From 3ae8ac34048cc6302d4f6476b0681fb2105bd03a Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 13 Nov 2020 11:25:41 +0100 Subject: [PATCH 1/7] CVE-2021-23192: dcesrv_core: add better debugging to dcesrv_fault_disconnect() It's better to see the location that triggered the fault. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875 Signed-off-by: Stefan Metzmacher Reviewed-by: Samuel Cabrero --- librpc/rpc/dcesrv_core.c | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) diff --git a/librpc/rpc/dcesrv_core.c b/librpc/rpc/dcesrv_core.c index 6a2e0c25e7f..289f734ea00 100644 --- a/librpc/rpc/dcesrv_core.c +++ b/librpc/rpc/dcesrv_core.c @@ -719,19 +719,38 @@ static NTSTATUS dcesrv_bind_nak(struct dcesrv_call_state *call, uint32_t reason) return NT_STATUS_OK; } -static NTSTATUS dcesrv_fault_disconnect(struct dcesrv_call_state *call, - uint32_t fault_code) +static NTSTATUS _dcesrv_fault_disconnect_flags(struct dcesrv_call_state *call, + uint32_t fault_code, + uint8_t extra_flags, + const char *func, + const char *location) { + const char *reason = NULL; + + reason = talloc_asprintf(call, "%s:%s: fault=%u (%s) flags=0x%x", + func, location, + fault_code, + dcerpc_errstr(call, fault_code), + extra_flags); + if (reason == NULL) { + reason = location; + } + /* * We add the call to the pending_call_list * in order to defer the termination. */ - dcesrv_call_disconnect_after(call, "dcesrv_fault_disconnect"); - return dcesrv_fault_with_flags(call, fault_code, - DCERPC_PFC_FLAG_DID_NOT_EXECUTE); + dcesrv_call_disconnect_after(call, reason); + + return dcesrv_fault_with_flags(call, fault_code, extra_flags); } +#define dcesrv_fault_disconnect(call, fault_code) \ + _dcesrv_fault_disconnect_flags(call, fault_code, \ + DCERPC_PFC_FLAG_DID_NOT_EXECUTE, \ + __func__, __location__) + static int dcesrv_connection_context_destructor(struct dcesrv_connection_context *c) { DLIST_REMOVE(c->conn->contexts, c); -- 2.25.1 From 94bf25ae4fb29ea9eb3cb1cebff6efaf813b8f69 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 13 Nov 2020 11:27:19 +0100 Subject: [PATCH 2/7] CVE-2021-23192: dcesrv_core: add dcesrv_fault_disconnect0() that skips DCERPC_PFC_FLAG_DID_NOT_EXECUTE That makes the callers much simpler and allow better debugging. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875 Signed-off-by: Stefan Metzmacher Reviewed-by: Samuel Cabrero --- librpc/rpc/dcesrv_core.c | 47 ++++++++++++++-------------------------- 1 file changed, 16 insertions(+), 31 deletions(-) diff --git a/librpc/rpc/dcesrv_core.c b/librpc/rpc/dcesrv_core.c index 289f734ea00..07e14567c84 100644 --- a/librpc/rpc/dcesrv_core.c +++ b/librpc/rpc/dcesrv_core.c @@ -750,6 +750,9 @@ static NTSTATUS _dcesrv_fault_disconnect_flags(struct dcesrv_call_state *call, _dcesrv_fault_disconnect_flags(call, fault_code, \ DCERPC_PFC_FLAG_DID_NOT_EXECUTE, \ __func__, __location__) +#define dcesrv_fault_disconnect0(call, fault_code) \ + _dcesrv_fault_disconnect_flags(call, fault_code, 0, \ + __func__, __location__) static int dcesrv_connection_context_destructor(struct dcesrv_connection_context *c) { @@ -2110,10 +2113,7 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, * Note that we don't check against the negotiated * max_recv_frag, but a hard coded value. */ - dcesrv_call_disconnect_after(call, - "dcesrv_auth_request - frag_length too large"); - return dcesrv_fault(call, - DCERPC_NCA_S_PROTO_ERROR); + return dcesrv_fault_disconnect0(call, DCERPC_NCA_S_PROTO_ERROR); } if (call->pkt.pfc_flags & DCERPC_PFC_FLAG_FIRST) { @@ -2123,10 +2123,7 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, * if DCERPC_PFC_FLAG_CONC_MPX was negotiated. */ if (!(dce_conn->state_flags & DCESRV_CALL_STATE_FLAG_MULTIPLEXED)) { - dcesrv_call_disconnect_after(call, - "dcesrv_auth_request - " - "existing pending call without CONN_MPX"); - return dcesrv_fault(call, + return dcesrv_fault_disconnect0(call, DCERPC_NCA_S_PROTO_ERROR); } } @@ -2144,10 +2141,7 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, TALLOC_FREE(call); call = dce_conn->incoming_fragmented_call_list; } - dcesrv_call_disconnect_after(call, - "dcesrv_auth_request - " - "existing fragmented call"); - return dcesrv_fault(call, + return dcesrv_fault_disconnect0(call, DCERPC_NCA_S_PROTO_ERROR); } if (call->pkt.pfc_flags & DCERPC_PFC_FLAG_PENDING_CANCEL) { @@ -2168,10 +2162,7 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, existing = dcesrv_find_fragmented_call(dce_conn, call->pkt.call_id); if (existing == NULL) { - dcesrv_call_disconnect_after(call, - "dcesrv_auth_request - " - "no existing fragmented call"); - return dcesrv_fault(call, + return dcesrv_fault_disconnect0(call, DCERPC_NCA_S_PROTO_ERROR); } er = &existing->pkt.u.request; @@ -2224,12 +2215,10 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, * here, because we don't want to set * DCERPC_PFC_FLAG_DID_NOT_EXECUTE */ - dcesrv_call_disconnect_after(call, - "dcesrv_auth_request - failed"); if (call->fault_code == 0) { call->fault_code = DCERPC_FAULT_ACCESS_DENIED; } - return dcesrv_fault(call, call->fault_code); + return dcesrv_fault_disconnect0(call, call->fault_code); } } @@ -2246,20 +2235,17 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, */ available = dce_conn->max_total_request_size; if (er->stub_and_verifier.length > available) { - dcesrv_call_disconnect_after(existing, - "dcesrv_auth_request - existing payload too large"); - return dcesrv_fault(existing, DCERPC_FAULT_ACCESS_DENIED); + return dcesrv_fault_disconnect0(existing, + DCERPC_FAULT_ACCESS_DENIED); } available -= er->stub_and_verifier.length; if (nr->alloc_hint > available) { - dcesrv_call_disconnect_after(existing, - "dcesrv_auth_request - alloc hint too large"); - return dcesrv_fault(existing, DCERPC_FAULT_ACCESS_DENIED); + return dcesrv_fault_disconnect0(existing, + DCERPC_FAULT_ACCESS_DENIED); } if (nr->stub_and_verifier.length > available) { - dcesrv_call_disconnect_after(existing, - "dcesrv_auth_request - new payload too large"); - return dcesrv_fault(existing, DCERPC_FAULT_ACCESS_DENIED); + return dcesrv_fault_disconnect0(existing, + DCERPC_FAULT_ACCESS_DENIED); } alloc_hint = er->stub_and_verifier.length + nr->alloc_hint; /* allocate at least 1 byte */ @@ -2298,9 +2284,8 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, * Up to 4 MByte are allowed by all fragments */ if (call->pkt.u.request.alloc_hint > dce_conn->max_total_request_size) { - dcesrv_call_disconnect_after(call, - "dcesrv_auth_request - initial alloc hint too large"); - return dcesrv_fault(call, DCERPC_FAULT_ACCESS_DENIED); + return dcesrv_fault_disconnect0(call, + DCERPC_FAULT_ACCESS_DENIED); } dcesrv_call_set_list(call, DCESRV_LIST_FRAGMENTED_CALL_LIST); return NT_STATUS_OK; -- 2.25.1 From 4cdcbaa200b210c49863c28a062ad2d8538b3256 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 11 Nov 2020 16:59:06 +0100 Subject: [PATCH 3/7] CVE-2021-23192: python/tests/dcerpc: change assertNotEquals() into assertNotEqual() BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875 Signed-off-by: Stefan Metzmacher Reviewed-by: Samuel Cabrero --- python/samba/tests/dcerpc/raw_protocol.py | 288 +++++++++++----------- python/samba/tests/dcerpc/raw_testcase.py | 14 +- 2 files changed, 151 insertions(+), 151 deletions(-) diff --git a/python/samba/tests/dcerpc/raw_protocol.py b/python/samba/tests/dcerpc/raw_protocol.py index dc13d41c6a2..cbd398d5290 100755 --- a/python/samba/tests/dcerpc/raw_protocol.py +++ b/python/samba/tests/dcerpc/raw_protocol.py @@ -65,7 +65,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=rep_pfc_flags, auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -86,7 +86,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -108,7 +108,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -128,7 +128,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=rep_pfc_flags, auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 0) self.assertEqual(rep.u.secondary_address, "") self.assertPadding(rep.u._pad1, 2) @@ -149,7 +149,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -396,7 +396,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -469,7 +469,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -489,7 +489,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -521,7 +521,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -541,7 +541,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 0) self.assertPadding(rep.u._pad1, 2) self.assertEqual(rep.u.num_results, 1) @@ -562,7 +562,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, ctx1.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -589,7 +589,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -609,7 +609,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 0) self.assertPadding(rep.u._pad1, 2) self.assertEqual(rep.u.num_results, 1) @@ -630,7 +630,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -646,7 +646,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 0) self.assertPadding(rep.u._pad1, 2) self.assertEqual(rep.u.num_results, 1) @@ -705,7 +705,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -732,7 +732,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -765,7 +765,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -794,7 +794,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -826,7 +826,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -855,7 +855,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 0) self.assertPadding(rep.u._pad1, 2) self.assertEqual(rep.u.num_results, 1) @@ -876,7 +876,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, ctx1a.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -902,7 +902,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -928,7 +928,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 0) self.assertPadding(rep.u._pad1, 2) self.assertEqual(rep.u.num_results, 1) @@ -947,7 +947,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -966,7 +966,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 0) self.assertPadding(rep.u._pad1, 2) self.assertEqual(rep.u.num_results, 1) @@ -985,7 +985,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -1004,7 +1004,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 0) self.assertPadding(rep.u._pad1, 2) self.assertEqual(rep.u.num_results, 1) @@ -1023,7 +1023,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -1049,7 +1049,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 0) self.assertPadding(rep.u._pad1, 2) self.assertEqual(rep.u.num_results, 2) @@ -1073,7 +1073,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -1085,7 +1085,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 0) self.assertPadding(rep.u._pad1, 2) self.assertEqual(rep.u.num_results, 2) @@ -1109,7 +1109,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -1122,7 +1122,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -1134,7 +1134,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 0) self.assertPadding(rep.u._pad1, 2) self.assertEqual(rep.u.num_results, 2) @@ -1158,7 +1158,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -1171,7 +1171,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -1197,7 +1197,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 0) self.assertPadding(rep.u._pad1, 2) self.assertEqual(rep.u.num_results, 2) @@ -1221,7 +1221,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -1233,7 +1233,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 0) self.assertPadding(rep.u._pad1, 2) self.assertEqual(rep.u.num_results, 2) @@ -1257,7 +1257,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -1282,7 +1282,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -1318,7 +1318,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -1352,7 +1352,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -1424,7 +1424,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -1459,7 +1459,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -1494,7 +1494,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -1617,7 +1617,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -1638,7 +1638,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -1658,7 +1658,7 @@ class TestDCERPC_BIND(RawDCERPCTest): # We get a fault back self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -1708,7 +1708,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, rep_both) self.assertEqual(rep.u.max_recv_frag, rep_both) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -1760,7 +1760,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu(ndr_print=True, hexdump=True) self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -1775,7 +1775,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -1791,7 +1791,7 @@ class TestDCERPC_BIND(RawDCERPCTest): # We get a fault self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -1866,7 +1866,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -1888,7 +1888,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -1902,7 +1902,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -1916,7 +1916,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -1994,7 +1994,7 @@ class TestDCERPC_BIND(RawDCERPCTest): # We get a fault back self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -2014,7 +2014,7 @@ class TestDCERPC_BIND(RawDCERPCTest): # We get a fault back self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -2036,7 +2036,7 @@ class TestDCERPC_BIND(RawDCERPCTest): # We get a fault back self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -2052,7 +2052,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -2098,7 +2098,7 @@ class TestDCERPC_BIND(RawDCERPCTest): # We get a fault back self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -2128,7 +2128,7 @@ class TestDCERPC_BIND(RawDCERPCTest): # We get a fault back self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -2195,7 +2195,7 @@ class TestDCERPC_BIND(RawDCERPCTest): dcerpc.DCERPC_PFC_FLAG_LAST | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -2243,7 +2243,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -2277,7 +2277,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -2313,7 +2313,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST | dcerpc.DCERPC_PFC_FLAG_LAST, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -2341,7 +2341,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -2376,7 +2376,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -2390,7 +2390,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -2415,7 +2415,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -2450,7 +2450,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -2464,7 +2464,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -2503,7 +2503,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -2517,7 +2517,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -2552,7 +2552,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req1.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req1.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -2600,7 +2600,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req2.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -2650,7 +2650,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -2660,7 +2660,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -2691,7 +2691,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -2707,7 +2707,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -2727,7 +2727,7 @@ class TestDCERPC_BIND(RawDCERPCTest): # We don't get an auth_info back self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -2747,7 +2747,7 @@ class TestDCERPC_BIND(RawDCERPCTest): # We get a fault back self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -2805,7 +2805,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -2815,7 +2815,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -2846,7 +2846,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -2868,7 +2868,7 @@ class TestDCERPC_BIND(RawDCERPCTest): # We get a fault back self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -2926,7 +2926,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) assoc_group_id = rep.u.assoc_group_id self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) @@ -2937,7 +2937,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -2961,7 +2961,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -3009,7 +3009,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -3019,7 +3019,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -3047,7 +3047,7 @@ class TestDCERPC_BIND(RawDCERPCTest): # We get a fault back self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -3098,7 +3098,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -3108,7 +3108,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -3137,7 +3137,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -3153,7 +3153,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -3173,7 +3173,7 @@ class TestDCERPC_BIND(RawDCERPCTest): # We don't get an auth_info back self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -3205,7 +3205,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -3256,7 +3256,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -3266,7 +3266,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -3295,7 +3295,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -3311,7 +3311,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -3331,7 +3331,7 @@ class TestDCERPC_BIND(RawDCERPCTest): # We don't get an auth_info back self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -3362,7 +3362,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -3409,7 +3409,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -3419,7 +3419,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -3440,7 +3440,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -3493,7 +3493,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -3503,7 +3503,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -3524,7 +3524,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -3579,7 +3579,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -3589,7 +3589,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -3611,7 +3611,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -3659,7 +3659,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -3669,7 +3669,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -3691,7 +3691,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -3746,7 +3746,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -3756,7 +3756,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -3778,7 +3778,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -3833,7 +3833,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -3843,7 +3843,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -3865,7 +3865,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -3930,7 +3930,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -3940,7 +3940,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -3984,7 +3984,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -4000,7 +4000,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -4020,7 +4020,7 @@ class TestDCERPC_BIND(RawDCERPCTest): # We don't get an auth_info back self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -4144,7 +4144,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -4154,7 +4154,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -4191,7 +4191,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -4256,7 +4256,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -4266,7 +4266,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -4295,7 +4295,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -4315,7 +4315,7 @@ class TestDCERPC_BIND(RawDCERPCTest): # We don't get an auth_info back self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -4375,7 +4375,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -4385,7 +4385,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -4406,7 +4406,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -4521,7 +4521,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, pfc_flags=req.pfc_flags | response_fault_flags, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, ctx1.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -4688,7 +4688,7 @@ class TestDCERPC_BIND(RawDCERPCTest): (rep, rep_blob) = self.recv_pdu_raw() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=sig_size) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -4756,7 +4756,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, ctx1.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -4805,7 +4805,7 @@ class TestDCERPC_BIND(RawDCERPCTest): (rep, rep_blob) = self.recv_pdu_raw() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=sig_size) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -4870,7 +4870,7 @@ class TestDCERPC_BIND(RawDCERPCTest): (rep, rep_blob) = self.recv_pdu_raw() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=sig_size) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) diff --git a/python/samba/tests/dcerpc/raw_testcase.py b/python/samba/tests/dcerpc/raw_testcase.py index f1c097ebe6d..ed77d329cd5 100644 --- a/python/samba/tests/dcerpc/raw_testcase.py +++ b/python/samba/tests/dcerpc/raw_testcase.py @@ -321,7 +321,7 @@ class RawDCERPCTest(TestCase): pfc_flags=req.pfc_flags | samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -361,7 +361,7 @@ class RawDCERPCTest(TestCase): if assoc_group_id != 0: self.assertEqual(rep.u.assoc_group_id, assoc_group_id) else: - self.assertNotEquals(rep.u.assoc_group_id, 0) + self.assertNotEqual(rep.u.assoc_group_id, 0) assoc_group_id = rep.u.assoc_group_id sda_str = self.secondary_address sda_len = len(sda_str) + 1 @@ -385,7 +385,7 @@ class RawDCERPCTest(TestCase): self.assertEqual(rep.auth_length, 0) self.assertEqual(len(rep.u.auth_info), 0) return ack - self.assertNotEquals(rep.auth_length, 0) + self.assertNotEqual(rep.auth_length, 0) self.assertGreater(len(rep.u.auth_info), samba.dcerpc.dcerpc.DCERPC_AUTH_TRAILER_LENGTH) self.assertEqual(rep.auth_length, len(rep.u.auth_info) - samba.dcerpc.dcerpc.DCERPC_AUTH_TRAILER_LENGTH) @@ -426,7 +426,7 @@ class RawDCERPCTest(TestCase): pfc_flags=req.pfc_flags | samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -451,7 +451,7 @@ class RawDCERPCTest(TestCase): if finished: self.assertEqual(rep.auth_length, 0) else: - self.assertNotEquals(rep.auth_length, 0) + self.assertNotEqual(rep.auth_length, 0) self.assertGreaterEqual(len(rep.u.auth_info), samba.dcerpc.dcerpc.DCERPC_AUTH_TRAILER_LENGTH) self.assertEqual(rep.auth_length, len(rep.u.auth_info) - samba.dcerpc.dcerpc.DCERPC_AUTH_TRAILER_LENGTH) @@ -547,7 +547,7 @@ class RawDCERPCTest(TestCase): if fault_status: self.verify_pdu(rep, samba.dcerpc.dcerpc.DCERPC_PKT_FAULT, req.call_id, pfc_flags=fault_pfc_flags, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, fault_context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -563,7 +563,7 @@ class RawDCERPCTest(TestCase): self.verify_pdu(rep, samba.dcerpc.dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=expected_auth_length) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) -- 2.25.1 From cf872aa0400386233e0182e309b66ea0e29ffb2a Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 17 Nov 2020 09:50:58 +0100 Subject: [PATCH 4/7] CVE-2021-23192: python/tests/dcerpc: let generate_request_auth() use g_auth_level in all places BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875 Signed-off-by: Stefan Metzmacher Reviewed-by: Samuel Cabrero --- python/samba/tests/dcerpc/raw_testcase.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/python/samba/tests/dcerpc/raw_testcase.py b/python/samba/tests/dcerpc/raw_testcase.py index ed77d329cd5..53f7fa0a2a8 100644 --- a/python/samba/tests/dcerpc/raw_testcase.py +++ b/python/samba/tests/dcerpc/raw_testcase.py @@ -922,12 +922,12 @@ class RawDCERPCTest(TestCase): req_data = req_blob[ofs_stub:ofs_trailer] req_whole = req_blob[0:ofs_sig] - if auth_context["auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_PRIVACY: + if auth_context["g_auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_PRIVACY: # TODO: not yet supported here self.assertTrue(False) - elif auth_context["auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_PACKET: + elif auth_context["g_auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_PACKET: req_sig = auth_context["gensec"].sign_packet(req_data, req_whole) - elif auth_context["auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_CONNECT: + elif auth_context["g_auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_CONNECT: self.assertEqual(auth_context["auth_type"], dcerpc.DCERPC_AUTH_TYPE_NTLMSSP) req_sig = b"\x01" +b"\x00" *15 -- 2.25.1 From f00e69c1463d2ddbfe2a19523d9b2b08a2a839f1 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 17 Nov 2020 17:43:06 +0100 Subject: [PATCH 5/7] CVE-2021-23192: python/tests/dcerpc: fix do_single_request(send_req=False) BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875 Signed-off-by: Stefan Metzmacher Reviewed-by: Samuel Cabrero --- python/samba/tests/dcerpc/raw_testcase.py | 37 ++++++++++++----------- 1 file changed, 20 insertions(+), 17 deletions(-) diff --git a/python/samba/tests/dcerpc/raw_testcase.py b/python/samba/tests/dcerpc/raw_testcase.py index 53f7fa0a2a8..22b56704fa3 100644 --- a/python/samba/tests/dcerpc/raw_testcase.py +++ b/python/samba/tests/dcerpc/raw_testcase.py @@ -526,26 +526,25 @@ class RawDCERPCTest(TestCase): if hexdump: sys.stderr.write("stub_in: %d\n%s" % (len(stub_in), self.hexdump(stub_in))) - pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST - pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST - if object is not None: - pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_OBJECT_UUID - - req = self.generate_request_auth(call_id=call_id, - context_id=ctx.context_id, - pfc_flags=pfc_flags, - object=object, - opnum=io.opnum(), - stub=stub_in, - auth_context=auth_context) - if send_req: + pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST + pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST + if object is not None: + pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_OBJECT_UUID + + req = self.generate_request_auth(call_id=call_id, + context_id=ctx.context_id, + pfc_flags=pfc_flags, + object=object, + opnum=io.opnum(), + stub=stub_in, + auth_context=auth_context) self.send_pdu(req, ndr_print=ndr_print, hexdump=hexdump) if recv_rep: (rep, rep_blob) = self.recv_pdu_raw(timeout=timeout, ndr_print=ndr_print, hexdump=hexdump) if fault_status: - self.verify_pdu(rep, samba.dcerpc.dcerpc.DCERPC_PKT_FAULT, req.call_id, + self.verify_pdu(rep, samba.dcerpc.dcerpc.DCERPC_PKT_FAULT, call_id, pfc_flags=fault_pfc_flags, auth_length=0) self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, fault_context_id) @@ -559,12 +558,16 @@ class RawDCERPCTest(TestCase): expected_auth_length = 0 if auth_context is not None and \ auth_context["auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_PACKET: - expected_auth_length = req.auth_length + if send_req: + expected_auth_length = req.auth_length + else: + expected_auth_length = rep.auth_length + - self.verify_pdu(rep, samba.dcerpc.dcerpc.DCERPC_PKT_RESPONSE, req.call_id, + self.verify_pdu(rep, samba.dcerpc.dcerpc.DCERPC_PKT_RESPONSE, call_id, auth_length=expected_auth_length) self.assertNotEqual(rep.u.alloc_hint, 0) - self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) + self.assertEqual(rep.u.context_id, ctx.context_id & 0xff) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) stub_out = self.check_response_auth(rep, rep_blob, auth_context) -- 2.25.1 From 33455f468701f7be5b6b82697b77c92073dd215e Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 17 Nov 2020 18:14:46 +0100 Subject: [PATCH 6/7] CVE-2021-23192: python/tests/dcerpc: add tests to check how security contexts relate to fragmented requests BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875 Signed-off-by: Stefan Metzmacher Reviewed-by: Samuel Cabrero --- python/samba/tests/dcerpc/raw_protocol.py | 1273 +++++++++++++++++++++ selftest/knownfail.d/dcerpc-auth-fraq | 20 + 2 files changed, 1293 insertions(+) create mode 100644 selftest/knownfail.d/dcerpc-auth-fraq diff --git a/python/samba/tests/dcerpc/raw_protocol.py b/python/samba/tests/dcerpc/raw_protocol.py index cbd398d5290..3c9d0b136a5 100755 --- a/python/samba/tests/dcerpc/raw_protocol.py +++ b/python/samba/tests/dcerpc/raw_protocol.py @@ -1683,6 +1683,1279 @@ class TestDCERPC_BIND(RawDCERPCTest): def test_auth_none_packet_request(self): return self._test_auth_none_level_request(dcerpc.DCERPC_AUTH_LEVEL_PACKET) + def test_ntlmssp_multi_auth_first1_lastSame2(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_FAULT_SEC_PKG_ERROR + auth_context_2nd = 2 + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = False + forced_call_id = None + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_last(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_first1_lastNext2(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = 2 + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = False + forced_call_id = 4 + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_last(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_first1_lastSame111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = None + auth_context_2nd = 1 + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = False + forced_call_id = None + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = 111 + forced_auth_type = 111 + forced_auth_level = 111 + return self._test_generic_auth_first_last(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_first1_lastNext111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = 1 + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = False + forced_call_id = 4 + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = 111 + forced_auth_type = 111 + forced_auth_level = 111 + return self._test_generic_auth_first_last(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_MPX_first1_lastNext111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = 1 + expected_call_id = 4 + expected_context_id = 0 + not_executed = False + conc_mpx = True + forced_call_id = 4 + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = 111 + forced_auth_type = 111 + forced_auth_level = 111 + return self._test_generic_auth_first_last(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_first1_lastSameNone(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = None + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = False + forced_call_id = None + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_last(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_MPX_first1_lastSameNone(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = None + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = True + forced_call_id = None + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_last(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_first1_lastNextNone(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = None + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = False + forced_call_id = 4 + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_last(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_MPX_first1_lastNextNone(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = None + expected_call_id = 4 + expected_context_id = 0 + not_executed = False + conc_mpx = True + forced_call_id = 4 + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_last(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_first1_lastSameNone111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = None + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = False + forced_call_id = None + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_last(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_MPX_first1_lastSameNone111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = None + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = True + forced_call_id = None + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_last(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_first1_lastNextNone111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = None + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = False + forced_call_id = 4 + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_last(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_MPX_first1_lastNextNone111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = None + expected_call_id = 4 + expected_context_id = 0 + not_executed = False + conc_mpx = True + forced_call_id = 4 + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_last(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def _test_generic_auth_first_2nd(self, + auth_type, + pfc_flags_2nd, + expected_fault, + auth_context_2nd=2, + skip_first=False, + expected_call_id=None, + expected_context_id=None, + conc_mpx=False, + not_executed=False, + forced_call_id=None, + forced_context_id=None, + forced_opnum=None, + forced_auth_context_id=None, + forced_auth_type=None, + forced_auth_level=None): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + auth_level1 = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY + auth_context_id1=1 + auth_level2 = dcerpc.DCERPC_AUTH_LEVEL_PACKET + auth_context_id2=2 + + creds = self.get_user_creds() + + abstract = samba.dcerpc.mgmt.abstract_syntax() + transfer = base.transfer_syntax_ndr() + + tsf1_list = [transfer] + ctx = samba.dcerpc.dcerpc.ctx_list() + ctx.context_id = 1 + ctx.num_transfer_syntaxes = len(tsf1_list) + ctx.abstract_syntax = abstract + ctx.transfer_syntaxes = tsf1_list + + auth_context1 = self.get_auth_context_creds(creds=creds, + auth_type=auth_type, + auth_level=auth_level1, + auth_context_id=auth_context_id1, + hdr_signing=False) + auth_context2 = self.get_auth_context_creds(creds=creds, + auth_type=auth_type, + auth_level=auth_level2, + auth_context_id=auth_context_id2, + hdr_signing=False) + + bind_pfc_flags = dcerpc.DCERPC_PFC_FLAG_FIRST | dcerpc.DCERPC_PFC_FLAG_LAST + if conc_mpx: + bind_pfc_flags |= dcerpc.DCERPC_PFC_FLAG_CONC_MPX + + ack0 = self.do_generic_bind(call_id=0, + ctx=ctx, + pfc_flags=bind_pfc_flags) + + ack1 = self.do_generic_bind(call_id=1, + ctx=ctx, + auth_context=auth_context1, + assoc_group_id = ack0.u.assoc_group_id, + start_with_alter=True) + if auth_context_2nd == 2: + ack2 = self.do_generic_bind(call_id=2, + ctx=ctx, + auth_context=auth_context2, + assoc_group_id = ack0.u.assoc_group_id, + start_with_alter=True) + + ndr_print = self.do_ndr_print + hexdump = self.do_hexdump + inq_if_ids = samba.dcerpc.mgmt.inq_if_ids() + io = inq_if_ids + if ndr_print: + sys.stderr.write("in: %s" % samba.ndr.ndr_print_in(io)) + stub_in = samba.ndr.ndr_pack_in(io) + stub_in += b'\xfe'*45 # add some padding in order to have some payload + if hexdump: + sys.stderr.write("stub_in: %d\n%s" % (len(stub_in), self.hexdump(stub_in))) + + call_id = 3 + context_id = ctx.context_id + opnum = io.opnum() + + if not skip_first: + pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST + stub_in_tmp = stub_in[0:16] + req = self.generate_request_auth(call_id=call_id, + context_id=context_id, + pfc_flags=pfc_flags, + opnum=opnum, + alloc_hint=len(stub_in), + stub=stub_in_tmp, + auth_context=auth_context1) + self.send_pdu(req, ndr_print=ndr_print, hexdump=hexdump) + rep = self.recv_pdu(timeout=0.01) + self.assertIsNone(rep) + self.assertIsConnected() + + # context_id, opnum and auth header values are completely ignored + if auth_context_2nd == 1: + auth_context_copy = auth_context1.copy() + elif auth_context_2nd == 2: + auth_context_copy = auth_context2.copy() + else: + auth_context_copy = None + + expected_pfc_flags = dcerpc.DCERPC_PFC_FLAG_FIRST | dcerpc.DCERPC_PFC_FLAG_LAST + if expected_context_id is None: + expected_context_id = context_id + if expected_call_id is None: + expected_call_id = call_id + if not_executed: + expected_pfc_flags |= dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE + + if forced_call_id is not None: + call_id = forced_call_id + if forced_context_id is not None: + context_id = forced_context_id + if forced_opnum is not None: + opnum = forced_opnum + if forced_auth_context_id is not None: + auth_context_copy["auth_context_id"] = forced_auth_context_id + if forced_auth_type is not None: + auth_context_copy["auth_type"] = forced_auth_type + if forced_auth_level is not None: + auth_context_copy["auth_level"] = forced_auth_level + + pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST + stub_in_tmp = stub_in[16:-1] + req = self.generate_request_auth(call_id=call_id, + context_id=context_id, + pfc_flags=pfc_flags_2nd, + opnum=opnum, + alloc_hint=len(stub_in_tmp), + stub=stub_in_tmp, + auth_context=auth_context_copy) + self.send_pdu(req, ndr_print=ndr_print, hexdump=hexdump) + if expected_fault is None: + self.do_single_request(call_id=3, ctx=ctx, io=io, send_req=False, auth_context=auth_context1) + return + rep = self.recv_pdu() + self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, expected_call_id, + pfc_flags=expected_pfc_flags, + auth_length=0) + self.assertNotEqual(rep.u.alloc_hint, 0) + self.assertEqual(rep.u.context_id, expected_context_id) + self.assertEqual(rep.u.cancel_count, 0) + self.assertEqual(rep.u.flags, 0) + self.assertEqual(rep.u.status, expected_fault) + self.assertEqual(rep.u.reserved, 0) + self.assertEqual(len(rep.u.error_and_verifier), 0) + + if not_executed: + # still alive + rep = self.recv_pdu(timeout=0.01) + self.assertIsNone(rep) + self.assertIsConnected() + return + + # wait for a disconnect + rep = self.recv_pdu() + self.assertIsNone(rep) + self.assertNotConnected() + + def _test_generic_auth_first_last(self, + auth_type, + expected_fault, + auth_context_2nd=2, + expected_call_id=None, + expected_context_id=None, + conc_mpx=False, + not_executed=False, + forced_call_id=None, + forced_context_id=None, + forced_opnum=None, + forced_auth_context_id=None, + forced_auth_type=None, + forced_auth_level=None): + pfc_flags_2nd = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST + return self._test_generic_auth_first_2nd(auth_type, + pfc_flags_2nd, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def _test_generic_auth_first_first(self, + auth_type, + expected_fault, + auth_context_2nd=2, + expected_call_id=None, + expected_context_id=None, + conc_mpx=False, + not_executed=False, + forced_call_id=None, + forced_context_id=None, + forced_opnum=None, + forced_auth_context_id=None, + forced_auth_type=None, + forced_auth_level=None): + pfc_flags_2nd = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST + return self._test_generic_auth_first_2nd(auth_type, + pfc_flags_2nd, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_first1_firstSame2(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_FAULT_SEC_PKG_ERROR + auth_context_2nd = 2 + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = False + forced_call_id = None + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_first(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_first1_firstNext2(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = 2 + expected_call_id = 3 + expected_context_id = None + not_executed = False + conc_mpx = False + forced_call_id = 4 + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_first(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_first1_firstSame111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = 1 + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = False + forced_call_id = None + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = 111 + forced_auth_type = 111 + forced_auth_level = 111 + return self._test_generic_auth_first_first(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_MPX_first1_firstSame111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = 1 + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = True + forced_call_id = None + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = 111 + forced_auth_type = 111 + forced_auth_level = 111 + return self._test_generic_auth_first_first(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_first1_firstNext111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = 1 + expected_call_id = 3 + expected_context_id = None + not_executed = False + conc_mpx = False + forced_call_id = 4 + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = 111 + forced_auth_type = 111 + forced_auth_level = 111 + return self._test_generic_auth_first_first(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_MPX_first1_firstNext111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = 1 + expected_call_id = 4 + expected_context_id = 0 + not_executed = False + conc_mpx = True + forced_call_id = 4 + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = 111 + forced_auth_type = 111 + forced_auth_level = 111 + return self._test_generic_auth_first_first(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_first1_firstSameNone(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = None + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = False + forced_call_id = None + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_first(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_MPX_first1_firstSameNone(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = None + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = True + forced_call_id = None + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_first(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_first1_firstNextNone(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = None + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = False + forced_call_id = 4 + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_first(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_MPX_first1_firstNextNone(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = None + expected_call_id = 4 + expected_context_id = 0 + not_executed = False + conc_mpx = True + forced_call_id = 4 + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_first(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_first1_firstSameNone111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = None + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = False + forced_call_id = None + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_first(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_MPX_first1_firstSameNone111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = None + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = True + forced_call_id = None + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_first(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_first1_firstNextNone111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = None + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = False + forced_call_id = 4 + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_first(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_MPX_first1_firstNextNone111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = None + expected_call_id = 4 + expected_context_id = 0 + not_executed = False + conc_mpx = True + forced_call_id = 4 + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_first(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def _test_generic_auth_middle(self, + auth_type, + expected_fault, + expected_context_id=None, + not_executed=False, + conc_mpx=False, + forced_context_id=None, + forced_opnum=None, + forced_auth_context_id=None, + forced_auth_type=None, + forced_auth_level=None): + auth_context_2nd = 1 + skip_first = True + pfc_flags_2nd = 0 + expected_call_id = None + forced_call_id = None + return self._test_generic_auth_first_2nd(auth_type, + pfc_flags_2nd, + expected_fault, + auth_context_2nd=auth_context_2nd, + skip_first=skip_first, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_auth_middle_alone(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + expected_context_id = 0 + not_executed = False + conc_mpx = False + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_middle(auth_type, + expected_fault, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_auth_MPX_middle_alone(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + expected_context_id = None + not_executed = False + conc_mpx = True + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_middle(auth_type, + expected_fault, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_auth_middle_all_111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + expected_context_id = 0 + not_executed = False + conc_mpx = False + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = 111 + forced_auth_type = 111 + forced_auth_level = 111 + return self._test_generic_auth_middle(auth_type, + expected_fault, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_auth_MPX_middle_all_111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_UNKNOWN_IF + expected_context_id = 0 + not_executed = True + conc_mpx = True + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = 111 + forced_auth_type = 111 + forced_auth_level = 111 + return self._test_generic_auth_middle(auth_type, + expected_fault, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_auth_middle_auth_all_111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + expected_context_id = 0 + not_executed = False + conc_mpx = False + forced_context_id = None + forced_opnum = 111 + forced_auth_context_id = 111 + forced_auth_type = 111 + forced_auth_level = 111 + return self._test_generic_auth_middle(auth_type, + expected_fault, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_auth_MPX_middle_auth_all_111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_FAULT_ACCESS_DENIED + expected_context_id = None + not_executed = False + conc_mpx = True + forced_context_id = None + forced_opnum = 111 + forced_auth_context_id = 111 + forced_auth_type = 111 + forced_auth_level = 111 + return self._test_generic_auth_middle(auth_type, + expected_fault, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_auth_middle_auth_context_111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + expected_context_id = 0 + not_executed = False + conc_mpx = False + forced_context_id = None + forced_opnum = None + forced_auth_context_id = 111 + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_middle(auth_type, + expected_fault, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_auth_MPX_middle_auth_context_111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_FAULT_ACCESS_DENIED + expected_context_id = None + not_executed = False + conc_mpx = True + forced_context_id = None + forced_opnum = None + forced_auth_context_id = 111 + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_middle(auth_type, + expected_fault, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_auth_middle_auth_type_111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + expected_context_id = 0 + not_executed = False + conc_mpx = False + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = 111 + forced_auth_level = None + return self._test_generic_auth_middle(auth_type, + expected_fault, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_auth_MPX_middle_auth_type_111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_FAULT_ACCESS_DENIED + expected_context_id = None + not_executed = False + conc_mpx = True + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = 111 + forced_auth_level = None + return self._test_generic_auth_middle(auth_type, + expected_fault, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_auth_middle_auth_level_111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + expected_context_id = 0 + not_executed = False + conc_mpx = False + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = 111 + return self._test_generic_auth_middle(auth_type, + expected_fault, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_auth_MPX_middle_auth_level_111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_FAULT_ACCESS_DENIED + expected_context_id = None + not_executed = False + conc_mpx = True + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = 111 + return self._test_generic_auth_middle(auth_type, + expected_fault, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + def _test_neg_xmit_check_values(self, req_xmit=None, req_recv=None, diff --git a/selftest/knownfail.d/dcerpc-auth-fraq b/selftest/knownfail.d/dcerpc-auth-fraq new file mode 100644 index 00000000000..f3c62b65e9e --- /dev/null +++ b/selftest/knownfail.d/dcerpc-auth-fraq @@ -0,0 +1,20 @@ +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_all_111 +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_alone +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_all_111 +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_context_111 +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_level_111 +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_type_111 +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_firstSame111 +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_firstSameNone +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_firstSameNone111 +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_lastSameNone +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_lastSameNone111 +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_firstSame2 +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNext111 +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNext2 +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNextNone +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNextNone111 +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSame111 +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSame2 +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSameNone +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSameNone111 -- 2.25.1 From 58eea3ef1240b00b2ab3036f33e1c7d8d1d3f8e7 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 16 Nov 2020 14:15:06 +0100 Subject: [PATCH 7/7] CVE-2021-23192: dcesrv_core: only the first fragment specifies the auth_contexts All other fragments blindly inherit it. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875 Signed-off-by: Stefan Metzmacher Reviewed-by: Samuel Cabrero --- librpc/rpc/dcerpc_pkt_auth.c | 19 +++--- librpc/rpc/dcerpc_pkt_auth.h | 1 + librpc/rpc/dcesrv_auth.c | 28 +++++++++ librpc/rpc/dcesrv_core.c | 86 +++++++++++++++++++++------ selftest/knownfail.d/dcerpc-auth-fraq | 20 ------- source4/librpc/rpc/dcerpc.c | 1 + 6 files changed, 109 insertions(+), 46 deletions(-) delete mode 100644 selftest/knownfail.d/dcerpc-auth-fraq diff --git a/librpc/rpc/dcerpc_pkt_auth.c b/librpc/rpc/dcerpc_pkt_auth.c index 322d7497893..1cb191468b5 100644 --- a/librpc/rpc/dcerpc_pkt_auth.c +++ b/librpc/rpc/dcerpc_pkt_auth.c @@ -39,6 +39,7 @@ NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state, struct gensec_security *gensec, + bool check_pkt_auth_fields, TALLOC_CTX *mem_ctx, enum dcerpc_pkt_type ptype, uint8_t required_flags, @@ -115,16 +116,18 @@ NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state, return NT_STATUS_INTERNAL_ERROR; } - if (auth.auth_type != auth_state->auth_type) { - return NT_STATUS_ACCESS_DENIED; - } + if (check_pkt_auth_fields) { + if (auth.auth_type != auth_state->auth_type) { + return NT_STATUS_ACCESS_DENIED; + } - if (auth.auth_level != auth_state->auth_level) { - return NT_STATUS_ACCESS_DENIED; - } + if (auth.auth_level != auth_state->auth_level) { + return NT_STATUS_ACCESS_DENIED; + } - if (auth.auth_context_id != auth_state->auth_context_id) { - return NT_STATUS_ACCESS_DENIED; + if (auth.auth_context_id != auth_state->auth_context_id) { + return NT_STATUS_ACCESS_DENIED; + } } /* check signature or unseal the packet */ diff --git a/librpc/rpc/dcerpc_pkt_auth.h b/librpc/rpc/dcerpc_pkt_auth.h index c0d23b91c05..1dcee12f53c 100644 --- a/librpc/rpc/dcerpc_pkt_auth.h +++ b/librpc/rpc/dcerpc_pkt_auth.h @@ -31,6 +31,7 @@ NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state, struct gensec_security *gensec, + bool check_pkt_auth_fields, TALLOC_CTX *mem_ctx, enum dcerpc_pkt_type ptype, uint8_t required_flags, diff --git a/librpc/rpc/dcesrv_auth.c b/librpc/rpc/dcesrv_auth.c index 62f69696dad..fec8df513a8 100644 --- a/librpc/rpc/dcesrv_auth.c +++ b/librpc/rpc/dcesrv_auth.c @@ -443,6 +443,10 @@ bool dcesrv_auth_prepare_auth3(struct dcesrv_call_state *call) return false; } + if (auth->auth_invalid) { + return false; + } + /* We can't work without an existing gensec state */ if (auth->gensec_security == NULL) { return false; @@ -529,6 +533,10 @@ bool dcesrv_auth_alter(struct dcesrv_call_state *call) return false; } + if (auth->auth_invalid) { + return false; + } + if (call->in_auth_info.auth_type != auth->auth_type) { return false; } @@ -595,6 +603,7 @@ bool dcesrv_auth_pkt_pull(struct dcesrv_call_state *call, .auth_level = auth->auth_level, .auth_context_id = auth->auth_context_id, }; + bool check_pkt_auth_fields; NTSTATUS status; if (!auth->auth_started) { @@ -610,8 +619,27 @@ bool dcesrv_auth_pkt_pull(struct dcesrv_call_state *call, return false; } + if (call->pkt.pfc_flags & DCERPC_PFC_FLAG_FIRST) { + /* + * The caller most likely checked this + * already, but we better double check. + */ + check_pkt_auth_fields = true; + } else { + /* + * The caller already found first fragment + * and is passing the auth_state of it. + * A server is supposed to use the + * setting of the first fragment and + * completely ignore the values + * on the remaining fragments + */ + check_pkt_auth_fields = false; + } + status = dcerpc_ncacn_pull_pkt_auth(&tmp_auth, auth->gensec_security, + check_pkt_auth_fields, call, pkt->ptype, required_flags, diff --git a/librpc/rpc/dcesrv_core.c b/librpc/rpc/dcesrv_core.c index 07e14567c84..afbb49d4006 100644 --- a/librpc/rpc/dcesrv_core.c +++ b/librpc/rpc/dcesrv_core.c @@ -1818,6 +1818,10 @@ static NTSTATUS dcesrv_request(struct dcesrv_call_state *call) struct ndr_pull *pull; NTSTATUS status; + if (auth->auth_invalid) { + return dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR); + } + if (!auth->auth_finished) { return dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR); } @@ -1981,6 +1985,7 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, enum dcerpc_AuthType auth_type = 0; enum dcerpc_AuthLevel auth_level = 0; uint32_t auth_context_id = 0; + bool auth_invalid = false; call = talloc_zero(dce_conn, struct dcesrv_call_state); if (!call) { @@ -2012,12 +2017,16 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, if (call->auth_state == NULL) { struct dcesrv_auth *a = NULL; + bool check_type_level = true; auth_type = dcerpc_get_auth_type(&blob); auth_level = dcerpc_get_auth_level(&blob); auth_context_id = dcerpc_get_auth_context_id(&blob); if (call->pkt.ptype == DCERPC_PKT_REQUEST) { + if (!(call->pkt.pfc_flags & DCERPC_PFC_FLAG_FIRST)) { + check_type_level = false; + } dce_conn->default_auth_level_connect = NULL; if (auth_level == DCERPC_AUTH_LEVEL_CONNECT) { dce_conn->got_explicit_auth_level_connect = true; @@ -2027,14 +2036,19 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, for (a = dce_conn->auth_states; a != NULL; a = a->next) { num_auth_ctx++; - if (a->auth_type != auth_type) { + if (a->auth_context_id != auth_context_id) { continue; } - if (a->auth_finished && a->auth_level != auth_level) { - continue; + + if (a->auth_type != auth_type) { + auth_invalid = true; } - if (a->auth_context_id != auth_context_id) { - continue; + if (a->auth_level != auth_level) { + auth_invalid = true; + } + + if (check_type_level && auth_invalid) { + a->auth_invalid = true; } DLIST_PROMOTE(dce_conn->auth_states, a); @@ -2061,6 +2075,7 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, /* * This can never be valid. */ + auth_invalid = true; a->auth_invalid = true; } call->auth_state = a; @@ -2129,6 +2144,18 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, } /* only one request is possible in the fragmented list */ if (dce_conn->incoming_fragmented_call_list != NULL) { + call->fault_code = DCERPC_NCA_S_PROTO_ERROR; + + existing = dcesrv_find_fragmented_call(dce_conn, + call->pkt.call_id); + if (existing != NULL && call->auth_state != existing->auth_state) { + call->context = dcesrv_find_context(call->conn, + call->pkt.u.request.context_id); + + if (call->pkt.auth_length != 0 && existing->context == call->context) { + call->fault_code = DCERPC_FAULT_SEC_PKG_ERROR; + } + } if (!(dce_conn->state_flags & DCESRV_CALL_STATE_FLAG_MULTIPLEXED)) { /* * Without DCERPC_PFC_FLAG_CONC_MPX @@ -2138,11 +2165,14 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, * This is important to get the * call_id and context_id right. */ + dce_conn->incoming_fragmented_call_list->fault_code = call->fault_code; TALLOC_FREE(call); call = dce_conn->incoming_fragmented_call_list; } - return dcesrv_fault_disconnect0(call, - DCERPC_NCA_S_PROTO_ERROR); + if (existing != NULL) { + call->context = existing->context; + } + return dcesrv_fault_disconnect0(call, call->fault_code); } if (call->pkt.pfc_flags & DCERPC_PFC_FLAG_PENDING_CANCEL) { return dcesrv_fault_disconnect(call, @@ -2155,17 +2185,43 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, DCERPC_PFC_FLAG_DID_NOT_EXECUTE); } } else { - const struct dcerpc_request *nr = &call->pkt.u.request; - const struct dcerpc_request *er = NULL; int cmp; existing = dcesrv_find_fragmented_call(dce_conn, call->pkt.call_id); if (existing == NULL) { + if (!(dce_conn->state_flags & DCESRV_CALL_STATE_FLAG_MULTIPLEXED)) { + /* + * Without DCERPC_PFC_FLAG_CONC_MPX + * we need to return the FAULT on the + * already existing call. + * + * This is important to get the + * call_id and context_id right. + */ + if (dce_conn->incoming_fragmented_call_list != NULL) { + TALLOC_FREE(call); + call = dce_conn->incoming_fragmented_call_list; + } + return dcesrv_fault_disconnect0(call, + DCERPC_NCA_S_PROTO_ERROR); + } + if (dce_conn->incoming_fragmented_call_list != NULL) { + return dcesrv_fault_disconnect0(call, DCERPC_NCA_S_PROTO_ERROR); + } + call->context = dcesrv_find_context(call->conn, + call->pkt.u.request.context_id); + if (call->context == NULL) { + return dcesrv_fault_with_flags(call, DCERPC_NCA_S_UNKNOWN_IF, + DCERPC_PFC_FLAG_DID_NOT_EXECUTE); + } + if (auth_invalid) { + return dcesrv_fault_disconnect0(call, + DCERPC_FAULT_ACCESS_DENIED); + } return dcesrv_fault_disconnect0(call, DCERPC_NCA_S_PROTO_ERROR); } - er = &existing->pkt.u.request; if (call->pkt.ptype != existing->pkt.ptype) { /* trying to play silly buggers are we? */ @@ -2178,14 +2234,8 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, return dcesrv_fault_disconnect(existing, DCERPC_NCA_S_PROTO_ERROR); } - if (nr->context_id != er->context_id) { - return dcesrv_fault_disconnect(existing, - DCERPC_NCA_S_PROTO_ERROR); - } - if (nr->opnum != er->opnum) { - return dcesrv_fault_disconnect(existing, - DCERPC_NCA_S_PROTO_ERROR); - } + call->auth_state = existing->auth_state; + call->context = existing->context; } } diff --git a/selftest/knownfail.d/dcerpc-auth-fraq b/selftest/knownfail.d/dcerpc-auth-fraq deleted file mode 100644 index f3c62b65e9e..00000000000 --- a/selftest/knownfail.d/dcerpc-auth-fraq +++ /dev/null @@ -1,20 +0,0 @@ -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_all_111 -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_alone -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_all_111 -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_context_111 -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_level_111 -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_type_111 -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_firstSame111 -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_firstSameNone -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_firstSameNone111 -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_lastSameNone -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_lastSameNone111 -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_firstSame2 -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNext111 -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNext2 -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNextNone -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNextNone111 -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSame111 -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSame2 -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSameNone -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSameNone111 diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c index 4847e8a0200..baf6df6e498 100644 --- a/source4/librpc/rpc/dcerpc.c +++ b/source4/librpc/rpc/dcerpc.c @@ -726,6 +726,7 @@ static NTSTATUS ncacn_pull_pkt_auth(struct dcecli_connection *c, status = dcerpc_ncacn_pull_pkt_auth(&tmp_auth, c->security_state.generic_state, + true, /* check_pkt_auth_fields */ mem_ctx, ptype, required_flags, -- 2.25.1