Attachment 11162 Details for Bug 11061 – Work in progress patches (on master)

[patch] Work in progress patches (on master)

bug-11061-hack.patches.01.txt (text/plain), 6.49 KB, created by Stefan Metzmacher on 2015-06-16 16:27:11 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Stefan Metzmacher

Created: 2015-06-16 16:27:11 UTC

Size: 6.49 KB

patch

obsolete

>From 19d6010d4019710efd6714bf5d42d896877998f9 Mon Sep 17 00:00:00 2001
>From: Volker Lendecke <vl@samba.org>
>Date: Tue, 16 Jun 2015 11:06:49 +0000
>Subject: [PATCH 1/2] debug
>
>---
> source3/librpc/crypto/gse.c         |  1 +
> source3/librpc/rpc/dcerpc_helpers.c |  7 +++++++
> source3/rpc_server/srv_pipe.c       | 18 ++++++++++++++++++
> source4/auth/gensec/gensec_gssapi.c |  2 +-
> 4 files changed, 27 insertions(+), 1 deletion(-)
>
>diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c
>index 8db3cdd..edd857b 100644
>--- a/source3/librpc/crypto/gse.c
>+++ b/source3/librpc/crypto/gse.c
>@@ -567,6 +567,7 @@ static size_t gse_get_signature_length(struct gse_context *gse_ctx,
> 		return 0;
> 	}
> 
>+	DEBUG(10,("seal[%u] payload[%u] sig[%u]\n", (unsigned)seal, (unsigned)payload_size, (unsigned)iov[0].buffer.length));
> 	return iov[0].buffer.length;
> }
> 
>diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c
>index a9b24c8..b4cb194 100644
>--- a/source3/librpc/rpc/dcerpc_helpers.c
>+++ b/source3/librpc/rpc/dcerpc_helpers.c
>@@ -278,6 +278,7 @@ NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth,
> 	case DCERPC_AUTH_TYPE_SCHANNEL:
> 		gensec_security = auth->auth_ctx;
> 		*auth_len = gensec_sig_size(gensec_security, max_len);
>+		DEBUG(10,("auth_len[%u] max_len[%u]\n", (unsigned)*auth_len,(unsigned)max_len));
> 		break;
> 	default:
> 		return NT_STATUS_INVALID_PARAMETER;
>@@ -300,6 +301,9 @@ NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth,
> 
> 	*frag_len = header_len + *data_to_send + *pad_len
> 			+ DCERPC_AUTH_TRAILER_LENGTH + *auth_len;
>+	DEBUG(10,("frag_len[%u] header_len[%u] data_to_send[%u] pad_len[%u] auth_len[%u]\n",
>+	         (unsigned)*frag_len, (unsigned)header_len, (unsigned)*data_to_send,
>+		 (unsigned)*pad_len, (unsigned)*auth_len));
> 
> 	return NT_STATUS_OK;
> }
>@@ -336,6 +340,9 @@ static NTSTATUS add_generic_auth_footer(struct gensec_security *gensec_security,
> 		if (!NT_STATUS_IS_OK(status)) {
> 			return status;
> 		}
>+		DEBUG(10,("auth_blob_len[%u] rpc_out->length[%u] data_and_pad_len[%u]\n",
>+			  (unsigned)auth_blob.length, (unsigned)rpc_out->length,
>+			  (unsigned)data_and_pad_len));
> 		break;
> 
> 	case DCERPC_AUTH_LEVEL_INTEGRITY:
>diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
>index 63323f8..0bd83db 100644
>--- a/source3/rpc_server/srv_pipe.c
>+++ b/source3/rpc_server/srv_pipe.c
>@@ -119,6 +119,7 @@ static NTSTATUS create_next_packet(TALLOC_CTX *mem_ctx,
> 	size_t frag_len;
> 	size_t pad_len = 0;
> 	size_t auth_len = 0;
>+	size_t frag_len2;
> 	NTSTATUS status;
> 
> 	ZERO_STRUCT(u.response);
>@@ -171,7 +172,15 @@ static NTSTATUS create_next_packet(TALLOC_CTX *mem_ctx,
> 		return status;
> 	}
> 
>+	DEBUG(10,("%s:%s: frag->length[%u]\n", __location__, __func__,
>+		  (unsigned)frag->length));
>+	dump_data(10, frag->data, frag->length);
>+	frag_len2 = frag->length;
> 	if (auth_len) {
>+		frag_len2 += pad_len;
>+		frag_len2 += DCERPC_AUTH_TRAILER_LENGTH;
>+		frag_len2 += auth_len;
>+
> 		/* Set the proper length on the pdu, including padding.
> 		 * Only needed if an auth trailer will be appended. */
> 		dcerpc_set_frag_length(frag, frag->length
>@@ -180,6 +189,9 @@ static NTSTATUS create_next_packet(TALLOC_CTX *mem_ctx,
> 						+ auth_len);
> 	}
> 
>+	DEBUG(10,("%s:%s: frag->length[%u]\n", __location__, __func__,
>+		  (unsigned)frag->length));
>+	dump_data(10, frag->data, frag->length);
> 	if (auth_len) {
> 		status = dcerpc_add_auth_footer(auth, pad_len, frag);
> 		if (!NT_STATUS_IS_OK(status)) {
>@@ -188,6 +200,12 @@ static NTSTATUS create_next_packet(TALLOC_CTX *mem_ctx,
> 		}
> 	}
> 
>+	DEBUG(10,("%s:%s: frag_len[%u] frag->length[%u]\n", __location__, __func__,
>+		  (unsigned)frag_len2, (unsigned)frag->length));
>+	dump_data(10, frag->data, frag->length);
>+
>+	SMB_ASSERT(frag_len2 == frag->length);
>+
> 	*pdu_size = data_to_send;
> 	return NT_STATUS_OK;
> }
>diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
>index 5582102..a8ab9b3 100644
>--- a/source4/auth/gensec/gensec_gssapi.c
>+++ b/source4/auth/gensec/gensec_gssapi.c
>@@ -1066,11 +1066,11 @@ static NTSTATUS gensec_gssapi_seal_packet(struct gensec_security *gensec_securit
> 	}
> 	sig_length = output_token.length - input_token.length;
> 
>-	memcpy(data, ((uint8_t *)output_token.value) + sig_length, length);
> 	*sig = data_blob_talloc(mem_ctx, (uint8_t *)output_token.value, sig_length);
> 
> 	dump_data_pw("gensec_gssapi_seal_packet: sig\n", sig->data, sig->length);
> 	dump_data_pw("gensec_gssapi_seal_packet: clear\n", data, length);
>+	memcpy(data, ((uint8_t *)output_token.value) + sig_length, length);
> 	dump_data_pw("gensec_gssapi_seal_packet: sealed\n", ((uint8_t *)output_token.value) + sig_length, output_token.length - sig_length);
> 
> 	gss_release_buffer(&min_stat, &output_token);
>-- 
>2.1.0
>
>
>From 47b638c12e95816e1f2f1608614c6156363f2c80 Mon Sep 17 00:00:00 2001
>From: Stefan Metzmacher <metze@samba.org>
>Date: Tue, 16 Jun 2015 11:17:04 -0500
>Subject: [PATCH 2/2] hack bug 11061...
>
>metze
>---
> source3/librpc/rpc/dcerpc_helpers.c | 18 +++++++++---------
> source3/rpc_server/srv_pipe.c       |  3 +++
> 2 files changed, 12 insertions(+), 9 deletions(-)
>
>diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c
>index b4cb194..a8a164a 100644
>--- a/source3/librpc/rpc/dcerpc_helpers.c
>+++ b/source3/librpc/rpc/dcerpc_helpers.c
>@@ -24,6 +24,9 @@
> #include "librpc/crypto/gse.h"
> #include "auth/gensec/gensec.h"
> 
>+#undef CLIENT_NDR_PADDING_SIZE
>+#define CLIENT_NDR_PADDING_SIZE 16
>+
> #undef DBGC_CLASS
> #define DBGC_CLASS DBGC_RPC_PARSE
> 
>@@ -285,19 +288,16 @@ NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth,
> 	}
> 
> 	max_len -= *auth_len;
>+	max_len -= pad_alignment;
> 
> 	*data_to_send = MIN(max_len, data_left);
> 
>-	mod_len = (header_len + *data_to_send) % pad_alignment;
>-	if (mod_len) {
>-		*pad_len = pad_alignment - mod_len;
>-	} else {
>-		*pad_len = 0;
>-	}
>+	mod_len = (*data_to_send) % pad_alignment;
>+	*pad_len = pad_alignment - mod_len;
> 
>-	if (*data_to_send + *pad_len > max_len) {
>-		*data_to_send -= pad_alignment;
>-	}
>+	//if (*data_to_send + *pad_len > max_len) {
>+	//	*data_to_send -= pad_alignment;
>+	//}
> 
> 	*frag_len = header_len + *data_to_send + *pad_len
> 			+ DCERPC_AUTH_TRAILER_LENGTH + *auth_len;
>diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
>index 0bd83db..3ee2198 100644
>--- a/source3/rpc_server/srv_pipe.c
>+++ b/source3/rpc_server/srv_pipe.c
>@@ -45,6 +45,9 @@
> #include "auth/gensec/gensec.h"
> #include "librpc/ndr/ndr_dcerpc.h"
> 
>+#undef SERVER_NDR_PADDING_SIZE
>+#define SERVER_NDR_PADDING_SIZE 16
>+
> #undef DBGC_CLASS
> #define DBGC_CLASS DBGC_RPC_SRV
> 
>-- 
>2.1.0
>

Actions: View

Attachments on bug 11061: 10637 | 10981 | 10982 | 10999 | 11000 | 11001 | 11008 | 11009 | 11120 | 11162 | 11184 | 11212 | 11213