The Samba-Bugzilla – Attachment 11213 Details for
Bug 11061
Logon via MS Remote Desktop hangs
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patches for v4-1-test
tmp41.diff.txt (text/plain), 30.28 KB, created by
Stefan Metzmacher
on 2015-06-30 08:19:54 UTC
(
hide
)
Description:
Patches for v4-1-test
Filename:
MIME Type:
Creator:
Stefan Metzmacher
Created:
2015-06-30 08:19:54 UTC
Size:
30.28 KB
patch
obsolete
>From 5c9753d679b77936c1bc1e4f4672a406a9580223 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Fri, 19 Jun 2015 14:46:53 +0200 >Subject: [PATCH 01/17] auth/gensec: gensec_[un]seal_packet() should only work > with GENSEC_FEATURE_DCE_STYLE > >gensec_sig_size() also requires GENSEC_FEATURE_DCE_STYLE if >GENSEC_FEATURE_SEAL is negotiated. > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit 3542d33314e32279340f07f995c1dcbd16106352) >--- > auth/gensec/gensec.c | 14 ++++++++++++++ > 1 file changed, 14 insertions(+) > >diff --git a/auth/gensec/gensec.c b/auth/gensec/gensec.c >index ea62861..01c4ac6 100644 >--- a/auth/gensec/gensec.c >+++ b/auth/gensec/gensec.c >@@ -39,9 +39,15 @@ _PUBLIC_ NTSTATUS gensec_unseal_packet(struct gensec_security *gensec_security, > if (!gensec_security->ops->unseal_packet) { > return NT_STATUS_NOT_IMPLEMENTED; > } >+ if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) { >+ return NT_STATUS_INVALID_PARAMETER; >+ } > if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) { > return NT_STATUS_INVALID_PARAMETER; > } >+ if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_DCE_STYLE)) { >+ return NT_STATUS_INVALID_PARAMETER; >+ } > > return gensec_security->ops->unseal_packet(gensec_security, > data, length, >@@ -79,6 +85,9 @@ _PUBLIC_ NTSTATUS gensec_seal_packet(struct gensec_security *gensec_security, > if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) { > return NT_STATUS_INVALID_PARAMETER; > } >+ if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_DCE_STYLE)) { >+ return NT_STATUS_INVALID_PARAMETER; >+ } > > return gensec_security->ops->seal_packet(gensec_security, mem_ctx, data, length, whole_pdu, pdu_length, sig); > } >@@ -107,6 +116,11 @@ _PUBLIC_ size_t gensec_sig_size(struct gensec_security *gensec_security, size_t > if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) { > return 0; > } >+ if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) { >+ if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_DCE_STYLE)) { >+ return 0; >+ } >+ } > > return gensec_security->ops->sig_size(gensec_security, data_size); > } >-- >1.9.1 > > >From 599db96e52ab8c65201990cef949ffc04f5b0069 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Sat, 20 Jun 2015 16:19:31 +0200 >Subject: [PATCH 02/17] auth/gensec: make sure gensec_start_mech_by_authtype() > resets SIGN/SEAL before starting > >We want to set GENSEC_FEATURE_SIGN and GENSEC_FEATURE_SEAL based on the given >auth_level and should not have GENSEC_FEATURE_SEAL if >DCERPC_AUTH_LEVEL_INTEGRITY is desired. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit 756508c8c37b0370301a096e35abc171fe08d31c) >--- > auth/gensec/gensec_start.c | 6 ++++++ > 1 file changed, 6 insertions(+) > >diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c >index e46f0ee..8b649e5 100644 >--- a/auth/gensec/gensec_start.c >+++ b/auth/gensec/gensec_start.c >@@ -701,6 +701,12 @@ _PUBLIC_ NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_s > return NT_STATUS_INVALID_PARAMETER; > } > gensec_security->dcerpc_auth_level = auth_level; >+ /* >+ * We need to reset sign/seal in order to reset it. >+ * We may got some default features inherited by the credentials >+ */ >+ gensec_security->want_features &= ~GENSEC_FEATURE_SIGN; >+ gensec_security->want_features &= ~GENSEC_FEATURE_SEAL; > gensec_want_feature(gensec_security, GENSEC_FEATURE_DCE_STYLE); > gensec_want_feature(gensec_security, GENSEC_FEATURE_ASYNC_REPLIES); > if (auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) { >-- >1.9.1 > > >From 63903e3fa18a713137c9cab7107c5b33f3840400 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Fri, 19 Jun 2015 16:48:48 +0200 >Subject: [PATCH 03/17] dcerpc.idl: add DCERPC_AUTH_PAD_ALIGNMENT (=16) > >Windows pads the payload aligned to 16 bytes. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit 2cb3ec5856ab5b7edad8ffd67a5d0f927c161138) >--- > librpc/idl/dcerpc.idl | 1 + > 1 file changed, 1 insertion(+) > >diff --git a/librpc/idl/dcerpc.idl b/librpc/idl/dcerpc.idl >index 86f22a4..f14461c 100644 >--- a/librpc/idl/dcerpc.idl >+++ b/librpc/idl/dcerpc.idl >@@ -204,6 +204,7 @@ interface dcerpc > } dcerpc_auth; > > const uint8 DCERPC_AUTH_TRAILER_LENGTH = 8; >+ const uint8 DCERPC_AUTH_PAD_ALIGNMENT = 16; > > typedef [public] struct { > [value(0)] uint32 _pad; >-- >1.9.1 > > >From 5213b084e106f74c502dda9e44a147aef58b1839 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Sat, 20 Jun 2015 17:43:47 +0200 >Subject: [PATCH 04/17] librpc/rpc: add DCERPC_AUTH_PAD_LENGTH(stub_length) > helper macro > >This calculates the required padding DCERPC_AUTH_PAD_ALIGNMENT >and the stub_length. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(similar to commit f1e3ad269ca8f76876afd8e3837c9c9b48688941) >--- > librpc/rpc/rpc_common.h | 6 ++++++ > 1 file changed, 6 insertions(+) > >diff --git a/librpc/rpc/rpc_common.h b/librpc/rpc/rpc_common.h >index e2b3755..acf2ed2 100644 >--- a/librpc/rpc/rpc_common.h >+++ b/librpc/rpc/rpc_common.h >@@ -301,4 +301,10 @@ NTSTATUS dcerpc_binding_handle_call(struct dcerpc_binding_handle *h, > TALLOC_CTX *r_mem, > void *r_ptr); > >+ >+#define DCERPC_AUTH_PAD_LENGTH(stub_length) (\ >+ (((stub_length) % DCERPC_AUTH_PAD_ALIGNMENT) > 0)?\ >+ (DCERPC_AUTH_PAD_ALIGNMENT - (stub_length) % DCERPC_AUTH_PAD_ALIGNMENT):\ >+ 0) >+ > #endif /* __DEFAULT_LIBRPC_RPCCOMMON_H__ */ >-- >1.9.1 > > >From c3a9dc5ff43014eed645a6010099b559a0a40e25 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Fri, 19 Jun 2015 16:55:39 +0200 >Subject: [PATCH 05/17] s3:librpc/rpc: allow up to DCERPC_AUTH_PAD_ALIGNMENT > padding bytes in dcerpc_add_auth_footer() > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit 3e6e9e3acd17531148457be59a32727fb87ae43d) >--- > source3/librpc/rpc/dcerpc_helpers.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > >diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c >index a55e419..aec275e 100644 >--- a/source3/librpc/rpc/dcerpc_helpers.c >+++ b/source3/librpc/rpc/dcerpc_helpers.c >@@ -553,7 +553,7 @@ NTSTATUS dcerpc_add_auth_footer(struct pipe_auth_data *auth, > { > struct schannel_state *schannel_auth; > struct gensec_security *gensec_security; >- char pad[CLIENT_NDR_PADDING_SIZE] = { 0, }; >+ const char pad[DCERPC_AUTH_PAD_ALIGNMENT] = { 0, }; > DATA_BLOB auth_info; > DATA_BLOB auth_blob; > NTSTATUS status; >@@ -564,6 +564,8 @@ NTSTATUS dcerpc_add_auth_footer(struct pipe_auth_data *auth, > } > > if (pad_len) { >+ SMB_ASSERT(pad_len <= ARRAY_SIZE(pad)); >+ > /* Copy the sign/seal padding data. */ > if (!data_blob_append(NULL, rpc_out, pad, pad_len)) { > return NT_STATUS_NO_MEMORY; >-- >1.9.1 > > >From e06dda2e8be8ea58a936d455777a10885ad8c8a7 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Fri, 19 Jun 2015 15:52:11 +0200 >Subject: [PATCH 06/17] s3:librpc/rpc: fix padding calculation in > dcerpc_guess_sizes() > >The padding needs to be relative to the payload start not to the pdu start. >We also need align the padding to DCERPC_AUTH_PAD_ALIGNMENT (16 bytes). > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(similar to commit b2e042ad9652e2dfb39640de43e09030efc41d3d) >--- > source3/librpc/rpc/dcerpc.h | 2 +- > source3/librpc/rpc/dcerpc_helpers.c | 22 +++++++++------------- > source3/rpc_client/cli_pipe.c | 1 - > source3/rpc_server/srv_pipe.c | 1 - > 4 files changed, 10 insertions(+), 16 deletions(-) > >diff --git a/source3/librpc/rpc/dcerpc.h b/source3/librpc/rpc/dcerpc.h >index b3ae3b4..60b91d6d 100644 >--- a/source3/librpc/rpc/dcerpc.h >+++ b/source3/librpc/rpc/dcerpc.h >@@ -76,7 +76,7 @@ NTSTATUS dcerpc_pull_dcerpc_auth(TALLOC_CTX *mem_ctx, > bool bigendian); > NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth, > size_t header_len, size_t data_left, >- size_t max_xmit_frag, size_t pad_alignment, >+ size_t max_xmit_frag, > size_t *data_to_send, size_t *frag_len, > size_t *auth_len, size_t *pad_len); > NTSTATUS dcerpc_add_auth_footer(struct pipe_auth_data *auth, >diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c >index aec275e..b48f45c 100644 >--- a/source3/librpc/rpc/dcerpc_helpers.c >+++ b/source3/librpc/rpc/dcerpc_helpers.c >@@ -256,7 +256,6 @@ NTSTATUS dcerpc_pull_dcerpc_auth(TALLOC_CTX *mem_ctx, > * @param header_len The length of the packet header > * @param data_left The data left in the send buffer > * @param max_xmit_frag The max fragment size. >-* @param pad_alignment The NDR padding size. > * @param data_to_send [out] The max data we will send in the pdu > * @param frag_len [out] The total length of the fragment > * @param auth_len [out] The length of the auth trailer >@@ -266,7 +265,7 @@ NTSTATUS dcerpc_pull_dcerpc_auth(TALLOC_CTX *mem_ctx, > */ > NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth, > size_t header_len, size_t data_left, >- size_t max_xmit_frag, size_t pad_alignment, >+ size_t max_xmit_frag, > size_t *data_to_send, size_t *frag_len, > size_t *auth_len, size_t *pad_len) > { >@@ -309,7 +308,11 @@ NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth, > case DCERPC_AUTH_TYPE_KRB5: > gensec_security = talloc_get_type_abort(auth->auth_ctx, > struct gensec_security); >- *auth_len = gensec_sig_size(gensec_security, max_len); >+ mod_len = (max_len % DCERPC_AUTH_PAD_ALIGNMENT); >+ *auth_len = gensec_sig_size(gensec_security, max_len - mod_len); >+ if (*auth_len == 0) { >+ return NT_STATUS_INTERNAL_ERROR; >+ } > break; > > case DCERPC_AUTH_TYPE_SCHANNEL: >@@ -322,19 +325,12 @@ NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth, > } > > max_len -= *auth_len; >+ mod_len = (max_len % DCERPC_AUTH_PAD_ALIGNMENT); >+ max_len -= mod_len; > > *data_to_send = MIN(max_len, data_left); > >- mod_len = (header_len + *data_to_send) % pad_alignment; >- if (mod_len) { >- *pad_len = pad_alignment - mod_len; >- } else { >- *pad_len = 0; >- } >- >- if (*data_to_send + *pad_len > max_len) { >- *data_to_send -= pad_alignment; >- } >+ *pad_len = DCERPC_AUTH_PAD_LENGTH(*data_to_send); > > *frag_len = header_len + *data_to_send + *pad_len > + DCERPC_AUTH_TRAILER_LENGTH + *auth_len; >diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c >index 385ae25..78b1c5c 100644 >--- a/source3/rpc_client/cli_pipe.c >+++ b/source3/rpc_client/cli_pipe.c >@@ -1282,7 +1282,6 @@ static NTSTATUS prepare_next_frag(struct rpc_api_pipe_req_state *state, > status = dcerpc_guess_sizes(state->cli->auth, > DCERPC_REQUEST_LENGTH, data_left, > state->cli->max_xmit_frag, >- CLIENT_NDR_PADDING_SIZE, > &data_sent_thistime, > &frag_len, &auth_len, &pad_len); > if (!NT_STATUS_IS_OK(status)) { >diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c >index 7daff04..9df41b4 100644 >--- a/source3/rpc_server/srv_pipe.c >+++ b/source3/rpc_server/srv_pipe.c >@@ -141,7 +141,6 @@ static NTSTATUS create_next_packet(TALLOC_CTX *mem_ctx, > DCERPC_RESPONSE_LENGTH, > data_left, > RPC_MAX_PDU_FRAG_LEN, >- SERVER_NDR_PADDING_SIZE, > &data_to_send, &frag_len, > &auth_len, &pad_len); > if (!NT_STATUS_IS_OK(status)) { >-- >1.9.1 > > >From 18bf6589f3164973688b8d39218080491417de29 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Fri, 19 Jun 2015 22:09:57 +0200 >Subject: [PATCH 07/17] s3:rpc_server: remove pad handling from > api_pipe_alter_context() > >This is not needed and windows doesn't use it. >The padding is for the payload in request and response. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit a6a6795826954eef6763a39b129a4db578edca01) >--- > source3/rpc_server/srv_pipe.c | 27 ++------------------------- > 1 file changed, 2 insertions(+), 25 deletions(-) > >diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c >index 9df41b4..93339fb 100644 >--- a/source3/rpc_server/srv_pipe.c >+++ b/source3/rpc_server/srv_pipe.c >@@ -1065,7 +1065,6 @@ static bool api_pipe_alter_context(struct pipes_struct *p, > struct dcerpc_ack_ctx bind_ack_ctx; > DATA_BLOB auth_resp = data_blob_null; > DATA_BLOB auth_blob = data_blob_null; >- int pad_len = 0; > struct gensec_security *gensec_security; > > DEBUG(5,("api_pipe_alter_context: make response. %d\n", __LINE__)); >@@ -1217,19 +1216,10 @@ static bool api_pipe_alter_context(struct pipes_struct *p, > } > > if (auth_resp.length) { >- >- /* Work out any padding needed before the auth footer. */ >- pad_len = p->out_data.frag.length % SERVER_NDR_PADDING_SIZE; >- if (pad_len) { >- pad_len = SERVER_NDR_PADDING_SIZE - pad_len; >- DEBUG(10, ("auth pad_len = %u\n", >- (unsigned int)pad_len)); >- } >- > status = dcerpc_push_dcerpc_auth(pkt, > auth_info.auth_type, > auth_info.auth_level, >- pad_len, >+ 0, /* pad_len */ > 1, /* auth_context_id */ > &auth_resp, > &auth_blob); >@@ -1243,22 +1233,9 @@ static bool api_pipe_alter_context(struct pipes_struct *p, > * the dcerpc header */ > dcerpc_set_frag_length(&p->out_data.frag, > p->out_data.frag.length + >- pad_len + auth_blob.length); >+ auth_blob.length); > > if (auth_resp.length) { >- if (pad_len) { >- char pad[SERVER_NDR_PADDING_SIZE]; >- memset(pad, '\0', SERVER_NDR_PADDING_SIZE); >- if (!data_blob_append(p->mem_ctx, >- &p->out_data.frag, >- pad, pad_len)) { >- DEBUG(0, ("api_pipe_bind_req: failed to add " >- "%u bytes of pad data.\n", >- (unsigned int)pad_len)); >- goto err_exit; >- } >- } >- > if (!data_blob_append(p->mem_ctx, &p->out_data.frag, > auth_blob.data, auth_blob.length)) { > DEBUG(0, ("Append of auth info failed.\n")); >-- >1.9.1 > > >From 59e3f54c63349e00fdedbb0b637d5e0c38bf7999 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Fri, 19 Jun 2015 22:35:44 +0200 >Subject: [PATCH 08/17] s4:librpc/rpc: let dcerpc_ship_next_request() use > DCERPC_AUTH_PAD_ALIGNMENT define > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit ef801bae95403e96042f5d8c87085bce21436013) >--- > source4/librpc/rpc/dcerpc.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c >index 2826160..cd33dc0 100644 >--- a/source4/librpc/rpc/dcerpc.c >+++ b/source4/librpc/rpc/dcerpc.c >@@ -1601,7 +1601,7 @@ static void dcerpc_ship_next_request(struct dcecli_connection *c) > chunk_size -= sig_size; > } > } >- chunk_size -= (chunk_size % 16); >+ chunk_size -= (chunk_size % DCERPC_AUTH_PAD_ALIGNMENT); > > pkt.ptype = DCERPC_PKT_REQUEST; > pkt.call_id = req->call_id; >-- >1.9.1 > > >From 7ad41777921df5786f28023aad4263c5d78a7314 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Fri, 19 Jun 2015 22:35:44 +0200 >Subject: [PATCH 09/17] s4:librpc/rpc: let dcerpc_ship_next_request() use a > sig_size for a padded payload > >The sig_size could differ depending on the aligment/padding. >So should use the same alignment as we use for the payload. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit fc249d542fcb8d043ae72eb7963d3a85eb79253a) >--- > source4/librpc/rpc/dcerpc.c | 7 ++++++- > 1 file changed, 6 insertions(+), 1 deletion(-) > >diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c >index cd33dc0..9600822 100644 >--- a/source4/librpc/rpc/dcerpc.c >+++ b/source4/librpc/rpc/dcerpc.c >@@ -1594,8 +1594,13 @@ static void dcerpc_ship_next_request(struct dcecli_connection *c) > chunk_size -= DCERPC_REQUEST_LENGTH; > if (c->security_state.auth_info && > c->security_state.generic_state) { >+ size_t max_payload = chunk_size; >+ >+ max_payload -= DCERPC_AUTH_TRAILER_LENGTH; >+ max_payload -= (max_payload % DCERPC_AUTH_PAD_ALIGNMENT); >+ > sig_size = gensec_sig_size(c->security_state.generic_state, >- p->conn->srv_max_recv_frag); >+ max_payload); > if (sig_size) { > chunk_size -= DCERPC_AUTH_TRAILER_LENGTH; > chunk_size -= sig_size; >-- >1.9.1 > > >From 7b55537c30664ca060d4656c6aecfb156842f792 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Sat, 20 Jun 2015 17:47:14 +0200 >Subject: [PATCH 10/17] s4:librpc/rpc: let ncacn_push_request_sign() handle > sig_size == 0 with auth_info as internal error > >Don't send plaintext on the wire because of an internal error... > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit 48f2c383e1d7f52114223cd2a54857426bf64025) >--- > source4/librpc/rpc/dcerpc.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > >diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c >index 9600822..9984ea2 100644 >--- a/source4/librpc/rpc/dcerpc.c >+++ b/source4/librpc/rpc/dcerpc.c >@@ -802,13 +802,16 @@ static NTSTATUS ncacn_push_request_sign(struct dcecli_connection *c, > size_t hdr_size = DCERPC_REQUEST_LENGTH; > > /* non-signed packets are simpler */ >- if (sig_size == 0) { >+ if (c->security_state.auth_info == NULL) { > return ncacn_push_auth(blob, mem_ctx, pkt, NULL); > } > > switch (c->security_state.auth_info->auth_level) { > case DCERPC_AUTH_LEVEL_PRIVACY: > case DCERPC_AUTH_LEVEL_INTEGRITY: >+ if (sig_size == 0) { >+ return NT_STATUS_INTERNAL_ERROR; >+ } > break; > > case DCERPC_AUTH_LEVEL_CONNECT: >-- >1.9.1 > > >From 0bc5dc204d1ee19f572669f5340e62b0b0ae447b Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Sat, 20 Jun 2015 17:49:02 +0200 >Subject: [PATCH 11/17] s4:librpc/rpc: fix padding caclucation in > ncacn_push_request_sign() > >This is simplified by using DCERPC_AUTH_PAD_LENGTH() and changes the behaviour >so that we will use no padding if the stub_length is already aligned >to DCERPC_AUTH_PAD_ALIGNMENT (16 bytes). > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit 114c52e73ed9e0adeac8ad1bc1dc014f3c10f4d6) >--- > source4/librpc/rpc/dcerpc.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c >index 9984ea2..562d52e 100644 >--- a/source4/librpc/rpc/dcerpc.c >+++ b/source4/librpc/rpc/dcerpc.c >@@ -854,7 +854,7 @@ static NTSTATUS ncacn_push_request_sign(struct dcecli_connection *c, > whole packet, whereas w2k8 wants it relative to the start > of the stub */ > c->security_state.auth_info->auth_pad_length = >- (16 - (pkt->u.request.stub_and_verifier.length & 15)) & 15; >+ DCERPC_AUTH_PAD_LENGTH(pkt->u.request.stub_and_verifier.length); > ndr_err = ndr_push_zero(ndr, c->security_state.auth_info->auth_pad_length); > if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { > return ndr_map_error2ntstatus(ndr_err); >-- >1.9.1 > > >From 7d2947ef1703486c1bfebf6443f05d112c93fd88 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Fri, 19 Jun 2015 22:35:44 +0200 >Subject: [PATCH 12/17] s4:rpc_server: let dcesrv_reply() use > DCERPC_AUTH_PAD_ALIGNMENT define > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit 3fbdb255e3ac7ad5261c5fa3836e4a38a0d59221) >--- > source4/rpc_server/common/reply.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/source4/rpc_server/common/reply.c b/source4/rpc_server/common/reply.c >index 92bd552..42830ef 100644 >--- a/source4/rpc_server/common/reply.c >+++ b/source4/rpc_server/common/reply.c >@@ -194,7 +194,7 @@ _PUBLIC_ NTSTATUS dcesrv_reply(struct dcesrv_call_state *call) > chunk_size -= sig_size; > } > } >- chunk_size -= (chunk_size % 16); >+ chunk_size -= (chunk_size % DCERPC_AUTH_PAD_ALIGNMENT); > > do { > uint32_t length; >-- >1.9.1 > > >From 0b464d420759be00fba085928b02e1253b5b1937 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Fri, 19 Jun 2015 22:35:44 +0200 >Subject: [PATCH 13/17] s4:rpc_server: let dcesrv_reply() use a sig_size for a > padded payload > >The sig_size could differ depending on the aligment/padding. >So should use the same alignment as we use for the payload. > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit 16f3837e026e4cae135bbdddf09b44a02af25b05) >--- > source4/rpc_server/common/reply.c | 7 ++++++- > 1 file changed, 6 insertions(+), 1 deletion(-) > >diff --git a/source4/rpc_server/common/reply.c b/source4/rpc_server/common/reply.c >index 42830ef..007b680 100644 >--- a/source4/rpc_server/common/reply.c >+++ b/source4/rpc_server/common/reply.c >@@ -187,8 +187,13 @@ _PUBLIC_ NTSTATUS dcesrv_reply(struct dcesrv_call_state *call) > chunk_size -= DCERPC_REQUEST_LENGTH; > if (call->conn->auth_state.auth_info && > call->conn->auth_state.gensec_security) { >+ size_t max_payload = chunk_size; >+ >+ max_payload -= DCERPC_AUTH_TRAILER_LENGTH; >+ max_payload -= (max_payload % DCERPC_AUTH_PAD_ALIGNMENT); >+ > sig_size = gensec_sig_size(call->conn->auth_state.gensec_security, >- call->conn->cli_max_recv_frag); >+ max_payload); > if (sig_size) { > chunk_size -= DCERPC_AUTH_TRAILER_LENGTH; > chunk_size -= sig_size; >-- >1.9.1 > > >From 6f49d6347308b753fc456c11e9fe3d49dc08649e Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Sat, 20 Jun 2015 17:47:14 +0200 >Subject: [PATCH 14/17] s4:rpc_server: let dcesrv_auth_response() handle > sig_size == 0 with auth_info as error > >Don't send plaintext on the wire because of an internal error... > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit 1bf7ab49b4459e81ab2b82d9668b3d7cb76372f4) >--- > source4/rpc_server/dcesrv_auth.c | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > >diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c >index c891cc6..38189cd 100644 >--- a/source4/rpc_server/dcesrv_auth.c >+++ b/source4/rpc_server/dcesrv_auth.c >@@ -385,7 +385,7 @@ bool dcesrv_auth_response(struct dcesrv_call_state *call, > DATA_BLOB creds2; > > /* non-signed packets are simple */ >- if (sig_size == 0) { >+ if (dce_conn->auth_state.auth_info == NULL) { > status = ncacn_push_auth(blob, call, pkt, NULL); > return NT_STATUS_IS_OK(status); > } >@@ -393,6 +393,10 @@ bool dcesrv_auth_response(struct dcesrv_call_state *call, > switch (dce_conn->auth_state.auth_info->auth_level) { > case DCERPC_AUTH_LEVEL_PRIVACY: > case DCERPC_AUTH_LEVEL_INTEGRITY: >+ if (sig_size == 0) { >+ return false; >+ } >+ > break; > > case DCERPC_AUTH_LEVEL_CONNECT: >-- >1.9.1 > > >From f2ad182419338ffb7d67aee54d58096331749089 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Sat, 20 Jun 2015 17:49:02 +0200 >Subject: [PATCH 15/17] s4:rpc_server: fix padding caclucation in > dcesrv_auth_response() > >This is simplified by using DCERPC_AUTH_PAD_LENGTH() and changes the behaviour >so that we will use no padding if the stub_length is already aligned >to DCERPC_AUTH_PAD_ALIGNMENT (16 bytes). > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit 69c1b4b7c10dd5fd9cacaa3a76c47bc854ee3fed) >--- > source4/rpc_server/dcesrv_auth.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c >index 38189cd..575ba70 100644 >--- a/source4/rpc_server/dcesrv_auth.c >+++ b/source4/rpc_server/dcesrv_auth.c >@@ -435,7 +435,7 @@ bool dcesrv_auth_response(struct dcesrv_call_state *call, > whole packet, whereas w2k8 wants it relative to the start > of the stub */ > dce_conn->auth_state.auth_info->auth_pad_length = >- (16 - (pkt->u.response.stub_and_verifier.length & 15)) & 15; >+ DCERPC_AUTH_PAD_LENGTH(pkt->u.response.stub_and_verifier.length); > ndr_err = ndr_push_zero(ndr, > dce_conn->auth_state.auth_info->auth_pad_length); > if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { >-- >1.9.1 > > >From 9e51ec80ebbebd1a0d00dcf705259c2c195995d0 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Fri, 19 Jun 2015 00:35:29 +0200 >Subject: [PATCH 16/17] s4:selftest: run rpc.echo tests also with krb5 > krb5,sign krb5,seal > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >(cherry picked from commit 5b917fd6226952a1f792d1ad921d2ae54ab6ab42) >--- > source4/selftest/tests.py | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >index 9c7a41c..b4210a9 100755 >--- a/source4/selftest/tests.py >+++ b/source4/selftest/tests.py >@@ -185,7 +185,7 @@ for env in ["dc", "fl2000dc", "fl2003dc", "fl2008r2dc", "plugin_s4_dc"]: > plansmbtorture4testsuite('rpc.echo', env, ["%s:$SERVER[]" % (transport,), '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.echo on %s" % (transport, )) > > # Echo tests test bulk Kerberos encryption of DCE/RPC >- for bindoptions in ["connect", "spnego", "spnego,sign", "spnego,seal"] + validate_list + ["padcheck", "bigendian", "bigendian,seal"]: >+ for bindoptions in ["connect", "krb5", "krb5,sign", "krb5,seal", "spnego", "spnego,sign", "spnego,seal"] + validate_list + ["padcheck", "bigendian", "bigendian,seal"]: > echooptions = "--option=socket:testnonblock=True --option=torture:quick=yes -k yes" > plansmbtorture4testsuite('rpc.echo', env, ["%s:$SERVER[%s]" % (transport, bindoptions), echooptions, '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.echo on %s with %s and %s" % (transport, bindoptions, echooptions)) > plansmbtorture4testsuite("net.api.become.dc", env, '$SERVER[%s] -U$USERNAME%%$PASSWORD -W$DOMAIN' % validate) >-- >1.9.1 > > >From 487d1293f33ce7ad1194941f2d083e3deecd66ef Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Tue, 23 Jun 2015 10:27:27 +0200 >Subject: [PATCH 17/17] s4:selftest: also run rpc.winreg with kerberos and all > possible auth options > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> > >Autobuild-User(master): Stefan Metzmacher <metze@samba.org> >Autobuild-Date(master): Tue Jun 23 17:31:08 CEST 2015 on sn-devel-104 > >(cherry picked from commit 6dd117b21ef06da68af67051f2822f71193d193a) >--- > source4/selftest/tests.py | 7 +++++++ > 1 file changed, 7 insertions(+) > >diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >index b4210a9..08b59a1 100755 >--- a/source4/selftest/tests.py >+++ b/source4/selftest/tests.py >@@ -181,6 +181,13 @@ for env in ["dc", "fl2000dc", "fl2003dc", "fl2008r2dc", "plugin_s4_dc"]: > plansmbtorture4testsuite('rpc.lsa.secrets', env, ["%s:$SERVER[]" % (transport, ), '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', "--option=clientusespnegoprincipal=yes", '--option=gensec:target_hostname=$NETBIOSNAME'], "samba4.rpc.lsa.secrets on %s with Kerberos - use target principal" % (transport,)) > plansmbtorture4testsuite('rpc.lsa.secrets.none*', env, ["%s:$SERVER" % transport, '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', "--option=gensec:fake_gssapi_krb5=yes", '--option=gensec:gssapi_krb5=no', '--option=gensec:target_hostname=$NETBIOSNAME'], "samba4.rpc.lsa.secrets on %s with Kerberos - use Samba3 style login" % transport) > plansmbtorture4testsuite('rpc.lsa.secrets.none*', env, ["%s:$SERVER" % transport, '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN', "--option=clientusespnegoprincipal=yes", '--option=gensec:fake_gssapi_krb5=yes', '--option=gensec:gssapi_krb5=no', '--option=gensec:target_hostname=$NETBIOSNAME'], "samba4.rpc.lsa.secrets on %s with Kerberos - use Samba3 style login, use target principal" % transport) >+ >+ # Winreg tests test bulk Kerberos encryption of DCE/RPC >+ # We test rpc.winreg here too, because the winreg interface if >+ # handled by the source3/rpc_server code. >+ for bindoptions in ["connect", "krb5", "krb5,sign", "krb5,seal", "spnego", "spnego,sign", "spnego,seal"]: >+ plansmbtorture4testsuite('rpc.winreg', env, ["%s:$SERVER[%s]" % (transport, bindoptions), '-k', 'yes', '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.winreg on %s with %s" % (transport, bindoptions)) >+ > for transport in transports: > plansmbtorture4testsuite('rpc.echo', env, ["%s:$SERVER[]" % (transport,), '-U$USERNAME%$PASSWORD', '--workgroup=$DOMAIN'], "samba4.rpc.echo on %s" % (transport, )) > >-- >1.9.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=11213">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
metze
:
review?
(
abartlet
)
asn
:
review+
jra
:
review+
Actions:
View
Attachments on
bug 11061
:
10637
|
10981
|
10982
|
10999
|
11000
|
11001
|
11008
|
11009
|
11120
|
11162
|
11184
|
11212
| 11213