From 19d6010d4019710efd6714bf5d42d896877998f9 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 16 Jun 2015 11:06:49 +0000 Subject: [PATCH 1/2] debug --- source3/librpc/crypto/gse.c | 1 + source3/librpc/rpc/dcerpc_helpers.c | 7 +++++++ source3/rpc_server/srv_pipe.c | 18 ++++++++++++++++++ source4/auth/gensec/gensec_gssapi.c | 2 +- 4 files changed, 27 insertions(+), 1 deletion(-) diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c index 8db3cdd..edd857b 100644 --- a/source3/librpc/crypto/gse.c +++ b/source3/librpc/crypto/gse.c @@ -567,6 +567,7 @@ static size_t gse_get_signature_length(struct gse_context *gse_ctx, return 0; } + DEBUG(10,("seal[%u] payload[%u] sig[%u]\n", (unsigned)seal, (unsigned)payload_size, (unsigned)iov[0].buffer.length)); return iov[0].buffer.length; } diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c index a9b24c8..b4cb194 100644 --- a/source3/librpc/rpc/dcerpc_helpers.c +++ b/source3/librpc/rpc/dcerpc_helpers.c @@ -278,6 +278,7 @@ NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth, case DCERPC_AUTH_TYPE_SCHANNEL: gensec_security = auth->auth_ctx; *auth_len = gensec_sig_size(gensec_security, max_len); + DEBUG(10,("auth_len[%u] max_len[%u]\n", (unsigned)*auth_len,(unsigned)max_len)); break; default: return NT_STATUS_INVALID_PARAMETER; @@ -300,6 +301,9 @@ NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth, *frag_len = header_len + *data_to_send + *pad_len + DCERPC_AUTH_TRAILER_LENGTH + *auth_len; + DEBUG(10,("frag_len[%u] header_len[%u] data_to_send[%u] pad_len[%u] auth_len[%u]\n", + (unsigned)*frag_len, (unsigned)header_len, (unsigned)*data_to_send, + (unsigned)*pad_len, (unsigned)*auth_len)); return NT_STATUS_OK; } @@ -336,6 +340,9 @@ static NTSTATUS add_generic_auth_footer(struct gensec_security *gensec_security, if (!NT_STATUS_IS_OK(status)) { return status; } + DEBUG(10,("auth_blob_len[%u] rpc_out->length[%u] data_and_pad_len[%u]\n", + (unsigned)auth_blob.length, (unsigned)rpc_out->length, + (unsigned)data_and_pad_len)); break; case DCERPC_AUTH_LEVEL_INTEGRITY: diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 63323f8..0bd83db 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -119,6 +119,7 @@ static NTSTATUS create_next_packet(TALLOC_CTX *mem_ctx, size_t frag_len; size_t pad_len = 0; size_t auth_len = 0; + size_t frag_len2; NTSTATUS status; ZERO_STRUCT(u.response); @@ -171,7 +172,15 @@ static NTSTATUS create_next_packet(TALLOC_CTX *mem_ctx, return status; } + DEBUG(10,("%s:%s: frag->length[%u]\n", __location__, __func__, + (unsigned)frag->length)); + dump_data(10, frag->data, frag->length); + frag_len2 = frag->length; if (auth_len) { + frag_len2 += pad_len; + frag_len2 += DCERPC_AUTH_TRAILER_LENGTH; + frag_len2 += auth_len; + /* Set the proper length on the pdu, including padding. * Only needed if an auth trailer will be appended. */ dcerpc_set_frag_length(frag, frag->length @@ -180,6 +189,9 @@ static NTSTATUS create_next_packet(TALLOC_CTX *mem_ctx, + auth_len); } + DEBUG(10,("%s:%s: frag->length[%u]\n", __location__, __func__, + (unsigned)frag->length)); + dump_data(10, frag->data, frag->length); if (auth_len) { status = dcerpc_add_auth_footer(auth, pad_len, frag); if (!NT_STATUS_IS_OK(status)) { @@ -188,6 +200,12 @@ static NTSTATUS create_next_packet(TALLOC_CTX *mem_ctx, } } + DEBUG(10,("%s:%s: frag_len[%u] frag->length[%u]\n", __location__, __func__, + (unsigned)frag_len2, (unsigned)frag->length)); + dump_data(10, frag->data, frag->length); + + SMB_ASSERT(frag_len2 == frag->length); + *pdu_size = data_to_send; return NT_STATUS_OK; } diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c index 5582102..a8ab9b3 100644 --- a/source4/auth/gensec/gensec_gssapi.c +++ b/source4/auth/gensec/gensec_gssapi.c @@ -1066,11 +1066,11 @@ static NTSTATUS gensec_gssapi_seal_packet(struct gensec_security *gensec_securit } sig_length = output_token.length - input_token.length; - memcpy(data, ((uint8_t *)output_token.value) + sig_length, length); *sig = data_blob_talloc(mem_ctx, (uint8_t *)output_token.value, sig_length); dump_data_pw("gensec_gssapi_seal_packet: sig\n", sig->data, sig->length); dump_data_pw("gensec_gssapi_seal_packet: clear\n", data, length); + memcpy(data, ((uint8_t *)output_token.value) + sig_length, length); dump_data_pw("gensec_gssapi_seal_packet: sealed\n", ((uint8_t *)output_token.value) + sig_length, output_token.length - sig_length); gss_release_buffer(&min_stat, &output_token); -- 2.1.0 From 47b638c12e95816e1f2f1608614c6156363f2c80 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 16 Jun 2015 11:17:04 -0500 Subject: [PATCH 2/2] hack bug 11061... metze --- source3/librpc/rpc/dcerpc_helpers.c | 18 +++++++++--------- source3/rpc_server/srv_pipe.c | 3 +++ 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c index b4cb194..a8a164a 100644 --- a/source3/librpc/rpc/dcerpc_helpers.c +++ b/source3/librpc/rpc/dcerpc_helpers.c @@ -24,6 +24,9 @@ #include "librpc/crypto/gse.h" #include "auth/gensec/gensec.h" +#undef CLIENT_NDR_PADDING_SIZE +#define CLIENT_NDR_PADDING_SIZE 16 + #undef DBGC_CLASS #define DBGC_CLASS DBGC_RPC_PARSE @@ -285,19 +288,16 @@ NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth, } max_len -= *auth_len; + max_len -= pad_alignment; *data_to_send = MIN(max_len, data_left); - mod_len = (header_len + *data_to_send) % pad_alignment; - if (mod_len) { - *pad_len = pad_alignment - mod_len; - } else { - *pad_len = 0; - } + mod_len = (*data_to_send) % pad_alignment; + *pad_len = pad_alignment - mod_len; - if (*data_to_send + *pad_len > max_len) { - *data_to_send -= pad_alignment; - } + //if (*data_to_send + *pad_len > max_len) { + // *data_to_send -= pad_alignment; + //} *frag_len = header_len + *data_to_send + *pad_len + DCERPC_AUTH_TRAILER_LENGTH + *auth_len; diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 0bd83db..3ee2198 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -45,6 +45,9 @@ #include "auth/gensec/gensec.h" #include "librpc/ndr/ndr_dcerpc.h" +#undef SERVER_NDR_PADDING_SIZE +#define SERVER_NDR_PADDING_SIZE 16 + #undef DBGC_CLASS #define DBGC_CLASS DBGC_RPC_SRV -- 2.1.0