The Samba-Bugzilla – Attachment 16887 Details for
Bug 14875
CVE-2021-23192 [SECURITY] dcerpc requests don't check all fragments against the first auth_state
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for master
CVE-2021-23192-only-master-v1.patch (text/plain), 174.85 KB, created by
Andrew Bartlett
on 2021-10-29 01:38:17 UTC
(
hide
)
Description:
patch for master
Filename:
MIME Type:
Creator:
Andrew Bartlett
Created:
2021-10-29 01:38:17 UTC
Size:
174.85 KB
patch
obsolete
>From 3ae8ac34048cc6302d4f6476b0681fb2105bd03a Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Fri, 13 Nov 2020 11:25:41 +0100 >Subject: [PATCH 1/7] CVE-2021-23192: dcesrv_core: add better debugging to > dcesrv_fault_disconnect() > >It's better to see the location that triggered the fault. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Samuel Cabrero <scabrero@samba.org> >--- > librpc/rpc/dcesrv_core.c | 29 ++++++++++++++++++++++++----- > 1 file changed, 24 insertions(+), 5 deletions(-) > >diff --git a/librpc/rpc/dcesrv_core.c b/librpc/rpc/dcesrv_core.c >index 6a2e0c25e7f..289f734ea00 100644 >--- a/librpc/rpc/dcesrv_core.c >+++ b/librpc/rpc/dcesrv_core.c >@@ -719,19 +719,38 @@ static NTSTATUS dcesrv_bind_nak(struct dcesrv_call_state *call, uint32_t reason) > return NT_STATUS_OK; > } > >-static NTSTATUS dcesrv_fault_disconnect(struct dcesrv_call_state *call, >- uint32_t fault_code) >+static NTSTATUS _dcesrv_fault_disconnect_flags(struct dcesrv_call_state *call, >+ uint32_t fault_code, >+ uint8_t extra_flags, >+ const char *func, >+ const char *location) > { >+ const char *reason = NULL; >+ >+ reason = talloc_asprintf(call, "%s:%s: fault=%u (%s) flags=0x%x", >+ func, location, >+ fault_code, >+ dcerpc_errstr(call, fault_code), >+ extra_flags); >+ if (reason == NULL) { >+ reason = location; >+ } >+ > /* > * We add the call to the pending_call_list > * in order to defer the termination. > */ >- dcesrv_call_disconnect_after(call, "dcesrv_fault_disconnect"); > >- return dcesrv_fault_with_flags(call, fault_code, >- DCERPC_PFC_FLAG_DID_NOT_EXECUTE); >+ dcesrv_call_disconnect_after(call, reason); >+ >+ return dcesrv_fault_with_flags(call, fault_code, extra_flags); > } > >+#define dcesrv_fault_disconnect(call, fault_code) \ >+ _dcesrv_fault_disconnect_flags(call, fault_code, \ >+ DCERPC_PFC_FLAG_DID_NOT_EXECUTE, \ >+ __func__, __location__) >+ > static int dcesrv_connection_context_destructor(struct dcesrv_connection_context *c) > { > DLIST_REMOVE(c->conn->contexts, c); >-- >2.25.1 > > >From 94bf25ae4fb29ea9eb3cb1cebff6efaf813b8f69 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Fri, 13 Nov 2020 11:27:19 +0100 >Subject: [PATCH 2/7] CVE-2021-23192: dcesrv_core: add > dcesrv_fault_disconnect0() that skips DCERPC_PFC_FLAG_DID_NOT_EXECUTE > >That makes the callers much simpler and allow better debugging. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Samuel Cabrero <scabrero@samba.org> >--- > librpc/rpc/dcesrv_core.c | 47 ++++++++++++++-------------------------- > 1 file changed, 16 insertions(+), 31 deletions(-) > >diff --git a/librpc/rpc/dcesrv_core.c b/librpc/rpc/dcesrv_core.c >index 289f734ea00..07e14567c84 100644 >--- a/librpc/rpc/dcesrv_core.c >+++ b/librpc/rpc/dcesrv_core.c >@@ -750,6 +750,9 @@ static NTSTATUS _dcesrv_fault_disconnect_flags(struct dcesrv_call_state *call, > _dcesrv_fault_disconnect_flags(call, fault_code, \ > DCERPC_PFC_FLAG_DID_NOT_EXECUTE, \ > __func__, __location__) >+#define dcesrv_fault_disconnect0(call, fault_code) \ >+ _dcesrv_fault_disconnect_flags(call, fault_code, 0, \ >+ __func__, __location__) > > static int dcesrv_connection_context_destructor(struct dcesrv_connection_context *c) > { >@@ -2110,10 +2113,7 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, > * Note that we don't check against the negotiated > * max_recv_frag, but a hard coded value. > */ >- dcesrv_call_disconnect_after(call, >- "dcesrv_auth_request - frag_length too large"); >- return dcesrv_fault(call, >- DCERPC_NCA_S_PROTO_ERROR); >+ return dcesrv_fault_disconnect0(call, DCERPC_NCA_S_PROTO_ERROR); > } > > if (call->pkt.pfc_flags & DCERPC_PFC_FLAG_FIRST) { >@@ -2123,10 +2123,7 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, > * if DCERPC_PFC_FLAG_CONC_MPX was negotiated. > */ > if (!(dce_conn->state_flags & DCESRV_CALL_STATE_FLAG_MULTIPLEXED)) { >- dcesrv_call_disconnect_after(call, >- "dcesrv_auth_request - " >- "existing pending call without CONN_MPX"); >- return dcesrv_fault(call, >+ return dcesrv_fault_disconnect0(call, > DCERPC_NCA_S_PROTO_ERROR); > } > } >@@ -2144,10 +2141,7 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, > TALLOC_FREE(call); > call = dce_conn->incoming_fragmented_call_list; > } >- dcesrv_call_disconnect_after(call, >- "dcesrv_auth_request - " >- "existing fragmented call"); >- return dcesrv_fault(call, >+ return dcesrv_fault_disconnect0(call, > DCERPC_NCA_S_PROTO_ERROR); > } > if (call->pkt.pfc_flags & DCERPC_PFC_FLAG_PENDING_CANCEL) { >@@ -2168,10 +2162,7 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, > existing = dcesrv_find_fragmented_call(dce_conn, > call->pkt.call_id); > if (existing == NULL) { >- dcesrv_call_disconnect_after(call, >- "dcesrv_auth_request - " >- "no existing fragmented call"); >- return dcesrv_fault(call, >+ return dcesrv_fault_disconnect0(call, > DCERPC_NCA_S_PROTO_ERROR); > } > er = &existing->pkt.u.request; >@@ -2224,12 +2215,10 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, > * here, because we don't want to set > * DCERPC_PFC_FLAG_DID_NOT_EXECUTE > */ >- dcesrv_call_disconnect_after(call, >- "dcesrv_auth_request - failed"); > if (call->fault_code == 0) { > call->fault_code = DCERPC_FAULT_ACCESS_DENIED; > } >- return dcesrv_fault(call, call->fault_code); >+ return dcesrv_fault_disconnect0(call, call->fault_code); > } > } > >@@ -2246,20 +2235,17 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, > */ > available = dce_conn->max_total_request_size; > if (er->stub_and_verifier.length > available) { >- dcesrv_call_disconnect_after(existing, >- "dcesrv_auth_request - existing payload too large"); >- return dcesrv_fault(existing, DCERPC_FAULT_ACCESS_DENIED); >+ return dcesrv_fault_disconnect0(existing, >+ DCERPC_FAULT_ACCESS_DENIED); > } > available -= er->stub_and_verifier.length; > if (nr->alloc_hint > available) { >- dcesrv_call_disconnect_after(existing, >- "dcesrv_auth_request - alloc hint too large"); >- return dcesrv_fault(existing, DCERPC_FAULT_ACCESS_DENIED); >+ return dcesrv_fault_disconnect0(existing, >+ DCERPC_FAULT_ACCESS_DENIED); > } > if (nr->stub_and_verifier.length > available) { >- dcesrv_call_disconnect_after(existing, >- "dcesrv_auth_request - new payload too large"); >- return dcesrv_fault(existing, DCERPC_FAULT_ACCESS_DENIED); >+ return dcesrv_fault_disconnect0(existing, >+ DCERPC_FAULT_ACCESS_DENIED); > } > alloc_hint = er->stub_and_verifier.length + nr->alloc_hint; > /* allocate at least 1 byte */ >@@ -2298,9 +2284,8 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, > * Up to 4 MByte are allowed by all fragments > */ > if (call->pkt.u.request.alloc_hint > dce_conn->max_total_request_size) { >- dcesrv_call_disconnect_after(call, >- "dcesrv_auth_request - initial alloc hint too large"); >- return dcesrv_fault(call, DCERPC_FAULT_ACCESS_DENIED); >+ return dcesrv_fault_disconnect0(call, >+ DCERPC_FAULT_ACCESS_DENIED); > } > dcesrv_call_set_list(call, DCESRV_LIST_FRAGMENTED_CALL_LIST); > return NT_STATUS_OK; >-- >2.25.1 > > >From 4cdcbaa200b210c49863c28a062ad2d8538b3256 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Wed, 11 Nov 2020 16:59:06 +0100 >Subject: [PATCH 3/7] CVE-2021-23192: python/tests/dcerpc: change > assertNotEquals() into assertNotEqual() > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Samuel Cabrero <scabrero@samba.org> >--- > python/samba/tests/dcerpc/raw_protocol.py | 288 +++++++++++----------- > python/samba/tests/dcerpc/raw_testcase.py | 14 +- > 2 files changed, 151 insertions(+), 151 deletions(-) > >diff --git a/python/samba/tests/dcerpc/raw_protocol.py b/python/samba/tests/dcerpc/raw_protocol.py >index dc13d41c6a2..cbd398d5290 100755 >--- a/python/samba/tests/dcerpc/raw_protocol.py >+++ b/python/samba/tests/dcerpc/raw_protocol.py >@@ -65,7 +65,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > pfc_flags=rep_pfc_flags, auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -86,7 +86,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -108,7 +108,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -128,7 +128,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > pfc_flags=rep_pfc_flags, auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 0) > self.assertEqual(rep.u.secondary_address, "") > self.assertPadding(rep.u._pad1, 2) >@@ -149,7 +149,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -396,7 +396,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -469,7 +469,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -489,7 +489,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > pfc_flags=req.pfc_flags | > dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, 0) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -521,7 +521,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -541,7 +541,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 0) > self.assertPadding(rep.u._pad1, 2) > self.assertEqual(rep.u.num_results, 1) >@@ -562,7 +562,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > pfc_flags=req.pfc_flags | > dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, ctx1.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -589,7 +589,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -609,7 +609,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 0) > self.assertPadding(rep.u._pad1, 2) > self.assertEqual(rep.u.num_results, 1) >@@ -630,7 +630,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > pfc_flags=req.pfc_flags | > dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, 0) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -646,7 +646,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 0) > self.assertPadding(rep.u._pad1, 2) > self.assertEqual(rep.u.num_results, 1) >@@ -705,7 +705,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -732,7 +732,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > pfc_flags=req.pfc_flags | > dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, 0) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -765,7 +765,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -794,7 +794,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > pfc_flags=req.pfc_flags | > dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, 0) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -826,7 +826,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -855,7 +855,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 0) > self.assertPadding(rep.u._pad1, 2) > self.assertEqual(rep.u.num_results, 1) >@@ -876,7 +876,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > pfc_flags=req.pfc_flags | > dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, ctx1a.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -902,7 +902,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -928,7 +928,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 0) > self.assertPadding(rep.u._pad1, 2) > self.assertEqual(rep.u.num_results, 1) >@@ -947,7 +947,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -966,7 +966,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 0) > self.assertPadding(rep.u._pad1, 2) > self.assertEqual(rep.u.num_results, 1) >@@ -985,7 +985,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -1004,7 +1004,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 0) > self.assertPadding(rep.u._pad1, 2) > self.assertEqual(rep.u.num_results, 1) >@@ -1023,7 +1023,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -1049,7 +1049,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 0) > self.assertPadding(rep.u._pad1, 2) > self.assertEqual(rep.u.num_results, 2) >@@ -1073,7 +1073,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -1085,7 +1085,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 0) > self.assertPadding(rep.u._pad1, 2) > self.assertEqual(rep.u.num_results, 2) >@@ -1109,7 +1109,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -1122,7 +1122,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -1134,7 +1134,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 0) > self.assertPadding(rep.u._pad1, 2) > self.assertEqual(rep.u.num_results, 2) >@@ -1158,7 +1158,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -1171,7 +1171,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -1197,7 +1197,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 0) > self.assertPadding(rep.u._pad1, 2) > self.assertEqual(rep.u.num_results, 2) >@@ -1221,7 +1221,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -1233,7 +1233,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 0) > self.assertPadding(rep.u._pad1, 2) > self.assertEqual(rep.u.num_results, 2) >@@ -1257,7 +1257,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -1282,7 +1282,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -1318,7 +1318,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -1352,7 +1352,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -1424,7 +1424,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -1459,7 +1459,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -1494,7 +1494,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -1617,7 +1617,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -1638,7 +1638,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -1658,7 +1658,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > # We get a fault back > self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -1708,7 +1708,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, rep_both) > self.assertEqual(rep.u.max_recv_frag, rep_both) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -1760,7 +1760,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu(ndr_print=True, hexdump=True) > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -1775,7 +1775,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -1791,7 +1791,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > # We get a fault > self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, 0) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -1866,7 +1866,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -1888,7 +1888,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -1902,7 +1902,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -1916,7 +1916,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -1994,7 +1994,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > # We get a fault back > self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -2014,7 +2014,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > # We get a fault back > self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -2036,7 +2036,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > # We get a fault back > self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -2052,7 +2052,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -2098,7 +2098,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > # We get a fault back > self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, 0) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -2128,7 +2128,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > # We get a fault back > self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -2195,7 +2195,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > dcerpc.DCERPC_PFC_FLAG_LAST | > dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, 0) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -2243,7 +2243,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -2277,7 +2277,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -2313,7 +2313,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST | > dcerpc.DCERPC_PFC_FLAG_LAST, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -2341,7 +2341,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -2376,7 +2376,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -2390,7 +2390,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -2415,7 +2415,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -2450,7 +2450,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -2464,7 +2464,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -2503,7 +2503,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -2517,7 +2517,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -2552,7 +2552,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req1.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req1.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -2600,7 +2600,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req2.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, 0) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -2650,7 +2650,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -2660,7 +2660,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.assertEqual(rep.u.ctx_list[0].reason, > dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) > self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) >- self.assertNotEquals(len(rep.u.auth_info), 0) >+ self.assertNotEqual(len(rep.u.auth_info), 0) > a = self.parse_auth(rep.u.auth_info) > > from_server = a.credentials >@@ -2691,7 +2691,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.assertEqual(rep.u.ctx_list[0].reason, > dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) > self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) >- self.assertNotEquals(len(rep.u.auth_info), 0) >+ self.assertNotEqual(len(rep.u.auth_info), 0) > a = self.parse_auth(rep.u.auth_info) > > from_server = a.credentials >@@ -2707,7 +2707,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -2727,7 +2727,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > # We don't get an auth_info back > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -2747,7 +2747,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > # We get a fault back > self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -2805,7 +2805,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -2815,7 +2815,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.assertEqual(rep.u.ctx_list[0].reason, > dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) > self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) >- self.assertNotEquals(len(rep.u.auth_info), 0) >+ self.assertNotEqual(len(rep.u.auth_info), 0) > a = self.parse_auth(rep.u.auth_info) > > from_server = a.credentials >@@ -2846,7 +2846,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.assertEqual(rep.u.ctx_list[0].reason, > dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) > self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) >- self.assertNotEquals(len(rep.u.auth_info), 0) >+ self.assertNotEqual(len(rep.u.auth_info), 0) > a = self.parse_auth(rep.u.auth_info) > > from_server = a.credentials >@@ -2868,7 +2868,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > # We get a fault back > self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -2926,7 +2926,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > assoc_group_id = rep.u.assoc_group_id > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) >@@ -2937,7 +2937,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.assertEqual(rep.u.ctx_list[0].reason, > dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) > self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) >- self.assertNotEquals(len(rep.u.auth_info), 0) >+ self.assertNotEqual(len(rep.u.auth_info), 0) > a = self.parse_auth(rep.u.auth_info) > > from_server = a.credentials >@@ -2961,7 +2961,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > pfc_flags=req.pfc_flags | > dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, 0) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -3009,7 +3009,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -3019,7 +3019,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.assertEqual(rep.u.ctx_list[0].reason, > dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) > self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) >- self.assertNotEquals(len(rep.u.auth_info), 0) >+ self.assertNotEqual(len(rep.u.auth_info), 0) > a = self.parse_auth(rep.u.auth_info) > > from_server = a.credentials >@@ -3047,7 +3047,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > # We get a fault back > self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -3098,7 +3098,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -3108,7 +3108,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.assertEqual(rep.u.ctx_list[0].reason, > dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) > self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) >- self.assertNotEquals(len(rep.u.auth_info), 0) >+ self.assertNotEqual(len(rep.u.auth_info), 0) > a = self.parse_auth(rep.u.auth_info) > > from_server = a.credentials >@@ -3137,7 +3137,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.assertEqual(rep.u.ctx_list[0].reason, > dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) > self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) >- self.assertNotEquals(len(rep.u.auth_info), 0) >+ self.assertNotEqual(len(rep.u.auth_info), 0) > a = self.parse_auth(rep.u.auth_info) > > from_server = a.credentials >@@ -3153,7 +3153,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -3173,7 +3173,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > # We don't get an auth_info back > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -3205,7 +3205,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > pfc_flags=req.pfc_flags | > dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, 0) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -3256,7 +3256,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -3266,7 +3266,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.assertEqual(rep.u.ctx_list[0].reason, > dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) > self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) >- self.assertNotEquals(len(rep.u.auth_info), 0) >+ self.assertNotEqual(len(rep.u.auth_info), 0) > a = self.parse_auth(rep.u.auth_info) > > from_server = a.credentials >@@ -3295,7 +3295,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.assertEqual(rep.u.ctx_list[0].reason, > dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) > self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) >- self.assertNotEquals(len(rep.u.auth_info), 0) >+ self.assertNotEqual(len(rep.u.auth_info), 0) > a = self.parse_auth(rep.u.auth_info) > > from_server = a.credentials >@@ -3311,7 +3311,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -3331,7 +3331,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > # We don't get an auth_info back > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -3362,7 +3362,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > pfc_flags=req.pfc_flags | > dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, 0) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -3409,7 +3409,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -3419,7 +3419,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.assertEqual(rep.u.ctx_list[0].reason, > dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) > self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) >- self.assertNotEquals(len(rep.u.auth_info), 0) >+ self.assertNotEqual(len(rep.u.auth_info), 0) > a = self.parse_auth(rep.u.auth_info) > > from_server = a.credentials >@@ -3440,7 +3440,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > pfc_flags=req.pfc_flags | > dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, 0) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -3493,7 +3493,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -3503,7 +3503,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.assertEqual(rep.u.ctx_list[0].reason, > dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) > self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) >- self.assertNotEquals(len(rep.u.auth_info), 0) >+ self.assertNotEqual(len(rep.u.auth_info), 0) > a = self.parse_auth(rep.u.auth_info) > > from_server = a.credentials >@@ -3524,7 +3524,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > pfc_flags=req.pfc_flags | > dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, 0) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -3579,7 +3579,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -3589,7 +3589,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.assertEqual(rep.u.ctx_list[0].reason, > dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) > self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) >- self.assertNotEquals(len(rep.u.auth_info), 0) >+ self.assertNotEqual(len(rep.u.auth_info), 0) > a = self.parse_auth(rep.u.auth_info) > > from_server = a.credentials >@@ -3611,7 +3611,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > pfc_flags=req.pfc_flags | > dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, 0) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -3659,7 +3659,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -3669,7 +3669,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.assertEqual(rep.u.ctx_list[0].reason, > dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) > self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) >- self.assertNotEquals(len(rep.u.auth_info), 0) >+ self.assertNotEqual(len(rep.u.auth_info), 0) > a = self.parse_auth(rep.u.auth_info) > > from_server = a.credentials >@@ -3691,7 +3691,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > pfc_flags=req.pfc_flags | > dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, 0) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -3746,7 +3746,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -3756,7 +3756,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.assertEqual(rep.u.ctx_list[0].reason, > dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) > self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) >- self.assertNotEquals(len(rep.u.auth_info), 0) >+ self.assertNotEqual(len(rep.u.auth_info), 0) > a = self.parse_auth(rep.u.auth_info) > > from_server = a.credentials >@@ -3778,7 +3778,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > pfc_flags=req.pfc_flags | > dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, 0) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -3833,7 +3833,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -3843,7 +3843,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.assertEqual(rep.u.ctx_list[0].reason, > dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) > self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) >- self.assertNotEquals(len(rep.u.auth_info), 0) >+ self.assertNotEqual(len(rep.u.auth_info), 0) > a = self.parse_auth(rep.u.auth_info) > > from_server = a.credentials >@@ -3865,7 +3865,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > pfc_flags=req.pfc_flags | > dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, 0) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -3930,7 +3930,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -3940,7 +3940,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.assertEqual(rep.u.ctx_list[0].reason, > dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) > self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) >- self.assertNotEquals(len(rep.u.auth_info), 0) >+ self.assertNotEqual(len(rep.u.auth_info), 0) > a = self.parse_auth(rep.u.auth_info) > > from_server = a.credentials >@@ -3984,7 +3984,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.assertEqual(rep.u.ctx_list[0].reason, > dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) > self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) >- self.assertNotEquals(len(rep.u.auth_info), 0) >+ self.assertNotEqual(len(rep.u.auth_info), 0) > a = self.parse_auth(rep.u.auth_info) > > from_server = a.credentials >@@ -4000,7 +4000,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -4020,7 +4020,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > # We don't get an auth_info back > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -4144,7 +4144,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -4154,7 +4154,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.assertEqual(rep.u.ctx_list[0].reason, > dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) > self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) >- self.assertNotEquals(len(rep.u.auth_info), 0) >+ self.assertNotEqual(len(rep.u.auth_info), 0) > a = self.parse_auth(rep.u.auth_info) > > from_server = a.credentials >@@ -4191,7 +4191,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > pfc_flags=req.pfc_flags | > dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, 0) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -4256,7 +4256,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -4266,7 +4266,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.assertEqual(rep.u.ctx_list[0].reason, > dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) > self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) >- self.assertNotEquals(len(rep.u.auth_info), 0) >+ self.assertNotEqual(len(rep.u.auth_info), 0) > a = self.parse_auth(rep.u.auth_info) > > from_server = a.credentials >@@ -4295,7 +4295,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -4315,7 +4315,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > # We don't get an auth_info back > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -4375,7 +4375,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -4385,7 +4385,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.assertEqual(rep.u.ctx_list[0].reason, > dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) > self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) >- self.assertNotEquals(len(rep.u.auth_info), 0) >+ self.assertNotEqual(len(rep.u.auth_info), 0) > a = self.parse_auth(rep.u.auth_info) > > from_server = a.credentials >@@ -4406,7 +4406,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > pfc_flags=req.pfc_flags | > dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, 0) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -4521,7 +4521,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, > pfc_flags=req.pfc_flags | response_fault_flags, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, ctx1.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -4688,7 +4688,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > (rep, rep_blob) = self.recv_pdu_raw() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=sig_size) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -4756,7 +4756,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > pfc_flags=req.pfc_flags | > dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, ctx1.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -4805,7 +4805,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > (rep, rep_blob) = self.recv_pdu_raw() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=sig_size) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -4870,7 +4870,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > (rep, rep_blob) = self.recv_pdu_raw() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=sig_size) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >diff --git a/python/samba/tests/dcerpc/raw_testcase.py b/python/samba/tests/dcerpc/raw_testcase.py >index f1c097ebe6d..ed77d329cd5 100644 >--- a/python/samba/tests/dcerpc/raw_testcase.py >+++ b/python/samba/tests/dcerpc/raw_testcase.py >@@ -321,7 +321,7 @@ class RawDCERPCTest(TestCase): > pfc_flags=req.pfc_flags | > samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, 0) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -361,7 +361,7 @@ class RawDCERPCTest(TestCase): > if assoc_group_id != 0: > self.assertEqual(rep.u.assoc_group_id, assoc_group_id) > else: >- self.assertNotEquals(rep.u.assoc_group_id, 0) >+ self.assertNotEqual(rep.u.assoc_group_id, 0) > assoc_group_id = rep.u.assoc_group_id > sda_str = self.secondary_address > sda_len = len(sda_str) + 1 >@@ -385,7 +385,7 @@ class RawDCERPCTest(TestCase): > self.assertEqual(rep.auth_length, 0) > self.assertEqual(len(rep.u.auth_info), 0) > return ack >- self.assertNotEquals(rep.auth_length, 0) >+ self.assertNotEqual(rep.auth_length, 0) > self.assertGreater(len(rep.u.auth_info), samba.dcerpc.dcerpc.DCERPC_AUTH_TRAILER_LENGTH) > self.assertEqual(rep.auth_length, len(rep.u.auth_info) - samba.dcerpc.dcerpc.DCERPC_AUTH_TRAILER_LENGTH) > >@@ -426,7 +426,7 @@ class RawDCERPCTest(TestCase): > pfc_flags=req.pfc_flags | > samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, 0) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -451,7 +451,7 @@ class RawDCERPCTest(TestCase): > if finished: > self.assertEqual(rep.auth_length, 0) > else: >- self.assertNotEquals(rep.auth_length, 0) >+ self.assertNotEqual(rep.auth_length, 0) > self.assertGreaterEqual(len(rep.u.auth_info), samba.dcerpc.dcerpc.DCERPC_AUTH_TRAILER_LENGTH) > self.assertEqual(rep.auth_length, len(rep.u.auth_info) - samba.dcerpc.dcerpc.DCERPC_AUTH_TRAILER_LENGTH) > >@@ -547,7 +547,7 @@ class RawDCERPCTest(TestCase): > if fault_status: > self.verify_pdu(rep, samba.dcerpc.dcerpc.DCERPC_PKT_FAULT, req.call_id, > pfc_flags=fault_pfc_flags, auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, fault_context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -563,7 +563,7 @@ class RawDCERPCTest(TestCase): > > self.verify_pdu(rep, samba.dcerpc.dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=expected_auth_length) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >-- >2.25.1 > > >From cf872aa0400386233e0182e309b66ea0e29ffb2a Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Tue, 17 Nov 2020 09:50:58 +0100 >Subject: [PATCH 4/7] CVE-2021-23192: python/tests/dcerpc: let > generate_request_auth() use g_auth_level in all places > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Samuel Cabrero <scabrero@samba.org> >--- > python/samba/tests/dcerpc/raw_testcase.py | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > >diff --git a/python/samba/tests/dcerpc/raw_testcase.py b/python/samba/tests/dcerpc/raw_testcase.py >index ed77d329cd5..53f7fa0a2a8 100644 >--- a/python/samba/tests/dcerpc/raw_testcase.py >+++ b/python/samba/tests/dcerpc/raw_testcase.py >@@ -922,12 +922,12 @@ class RawDCERPCTest(TestCase): > req_data = req_blob[ofs_stub:ofs_trailer] > req_whole = req_blob[0:ofs_sig] > >- if auth_context["auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_PRIVACY: >+ if auth_context["g_auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_PRIVACY: > # TODO: not yet supported here > self.assertTrue(False) >- elif auth_context["auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_PACKET: >+ elif auth_context["g_auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_PACKET: > req_sig = auth_context["gensec"].sign_packet(req_data, req_whole) >- elif auth_context["auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_CONNECT: >+ elif auth_context["g_auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_CONNECT: > self.assertEqual(auth_context["auth_type"], > dcerpc.DCERPC_AUTH_TYPE_NTLMSSP) > req_sig = b"\x01" +b"\x00" *15 >-- >2.25.1 > > >From f00e69c1463d2ddbfe2a19523d9b2b08a2a839f1 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Tue, 17 Nov 2020 17:43:06 +0100 >Subject: [PATCH 5/7] CVE-2021-23192: python/tests/dcerpc: fix > do_single_request(send_req=False) > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Samuel Cabrero <scabrero@samba.org> >--- > python/samba/tests/dcerpc/raw_testcase.py | 37 ++++++++++++----------- > 1 file changed, 20 insertions(+), 17 deletions(-) > >diff --git a/python/samba/tests/dcerpc/raw_testcase.py b/python/samba/tests/dcerpc/raw_testcase.py >index 53f7fa0a2a8..22b56704fa3 100644 >--- a/python/samba/tests/dcerpc/raw_testcase.py >+++ b/python/samba/tests/dcerpc/raw_testcase.py >@@ -526,26 +526,25 @@ class RawDCERPCTest(TestCase): > if hexdump: > sys.stderr.write("stub_in: %d\n%s" % (len(stub_in), self.hexdump(stub_in))) > >- pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST >- pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST >- if object is not None: >- pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_OBJECT_UUID >- >- req = self.generate_request_auth(call_id=call_id, >- context_id=ctx.context_id, >- pfc_flags=pfc_flags, >- object=object, >- opnum=io.opnum(), >- stub=stub_in, >- auth_context=auth_context) >- if send_req: >+ pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST >+ pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST >+ if object is not None: >+ pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_OBJECT_UUID >+ >+ req = self.generate_request_auth(call_id=call_id, >+ context_id=ctx.context_id, >+ pfc_flags=pfc_flags, >+ object=object, >+ opnum=io.opnum(), >+ stub=stub_in, >+ auth_context=auth_context) > self.send_pdu(req, ndr_print=ndr_print, hexdump=hexdump) > if recv_rep: > (rep, rep_blob) = self.recv_pdu_raw(timeout=timeout, > ndr_print=ndr_print, > hexdump=hexdump) > if fault_status: >- self.verify_pdu(rep, samba.dcerpc.dcerpc.DCERPC_PKT_FAULT, req.call_id, >+ self.verify_pdu(rep, samba.dcerpc.dcerpc.DCERPC_PKT_FAULT, call_id, > pfc_flags=fault_pfc_flags, auth_length=0) > self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, fault_context_id) >@@ -559,12 +558,16 @@ class RawDCERPCTest(TestCase): > expected_auth_length = 0 > if auth_context is not None and \ > auth_context["auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_PACKET: >- expected_auth_length = req.auth_length >+ if send_req: >+ expected_auth_length = req.auth_length >+ else: >+ expected_auth_length = rep.auth_length >+ > >- self.verify_pdu(rep, samba.dcerpc.dcerpc.DCERPC_PKT_RESPONSE, req.call_id, >+ self.verify_pdu(rep, samba.dcerpc.dcerpc.DCERPC_PKT_RESPONSE, call_id, > auth_length=expected_auth_length) > self.assertNotEqual(rep.u.alloc_hint, 0) >- self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) >+ self.assertEqual(rep.u.context_id, ctx.context_id & 0xff) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) > stub_out = self.check_response_auth(rep, rep_blob, auth_context) >-- >2.25.1 > > >From 33455f468701f7be5b6b82697b77c92073dd215e Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Tue, 17 Nov 2020 18:14:46 +0100 >Subject: [PATCH 6/7] CVE-2021-23192: python/tests/dcerpc: add tests to check > how security contexts relate to fragmented requests > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Samuel Cabrero <scabrero@samba.org> >--- > python/samba/tests/dcerpc/raw_protocol.py | 1273 +++++++++++++++++++++ > selftest/knownfail.d/dcerpc-auth-fraq | 20 + > 2 files changed, 1293 insertions(+) > create mode 100644 selftest/knownfail.d/dcerpc-auth-fraq > >diff --git a/python/samba/tests/dcerpc/raw_protocol.py b/python/samba/tests/dcerpc/raw_protocol.py >index cbd398d5290..3c9d0b136a5 100755 >--- a/python/samba/tests/dcerpc/raw_protocol.py >+++ b/python/samba/tests/dcerpc/raw_protocol.py >@@ -1683,6 +1683,1279 @@ class TestDCERPC_BIND(RawDCERPCTest): > def test_auth_none_packet_request(self): > return self._test_auth_none_level_request(dcerpc.DCERPC_AUTH_LEVEL_PACKET) > >+ def test_ntlmssp_multi_auth_first1_lastSame2(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_FAULT_SEC_PKG_ERROR >+ auth_context_2nd = 2 >+ expected_call_id = None >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = False >+ forced_call_id = None >+ forced_context_id = None >+ forced_opnum = None >+ forced_auth_context_id = None >+ forced_auth_type = None >+ forced_auth_level = None >+ return self._test_generic_auth_first_last(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_first1_lastNext2(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ auth_context_2nd = 2 >+ expected_call_id = None >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = False >+ forced_call_id = 4 >+ forced_context_id = None >+ forced_opnum = None >+ forced_auth_context_id = None >+ forced_auth_type = None >+ forced_auth_level = None >+ return self._test_generic_auth_first_last(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_first1_lastSame111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = None >+ auth_context_2nd = 1 >+ expected_call_id = None >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = False >+ forced_call_id = None >+ forced_context_id = 111 >+ forced_opnum = 111 >+ forced_auth_context_id = 111 >+ forced_auth_type = 111 >+ forced_auth_level = 111 >+ return self._test_generic_auth_first_last(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_first1_lastNext111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ auth_context_2nd = 1 >+ expected_call_id = None >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = False >+ forced_call_id = 4 >+ forced_context_id = 111 >+ forced_opnum = 111 >+ forced_auth_context_id = 111 >+ forced_auth_type = 111 >+ forced_auth_level = 111 >+ return self._test_generic_auth_first_last(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_MPX_first1_lastNext111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ auth_context_2nd = 1 >+ expected_call_id = 4 >+ expected_context_id = 0 >+ not_executed = False >+ conc_mpx = True >+ forced_call_id = 4 >+ forced_context_id = 111 >+ forced_opnum = 111 >+ forced_auth_context_id = 111 >+ forced_auth_type = 111 >+ forced_auth_level = 111 >+ return self._test_generic_auth_first_last(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_first1_lastSameNone(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ auth_context_2nd = None >+ expected_call_id = None >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = False >+ forced_call_id = None >+ forced_context_id = None >+ forced_opnum = None >+ forced_auth_context_id = None >+ forced_auth_type = None >+ forced_auth_level = None >+ return self._test_generic_auth_first_last(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_MPX_first1_lastSameNone(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ auth_context_2nd = None >+ expected_call_id = None >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = True >+ forced_call_id = None >+ forced_context_id = None >+ forced_opnum = None >+ forced_auth_context_id = None >+ forced_auth_type = None >+ forced_auth_level = None >+ return self._test_generic_auth_first_last(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_first1_lastNextNone(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ auth_context_2nd = None >+ expected_call_id = None >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = False >+ forced_call_id = 4 >+ forced_context_id = None >+ forced_opnum = None >+ forced_auth_context_id = None >+ forced_auth_type = None >+ forced_auth_level = None >+ return self._test_generic_auth_first_last(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_MPX_first1_lastNextNone(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ auth_context_2nd = None >+ expected_call_id = 4 >+ expected_context_id = 0 >+ not_executed = False >+ conc_mpx = True >+ forced_call_id = 4 >+ forced_context_id = None >+ forced_opnum = None >+ forced_auth_context_id = None >+ forced_auth_type = None >+ forced_auth_level = None >+ return self._test_generic_auth_first_last(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_first1_lastSameNone111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ auth_context_2nd = None >+ expected_call_id = None >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = False >+ forced_call_id = None >+ forced_context_id = 111 >+ forced_opnum = 111 >+ forced_auth_context_id = None >+ forced_auth_type = None >+ forced_auth_level = None >+ return self._test_generic_auth_first_last(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_MPX_first1_lastSameNone111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ auth_context_2nd = None >+ expected_call_id = None >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = True >+ forced_call_id = None >+ forced_context_id = 111 >+ forced_opnum = 111 >+ forced_auth_context_id = None >+ forced_auth_type = None >+ forced_auth_level = None >+ return self._test_generic_auth_first_last(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_first1_lastNextNone111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ auth_context_2nd = None >+ expected_call_id = None >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = False >+ forced_call_id = 4 >+ forced_context_id = 111 >+ forced_opnum = 111 >+ forced_auth_context_id = None >+ forced_auth_type = None >+ forced_auth_level = None >+ return self._test_generic_auth_first_last(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_MPX_first1_lastNextNone111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ auth_context_2nd = None >+ expected_call_id = 4 >+ expected_context_id = 0 >+ not_executed = False >+ conc_mpx = True >+ forced_call_id = 4 >+ forced_context_id = 111 >+ forced_opnum = 111 >+ forced_auth_context_id = None >+ forced_auth_type = None >+ forced_auth_level = None >+ return self._test_generic_auth_first_last(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def _test_generic_auth_first_2nd(self, >+ auth_type, >+ pfc_flags_2nd, >+ expected_fault, >+ auth_context_2nd=2, >+ skip_first=False, >+ expected_call_id=None, >+ expected_context_id=None, >+ conc_mpx=False, >+ not_executed=False, >+ forced_call_id=None, >+ forced_context_id=None, >+ forced_opnum=None, >+ forced_auth_context_id=None, >+ forced_auth_type=None, >+ forced_auth_level=None): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ auth_level1 = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY >+ auth_context_id1=1 >+ auth_level2 = dcerpc.DCERPC_AUTH_LEVEL_PACKET >+ auth_context_id2=2 >+ >+ creds = self.get_user_creds() >+ >+ abstract = samba.dcerpc.mgmt.abstract_syntax() >+ transfer = base.transfer_syntax_ndr() >+ >+ tsf1_list = [transfer] >+ ctx = samba.dcerpc.dcerpc.ctx_list() >+ ctx.context_id = 1 >+ ctx.num_transfer_syntaxes = len(tsf1_list) >+ ctx.abstract_syntax = abstract >+ ctx.transfer_syntaxes = tsf1_list >+ >+ auth_context1 = self.get_auth_context_creds(creds=creds, >+ auth_type=auth_type, >+ auth_level=auth_level1, >+ auth_context_id=auth_context_id1, >+ hdr_signing=False) >+ auth_context2 = self.get_auth_context_creds(creds=creds, >+ auth_type=auth_type, >+ auth_level=auth_level2, >+ auth_context_id=auth_context_id2, >+ hdr_signing=False) >+ >+ bind_pfc_flags = dcerpc.DCERPC_PFC_FLAG_FIRST | dcerpc.DCERPC_PFC_FLAG_LAST >+ if conc_mpx: >+ bind_pfc_flags |= dcerpc.DCERPC_PFC_FLAG_CONC_MPX >+ >+ ack0 = self.do_generic_bind(call_id=0, >+ ctx=ctx, >+ pfc_flags=bind_pfc_flags) >+ >+ ack1 = self.do_generic_bind(call_id=1, >+ ctx=ctx, >+ auth_context=auth_context1, >+ assoc_group_id = ack0.u.assoc_group_id, >+ start_with_alter=True) >+ if auth_context_2nd == 2: >+ ack2 = self.do_generic_bind(call_id=2, >+ ctx=ctx, >+ auth_context=auth_context2, >+ assoc_group_id = ack0.u.assoc_group_id, >+ start_with_alter=True) >+ >+ ndr_print = self.do_ndr_print >+ hexdump = self.do_hexdump >+ inq_if_ids = samba.dcerpc.mgmt.inq_if_ids() >+ io = inq_if_ids >+ if ndr_print: >+ sys.stderr.write("in: %s" % samba.ndr.ndr_print_in(io)) >+ stub_in = samba.ndr.ndr_pack_in(io) >+ stub_in += b'\xfe'*45 # add some padding in order to have some payload >+ if hexdump: >+ sys.stderr.write("stub_in: %d\n%s" % (len(stub_in), self.hexdump(stub_in))) >+ >+ call_id = 3 >+ context_id = ctx.context_id >+ opnum = io.opnum() >+ >+ if not skip_first: >+ pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST >+ stub_in_tmp = stub_in[0:16] >+ req = self.generate_request_auth(call_id=call_id, >+ context_id=context_id, >+ pfc_flags=pfc_flags, >+ opnum=opnum, >+ alloc_hint=len(stub_in), >+ stub=stub_in_tmp, >+ auth_context=auth_context1) >+ self.send_pdu(req, ndr_print=ndr_print, hexdump=hexdump) >+ rep = self.recv_pdu(timeout=0.01) >+ self.assertIsNone(rep) >+ self.assertIsConnected() >+ >+ # context_id, opnum and auth header values are completely ignored >+ if auth_context_2nd == 1: >+ auth_context_copy = auth_context1.copy() >+ elif auth_context_2nd == 2: >+ auth_context_copy = auth_context2.copy() >+ else: >+ auth_context_copy = None >+ >+ expected_pfc_flags = dcerpc.DCERPC_PFC_FLAG_FIRST | dcerpc.DCERPC_PFC_FLAG_LAST >+ if expected_context_id is None: >+ expected_context_id = context_id >+ if expected_call_id is None: >+ expected_call_id = call_id >+ if not_executed: >+ expected_pfc_flags |= dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE >+ >+ if forced_call_id is not None: >+ call_id = forced_call_id >+ if forced_context_id is not None: >+ context_id = forced_context_id >+ if forced_opnum is not None: >+ opnum = forced_opnum >+ if forced_auth_context_id is not None: >+ auth_context_copy["auth_context_id"] = forced_auth_context_id >+ if forced_auth_type is not None: >+ auth_context_copy["auth_type"] = forced_auth_type >+ if forced_auth_level is not None: >+ auth_context_copy["auth_level"] = forced_auth_level >+ >+ pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST >+ stub_in_tmp = stub_in[16:-1] >+ req = self.generate_request_auth(call_id=call_id, >+ context_id=context_id, >+ pfc_flags=pfc_flags_2nd, >+ opnum=opnum, >+ alloc_hint=len(stub_in_tmp), >+ stub=stub_in_tmp, >+ auth_context=auth_context_copy) >+ self.send_pdu(req, ndr_print=ndr_print, hexdump=hexdump) >+ if expected_fault is None: >+ self.do_single_request(call_id=3, ctx=ctx, io=io, send_req=False, auth_context=auth_context1) >+ return >+ rep = self.recv_pdu() >+ self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, expected_call_id, >+ pfc_flags=expected_pfc_flags, >+ auth_length=0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) >+ self.assertEqual(rep.u.context_id, expected_context_id) >+ self.assertEqual(rep.u.cancel_count, 0) >+ self.assertEqual(rep.u.flags, 0) >+ self.assertEqual(rep.u.status, expected_fault) >+ self.assertEqual(rep.u.reserved, 0) >+ self.assertEqual(len(rep.u.error_and_verifier), 0) >+ >+ if not_executed: >+ # still alive >+ rep = self.recv_pdu(timeout=0.01) >+ self.assertIsNone(rep) >+ self.assertIsConnected() >+ return >+ >+ # wait for a disconnect >+ rep = self.recv_pdu() >+ self.assertIsNone(rep) >+ self.assertNotConnected() >+ >+ def _test_generic_auth_first_last(self, >+ auth_type, >+ expected_fault, >+ auth_context_2nd=2, >+ expected_call_id=None, >+ expected_context_id=None, >+ conc_mpx=False, >+ not_executed=False, >+ forced_call_id=None, >+ forced_context_id=None, >+ forced_opnum=None, >+ forced_auth_context_id=None, >+ forced_auth_type=None, >+ forced_auth_level=None): >+ pfc_flags_2nd = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST >+ return self._test_generic_auth_first_2nd(auth_type, >+ pfc_flags_2nd, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def _test_generic_auth_first_first(self, >+ auth_type, >+ expected_fault, >+ auth_context_2nd=2, >+ expected_call_id=None, >+ expected_context_id=None, >+ conc_mpx=False, >+ not_executed=False, >+ forced_call_id=None, >+ forced_context_id=None, >+ forced_opnum=None, >+ forced_auth_context_id=None, >+ forced_auth_type=None, >+ forced_auth_level=None): >+ pfc_flags_2nd = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST >+ return self._test_generic_auth_first_2nd(auth_type, >+ pfc_flags_2nd, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_first1_firstSame2(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_FAULT_SEC_PKG_ERROR >+ auth_context_2nd = 2 >+ expected_call_id = None >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = False >+ forced_call_id = None >+ forced_context_id = None >+ forced_opnum = None >+ forced_auth_context_id = None >+ forced_auth_type = None >+ forced_auth_level = None >+ return self._test_generic_auth_first_first(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_first1_firstNext2(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ auth_context_2nd = 2 >+ expected_call_id = 3 >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = False >+ forced_call_id = 4 >+ forced_context_id = None >+ forced_opnum = None >+ forced_auth_context_id = None >+ forced_auth_type = None >+ forced_auth_level = None >+ return self._test_generic_auth_first_first(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_first1_firstSame111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ auth_context_2nd = 1 >+ expected_call_id = None >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = False >+ forced_call_id = None >+ forced_context_id = 111 >+ forced_opnum = 111 >+ forced_auth_context_id = 111 >+ forced_auth_type = 111 >+ forced_auth_level = 111 >+ return self._test_generic_auth_first_first(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_MPX_first1_firstSame111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ auth_context_2nd = 1 >+ expected_call_id = None >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = True >+ forced_call_id = None >+ forced_context_id = 111 >+ forced_opnum = 111 >+ forced_auth_context_id = 111 >+ forced_auth_type = 111 >+ forced_auth_level = 111 >+ return self._test_generic_auth_first_first(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_first1_firstNext111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ auth_context_2nd = 1 >+ expected_call_id = 3 >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = False >+ forced_call_id = 4 >+ forced_context_id = 111 >+ forced_opnum = 111 >+ forced_auth_context_id = 111 >+ forced_auth_type = 111 >+ forced_auth_level = 111 >+ return self._test_generic_auth_first_first(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_MPX_first1_firstNext111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ auth_context_2nd = 1 >+ expected_call_id = 4 >+ expected_context_id = 0 >+ not_executed = False >+ conc_mpx = True >+ forced_call_id = 4 >+ forced_context_id = 111 >+ forced_opnum = 111 >+ forced_auth_context_id = 111 >+ forced_auth_type = 111 >+ forced_auth_level = 111 >+ return self._test_generic_auth_first_first(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_first1_firstSameNone(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ auth_context_2nd = None >+ expected_call_id = None >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = False >+ forced_call_id = None >+ forced_context_id = None >+ forced_opnum = None >+ forced_auth_context_id = None >+ forced_auth_type = None >+ forced_auth_level = None >+ return self._test_generic_auth_first_first(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_MPX_first1_firstSameNone(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ auth_context_2nd = None >+ expected_call_id = None >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = True >+ forced_call_id = None >+ forced_context_id = None >+ forced_opnum = None >+ forced_auth_context_id = None >+ forced_auth_type = None >+ forced_auth_level = None >+ return self._test_generic_auth_first_first(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_first1_firstNextNone(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ auth_context_2nd = None >+ expected_call_id = None >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = False >+ forced_call_id = 4 >+ forced_context_id = None >+ forced_opnum = None >+ forced_auth_context_id = None >+ forced_auth_type = None >+ forced_auth_level = None >+ return self._test_generic_auth_first_first(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_MPX_first1_firstNextNone(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ auth_context_2nd = None >+ expected_call_id = 4 >+ expected_context_id = 0 >+ not_executed = False >+ conc_mpx = True >+ forced_call_id = 4 >+ forced_context_id = None >+ forced_opnum = None >+ forced_auth_context_id = None >+ forced_auth_type = None >+ forced_auth_level = None >+ return self._test_generic_auth_first_first(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_first1_firstSameNone111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ auth_context_2nd = None >+ expected_call_id = None >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = False >+ forced_call_id = None >+ forced_context_id = 111 >+ forced_opnum = 111 >+ forced_auth_context_id = None >+ forced_auth_type = None >+ forced_auth_level = None >+ return self._test_generic_auth_first_first(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_MPX_first1_firstSameNone111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ auth_context_2nd = None >+ expected_call_id = None >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = True >+ forced_call_id = None >+ forced_context_id = 111 >+ forced_opnum = 111 >+ forced_auth_context_id = None >+ forced_auth_type = None >+ forced_auth_level = None >+ return self._test_generic_auth_first_first(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_first1_firstNextNone111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ auth_context_2nd = None >+ expected_call_id = None >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = False >+ forced_call_id = 4 >+ forced_context_id = 111 >+ forced_opnum = 111 >+ forced_auth_context_id = None >+ forced_auth_type = None >+ forced_auth_level = None >+ return self._test_generic_auth_first_first(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_MPX_first1_firstNextNone111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ auth_context_2nd = None >+ expected_call_id = 4 >+ expected_context_id = 0 >+ not_executed = False >+ conc_mpx = True >+ forced_call_id = 4 >+ forced_context_id = 111 >+ forced_opnum = 111 >+ forced_auth_context_id = None >+ forced_auth_type = None >+ forced_auth_level = None >+ return self._test_generic_auth_first_first(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def _test_generic_auth_middle(self, >+ auth_type, >+ expected_fault, >+ expected_context_id=None, >+ not_executed=False, >+ conc_mpx=False, >+ forced_context_id=None, >+ forced_opnum=None, >+ forced_auth_context_id=None, >+ forced_auth_type=None, >+ forced_auth_level=None): >+ auth_context_2nd = 1 >+ skip_first = True >+ pfc_flags_2nd = 0 >+ expected_call_id = None >+ forced_call_id = None >+ return self._test_generic_auth_first_2nd(auth_type, >+ pfc_flags_2nd, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ skip_first=skip_first, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_auth_middle_alone(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ expected_context_id = 0 >+ not_executed = False >+ conc_mpx = False >+ forced_context_id = None >+ forced_opnum = None >+ forced_auth_context_id = None >+ forced_auth_type = None >+ forced_auth_level = None >+ return self._test_generic_auth_middle(auth_type, >+ expected_fault, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_auth_MPX_middle_alone(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = True >+ forced_context_id = None >+ forced_opnum = None >+ forced_auth_context_id = None >+ forced_auth_type = None >+ forced_auth_level = None >+ return self._test_generic_auth_middle(auth_type, >+ expected_fault, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_auth_middle_all_111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ expected_context_id = 0 >+ not_executed = False >+ conc_mpx = False >+ forced_context_id = 111 >+ forced_opnum = 111 >+ forced_auth_context_id = 111 >+ forced_auth_type = 111 >+ forced_auth_level = 111 >+ return self._test_generic_auth_middle(auth_type, >+ expected_fault, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_auth_MPX_middle_all_111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_UNKNOWN_IF >+ expected_context_id = 0 >+ not_executed = True >+ conc_mpx = True >+ forced_context_id = 111 >+ forced_opnum = 111 >+ forced_auth_context_id = 111 >+ forced_auth_type = 111 >+ forced_auth_level = 111 >+ return self._test_generic_auth_middle(auth_type, >+ expected_fault, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_auth_middle_auth_all_111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ expected_context_id = 0 >+ not_executed = False >+ conc_mpx = False >+ forced_context_id = None >+ forced_opnum = 111 >+ forced_auth_context_id = 111 >+ forced_auth_type = 111 >+ forced_auth_level = 111 >+ return self._test_generic_auth_middle(auth_type, >+ expected_fault, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_auth_MPX_middle_auth_all_111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_FAULT_ACCESS_DENIED >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = True >+ forced_context_id = None >+ forced_opnum = 111 >+ forced_auth_context_id = 111 >+ forced_auth_type = 111 >+ forced_auth_level = 111 >+ return self._test_generic_auth_middle(auth_type, >+ expected_fault, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_auth_middle_auth_context_111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ expected_context_id = 0 >+ not_executed = False >+ conc_mpx = False >+ forced_context_id = None >+ forced_opnum = None >+ forced_auth_context_id = 111 >+ forced_auth_type = None >+ forced_auth_level = None >+ return self._test_generic_auth_middle(auth_type, >+ expected_fault, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_auth_MPX_middle_auth_context_111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_FAULT_ACCESS_DENIED >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = True >+ forced_context_id = None >+ forced_opnum = None >+ forced_auth_context_id = 111 >+ forced_auth_type = None >+ forced_auth_level = None >+ return self._test_generic_auth_middle(auth_type, >+ expected_fault, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_auth_middle_auth_type_111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ expected_context_id = 0 >+ not_executed = False >+ conc_mpx = False >+ forced_context_id = None >+ forced_opnum = None >+ forced_auth_context_id = None >+ forced_auth_type = 111 >+ forced_auth_level = None >+ return self._test_generic_auth_middle(auth_type, >+ expected_fault, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_auth_MPX_middle_auth_type_111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_FAULT_ACCESS_DENIED >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = True >+ forced_context_id = None >+ forced_opnum = None >+ forced_auth_context_id = None >+ forced_auth_type = 111 >+ forced_auth_level = None >+ return self._test_generic_auth_middle(auth_type, >+ expected_fault, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_auth_middle_auth_level_111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ expected_context_id = 0 >+ not_executed = False >+ conc_mpx = False >+ forced_context_id = None >+ forced_opnum = None >+ forced_auth_context_id = None >+ forced_auth_type = None >+ forced_auth_level = 111 >+ return self._test_generic_auth_middle(auth_type, >+ expected_fault, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_auth_MPX_middle_auth_level_111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_FAULT_ACCESS_DENIED >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = True >+ forced_context_id = None >+ forced_opnum = None >+ forced_auth_context_id = None >+ forced_auth_type = None >+ forced_auth_level = 111 >+ return self._test_generic_auth_middle(auth_type, >+ expected_fault, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ > def _test_neg_xmit_check_values(self, > req_xmit=None, > req_recv=None, >diff --git a/selftest/knownfail.d/dcerpc-auth-fraq b/selftest/knownfail.d/dcerpc-auth-fraq >new file mode 100644 >index 00000000000..f3c62b65e9e >--- /dev/null >+++ b/selftest/knownfail.d/dcerpc-auth-fraq >@@ -0,0 +1,20 @@ >+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_all_111 >+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_alone >+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_all_111 >+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_context_111 >+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_level_111 >+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_type_111 >+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_firstSame111 >+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_firstSameNone >+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_firstSameNone111 >+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_lastSameNone >+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_lastSameNone111 >+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_firstSame2 >+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNext111 >+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNext2 >+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNextNone >+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNextNone111 >+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSame111 >+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSame2 >+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSameNone >+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSameNone111 >-- >2.25.1 > > >From 58eea3ef1240b00b2ab3036f33e1c7d8d1d3f8e7 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Mon, 16 Nov 2020 14:15:06 +0100 >Subject: [PATCH 7/7] CVE-2021-23192: dcesrv_core: only the first fragment > specifies the auth_contexts > >All other fragments blindly inherit it. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Samuel Cabrero <scabrero@samba.org> >--- > librpc/rpc/dcerpc_pkt_auth.c | 19 +++--- > librpc/rpc/dcerpc_pkt_auth.h | 1 + > librpc/rpc/dcesrv_auth.c | 28 +++++++++ > librpc/rpc/dcesrv_core.c | 86 +++++++++++++++++++++------ > selftest/knownfail.d/dcerpc-auth-fraq | 20 ------- > source4/librpc/rpc/dcerpc.c | 1 + > 6 files changed, 109 insertions(+), 46 deletions(-) > delete mode 100644 selftest/knownfail.d/dcerpc-auth-fraq > >diff --git a/librpc/rpc/dcerpc_pkt_auth.c b/librpc/rpc/dcerpc_pkt_auth.c >index 322d7497893..1cb191468b5 100644 >--- a/librpc/rpc/dcerpc_pkt_auth.c >+++ b/librpc/rpc/dcerpc_pkt_auth.c >@@ -39,6 +39,7 @@ > > NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state, > struct gensec_security *gensec, >+ bool check_pkt_auth_fields, > TALLOC_CTX *mem_ctx, > enum dcerpc_pkt_type ptype, > uint8_t required_flags, >@@ -115,16 +116,18 @@ NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state, > return NT_STATUS_INTERNAL_ERROR; > } > >- if (auth.auth_type != auth_state->auth_type) { >- return NT_STATUS_ACCESS_DENIED; >- } >+ if (check_pkt_auth_fields) { >+ if (auth.auth_type != auth_state->auth_type) { >+ return NT_STATUS_ACCESS_DENIED; >+ } > >- if (auth.auth_level != auth_state->auth_level) { >- return NT_STATUS_ACCESS_DENIED; >- } >+ if (auth.auth_level != auth_state->auth_level) { >+ return NT_STATUS_ACCESS_DENIED; >+ } > >- if (auth.auth_context_id != auth_state->auth_context_id) { >- return NT_STATUS_ACCESS_DENIED; >+ if (auth.auth_context_id != auth_state->auth_context_id) { >+ return NT_STATUS_ACCESS_DENIED; >+ } > } > > /* check signature or unseal the packet */ >diff --git a/librpc/rpc/dcerpc_pkt_auth.h b/librpc/rpc/dcerpc_pkt_auth.h >index c0d23b91c05..1dcee12f53c 100644 >--- a/librpc/rpc/dcerpc_pkt_auth.h >+++ b/librpc/rpc/dcerpc_pkt_auth.h >@@ -31,6 +31,7 @@ > > NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state, > struct gensec_security *gensec, >+ bool check_pkt_auth_fields, > TALLOC_CTX *mem_ctx, > enum dcerpc_pkt_type ptype, > uint8_t required_flags, >diff --git a/librpc/rpc/dcesrv_auth.c b/librpc/rpc/dcesrv_auth.c >index 62f69696dad..fec8df513a8 100644 >--- a/librpc/rpc/dcesrv_auth.c >+++ b/librpc/rpc/dcesrv_auth.c >@@ -443,6 +443,10 @@ bool dcesrv_auth_prepare_auth3(struct dcesrv_call_state *call) > return false; > } > >+ if (auth->auth_invalid) { >+ return false; >+ } >+ > /* We can't work without an existing gensec state */ > if (auth->gensec_security == NULL) { > return false; >@@ -529,6 +533,10 @@ bool dcesrv_auth_alter(struct dcesrv_call_state *call) > return false; > } > >+ if (auth->auth_invalid) { >+ return false; >+ } >+ > if (call->in_auth_info.auth_type != auth->auth_type) { > return false; > } >@@ -595,6 +603,7 @@ bool dcesrv_auth_pkt_pull(struct dcesrv_call_state *call, > .auth_level = auth->auth_level, > .auth_context_id = auth->auth_context_id, > }; >+ bool check_pkt_auth_fields; > NTSTATUS status; > > if (!auth->auth_started) { >@@ -610,8 +619,27 @@ bool dcesrv_auth_pkt_pull(struct dcesrv_call_state *call, > return false; > } > >+ if (call->pkt.pfc_flags & DCERPC_PFC_FLAG_FIRST) { >+ /* >+ * The caller most likely checked this >+ * already, but we better double check. >+ */ >+ check_pkt_auth_fields = true; >+ } else { >+ /* >+ * The caller already found first fragment >+ * and is passing the auth_state of it. >+ * A server is supposed to use the >+ * setting of the first fragment and >+ * completely ignore the values >+ * on the remaining fragments >+ */ >+ check_pkt_auth_fields = false; >+ } >+ > status = dcerpc_ncacn_pull_pkt_auth(&tmp_auth, > auth->gensec_security, >+ check_pkt_auth_fields, > call, > pkt->ptype, > required_flags, >diff --git a/librpc/rpc/dcesrv_core.c b/librpc/rpc/dcesrv_core.c >index 07e14567c84..afbb49d4006 100644 >--- a/librpc/rpc/dcesrv_core.c >+++ b/librpc/rpc/dcesrv_core.c >@@ -1818,6 +1818,10 @@ static NTSTATUS dcesrv_request(struct dcesrv_call_state *call) > struct ndr_pull *pull; > NTSTATUS status; > >+ if (auth->auth_invalid) { >+ return dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR); >+ } >+ > if (!auth->auth_finished) { > return dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR); > } >@@ -1981,6 +1985,7 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, > enum dcerpc_AuthType auth_type = 0; > enum dcerpc_AuthLevel auth_level = 0; > uint32_t auth_context_id = 0; >+ bool auth_invalid = false; > > call = talloc_zero(dce_conn, struct dcesrv_call_state); > if (!call) { >@@ -2012,12 +2017,16 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, > > if (call->auth_state == NULL) { > struct dcesrv_auth *a = NULL; >+ bool check_type_level = true; > > auth_type = dcerpc_get_auth_type(&blob); > auth_level = dcerpc_get_auth_level(&blob); > auth_context_id = dcerpc_get_auth_context_id(&blob); > > if (call->pkt.ptype == DCERPC_PKT_REQUEST) { >+ if (!(call->pkt.pfc_flags & DCERPC_PFC_FLAG_FIRST)) { >+ check_type_level = false; >+ } > dce_conn->default_auth_level_connect = NULL; > if (auth_level == DCERPC_AUTH_LEVEL_CONNECT) { > dce_conn->got_explicit_auth_level_connect = true; >@@ -2027,14 +2036,19 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, > for (a = dce_conn->auth_states; a != NULL; a = a->next) { > num_auth_ctx++; > >- if (a->auth_type != auth_type) { >+ if (a->auth_context_id != auth_context_id) { > continue; > } >- if (a->auth_finished && a->auth_level != auth_level) { >- continue; >+ >+ if (a->auth_type != auth_type) { >+ auth_invalid = true; > } >- if (a->auth_context_id != auth_context_id) { >- continue; >+ if (a->auth_level != auth_level) { >+ auth_invalid = true; >+ } >+ >+ if (check_type_level && auth_invalid) { >+ a->auth_invalid = true; > } > > DLIST_PROMOTE(dce_conn->auth_states, a); >@@ -2061,6 +2075,7 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, > /* > * This can never be valid. > */ >+ auth_invalid = true; > a->auth_invalid = true; > } > call->auth_state = a; >@@ -2129,6 +2144,18 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, > } > /* only one request is possible in the fragmented list */ > if (dce_conn->incoming_fragmented_call_list != NULL) { >+ call->fault_code = DCERPC_NCA_S_PROTO_ERROR; >+ >+ existing = dcesrv_find_fragmented_call(dce_conn, >+ call->pkt.call_id); >+ if (existing != NULL && call->auth_state != existing->auth_state) { >+ call->context = dcesrv_find_context(call->conn, >+ call->pkt.u.request.context_id); >+ >+ if (call->pkt.auth_length != 0 && existing->context == call->context) { >+ call->fault_code = DCERPC_FAULT_SEC_PKG_ERROR; >+ } >+ } > if (!(dce_conn->state_flags & DCESRV_CALL_STATE_FLAG_MULTIPLEXED)) { > /* > * Without DCERPC_PFC_FLAG_CONC_MPX >@@ -2138,11 +2165,14 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, > * This is important to get the > * call_id and context_id right. > */ >+ dce_conn->incoming_fragmented_call_list->fault_code = call->fault_code; > TALLOC_FREE(call); > call = dce_conn->incoming_fragmented_call_list; > } >- return dcesrv_fault_disconnect0(call, >- DCERPC_NCA_S_PROTO_ERROR); >+ if (existing != NULL) { >+ call->context = existing->context; >+ } >+ return dcesrv_fault_disconnect0(call, call->fault_code); > } > if (call->pkt.pfc_flags & DCERPC_PFC_FLAG_PENDING_CANCEL) { > return dcesrv_fault_disconnect(call, >@@ -2155,17 +2185,43 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, > DCERPC_PFC_FLAG_DID_NOT_EXECUTE); > } > } else { >- const struct dcerpc_request *nr = &call->pkt.u.request; >- const struct dcerpc_request *er = NULL; > int cmp; > > existing = dcesrv_find_fragmented_call(dce_conn, > call->pkt.call_id); > if (existing == NULL) { >+ if (!(dce_conn->state_flags & DCESRV_CALL_STATE_FLAG_MULTIPLEXED)) { >+ /* >+ * Without DCERPC_PFC_FLAG_CONC_MPX >+ * we need to return the FAULT on the >+ * already existing call. >+ * >+ * This is important to get the >+ * call_id and context_id right. >+ */ >+ if (dce_conn->incoming_fragmented_call_list != NULL) { >+ TALLOC_FREE(call); >+ call = dce_conn->incoming_fragmented_call_list; >+ } >+ return dcesrv_fault_disconnect0(call, >+ DCERPC_NCA_S_PROTO_ERROR); >+ } >+ if (dce_conn->incoming_fragmented_call_list != NULL) { >+ return dcesrv_fault_disconnect0(call, DCERPC_NCA_S_PROTO_ERROR); >+ } >+ call->context = dcesrv_find_context(call->conn, >+ call->pkt.u.request.context_id); >+ if (call->context == NULL) { >+ return dcesrv_fault_with_flags(call, DCERPC_NCA_S_UNKNOWN_IF, >+ DCERPC_PFC_FLAG_DID_NOT_EXECUTE); >+ } >+ if (auth_invalid) { >+ return dcesrv_fault_disconnect0(call, >+ DCERPC_FAULT_ACCESS_DENIED); >+ } > return dcesrv_fault_disconnect0(call, > DCERPC_NCA_S_PROTO_ERROR); > } >- er = &existing->pkt.u.request; > > if (call->pkt.ptype != existing->pkt.ptype) { > /* trying to play silly buggers are we? */ >@@ -2178,14 +2234,8 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, > return dcesrv_fault_disconnect(existing, > DCERPC_NCA_S_PROTO_ERROR); > } >- if (nr->context_id != er->context_id) { >- return dcesrv_fault_disconnect(existing, >- DCERPC_NCA_S_PROTO_ERROR); >- } >- if (nr->opnum != er->opnum) { >- return dcesrv_fault_disconnect(existing, >- DCERPC_NCA_S_PROTO_ERROR); >- } >+ call->auth_state = existing->auth_state; >+ call->context = existing->context; > } > } > >diff --git a/selftest/knownfail.d/dcerpc-auth-fraq b/selftest/knownfail.d/dcerpc-auth-fraq >deleted file mode 100644 >index f3c62b65e9e..00000000000 >--- a/selftest/knownfail.d/dcerpc-auth-fraq >+++ /dev/null >@@ -1,20 +0,0 @@ >-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_all_111 >-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_alone >-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_all_111 >-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_context_111 >-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_level_111 >-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_type_111 >-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_firstSame111 >-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_firstSameNone >-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_firstSameNone111 >-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_lastSameNone >-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_lastSameNone111 >-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_firstSame2 >-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNext111 >-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNext2 >-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNextNone >-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNextNone111 >-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSame111 >-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSame2 >-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSameNone >-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSameNone111 >diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c >index 4847e8a0200..baf6df6e498 100644 >--- a/source4/librpc/rpc/dcerpc.c >+++ b/source4/librpc/rpc/dcerpc.c >@@ -726,6 +726,7 @@ static NTSTATUS ncacn_pull_pkt_auth(struct dcecli_connection *c, > > status = dcerpc_ncacn_pull_pkt_auth(&tmp_auth, > c->security_state.generic_state, >+ true, /* check_pkt_auth_fields */ > mem_ctx, > ptype, > required_flags, >-- >2.25.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
metze
:
review+
scabrero
:
review+
abartlet
:
ci-passed+
Actions:
View
Attachments on
bug 14875
: 16887 |
16888
|
16889
|
16901
|
16913
|
16915
|
16919
|
16920
|
16923
|
16928
|
16929
|
16960
|
16962
|
16968
|
16974