
/*
|
||||||
* we need to ignore invalid auth_pad_length
|
* We need to ignore auth_pad_length
|
||||||
* values for BIND_*, ALTER_* and AUTH3 pdus.
|
* values for BIND_*, ALTER_* and AUTH3 pdus.
|
||||||
*/
|
*/
|
||||||
auth->auth_pad_length = 0;
|
auth->auth_pad_length = 0;
|
||||||
@ -385,34 +384,6 @@ NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet *pkt,
|
|||||||
return NT_STATUS_RPC_PROTOCOL_ERROR;
|
return NT_STATUS_RPC_PROTOCOL_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (auth_data_only && data_and_pad > auth->auth_pad_length) {
|
|
||||||
DBG_WARNING(__location__ ": ERROR: auth_data_only pad length mismatch. "
|
|
||||||
"Client sent a longer BIND packet than expected by %"PRIu16" bytes "
|
|
||||||
"(pkt_trailer->length=%zu - auth_length=%"PRIu16") "
|
|
||||||
"= %"PRIu16" auth_pad_length=%"PRIu8"\n",
|
|
||||||
data_and_pad - auth->auth_pad_length,
|
|
||||||
pkt_trailer->length,
|
|
||||||
auth_length,
|
|
||||||
data_and_pad,
|
|
||||||
auth->auth_pad_length);
|
|
||||||
talloc_free(ndr);
|
|
||||||
ZERO_STRUCTP(auth);
|
|
||||||
return NT_STATUS_RPC_PROTOCOL_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (auth_data_only && data_and_pad != auth->auth_pad_length) {
|
|
||||||
DBG_WARNING(__location__ ": ERROR: auth_data_only pad length mismatch. "
|
|
||||||
"Calculated %"PRIu16" (pkt_trailer->length=%zu - auth_length=%"PRIu16") "
|
|
||||||
"but auth_pad_length=%"PRIu8"\n",
|
|
||||||
data_and_pad,
|
|
||||||
pkt_trailer->length,
|
|
||||||
auth_length,
|
|
||||||
auth->auth_pad_length);
|
|
||||||
talloc_free(ndr);
|
|
||||||
ZERO_STRUCTP(auth);
|
|
||||||
return NT_STATUS_RPC_PROTOCOL_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
DBG_DEBUG("auth_pad_length %"PRIu8"\n",
|
DBG_DEBUG("auth_pad_length %"PRIu8"\n",
|
||||||
auth->auth_pad_length);
|
auth->auth_pad_length);
|
||||||
|
|
||||||
|
@ -1,11 +1,5 @@
|
|||||||
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_full_pad_ntlm_alter
|
|
||||||
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_full_pad_ntlm_auth3
|
|
||||||
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_full_pad_spnego_alter
|
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_full_pad_spnego_alter
|
||||||
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_full_pad_spnego_auth3
|
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_full_pad_spnego_auth3
|
||||||
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_mid_pad_ntlm_alter
|
|
||||||
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_mid_pad_ntlm_auth3
|
|
||||||
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_mid_pad_spnego_alter
|
|
||||||
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_mid_pad_spnego_auth3
|
|
||||||
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_auth3_align2_ntlm
|
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_auth3_align2_ntlm
|
||||||
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_auth3_align2_spnego
|
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_auth3_align2_spnego
|
||||||
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_ntlm_2889_alter
|
^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_ntlm_2889_alter
|
||||||
|
Loading…
Reference in New Issue
Block a user