From b89e011585099007c7403622b6342f293a0b6502 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 2 Apr 2021 12:20:38 +0200 Subject: [PATCH 1/9] CVE-2021-23192 rpc: Give dcerpc_util.c its own header Signed-off-by: Volker Lendecke Reviewed-by: Jeremy Allison BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875 (cherry picked from commit 8945d99758d8bedd374f1c51304b87a6cf10498c) --- librpc/rpc/dcerpc_util.c | 1 + librpc/rpc/dcerpc_util.h | 103 ++++++++++++++++++++ librpc/rpc/dcesrv_auth.c | 1 + librpc/rpc/dcesrv_core.c | 1 + librpc/rpc/dcesrv_reply.c | 1 + librpc/rpc/rpc_common.h | 74 -------------- source3/librpc/rpc/dcerpc_helpers.c | 1 + source3/rpc_client/cli_pipe.c | 1 + source3/rpc_client/rpc_transport_np.c | 1 + source3/rpc_server/rpc_ncacn_np.c | 1 + source4/librpc/rpc/dcerpc.c | 1 + source4/librpc/rpc/dcerpc_roh_channel_out.c | 1 + 12 files changed, 113 insertions(+), 74 deletions(-) create mode 100644 librpc/rpc/dcerpc_util.h diff --git a/librpc/rpc/dcerpc_util.c b/librpc/rpc/dcerpc_util.c index 3d622b2be499..6a160e120232 100644 --- a/librpc/rpc/dcerpc_util.c +++ b/librpc/rpc/dcerpc_util.c @@ -25,6 +25,7 @@ #include "lib/tsocket/tsocket.h" #include "lib/util/tevent_ntstatus.h" #include "librpc/rpc/dcerpc.h" +#include "librpc/rpc/dcerpc_util.h" #include "librpc/gen_ndr/ndr_dcerpc.h" #include "rpc_common.h" #include "lib/util/bitmap.h" diff --git a/librpc/rpc/dcerpc_util.h b/librpc/rpc/dcerpc_util.h new file mode 100644 index 000000000000..0ecaf428c3c9 --- /dev/null +++ b/librpc/rpc/dcerpc_util.h @@ -0,0 +1,103 @@ +/* + Unix SMB/CIFS implementation. + + Copyright (C) Stefan Metzmacher 2010-2011 + Copyright (C) Andrew Tridgell 2010-2011 + Copyright (C) Simo Sorce 2010 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#ifndef __LIBRPC_RPC_DCERPC_UTIL_H__ +#define __LIBRPC_RPC_DCERPC_UTIL_H__ + +#include "replace.h" +#include +#include "lib/util/data_blob.h" +#include "librpc/rpc/rpc_common.h" +#include "librpc/gen_ndr/dcerpc.h" + +void dcerpc_set_frag_length(DATA_BLOB *blob, uint16_t v); +uint16_t dcerpc_get_frag_length(const DATA_BLOB *blob); +void dcerpc_set_auth_length(DATA_BLOB *blob, uint16_t v); +uint16_t dcerpc_get_auth_length(const DATA_BLOB *blob); +uint8_t dcerpc_get_endian_flag(DATA_BLOB *blob); +uint8_t dcerpc_get_auth_type(const DATA_BLOB *blob); +uint8_t dcerpc_get_auth_level(const DATA_BLOB *blob); +uint32_t dcerpc_get_auth_context_id(const DATA_BLOB *blob); +const char *dcerpc_default_transport_endpoint(TALLOC_CTX *mem_ctx, + enum dcerpc_transport_t transport, + const struct ndr_interface_table *table); + +NTSTATUS dcerpc_pull_ncacn_packet(TALLOC_CTX *mem_ctx, + const DATA_BLOB *blob, + struct ncacn_packet *r); + +/** +* @brief Pull a dcerpc_auth structure, taking account of any auth +* padding in the blob. For request/response packets we pass +* the whole data blob, so auth_data_only must be set to false +* as the blob contains data+pad+auth and no just pad+auth. +* +* @param pkt - The ncacn_packet strcuture +* @param mem_ctx - The mem_ctx used to allocate dcerpc_auth elements +* @param pkt_trailer - The packet trailer data, usually the trailing +* auth_info blob, but in the request/response case +* this is the stub_and_verifier blob. +* @param auth - A preallocated dcerpc_auth *empty* structure +* @param auth_length - The length of the auth trail, sum of auth header +* lenght and pkt->auth_length +* @param auth_data_only - Whether the pkt_trailer includes only the auth_blob +* (+ padding) or also other data. +* +* @return - A NTSTATUS error code. +*/ +NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet *pkt, + TALLOC_CTX *mem_ctx, + const DATA_BLOB *pkt_trailer, + struct dcerpc_auth *auth, + uint32_t *auth_length, + bool auth_data_only); +NTSTATUS dcerpc_verify_ncacn_packet_header(const struct ncacn_packet *pkt, + enum dcerpc_pkt_type ptype, + size_t max_auth_info, + uint8_t required_flags, + uint8_t optional_flags); +NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state, + struct gensec_security *gensec, + TALLOC_CTX *mem_ctx, + enum dcerpc_pkt_type ptype, + uint8_t required_flags, + uint8_t optional_flags, + uint8_t payload_offset, + DATA_BLOB *payload_and_verifier, + DATA_BLOB *raw_packet, + const struct ncacn_packet *pkt); +NTSTATUS dcerpc_ncacn_push_pkt_auth(const struct dcerpc_auth *auth_state, + struct gensec_security *gensec, + TALLOC_CTX *mem_ctx, + DATA_BLOB *raw_packet, + size_t sig_size, + uint8_t payload_offset, + const DATA_BLOB *payload, + const struct ncacn_packet *pkt); +struct tevent_req *dcerpc_read_ncacn_packet_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct tstream_context *stream); +NTSTATUS dcerpc_read_ncacn_packet_recv(struct tevent_req *req, + TALLOC_CTX *mem_ctx, + struct ncacn_packet **pkt, + DATA_BLOB *buffer); + +#endif diff --git a/librpc/rpc/dcesrv_auth.c b/librpc/rpc/dcesrv_auth.c index 8ac90f2a2bd9..f7919ebf5755 100644 --- a/librpc/rpc/dcesrv_auth.c +++ b/librpc/rpc/dcesrv_auth.c @@ -23,6 +23,7 @@ #include "includes.h" #include "librpc/rpc/dcesrv_core.h" #include "librpc/rpc/dcesrv_core_proto.h" +#include "librpc/rpc/dcerpc_util.h" #include "librpc/gen_ndr/ndr_dcerpc.h" #include "auth/credentials/credentials.h" #include "auth/gensec/gensec.h" diff --git a/librpc/rpc/dcesrv_core.c b/librpc/rpc/dcesrv_core.c index 88838121f2fb..ad7b02194ec8 100644 --- a/librpc/rpc/dcesrv_core.c +++ b/librpc/rpc/dcesrv_core.c @@ -24,6 +24,7 @@ #include "includes.h" #include "librpc/rpc/dcesrv_core.h" #include "librpc/rpc/dcesrv_core_proto.h" +#include "librpc/rpc/dcerpc_util.h" #include "librpc/gen_ndr/auth.h" #include "auth/gensec/gensec.h" #include "lib/util/dlinklist.h" diff --git a/librpc/rpc/dcesrv_reply.c b/librpc/rpc/dcesrv_reply.c index 96bd98f53e10..5b4429956e75 100644 --- a/librpc/rpc/dcesrv_reply.c +++ b/librpc/rpc/dcesrv_reply.c @@ -23,6 +23,7 @@ #include "includes.h" #include "librpc/rpc/dcesrv_core.h" #include "librpc/rpc/dcesrv_core_proto.h" +#include "librpc/rpc/dcerpc_util.h" #include "auth/gensec/gensec.h" #include "lib/util/dlinklist.h" #include "param/param.h" diff --git a/librpc/rpc/rpc_common.h b/librpc/rpc/rpc_common.h index a606a29ed317..785cd985cfb2 100644 --- a/librpc/rpc/rpc_common.h +++ b/librpc/rpc/rpc_common.h @@ -163,80 +163,6 @@ const char *derpc_transport_string_by_transport(enum dcerpc_transport_t t); enum dcerpc_transport_t dcerpc_transport_by_name(const char *name); enum dcerpc_transport_t dcerpc_transport_by_tower(const struct epm_tower *tower); -/* The following definitions come from ../librpc/rpc/dcerpc_util.c */ - -void dcerpc_set_frag_length(DATA_BLOB *blob, uint16_t v); -uint16_t dcerpc_get_frag_length(const DATA_BLOB *blob); -void dcerpc_set_auth_length(DATA_BLOB *blob, uint16_t v); -uint16_t dcerpc_get_auth_length(const DATA_BLOB *blob); -uint8_t dcerpc_get_endian_flag(DATA_BLOB *blob); -uint8_t dcerpc_get_auth_type(const DATA_BLOB *blob); -uint8_t dcerpc_get_auth_level(const DATA_BLOB *blob); -uint32_t dcerpc_get_auth_context_id(const DATA_BLOB *blob); -const char *dcerpc_default_transport_endpoint(TALLOC_CTX *mem_ctx, - enum dcerpc_transport_t transport, - const struct ndr_interface_table *table); - -NTSTATUS dcerpc_pull_ncacn_packet(TALLOC_CTX *mem_ctx, - const DATA_BLOB *blob, - struct ncacn_packet *r); - -/** -* @brief Pull a dcerpc_auth structure, taking account of any auth -* padding in the blob. For request/response packets we pass -* the whole data blob, so auth_data_only must be set to false -* as the blob contains data+pad+auth and no just pad+auth. -* -* @param pkt - The ncacn_packet strcuture -* @param mem_ctx - The mem_ctx used to allocate dcerpc_auth elements -* @param pkt_trailer - The packet trailer data, usually the trailing -* auth_info blob, but in the request/response case -* this is the stub_and_verifier blob. -* @param auth - A preallocated dcerpc_auth *empty* structure -* @param auth_length - The length of the auth trail, sum of auth header -* lenght and pkt->auth_length -* @param auth_data_only - Whether the pkt_trailer includes only the auth_blob -* (+ padding) or also other data. -* -* @return - A NTSTATUS error code. -*/ -NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet *pkt, - TALLOC_CTX *mem_ctx, - const DATA_BLOB *pkt_trailer, - struct dcerpc_auth *auth, - uint32_t *auth_length, - bool auth_data_only); -NTSTATUS dcerpc_verify_ncacn_packet_header(const struct ncacn_packet *pkt, - enum dcerpc_pkt_type ptype, - size_t max_auth_info, - uint8_t required_flags, - uint8_t optional_flags); -NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state, - struct gensec_security *gensec, - TALLOC_CTX *mem_ctx, - enum dcerpc_pkt_type ptype, - uint8_t required_flags, - uint8_t optional_flags, - uint8_t payload_offset, - DATA_BLOB *payload_and_verifier, - DATA_BLOB *raw_packet, - const struct ncacn_packet *pkt); -NTSTATUS dcerpc_ncacn_push_pkt_auth(const struct dcerpc_auth *auth_state, - struct gensec_security *gensec, - TALLOC_CTX *mem_ctx, - DATA_BLOB *raw_packet, - size_t sig_size, - uint8_t payload_offset, - const DATA_BLOB *payload, - const struct ncacn_packet *pkt); -struct tevent_req *dcerpc_read_ncacn_packet_send(TALLOC_CTX *mem_ctx, - struct tevent_context *ev, - struct tstream_context *stream); -NTSTATUS dcerpc_read_ncacn_packet_recv(struct tevent_req *req, - TALLOC_CTX *mem_ctx, - struct ncacn_packet **pkt, - DATA_BLOB *buffer); - /* The following definitions come from ../librpc/rpc/binding_handle.c */ struct dcerpc_binding_handle_ops { diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c index 1f67987561cd..c609efd5b077 100644 --- a/source3/librpc/rpc/dcerpc_helpers.c +++ b/source3/librpc/rpc/dcerpc_helpers.c @@ -20,6 +20,7 @@ #include "includes.h" #include "librpc/rpc/dcerpc.h" +#include "librpc/rpc/dcerpc_util.h" #include "librpc/gen_ndr/ndr_dcerpc.h" #include "librpc/crypto/gse.h" #include "auth/gensec/gensec.h" diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index 8227ef0b0bd1..408c0063baff 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -30,6 +30,7 @@ #include "librpc/gen_ndr/ndr_dcerpc.h" #include "librpc/gen_ndr/ndr_netlogon_c.h" #include "librpc/rpc/dcerpc.h" +#include "librpc/rpc/dcerpc_util.h" #include "rpc_dce.h" #include "cli_pipe.h" #include "libsmb/libsmb.h" diff --git a/source3/rpc_client/rpc_transport_np.c b/source3/rpc_client/rpc_transport_np.c index 9dc5c5634fc0..b24023661ffd 100644 --- a/source3/rpc_client/rpc_transport_np.c +++ b/source3/rpc_client/rpc_transport_np.c @@ -19,6 +19,7 @@ #include "includes.h" #include "../lib/util/tevent_ntstatus.h" +#include "librpc/rpc/dcerpc_util.h" #include "rpc_client/rpc_transport.h" #include "librpc/ndr/ndr_table.h" #include "libcli/smb/smbXcli_base.h" diff --git a/source3/rpc_server/rpc_ncacn_np.c b/source3/rpc_server/rpc_ncacn_np.c index 11f8a9b06023..cf50b1b481f8 100644 --- a/source3/rpc_server/rpc_ncacn_np.c +++ b/source3/rpc_server/rpc_ncacn_np.c @@ -37,6 +37,7 @@ #include "rpc_server/rpc_config.h" #include "librpc/ndr/ndr_table.h" #include "rpc_server/rpc_server.h" +#include "librpc/rpc/dcerpc_util.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_RPC_SRV diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c index 87a99a8df89e..f97263dcc5b0 100644 --- a/source4/librpc/rpc/dcerpc.c +++ b/source4/librpc/rpc/dcerpc.c @@ -26,6 +26,7 @@ #include "lib/events/events.h" #include "librpc/rpc/dcerpc.h" #include "librpc/rpc/dcerpc_proto.h" +#include "librpc/rpc/dcerpc_util.h" #include "librpc/gen_ndr/ndr_misc.h" #include "librpc/gen_ndr/ndr_dcerpc.h" #include "auth/gensec/gensec.h" diff --git a/source4/librpc/rpc/dcerpc_roh_channel_out.c b/source4/librpc/rpc/dcerpc_roh_channel_out.c index e431689d4198..2abafb0bab5f 100644 --- a/source4/librpc/rpc/dcerpc_roh_channel_out.c +++ b/source4/librpc/rpc/dcerpc_roh_channel_out.c @@ -37,6 +37,7 @@ #include "librpc/rpc/dcerpc.h" #include "librpc/rpc/dcerpc_roh.h" #include "librpc/rpc/dcerpc_proto.h" +#include "librpc/rpc/dcerpc_util.h" #include "libcli/http/http.h" struct roh_request_state { -- 2.25.1 From d41ef53990758bfd1435a35f0bb0fe493c7d2280 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 2 Apr 2021 13:41:21 +0200 Subject: [PATCH 2/9] CVE-2021-23192 librpc: Remove the gensec dependency from library dcerpc-binding This means yet another library, but having to depend on gensec just for dcerpc_parse_binding() and basic packet parsing seems like a bit overkill to me. Signed-off-by: Volker Lendecke Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Tue Apr 6 23:33:14 UTC 2021 on sn-devel-184 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875 (cherry picked from commit 4d3b6506d30e4bf302f832493dad00a83b73d370) --- libcli/auth/wscript_build | 10 +- librpc/rpc/dcerpc_pkt_auth.c | 497 +++++++++++++++++++++++++++++++++++ librpc/rpc/dcerpc_pkt_auth.h | 58 ++++ librpc/rpc/dcerpc_util.c | 464 -------------------------------- librpc/rpc/dcerpc_util.h | 18 -- librpc/rpc/dcesrv_auth.c | 1 + librpc/wscript_build | 25 +- source3/wscript_build | 8 +- source4/librpc/rpc/dcerpc.c | 1 + source4/librpc/wscript_build | 21 +- 10 files changed, 613 insertions(+), 490 deletions(-) create mode 100644 librpc/rpc/dcerpc_pkt_auth.c create mode 100644 librpc/rpc/dcerpc_pkt_auth.h diff --git a/libcli/auth/wscript_build b/libcli/auth/wscript_build index 2a6a7468e457..24ab68fac1e3 100644 --- a/libcli/auth/wscript_build +++ b/libcli/auth/wscript_build @@ -30,7 +30,15 @@ bld.SAMBA_SUBSYSTEM('COMMON_SCHANNEL', bld.SAMBA_SUBSYSTEM('NETLOGON_CREDS_CLI', source='netlogon_creds_cli.c', - deps='dbwrap util_tdb tevent-util samba-hostconfig RPC_NDR_NETLOGON NDR_NETLOGON' + deps=''' + dbwrap + util_tdb + tevent-util + samba-hostconfig + gensec + RPC_NDR_NETLOGON + NDR_NETLOGON + ''' ) bld.SAMBA_SUBSYSTEM('PAM_ERRORS', diff --git a/librpc/rpc/dcerpc_pkt_auth.c b/librpc/rpc/dcerpc_pkt_auth.c new file mode 100644 index 000000000000..322d7497893c --- /dev/null +++ b/librpc/rpc/dcerpc_pkt_auth.c @@ -0,0 +1,497 @@ +/* + Unix SMB/CIFS implementation. + raw dcerpc operations + + Copyright (C) Andrew Tridgell 2003-2005 + Copyright (C) Jelmer Vernooij 2004-2005 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "replace.h" +#include "system/network.h" +#include +#include "lib/util/talloc_stack.h" +#include "lib/util/debug.h" +#include "lib/util/byteorder.h" +#include "lib/util/samba_util.h" +#include "librpc/rpc/dcerpc.h" +#include "librpc/rpc/dcerpc_util.h" +#include "librpc/rpc/dcerpc_pkt_auth.h" +#include "librpc/gen_ndr/ndr_dcerpc.h" +#include "rpc_common.h" +#include "lib/util/bitmap.h" +#include "auth/gensec/gensec.h" +#include "lib/util/mkdir_p.h" +#include "lib/crypto/gnutls_helpers.h" +#include + +NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state, + struct gensec_security *gensec, + TALLOC_CTX *mem_ctx, + enum dcerpc_pkt_type ptype, + uint8_t required_flags, + uint8_t optional_flags, + uint8_t payload_offset, + DATA_BLOB *payload_and_verifier, + DATA_BLOB *raw_packet, + const struct ncacn_packet *pkt) +{ + NTSTATUS status; + struct dcerpc_auth auth; + uint32_t auth_length; + + if (auth_state == NULL) { + return NT_STATUS_INTERNAL_ERROR; + } + + status = dcerpc_verify_ncacn_packet_header(pkt, ptype, + payload_and_verifier->length, + required_flags, optional_flags); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + switch (auth_state->auth_level) { + case DCERPC_AUTH_LEVEL_PRIVACY: + case DCERPC_AUTH_LEVEL_INTEGRITY: + case DCERPC_AUTH_LEVEL_PACKET: + break; + + case DCERPC_AUTH_LEVEL_CONNECT: + if (pkt->auth_length != 0) { + break; + } + return NT_STATUS_OK; + case DCERPC_AUTH_LEVEL_NONE: + if (pkt->auth_length != 0) { + return NT_STATUS_ACCESS_DENIED; + } + return NT_STATUS_OK; + + default: + return NT_STATUS_RPC_UNSUPPORTED_AUTHN_LEVEL; + } + + if (pkt->auth_length == 0) { + return NT_STATUS_RPC_PROTOCOL_ERROR; + } + + if (gensec == NULL) { + return NT_STATUS_INTERNAL_ERROR; + } + + status = dcerpc_pull_auth_trailer(pkt, mem_ctx, + payload_and_verifier, + &auth, &auth_length, false); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + if (payload_and_verifier->length < auth_length) { + /* + * should be checked in dcerpc_pull_auth_trailer() + */ + return NT_STATUS_INTERNAL_ERROR; + } + + payload_and_verifier->length -= auth_length; + + if (payload_and_verifier->length < auth.auth_pad_length) { + /* + * should be checked in dcerpc_pull_auth_trailer() + */ + return NT_STATUS_INTERNAL_ERROR; + } + + if (auth.auth_type != auth_state->auth_type) { + return NT_STATUS_ACCESS_DENIED; + } + + if (auth.auth_level != auth_state->auth_level) { + return NT_STATUS_ACCESS_DENIED; + } + + if (auth.auth_context_id != auth_state->auth_context_id) { + return NT_STATUS_ACCESS_DENIED; + } + + /* check signature or unseal the packet */ + switch (auth_state->auth_level) { + case DCERPC_AUTH_LEVEL_PRIVACY: + status = gensec_unseal_packet(gensec, + raw_packet->data + payload_offset, + payload_and_verifier->length, + raw_packet->data, + raw_packet->length - + auth.credentials.length, + &auth.credentials); + if (!NT_STATUS_IS_OK(status)) { + return NT_STATUS_RPC_SEC_PKG_ERROR; + } + memcpy(payload_and_verifier->data, + raw_packet->data + payload_offset, + payload_and_verifier->length); + break; + + case DCERPC_AUTH_LEVEL_INTEGRITY: + case DCERPC_AUTH_LEVEL_PACKET: + status = gensec_check_packet(gensec, + payload_and_verifier->data, + payload_and_verifier->length, + raw_packet->data, + raw_packet->length - + auth.credentials.length, + &auth.credentials); + if (!NT_STATUS_IS_OK(status)) { + return NT_STATUS_RPC_SEC_PKG_ERROR; + } + break; + + case DCERPC_AUTH_LEVEL_CONNECT: + /* for now we ignore possible signatures here */ + break; + + default: + return NT_STATUS_RPC_UNSUPPORTED_AUTHN_LEVEL; + } + + /* + * remove the indicated amount of padding + * + * A possible overflow is checked above. + */ + payload_and_verifier->length -= auth.auth_pad_length; + + return NT_STATUS_OK; +} + +NTSTATUS dcerpc_ncacn_push_pkt_auth(const struct dcerpc_auth *auth_state, + struct gensec_security *gensec, + TALLOC_CTX *mem_ctx, + DATA_BLOB *raw_packet, + size_t sig_size, + uint8_t payload_offset, + const DATA_BLOB *payload, + const struct ncacn_packet *pkt) +{ + TALLOC_CTX *frame = talloc_stackframe(); + NTSTATUS status; + enum ndr_err_code ndr_err; + struct ndr_push *ndr = NULL; + uint32_t payload_length; + uint32_t whole_length; + DATA_BLOB blob = data_blob_null; + DATA_BLOB sig = data_blob_null; + struct dcerpc_auth _out_auth_info; + struct dcerpc_auth *out_auth_info = NULL; + + *raw_packet = data_blob_null; + + if (auth_state == NULL) { + TALLOC_FREE(frame); + return NT_STATUS_INTERNAL_ERROR; + } + + switch (auth_state->auth_level) { + case DCERPC_AUTH_LEVEL_PRIVACY: + case DCERPC_AUTH_LEVEL_INTEGRITY: + case DCERPC_AUTH_LEVEL_PACKET: + if (sig_size == 0) { + TALLOC_FREE(frame); + return NT_STATUS_INTERNAL_ERROR; + } + + if (gensec == NULL) { + TALLOC_FREE(frame); + return NT_STATUS_INTERNAL_ERROR; + } + + _out_auth_info = (struct dcerpc_auth) { + .auth_type = auth_state->auth_type, + .auth_level = auth_state->auth_level, + .auth_context_id = auth_state->auth_context_id, + }; + out_auth_info = &_out_auth_info; + break; + + case DCERPC_AUTH_LEVEL_CONNECT: + /* + * TODO: let the gensec mech decide if it wants to generate a + * signature that might be needed for schannel... + */ + if (sig_size != 0) { + TALLOC_FREE(frame); + return NT_STATUS_INTERNAL_ERROR; + } + + if (gensec == NULL) { + TALLOC_FREE(frame); + return NT_STATUS_INTERNAL_ERROR; + } + break; + + case DCERPC_AUTH_LEVEL_NONE: + if (sig_size != 0) { + TALLOC_FREE(frame); + return NT_STATUS_INTERNAL_ERROR; + } + break; + + default: + TALLOC_FREE(frame); + return NT_STATUS_INTERNAL_ERROR; + } + + ndr = ndr_push_init_ctx(frame); + if (ndr == NULL) { + TALLOC_FREE(frame); + return NT_STATUS_NO_MEMORY; + } + + ndr_err = ndr_push_ncacn_packet(ndr, NDR_SCALARS|NDR_BUFFERS, pkt); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + TALLOC_FREE(frame); + return ndr_map_error2ntstatus(ndr_err); + } + + if (out_auth_info != NULL) { + /* + * pad to 16 byte multiple in the payload portion of the + * packet. This matches what w2k3 does. Note that we can't use + * ndr_push_align() as that is relative to the start of the + * whole packet, whereas w2k8 wants it relative to the start + * of the stub. + */ + out_auth_info->auth_pad_length = + DCERPC_AUTH_PAD_LENGTH(payload->length); + ndr_err = ndr_push_zero(ndr, out_auth_info->auth_pad_length); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + TALLOC_FREE(frame); + return ndr_map_error2ntstatus(ndr_err); + } + + payload_length = payload->length + + out_auth_info->auth_pad_length; + + ndr_err = ndr_push_dcerpc_auth(ndr, NDR_SCALARS|NDR_BUFFERS, + out_auth_info); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + TALLOC_FREE(frame); + return ndr_map_error2ntstatus(ndr_err); + } + + whole_length = ndr->offset; + + ndr_err = ndr_push_zero(ndr, sig_size); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + TALLOC_FREE(frame); + return ndr_map_error2ntstatus(ndr_err); + } + } else { + payload_length = payload->length; + whole_length = ndr->offset; + } + + /* extract the whole packet as a blob */ + blob = ndr_push_blob(ndr); + + /* + * Setup the frag and auth length in the packet buffer. + * This is needed if the GENSEC mech does AEAD signing + * of the packet headers. The signature itself will be + * appended later. + */ + dcerpc_set_frag_length(&blob, blob.length); + dcerpc_set_auth_length(&blob, sig_size); + + /* sign or seal the packet */ + switch (auth_state->auth_level) { + case DCERPC_AUTH_LEVEL_PRIVACY: + status = gensec_seal_packet(gensec, + frame, + blob.data + payload_offset, + payload_length, + blob.data, + whole_length, + &sig); + if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(frame); + return status; + } + break; + + case DCERPC_AUTH_LEVEL_INTEGRITY: + case DCERPC_AUTH_LEVEL_PACKET: + status = gensec_sign_packet(gensec, + frame, + blob.data + payload_offset, + payload_length, + blob.data, + whole_length, + &sig); + if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(frame); + return status; + } + break; + + case DCERPC_AUTH_LEVEL_CONNECT: + case DCERPC_AUTH_LEVEL_NONE: + break; + + default: + TALLOC_FREE(frame); + return NT_STATUS_INTERNAL_ERROR; + } + + if (sig.length != sig_size) { + TALLOC_FREE(frame); + return NT_STATUS_RPC_SEC_PKG_ERROR; + } + + if (sig_size != 0) { + memcpy(blob.data + whole_length, sig.data, sig_size); + } + + *raw_packet = blob; + talloc_steal(mem_ctx, raw_packet->data); + TALLOC_FREE(frame); + return NT_STATUS_OK; +} + +#ifdef DEVELOPER + +/* + * Save valid, well-formed DCE/RPC stubs to use as a seed for + * ndr_fuzz_X + */ +void dcerpc_save_ndr_fuzz_seed(TALLOC_CTX *mem_ctx, + DATA_BLOB raw_blob, + const char *dump_dir, + const char *iface_name, + int flags, + int opnum, + bool ndr64) +{ + char *fname = NULL; + const char *sub_dir = NULL; + TALLOC_CTX *temp_ctx = talloc_new(mem_ctx); + DATA_BLOB blob; + int ret, rc; + uint8_t digest[20]; + DATA_BLOB digest_blob; + char *digest_hex; + uint16_t fuzz_flags = 0; + + /* + * We want to save the 'stub' in a per-pipe subdirectory, with + * the ndr_fuzz_X header 4 byte header. For the sake of + * convenience (this is a developer only function), we mkdir + * -p the sub-directories when they are needed. + */ + + if (dump_dir == NULL) { + return; + } + + temp_ctx = talloc_stackframe(); + + sub_dir = talloc_asprintf(temp_ctx, "%s/%s", + dump_dir, + iface_name); + if (sub_dir == NULL) { + talloc_free(temp_ctx); + return; + } + ret = mkdir_p(sub_dir, 0755); + if (ret && errno != EEXIST) { + DBG_ERR("could not create %s\n", sub_dir); + talloc_free(temp_ctx); + return; + } + + blob.length = raw_blob.length + 4; + blob.data = talloc_array(sub_dir, + uint8_t, + blob.length); + if (blob.data == NULL) { + DBG_ERR("could not allocate for fuzz seeds! (%s)\n", + iface_name); + talloc_free(temp_ctx); + return; + } + + if (ndr64) { + fuzz_flags = 4; + } + if (flags & NDR_IN) { + fuzz_flags |= 1; + } else if (flags & NDR_OUT) { + fuzz_flags |= 2; + } + + SSVAL(blob.data, 0, fuzz_flags); + SSVAL(blob.data, 2, opnum); + + memcpy(&blob.data[4], + raw_blob.data, + raw_blob.length); + + /* + * This matches how oss-fuzz names the corpus input files, due + * to a preference from libFuzzer + */ + rc = gnutls_hash_fast(GNUTLS_DIG_SHA1, + blob.data, + blob.length, + digest); + if (rc < 0) { + /* + * This prints a better error message, eg if SHA1 is + * disabled + */ + NTSTATUS status = gnutls_error_to_ntstatus(rc, + NT_STATUS_HASH_NOT_SUPPORTED); + DBG_ERR("Failed to generate SHA1 to save fuzz seed: %s", + nt_errstr(status)); + talloc_free(temp_ctx); + return; + } + + digest_blob.data = digest; + digest_blob.length = sizeof(digest); + digest_hex = data_blob_hex_string_lower(temp_ctx, &digest_blob); + + fname = talloc_asprintf(temp_ctx, "%s/%s", + sub_dir, + digest_hex); + if (fname == NULL) { + talloc_free(temp_ctx); + return; + } + + /* + * If this fails, it is most likely because that file already + * exists. This is fine, it means we already have this + * sample + */ + file_save(fname, + blob.data, + blob.length); + + talloc_free(temp_ctx); +} + +#endif /*if DEVELOPER, enveloping _dcesrv_save_ndr_fuzz_seed() */ diff --git a/librpc/rpc/dcerpc_pkt_auth.h b/librpc/rpc/dcerpc_pkt_auth.h new file mode 100644 index 000000000000..c0d23b91c057 --- /dev/null +++ b/librpc/rpc/dcerpc_pkt_auth.h @@ -0,0 +1,58 @@ +/* + Unix SMB/CIFS implementation. + + Copyright (C) Stefan Metzmacher 2010-2011 + Copyright (C) Andrew Tridgell 2010-2011 + Copyright (C) Simo Sorce 2010 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#ifndef __LIBRPC_RPC_DCERPC_PKT_AUTH_H__ +#define __LIBRPC_RPC_DCERPC_PKT_AUTH_H__ + +#include "replace.h" +#include +#include "lib/util/data_blob.h" +#include "libcli/util/ntstatus.h" +#include "librpc/rpc/rpc_common.h" +#include "librpc/gen_ndr/dcerpc.h" + +NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state, + struct gensec_security *gensec, + TALLOC_CTX *mem_ctx, + enum dcerpc_pkt_type ptype, + uint8_t required_flags, + uint8_t optional_flags, + uint8_t payload_offset, + DATA_BLOB *payload_and_verifier, + DATA_BLOB *raw_packet, + const struct ncacn_packet *pkt); +NTSTATUS dcerpc_ncacn_push_pkt_auth(const struct dcerpc_auth *auth_state, + struct gensec_security *gensec, + TALLOC_CTX *mem_ctx, + DATA_BLOB *raw_packet, + size_t sig_size, + uint8_t payload_offset, + const DATA_BLOB *payload, + const struct ncacn_packet *pkt); +struct tevent_req *dcerpc_read_ncacn_packet_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct tstream_context *stream); +NTSTATUS dcerpc_read_ncacn_packet_recv(struct tevent_req *req, + TALLOC_CTX *mem_ctx, + struct ncacn_packet **pkt, + DATA_BLOB *buffer); + +#endif diff --git a/librpc/rpc/dcerpc_util.c b/librpc/rpc/dcerpc_util.c index 6a160e120232..f1b80efde69f 100644 --- a/librpc/rpc/dcerpc_util.c +++ b/librpc/rpc/dcerpc_util.c @@ -29,10 +29,6 @@ #include "librpc/gen_ndr/ndr_dcerpc.h" #include "rpc_common.h" #include "lib/util/bitmap.h" -#include "auth/gensec/gensec.h" -#include "lib/util/mkdir_p.h" -#include "lib/crypto/gnutls_helpers.h" -#include /* we need to be able to get/set the fragment length without doing a full decode */ @@ -484,340 +480,6 @@ NTSTATUS dcerpc_verify_ncacn_packet_header(const struct ncacn_packet *pkt, return NT_STATUS_OK; } -NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state, - struct gensec_security *gensec, - TALLOC_CTX *mem_ctx, - enum dcerpc_pkt_type ptype, - uint8_t required_flags, - uint8_t optional_flags, - uint8_t payload_offset, - DATA_BLOB *payload_and_verifier, - DATA_BLOB *raw_packet, - const struct ncacn_packet *pkt) -{ - NTSTATUS status; - struct dcerpc_auth auth; - uint32_t auth_length; - - if (auth_state == NULL) { - return NT_STATUS_INTERNAL_ERROR; - } - - status = dcerpc_verify_ncacn_packet_header(pkt, ptype, - payload_and_verifier->length, - required_flags, optional_flags); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - - switch (auth_state->auth_level) { - case DCERPC_AUTH_LEVEL_PRIVACY: - case DCERPC_AUTH_LEVEL_INTEGRITY: - case DCERPC_AUTH_LEVEL_PACKET: - break; - - case DCERPC_AUTH_LEVEL_CONNECT: - if (pkt->auth_length != 0) { - break; - } - return NT_STATUS_OK; - case DCERPC_AUTH_LEVEL_NONE: - if (pkt->auth_length != 0) { - return NT_STATUS_ACCESS_DENIED; - } - return NT_STATUS_OK; - - default: - return NT_STATUS_RPC_UNSUPPORTED_AUTHN_LEVEL; - } - - if (pkt->auth_length == 0) { - return NT_STATUS_RPC_PROTOCOL_ERROR; - } - - if (gensec == NULL) { - return NT_STATUS_INTERNAL_ERROR; - } - - status = dcerpc_pull_auth_trailer(pkt, mem_ctx, - payload_and_verifier, - &auth, &auth_length, false); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - - if (payload_and_verifier->length < auth_length) { - /* - * should be checked in dcerpc_pull_auth_trailer() - */ - return NT_STATUS_INTERNAL_ERROR; - } - - payload_and_verifier->length -= auth_length; - - if (payload_and_verifier->length < auth.auth_pad_length) { - /* - * should be checked in dcerpc_pull_auth_trailer() - */ - return NT_STATUS_INTERNAL_ERROR; - } - - if (auth.auth_type != auth_state->auth_type) { - return NT_STATUS_ACCESS_DENIED; - } - - if (auth.auth_level != auth_state->auth_level) { - return NT_STATUS_ACCESS_DENIED; - } - - if (auth.auth_context_id != auth_state->auth_context_id) { - return NT_STATUS_ACCESS_DENIED; - } - - /* check signature or unseal the packet */ - switch (auth_state->auth_level) { - case DCERPC_AUTH_LEVEL_PRIVACY: - status = gensec_unseal_packet(gensec, - raw_packet->data + payload_offset, - payload_and_verifier->length, - raw_packet->data, - raw_packet->length - - auth.credentials.length, - &auth.credentials); - if (!NT_STATUS_IS_OK(status)) { - return NT_STATUS_RPC_SEC_PKG_ERROR; - } - memcpy(payload_and_verifier->data, - raw_packet->data + payload_offset, - payload_and_verifier->length); - break; - - case DCERPC_AUTH_LEVEL_INTEGRITY: - case DCERPC_AUTH_LEVEL_PACKET: - status = gensec_check_packet(gensec, - payload_and_verifier->data, - payload_and_verifier->length, - raw_packet->data, - raw_packet->length - - auth.credentials.length, - &auth.credentials); - if (!NT_STATUS_IS_OK(status)) { - return NT_STATUS_RPC_SEC_PKG_ERROR; - } - break; - - case DCERPC_AUTH_LEVEL_CONNECT: - /* for now we ignore possible signatures here */ - break; - - default: - return NT_STATUS_RPC_UNSUPPORTED_AUTHN_LEVEL; - } - - /* - * remove the indicated amount of padding - * - * A possible overflow is checked above. - */ - payload_and_verifier->length -= auth.auth_pad_length; - - return NT_STATUS_OK; -} - -NTSTATUS dcerpc_ncacn_push_pkt_auth(const struct dcerpc_auth *auth_state, - struct gensec_security *gensec, - TALLOC_CTX *mem_ctx, - DATA_BLOB *raw_packet, - size_t sig_size, - uint8_t payload_offset, - const DATA_BLOB *payload, - const struct ncacn_packet *pkt) -{ - TALLOC_CTX *frame = talloc_stackframe(); - NTSTATUS status; - enum ndr_err_code ndr_err; - struct ndr_push *ndr = NULL; - uint32_t payload_length; - uint32_t whole_length; - DATA_BLOB blob = data_blob_null; - DATA_BLOB sig = data_blob_null; - struct dcerpc_auth _out_auth_info; - struct dcerpc_auth *out_auth_info = NULL; - - *raw_packet = data_blob_null; - - if (auth_state == NULL) { - TALLOC_FREE(frame); - return NT_STATUS_INTERNAL_ERROR; - } - - switch (auth_state->auth_level) { - case DCERPC_AUTH_LEVEL_PRIVACY: - case DCERPC_AUTH_LEVEL_INTEGRITY: - case DCERPC_AUTH_LEVEL_PACKET: - if (sig_size == 0) { - TALLOC_FREE(frame); - return NT_STATUS_INTERNAL_ERROR; - } - - if (gensec == NULL) { - TALLOC_FREE(frame); - return NT_STATUS_INTERNAL_ERROR; - } - - _out_auth_info = (struct dcerpc_auth) { - .auth_type = auth_state->auth_type, - .auth_level = auth_state->auth_level, - .auth_context_id = auth_state->auth_context_id, - }; - out_auth_info = &_out_auth_info; - break; - - case DCERPC_AUTH_LEVEL_CONNECT: - /* - * TODO: let the gensec mech decide if it wants to generate a - * signature that might be needed for schannel... - */ - if (sig_size != 0) { - TALLOC_FREE(frame); - return NT_STATUS_INTERNAL_ERROR; - } - - if (gensec == NULL) { - TALLOC_FREE(frame); - return NT_STATUS_INTERNAL_ERROR; - } - break; - - case DCERPC_AUTH_LEVEL_NONE: - if (sig_size != 0) { - TALLOC_FREE(frame); - return NT_STATUS_INTERNAL_ERROR; - } - break; - - default: - TALLOC_FREE(frame); - return NT_STATUS_INTERNAL_ERROR; - } - - ndr = ndr_push_init_ctx(frame); - if (ndr == NULL) { - TALLOC_FREE(frame); - return NT_STATUS_NO_MEMORY; - } - - ndr_err = ndr_push_ncacn_packet(ndr, NDR_SCALARS|NDR_BUFFERS, pkt); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - TALLOC_FREE(frame); - return ndr_map_error2ntstatus(ndr_err); - } - - if (out_auth_info != NULL) { - /* - * pad to 16 byte multiple in the payload portion of the - * packet. This matches what w2k3 does. Note that we can't use - * ndr_push_align() as that is relative to the start of the - * whole packet, whereas w2k8 wants it relative to the start - * of the stub. - */ - out_auth_info->auth_pad_length = - DCERPC_AUTH_PAD_LENGTH(payload->length); - ndr_err = ndr_push_zero(ndr, out_auth_info->auth_pad_length); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - TALLOC_FREE(frame); - return ndr_map_error2ntstatus(ndr_err); - } - - payload_length = payload->length + - out_auth_info->auth_pad_length; - - ndr_err = ndr_push_dcerpc_auth(ndr, NDR_SCALARS|NDR_BUFFERS, - out_auth_info); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - TALLOC_FREE(frame); - return ndr_map_error2ntstatus(ndr_err); - } - - whole_length = ndr->offset; - - ndr_err = ndr_push_zero(ndr, sig_size); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - TALLOC_FREE(frame); - return ndr_map_error2ntstatus(ndr_err); - } - } else { - payload_length = payload->length; - whole_length = ndr->offset; - } - - /* extract the whole packet as a blob */ - blob = ndr_push_blob(ndr); - - /* - * Setup the frag and auth length in the packet buffer. - * This is needed if the GENSEC mech does AEAD signing - * of the packet headers. The signature itself will be - * appended later. - */ - dcerpc_set_frag_length(&blob, blob.length); - dcerpc_set_auth_length(&blob, sig_size); - - /* sign or seal the packet */ - switch (auth_state->auth_level) { - case DCERPC_AUTH_LEVEL_PRIVACY: - status = gensec_seal_packet(gensec, - frame, - blob.data + payload_offset, - payload_length, - blob.data, - whole_length, - &sig); - if (!NT_STATUS_IS_OK(status)) { - TALLOC_FREE(frame); - return status; - } - break; - - case DCERPC_AUTH_LEVEL_INTEGRITY: - case DCERPC_AUTH_LEVEL_PACKET: - status = gensec_sign_packet(gensec, - frame, - blob.data + payload_offset, - payload_length, - blob.data, - whole_length, - &sig); - if (!NT_STATUS_IS_OK(status)) { - TALLOC_FREE(frame); - return status; - } - break; - - case DCERPC_AUTH_LEVEL_CONNECT: - case DCERPC_AUTH_LEVEL_NONE: - break; - - default: - TALLOC_FREE(frame); - return NT_STATUS_INTERNAL_ERROR; - } - - if (sig.length != sig_size) { - TALLOC_FREE(frame); - return NT_STATUS_RPC_SEC_PKG_ERROR; - } - - if (sig_size != 0) { - memcpy(blob.data + whole_length, sig.data, sig_size); - } - - *raw_packet = blob; - talloc_steal(mem_ctx, raw_packet->data); - TALLOC_FREE(frame); - return NT_STATUS_OK; -} - struct dcerpc_read_ncacn_packet_state { #if 0 struct { @@ -1472,129 +1134,3 @@ void dcerpc_log_packet(const char *packet_log_dir, free(name); } } - - -#ifdef DEVELOPER - -/* - * Save valid, well-formed DCE/RPC stubs to use as a seed for - * ndr_fuzz_X - */ -void dcerpc_save_ndr_fuzz_seed(TALLOC_CTX *mem_ctx, - DATA_BLOB raw_blob, - const char *dump_dir, - const char *iface_name, - int flags, - int opnum, - bool ndr64) -{ - char *fname = NULL; - const char *sub_dir = NULL; - TALLOC_CTX *temp_ctx = talloc_new(mem_ctx); - DATA_BLOB blob; - int ret, rc; - uint8_t digest[20]; - DATA_BLOB digest_blob; - char *digest_hex; - uint16_t fuzz_flags = 0; - - /* - * We want to save the 'stub' in a per-pipe subdirectory, with - * the ndr_fuzz_X header 4 byte header. For the sake of - * convenience (this is a developer only function), we mkdir - * -p the sub-directories when they are needed. - */ - - if (dump_dir == NULL) { - return; - } - - temp_ctx = talloc_stackframe(); - - sub_dir = talloc_asprintf(temp_ctx, "%s/%s", - dump_dir, - iface_name); - if (sub_dir == NULL) { - talloc_free(temp_ctx); - return; - } - ret = mkdir_p(sub_dir, 0755); - if (ret && errno != EEXIST) { - DBG_ERR("could not create %s\n", sub_dir); - talloc_free(temp_ctx); - return; - } - - blob.length = raw_blob.length + 4; - blob.data = talloc_array(sub_dir, - uint8_t, - blob.length); - if (blob.data == NULL) { - DBG_ERR("could not allocate for fuzz seeds! (%s)\n", - iface_name); - talloc_free(temp_ctx); - return; - } - - if (ndr64) { - fuzz_flags = 4; - } - if (flags & NDR_IN) { - fuzz_flags |= 1; - } else if (flags & NDR_OUT) { - fuzz_flags |= 2; - } - - SSVAL(blob.data, 0, fuzz_flags); - SSVAL(blob.data, 2, opnum); - - memcpy(&blob.data[4], - raw_blob.data, - raw_blob.length); - - /* - * This matches how oss-fuzz names the corpus input files, due - * to a preference from libFuzzer - */ - rc = gnutls_hash_fast(GNUTLS_DIG_SHA1, - blob.data, - blob.length, - digest); - if (rc < 0) { - /* - * This prints a better error message, eg if SHA1 is - * disabled - */ - NTSTATUS status = gnutls_error_to_ntstatus(rc, - NT_STATUS_HASH_NOT_SUPPORTED); - DBG_ERR("Failed to generate SHA1 to save fuzz seed: %s", - nt_errstr(status)); - talloc_free(temp_ctx); - return; - } - - digest_blob.data = digest; - digest_blob.length = sizeof(digest); - digest_hex = data_blob_hex_string_lower(temp_ctx, &digest_blob); - - fname = talloc_asprintf(temp_ctx, "%s/%s", - sub_dir, - digest_hex); - if (fname == NULL) { - talloc_free(temp_ctx); - return; - } - - /* - * If this fails, it is most likely because that file already - * exists. This is fine, it means we already have this - * sample - */ - file_save(fname, - blob.data, - blob.length); - - talloc_free(temp_ctx); -} - -#endif /*if DEVELOPER, enveloping _dcesrv_save_ndr_fuzz_seed() */ diff --git a/librpc/rpc/dcerpc_util.h b/librpc/rpc/dcerpc_util.h index 0ecaf428c3c9..a9bc7bd38320 100644 --- a/librpc/rpc/dcerpc_util.h +++ b/librpc/rpc/dcerpc_util.h @@ -74,24 +74,6 @@ NTSTATUS dcerpc_verify_ncacn_packet_header(const struct ncacn_packet *pkt, size_t max_auth_info, uint8_t required_flags, uint8_t optional_flags); -NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state, - struct gensec_security *gensec, - TALLOC_CTX *mem_ctx, - enum dcerpc_pkt_type ptype, - uint8_t required_flags, - uint8_t optional_flags, - uint8_t payload_offset, - DATA_BLOB *payload_and_verifier, - DATA_BLOB *raw_packet, - const struct ncacn_packet *pkt); -NTSTATUS dcerpc_ncacn_push_pkt_auth(const struct dcerpc_auth *auth_state, - struct gensec_security *gensec, - TALLOC_CTX *mem_ctx, - DATA_BLOB *raw_packet, - size_t sig_size, - uint8_t payload_offset, - const DATA_BLOB *payload, - const struct ncacn_packet *pkt); struct tevent_req *dcerpc_read_ncacn_packet_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct tstream_context *stream); diff --git a/librpc/rpc/dcesrv_auth.c b/librpc/rpc/dcesrv_auth.c index f7919ebf5755..8dda86d88e2c 100644 --- a/librpc/rpc/dcesrv_auth.c +++ b/librpc/rpc/dcesrv_auth.c @@ -24,6 +24,7 @@ #include "librpc/rpc/dcesrv_core.h" #include "librpc/rpc/dcesrv_core_proto.h" #include "librpc/rpc/dcerpc_util.h" +#include "librpc/rpc/dcerpc_pkt_auth.h" #include "librpc/gen_ndr/ndr_dcerpc.h" #include "auth/credentials/credentials.h" #include "auth/gensec/gensec.h" diff --git a/librpc/wscript_build b/librpc/wscript_build index 8f31d59d3b5a..a1c3c994876c 100644 --- a/librpc/wscript_build +++ b/librpc/wscript_build @@ -655,12 +655,24 @@ bld.SAMBA_LIBRARY('ndr', ) bld.SAMBA_LIBRARY('dcerpc-binding', - source='rpc/dcerpc_error.c rpc/binding.c rpc/dcerpc_util.c rpc/binding_handle.c', - deps='ndr tevent NDR_DCERPC LIBTSOCKET tevent-util gensec', + source=''' + rpc/dcerpc_error.c + rpc/binding.c + rpc/dcerpc_util.c + rpc/binding_handle.c + ''', + deps='ndr tevent NDR_DCERPC LIBTSOCKET tevent-util', pc_files=[], public_headers='rpc/rpc_common.h', vnum='0.0.1') +bld.SAMBA_LIBRARY('dcerpc-pkt-auth', + private_library=True, + source=''' + rpc/dcerpc_pkt_auth.c + ''', + deps='dcerpc-binding gensec') + bld.SAMBA_LIBRARY('dcerpc-server-core', source=''' rpc/dcesrv_core.c @@ -669,7 +681,14 @@ bld.SAMBA_LIBRARY('dcerpc-server-core', rpc/dcesrv_reply.c rpc/dcesrv_handles.c ''', - deps='ndr dcerpc-binding samba-util-core gnutls GNUTLS_HELPERS', + deps=''' + ndr + dcerpc-binding + samba-util-core + gnutls + GNUTLS_HELPERS + dcerpc-pkt-auth + ''', pc_files=[], public_headers='rpc/dcesrv_core.h', autoproto='rpc/dcesrv_core_proto.h', diff --git a/source3/wscript_build b/source3/wscript_build index d86a9fcadbfc..46c914c7b224 100644 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -1032,9 +1032,11 @@ bld.SAMBA3_LIBRARY('cli_spoolss', rpc_client/init_spoolss.c ''', deps=''' - RPC_NDR_SPOOLSS - smbconf - secrets3''', + RPC_NDR_SPOOLSS + smbconf + secrets3 + gensec + ''', private_library=True) bld.SAMBA3_SUBSYSTEM('LIBCLI_WINREG', diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c index f97263dcc5b0..4847e8a02004 100644 --- a/source4/librpc/rpc/dcerpc.c +++ b/source4/librpc/rpc/dcerpc.c @@ -27,6 +27,7 @@ #include "librpc/rpc/dcerpc.h" #include "librpc/rpc/dcerpc_proto.h" #include "librpc/rpc/dcerpc_util.h" +#include "librpc/rpc/dcerpc_pkt_auth.h" #include "librpc/gen_ndr/ndr_misc.h" #include "librpc/gen_ndr/ndr_dcerpc.h" #include "auth/gensec/gensec.h" diff --git a/source4/librpc/wscript_build b/source4/librpc/wscript_build index ea9c4853d7aa..511008d919d1 100644 --- a/source4/librpc/wscript_build +++ b/source4/librpc/wscript_build @@ -157,7 +157,26 @@ bld.SAMBA_LIBRARY('dcerpc', rpc/dcerpc_roh_channel_in.c rpc/dcerpc_roh_channel_out.c rpc/dcerpc_roh.c rpc/dcerpc_connect.c rpc/dcerpc_secondary.c''', pc_files='dcerpc.pc', - deps='samba_socket LIBCLI_RESOLVE LIBCLI_SMB LIBCLI_SMB2 ndr NDR_DCERPC RPC_NDR_EPMAPPER NDR_SCHANNEL RPC_NDR_NETLOGON RPC_NDR_MGMT gensec LIBCLI_AUTH smbclient-raw LP_RESOLVE tevent-util dcerpc-binding param_options http', + deps=''' + samba_socket + LIBCLI_RESOLVE + LIBCLI_SMB + LIBCLI_SMB2 + ndr + NDR_DCERPC + RPC_NDR_EPMAPPER + NDR_SCHANNEL + RPC_NDR_NETLOGON + RPC_NDR_MGMT + gensec + LIBCLI_AUTH + smbclient-raw + LP_RESOLVE + tevent-util + dcerpc-binding + dcerpc-pkt-auth + param_options + http''', autoproto='rpc/dcerpc_proto.h', public_deps='samba-credentials tevent talloc', public_headers='''rpc/dcerpc.h''', -- 2.25.1 From 07902862e38a9d2930aa1eb2045a444d6416d9dc Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 13 Nov 2020 11:25:41 +0100 Subject: [PATCH 3/9] CVE-2021-23192: dcesrv_core: add better debugging to dcesrv_fault_disconnect() It's better to see the location that triggered the fault. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875 Signed-off-by: Stefan Metzmacher Reviewed-by: Samuel Cabrero --- librpc/rpc/dcesrv_core.c | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) diff --git a/librpc/rpc/dcesrv_core.c b/librpc/rpc/dcesrv_core.c index ad7b02194ec8..eb41662242a1 100644 --- a/librpc/rpc/dcesrv_core.c +++ b/librpc/rpc/dcesrv_core.c @@ -703,19 +703,38 @@ static NTSTATUS dcesrv_bind_nak(struct dcesrv_call_state *call, uint32_t reason) return NT_STATUS_OK; } -static NTSTATUS dcesrv_fault_disconnect(struct dcesrv_call_state *call, - uint32_t fault_code) +static NTSTATUS _dcesrv_fault_disconnect_flags(struct dcesrv_call_state *call, + uint32_t fault_code, + uint8_t extra_flags, + const char *func, + const char *location) { + const char *reason = NULL; + + reason = talloc_asprintf(call, "%s:%s: fault=%u (%s) flags=0x%x", + func, location, + fault_code, + dcerpc_errstr(call, fault_code), + extra_flags); + if (reason == NULL) { + reason = location; + } + /* * We add the call to the pending_call_list * in order to defer the termination. */ - dcesrv_call_disconnect_after(call, "dcesrv_fault_disconnect"); - return dcesrv_fault_with_flags(call, fault_code, - DCERPC_PFC_FLAG_DID_NOT_EXECUTE); + dcesrv_call_disconnect_after(call, reason); + + return dcesrv_fault_with_flags(call, fault_code, extra_flags); } +#define dcesrv_fault_disconnect(call, fault_code) \ + _dcesrv_fault_disconnect_flags(call, fault_code, \ + DCERPC_PFC_FLAG_DID_NOT_EXECUTE, \ + __func__, __location__) + static int dcesrv_connection_context_destructor(struct dcesrv_connection_context *c) { DLIST_REMOVE(c->conn->contexts, c); -- 2.25.1 From d5ad2f79310ea5487196001992bcf0af5719f6fe Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 13 Nov 2020 11:27:19 +0100 Subject: [PATCH 4/9] CVE-2021-23192: dcesrv_core: add dcesrv_fault_disconnect0() that skips DCERPC_PFC_FLAG_DID_NOT_EXECUTE That makes the callers much simpler and allow better debugging. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875 Signed-off-by: Stefan Metzmacher Reviewed-by: Samuel Cabrero --- librpc/rpc/dcesrv_core.c | 47 ++++++++++++++-------------------------- 1 file changed, 16 insertions(+), 31 deletions(-) diff --git a/librpc/rpc/dcesrv_core.c b/librpc/rpc/dcesrv_core.c index eb41662242a1..32f5a8e14ad0 100644 --- a/librpc/rpc/dcesrv_core.c +++ b/librpc/rpc/dcesrv_core.c @@ -734,6 +734,9 @@ static NTSTATUS _dcesrv_fault_disconnect_flags(struct dcesrv_call_state *call, _dcesrv_fault_disconnect_flags(call, fault_code, \ DCERPC_PFC_FLAG_DID_NOT_EXECUTE, \ __func__, __location__) +#define dcesrv_fault_disconnect0(call, fault_code) \ + _dcesrv_fault_disconnect_flags(call, fault_code, 0, \ + __func__, __location__) static int dcesrv_connection_context_destructor(struct dcesrv_connection_context *c) { @@ -2095,10 +2098,7 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, * Note that we don't check against the negotiated * max_recv_frag, but a hard coded value. */ - dcesrv_call_disconnect_after(call, - "dcesrv_auth_request - frag_length too large"); - return dcesrv_fault(call, - DCERPC_NCA_S_PROTO_ERROR); + return dcesrv_fault_disconnect0(call, DCERPC_NCA_S_PROTO_ERROR); } if (call->pkt.pfc_flags & DCERPC_PFC_FLAG_FIRST) { @@ -2108,10 +2108,7 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, * if DCERPC_PFC_FLAG_CONC_MPX was negotiated. */ if (!(dce_conn->state_flags & DCESRV_CALL_STATE_FLAG_MULTIPLEXED)) { - dcesrv_call_disconnect_after(call, - "dcesrv_auth_request - " - "existing pending call without CONN_MPX"); - return dcesrv_fault(call, + return dcesrv_fault_disconnect0(call, DCERPC_NCA_S_PROTO_ERROR); } } @@ -2129,10 +2126,7 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, TALLOC_FREE(call); call = dce_conn->incoming_fragmented_call_list; } - dcesrv_call_disconnect_after(call, - "dcesrv_auth_request - " - "existing fragmented call"); - return dcesrv_fault(call, + return dcesrv_fault_disconnect0(call, DCERPC_NCA_S_PROTO_ERROR); } if (call->pkt.pfc_flags & DCERPC_PFC_FLAG_PENDING_CANCEL) { @@ -2153,10 +2147,7 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, existing = dcesrv_find_fragmented_call(dce_conn, call->pkt.call_id); if (existing == NULL) { - dcesrv_call_disconnect_after(call, - "dcesrv_auth_request - " - "no existing fragmented call"); - return dcesrv_fault(call, + return dcesrv_fault_disconnect0(call, DCERPC_NCA_S_PROTO_ERROR); } er = &existing->pkt.u.request; @@ -2209,12 +2200,10 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, * here, because we don't want to set * DCERPC_PFC_FLAG_DID_NOT_EXECUTE */ - dcesrv_call_disconnect_after(call, - "dcesrv_auth_request - failed"); if (call->fault_code == 0) { call->fault_code = DCERPC_FAULT_ACCESS_DENIED; } - return dcesrv_fault(call, call->fault_code); + return dcesrv_fault_disconnect0(call, call->fault_code); } } @@ -2231,20 +2220,17 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, */ available = dce_conn->max_total_request_size; if (er->stub_and_verifier.length > available) { - dcesrv_call_disconnect_after(existing, - "dcesrv_auth_request - existing payload too large"); - return dcesrv_fault(existing, DCERPC_FAULT_ACCESS_DENIED); + return dcesrv_fault_disconnect0(existing, + DCERPC_FAULT_ACCESS_DENIED); } available -= er->stub_and_verifier.length; if (nr->alloc_hint > available) { - dcesrv_call_disconnect_after(existing, - "dcesrv_auth_request - alloc hint too large"); - return dcesrv_fault(existing, DCERPC_FAULT_ACCESS_DENIED); + return dcesrv_fault_disconnect0(existing, + DCERPC_FAULT_ACCESS_DENIED); } if (nr->stub_and_verifier.length > available) { - dcesrv_call_disconnect_after(existing, - "dcesrv_auth_request - new payload too large"); - return dcesrv_fault(existing, DCERPC_FAULT_ACCESS_DENIED); + return dcesrv_fault_disconnect0(existing, + DCERPC_FAULT_ACCESS_DENIED); } alloc_hint = er->stub_and_verifier.length + nr->alloc_hint; /* allocate at least 1 byte */ @@ -2283,9 +2269,8 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, * Up to 4 MByte are allowed by all fragments */ if (call->pkt.u.request.alloc_hint > dce_conn->max_total_request_size) { - dcesrv_call_disconnect_after(call, - "dcesrv_auth_request - initial alloc hint too large"); - return dcesrv_fault(call, DCERPC_FAULT_ACCESS_DENIED); + return dcesrv_fault_disconnect0(call, + DCERPC_FAULT_ACCESS_DENIED); } dcesrv_call_set_list(call, DCESRV_LIST_FRAGMENTED_CALL_LIST); return NT_STATUS_OK; -- 2.25.1 From 72dc3b97360693aab076834274406743caf40152 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 11 Nov 2020 16:59:06 +0100 Subject: [PATCH 5/9] CVE-2021-23192: python/tests/dcerpc: change assertNotEquals() into assertNotEqual() BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875 Signed-off-by: Stefan Metzmacher Reviewed-by: Samuel Cabrero --- python/samba/tests/dcerpc/raw_protocol.py | 288 +++++++++++----------- python/samba/tests/dcerpc/raw_testcase.py | 14 +- 2 files changed, 151 insertions(+), 151 deletions(-) diff --git a/python/samba/tests/dcerpc/raw_protocol.py b/python/samba/tests/dcerpc/raw_protocol.py index f810cad3d2fe..3dbc8d1179f5 100755 --- a/python/samba/tests/dcerpc/raw_protocol.py +++ b/python/samba/tests/dcerpc/raw_protocol.py @@ -66,7 +66,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=rep_pfc_flags, auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -87,7 +87,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -109,7 +109,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -129,7 +129,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=rep_pfc_flags, auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 0) self.assertEqual(rep.u.secondary_address, "") self.assertPadding(rep.u._pad1, 2) @@ -150,7 +150,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -397,7 +397,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -470,7 +470,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -490,7 +490,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -522,7 +522,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -542,7 +542,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 0) self.assertPadding(rep.u._pad1, 2) self.assertEqual(rep.u.num_results, 1) @@ -563,7 +563,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, ctx1.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -590,7 +590,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -610,7 +610,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 0) self.assertPadding(rep.u._pad1, 2) self.assertEqual(rep.u.num_results, 1) @@ -631,7 +631,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -647,7 +647,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 0) self.assertPadding(rep.u._pad1, 2) self.assertEqual(rep.u.num_results, 1) @@ -706,7 +706,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -733,7 +733,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -766,7 +766,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -795,7 +795,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -827,7 +827,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -856,7 +856,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 0) self.assertPadding(rep.u._pad1, 2) self.assertEqual(rep.u.num_results, 1) @@ -877,7 +877,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, ctx1a.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -903,7 +903,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -929,7 +929,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 0) self.assertPadding(rep.u._pad1, 2) self.assertEqual(rep.u.num_results, 1) @@ -948,7 +948,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -967,7 +967,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 0) self.assertPadding(rep.u._pad1, 2) self.assertEqual(rep.u.num_results, 1) @@ -986,7 +986,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -1005,7 +1005,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 0) self.assertPadding(rep.u._pad1, 2) self.assertEqual(rep.u.num_results, 1) @@ -1024,7 +1024,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -1050,7 +1050,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 0) self.assertPadding(rep.u._pad1, 2) self.assertEqual(rep.u.num_results, 2) @@ -1074,7 +1074,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -1086,7 +1086,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 0) self.assertPadding(rep.u._pad1, 2) self.assertEqual(rep.u.num_results, 2) @@ -1110,7 +1110,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -1123,7 +1123,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -1135,7 +1135,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 0) self.assertPadding(rep.u._pad1, 2) self.assertEqual(rep.u.num_results, 2) @@ -1159,7 +1159,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -1172,7 +1172,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -1198,7 +1198,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 0) self.assertPadding(rep.u._pad1, 2) self.assertEqual(rep.u.num_results, 2) @@ -1222,7 +1222,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -1234,7 +1234,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 0) self.assertPadding(rep.u._pad1, 2) self.assertEqual(rep.u.num_results, 2) @@ -1258,7 +1258,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -1283,7 +1283,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -1319,7 +1319,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -1353,7 +1353,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -1425,7 +1425,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -1460,7 +1460,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -1495,7 +1495,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -1618,7 +1618,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -1639,7 +1639,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -1659,7 +1659,7 @@ class TestDCERPC_BIND(RawDCERPCTest): # We get a fault back self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -1709,7 +1709,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, rep_both) self.assertEqual(rep.u.max_recv_frag, rep_both) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -1761,7 +1761,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu(ndr_print=True, hexdump=True) self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -1776,7 +1776,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -1792,7 +1792,7 @@ class TestDCERPC_BIND(RawDCERPCTest): # We get a fault self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -1867,7 +1867,7 @@ class TestDCERPC_BIND(RawDCERPCTest): auth_length=0) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -1889,7 +1889,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -1903,7 +1903,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -1917,7 +1917,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -1995,7 +1995,7 @@ class TestDCERPC_BIND(RawDCERPCTest): # We get a fault back self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -2015,7 +2015,7 @@ class TestDCERPC_BIND(RawDCERPCTest): # We get a fault back self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -2037,7 +2037,7 @@ class TestDCERPC_BIND(RawDCERPCTest): # We get a fault back self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -2053,7 +2053,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -2099,7 +2099,7 @@ class TestDCERPC_BIND(RawDCERPCTest): # We get a fault back self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -2129,7 +2129,7 @@ class TestDCERPC_BIND(RawDCERPCTest): # We get a fault back self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -2196,7 +2196,7 @@ class TestDCERPC_BIND(RawDCERPCTest): dcerpc.DCERPC_PFC_FLAG_LAST | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -2244,7 +2244,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -2278,7 +2278,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -2314,7 +2314,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST | dcerpc.DCERPC_PFC_FLAG_LAST, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -2342,7 +2342,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -2377,7 +2377,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -2391,7 +2391,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -2416,7 +2416,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -2451,7 +2451,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -2465,7 +2465,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -2504,7 +2504,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -2518,7 +2518,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -2553,7 +2553,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req1.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req1.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -2601,7 +2601,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req2.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -2651,7 +2651,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -2661,7 +2661,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -2692,7 +2692,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -2708,7 +2708,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -2728,7 +2728,7 @@ class TestDCERPC_BIND(RawDCERPCTest): # We don't get an auth_info back self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -2748,7 +2748,7 @@ class TestDCERPC_BIND(RawDCERPCTest): # We get a fault back self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -2806,7 +2806,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -2816,7 +2816,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -2847,7 +2847,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -2869,7 +2869,7 @@ class TestDCERPC_BIND(RawDCERPCTest): # We get a fault back self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -2927,7 +2927,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) assoc_group_id = rep.u.assoc_group_id self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) @@ -2938,7 +2938,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -2962,7 +2962,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -3010,7 +3010,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -3020,7 +3020,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -3048,7 +3048,7 @@ class TestDCERPC_BIND(RawDCERPCTest): # We get a fault back self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -3099,7 +3099,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -3109,7 +3109,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -3138,7 +3138,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -3154,7 +3154,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -3174,7 +3174,7 @@ class TestDCERPC_BIND(RawDCERPCTest): # We don't get an auth_info back self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -3206,7 +3206,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -3257,7 +3257,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -3267,7 +3267,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -3296,7 +3296,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -3312,7 +3312,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -3332,7 +3332,7 @@ class TestDCERPC_BIND(RawDCERPCTest): # We don't get an auth_info back self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -3363,7 +3363,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -3410,7 +3410,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -3420,7 +3420,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -3441,7 +3441,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -3494,7 +3494,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -3504,7 +3504,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -3525,7 +3525,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -3580,7 +3580,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -3590,7 +3590,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -3612,7 +3612,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -3660,7 +3660,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -3670,7 +3670,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -3692,7 +3692,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -3747,7 +3747,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -3757,7 +3757,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -3779,7 +3779,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -3834,7 +3834,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -3844,7 +3844,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -3866,7 +3866,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -3931,7 +3931,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -3941,7 +3941,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -3985,7 +3985,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -4001,7 +4001,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -4021,7 +4021,7 @@ class TestDCERPC_BIND(RawDCERPCTest): # We don't get an auth_info back self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -4145,7 +4145,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -4155,7 +4155,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -4192,7 +4192,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -4257,7 +4257,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -4267,7 +4267,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -4296,7 +4296,7 @@ class TestDCERPC_BIND(RawDCERPCTest): rep = self.recv_pdu() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -4316,7 +4316,7 @@ class TestDCERPC_BIND(RawDCERPCTest): # We don't get an auth_info back self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -4376,7 +4376,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) - self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) + self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) self.assertEqual(rep.u.secondary_address_size, 4) self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) self.assertPadding(rep.u._pad1, 2) @@ -4386,7 +4386,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.assertEqual(rep.u.ctx_list[0].reason, dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) - self.assertNotEquals(len(rep.u.auth_info), 0) + self.assertNotEqual(len(rep.u.auth_info), 0) a = self.parse_auth(rep.u.auth_info) from_server = a.credentials @@ -4407,7 +4407,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -4522,7 +4522,7 @@ class TestDCERPC_BIND(RawDCERPCTest): self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, pfc_flags=req.pfc_flags | response_fault_flags, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, ctx1.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -4689,7 +4689,7 @@ class TestDCERPC_BIND(RawDCERPCTest): (rep, rep_blob) = self.recv_pdu_raw() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=sig_size) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -4757,7 +4757,7 @@ class TestDCERPC_BIND(RawDCERPCTest): pfc_flags=req.pfc_flags | dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, ctx1.context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -4806,7 +4806,7 @@ class TestDCERPC_BIND(RawDCERPCTest): (rep, rep_blob) = self.recv_pdu_raw() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=sig_size) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) @@ -4871,7 +4871,7 @@ class TestDCERPC_BIND(RawDCERPCTest): (rep, rep_blob) = self.recv_pdu_raw() self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=sig_size) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) diff --git a/python/samba/tests/dcerpc/raw_testcase.py b/python/samba/tests/dcerpc/raw_testcase.py index ba7440df13b9..8b3601a93981 100644 --- a/python/samba/tests/dcerpc/raw_testcase.py +++ b/python/samba/tests/dcerpc/raw_testcase.py @@ -318,7 +318,7 @@ class RawDCERPCTest(TestCase): pfc_flags=req.pfc_flags | samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -358,7 +358,7 @@ class RawDCERPCTest(TestCase): if assoc_group_id != 0: self.assertEqual(rep.u.assoc_group_id, assoc_group_id) else: - self.assertNotEquals(rep.u.assoc_group_id, 0) + self.assertNotEqual(rep.u.assoc_group_id, 0) assoc_group_id = rep.u.assoc_group_id sda_str = self.secondary_address sda_len = len(sda_str) + 1 @@ -382,7 +382,7 @@ class RawDCERPCTest(TestCase): self.assertEqual(rep.auth_length, 0) self.assertEqual(len(rep.u.auth_info), 0) return ack - self.assertNotEquals(rep.auth_length, 0) + self.assertNotEqual(rep.auth_length, 0) self.assertGreater(len(rep.u.auth_info), samba.dcerpc.dcerpc.DCERPC_AUTH_TRAILER_LENGTH) self.assertEqual(rep.auth_length, len(rep.u.auth_info) - samba.dcerpc.dcerpc.DCERPC_AUTH_TRAILER_LENGTH) @@ -423,7 +423,7 @@ class RawDCERPCTest(TestCase): pfc_flags=req.pfc_flags | samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, 0) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -448,7 +448,7 @@ class RawDCERPCTest(TestCase): if finished: self.assertEqual(rep.auth_length, 0) else: - self.assertNotEquals(rep.auth_length, 0) + self.assertNotEqual(rep.auth_length, 0) self.assertGreaterEqual(len(rep.u.auth_info), samba.dcerpc.dcerpc.DCERPC_AUTH_TRAILER_LENGTH) self.assertEqual(rep.auth_length, len(rep.u.auth_info) - samba.dcerpc.dcerpc.DCERPC_AUTH_TRAILER_LENGTH) @@ -544,7 +544,7 @@ class RawDCERPCTest(TestCase): if fault_status: self.verify_pdu(rep, samba.dcerpc.dcerpc.DCERPC_PKT_FAULT, req.call_id, pfc_flags=fault_pfc_flags, auth_length=0) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, fault_context_id) self.assertEqual(rep.u.cancel_count, 0) self.assertEqual(rep.u.flags, 0) @@ -560,7 +560,7 @@ class RawDCERPCTest(TestCase): self.verify_pdu(rep, samba.dcerpc.dcerpc.DCERPC_PKT_RESPONSE, req.call_id, auth_length=expected_auth_length) - self.assertNotEquals(rep.u.alloc_hint, 0) + self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) -- 2.25.1 From 37186cce272972d0ea2266e627b4ab7a950170ec Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 17 Nov 2020 09:50:58 +0100 Subject: [PATCH 6/9] CVE-2021-23192: python/tests/dcerpc: let generate_request_auth() use g_auth_level in all places BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875 Signed-off-by: Stefan Metzmacher Reviewed-by: Samuel Cabrero --- python/samba/tests/dcerpc/raw_testcase.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/python/samba/tests/dcerpc/raw_testcase.py b/python/samba/tests/dcerpc/raw_testcase.py index 8b3601a93981..a27da30fda13 100644 --- a/python/samba/tests/dcerpc/raw_testcase.py +++ b/python/samba/tests/dcerpc/raw_testcase.py @@ -919,12 +919,12 @@ class RawDCERPCTest(TestCase): req_data = req_blob[ofs_stub:ofs_trailer] req_whole = req_blob[0:ofs_sig] - if auth_context["auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_PRIVACY: + if auth_context["g_auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_PRIVACY: # TODO: not yet supported here self.assertTrue(False) - elif auth_context["auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_PACKET: + elif auth_context["g_auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_PACKET: req_sig = auth_context["gensec"].sign_packet(req_data, req_whole) - elif auth_context["auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_CONNECT: + elif auth_context["g_auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_CONNECT: self.assertEqual(auth_context["auth_type"], dcerpc.DCERPC_AUTH_TYPE_NTLMSSP) req_sig = b"\x01" +b"\x00" *15 -- 2.25.1 From 5cf5820a6e8989ff381d7c7549cb0098db2a4efc Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 17 Nov 2020 17:43:06 +0100 Subject: [PATCH 7/9] CVE-2021-23192: python/tests/dcerpc: fix do_single_request(send_req=False) BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875 Signed-off-by: Stefan Metzmacher Reviewed-by: Samuel Cabrero --- python/samba/tests/dcerpc/raw_testcase.py | 37 ++++++++++++----------- 1 file changed, 20 insertions(+), 17 deletions(-) diff --git a/python/samba/tests/dcerpc/raw_testcase.py b/python/samba/tests/dcerpc/raw_testcase.py index a27da30fda13..7cffccbf1d0f 100644 --- a/python/samba/tests/dcerpc/raw_testcase.py +++ b/python/samba/tests/dcerpc/raw_testcase.py @@ -523,26 +523,25 @@ class RawDCERPCTest(TestCase): if hexdump: sys.stderr.write("stub_in: %d\n%s" % (len(stub_in), self.hexdump(stub_in))) - pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST - pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST - if object is not None: - pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_OBJECT_UUID - - req = self.generate_request_auth(call_id=call_id, - context_id=ctx.context_id, - pfc_flags=pfc_flags, - object=object, - opnum=io.opnum(), - stub=stub_in, - auth_context=auth_context) - if send_req: + pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST + pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST + if object is not None: + pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_OBJECT_UUID + + req = self.generate_request_auth(call_id=call_id, + context_id=ctx.context_id, + pfc_flags=pfc_flags, + object=object, + opnum=io.opnum(), + stub=stub_in, + auth_context=auth_context) self.send_pdu(req, ndr_print=ndr_print, hexdump=hexdump) if recv_rep: (rep, rep_blob) = self.recv_pdu_raw(timeout=timeout, ndr_print=ndr_print, hexdump=hexdump) if fault_status: - self.verify_pdu(rep, samba.dcerpc.dcerpc.DCERPC_PKT_FAULT, req.call_id, + self.verify_pdu(rep, samba.dcerpc.dcerpc.DCERPC_PKT_FAULT, call_id, pfc_flags=fault_pfc_flags, auth_length=0) self.assertNotEqual(rep.u.alloc_hint, 0) self.assertEqual(rep.u.context_id, fault_context_id) @@ -556,12 +555,16 @@ class RawDCERPCTest(TestCase): expected_auth_length = 0 if auth_context is not None and \ auth_context["auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_PACKET: - expected_auth_length = req.auth_length + if send_req: + expected_auth_length = req.auth_length + else: + expected_auth_length = rep.auth_length + - self.verify_pdu(rep, samba.dcerpc.dcerpc.DCERPC_PKT_RESPONSE, req.call_id, + self.verify_pdu(rep, samba.dcerpc.dcerpc.DCERPC_PKT_RESPONSE, call_id, auth_length=expected_auth_length) self.assertNotEqual(rep.u.alloc_hint, 0) - self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) + self.assertEqual(rep.u.context_id, ctx.context_id & 0xff) self.assertEqual(rep.u.cancel_count, 0) self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) stub_out = self.check_response_auth(rep, rep_blob, auth_context) -- 2.25.1 From ebb387c28510eaf1c7de437fb497482373ddd8e5 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 17 Nov 2020 18:14:46 +0100 Subject: [PATCH 8/9] CVE-2021-23192: python/tests/dcerpc: add tests to check how security contexts relate to fragmented requests BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875 Signed-off-by: Stefan Metzmacher Reviewed-by: Samuel Cabrero --- python/samba/tests/dcerpc/raw_protocol.py | 1273 +++++++++++++++++++++ selftest/knownfail.d/dcerpc-auth-fraq | 20 + 2 files changed, 1293 insertions(+) create mode 100644 selftest/knownfail.d/dcerpc-auth-fraq diff --git a/python/samba/tests/dcerpc/raw_protocol.py b/python/samba/tests/dcerpc/raw_protocol.py index 3dbc8d1179f5..5fe148ce93a5 100755 --- a/python/samba/tests/dcerpc/raw_protocol.py +++ b/python/samba/tests/dcerpc/raw_protocol.py @@ -1684,6 +1684,1279 @@ class TestDCERPC_BIND(RawDCERPCTest): def test_auth_none_packet_request(self): return self._test_auth_none_level_request(dcerpc.DCERPC_AUTH_LEVEL_PACKET) + def test_ntlmssp_multi_auth_first1_lastSame2(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_FAULT_SEC_PKG_ERROR + auth_context_2nd = 2 + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = False + forced_call_id = None + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_last(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_first1_lastNext2(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = 2 + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = False + forced_call_id = 4 + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_last(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_first1_lastSame111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = None + auth_context_2nd = 1 + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = False + forced_call_id = None + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = 111 + forced_auth_type = 111 + forced_auth_level = 111 + return self._test_generic_auth_first_last(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_first1_lastNext111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = 1 + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = False + forced_call_id = 4 + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = 111 + forced_auth_type = 111 + forced_auth_level = 111 + return self._test_generic_auth_first_last(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_MPX_first1_lastNext111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = 1 + expected_call_id = 4 + expected_context_id = 0 + not_executed = False + conc_mpx = True + forced_call_id = 4 + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = 111 + forced_auth_type = 111 + forced_auth_level = 111 + return self._test_generic_auth_first_last(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_first1_lastSameNone(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = None + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = False + forced_call_id = None + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_last(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_MPX_first1_lastSameNone(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = None + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = True + forced_call_id = None + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_last(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_first1_lastNextNone(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = None + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = False + forced_call_id = 4 + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_last(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_MPX_first1_lastNextNone(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = None + expected_call_id = 4 + expected_context_id = 0 + not_executed = False + conc_mpx = True + forced_call_id = 4 + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_last(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_first1_lastSameNone111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = None + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = False + forced_call_id = None + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_last(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_MPX_first1_lastSameNone111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = None + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = True + forced_call_id = None + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_last(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_first1_lastNextNone111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = None + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = False + forced_call_id = 4 + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_last(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_MPX_first1_lastNextNone111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = None + expected_call_id = 4 + expected_context_id = 0 + not_executed = False + conc_mpx = True + forced_call_id = 4 + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_last(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def _test_generic_auth_first_2nd(self, + auth_type, + pfc_flags_2nd, + expected_fault, + auth_context_2nd=2, + skip_first=False, + expected_call_id=None, + expected_context_id=None, + conc_mpx=False, + not_executed=False, + forced_call_id=None, + forced_context_id=None, + forced_opnum=None, + forced_auth_context_id=None, + forced_auth_type=None, + forced_auth_level=None): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + auth_level1 = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY + auth_context_id1=1 + auth_level2 = dcerpc.DCERPC_AUTH_LEVEL_PACKET + auth_context_id2=2 + + creds = self.get_user_creds() + + abstract = samba.dcerpc.mgmt.abstract_syntax() + transfer = base.transfer_syntax_ndr() + + tsf1_list = [transfer] + ctx = samba.dcerpc.dcerpc.ctx_list() + ctx.context_id = 1 + ctx.num_transfer_syntaxes = len(tsf1_list) + ctx.abstract_syntax = abstract + ctx.transfer_syntaxes = tsf1_list + + auth_context1 = self.get_auth_context_creds(creds=creds, + auth_type=auth_type, + auth_level=auth_level1, + auth_context_id=auth_context_id1, + hdr_signing=False) + auth_context2 = self.get_auth_context_creds(creds=creds, + auth_type=auth_type, + auth_level=auth_level2, + auth_context_id=auth_context_id2, + hdr_signing=False) + + bind_pfc_flags = dcerpc.DCERPC_PFC_FLAG_FIRST | dcerpc.DCERPC_PFC_FLAG_LAST + if conc_mpx: + bind_pfc_flags |= dcerpc.DCERPC_PFC_FLAG_CONC_MPX + + ack0 = self.do_generic_bind(call_id=0, + ctx=ctx, + pfc_flags=bind_pfc_flags) + + ack1 = self.do_generic_bind(call_id=1, + ctx=ctx, + auth_context=auth_context1, + assoc_group_id = ack0.u.assoc_group_id, + start_with_alter=True) + if auth_context_2nd == 2: + ack2 = self.do_generic_bind(call_id=2, + ctx=ctx, + auth_context=auth_context2, + assoc_group_id = ack0.u.assoc_group_id, + start_with_alter=True) + + ndr_print = self.do_ndr_print + hexdump = self.do_hexdump + inq_if_ids = samba.dcerpc.mgmt.inq_if_ids() + io = inq_if_ids + if ndr_print: + sys.stderr.write("in: %s" % samba.ndr.ndr_print_in(io)) + stub_in = samba.ndr.ndr_pack_in(io) + stub_in += b'\xfe'*45 # add some padding in order to have some payload + if hexdump: + sys.stderr.write("stub_in: %d\n%s" % (len(stub_in), self.hexdump(stub_in))) + + call_id = 3 + context_id = ctx.context_id + opnum = io.opnum() + + if not skip_first: + pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST + stub_in_tmp = stub_in[0:16] + req = self.generate_request_auth(call_id=call_id, + context_id=context_id, + pfc_flags=pfc_flags, + opnum=opnum, + alloc_hint=len(stub_in), + stub=stub_in_tmp, + auth_context=auth_context1) + self.send_pdu(req, ndr_print=ndr_print, hexdump=hexdump) + rep = self.recv_pdu(timeout=0.01) + self.assertIsNone(rep) + self.assertIsConnected() + + # context_id, opnum and auth header values are completely ignored + if auth_context_2nd == 1: + auth_context_copy = auth_context1.copy() + elif auth_context_2nd == 2: + auth_context_copy = auth_context2.copy() + else: + auth_context_copy = None + + expected_pfc_flags = dcerpc.DCERPC_PFC_FLAG_FIRST | dcerpc.DCERPC_PFC_FLAG_LAST + if expected_context_id is None: + expected_context_id = context_id + if expected_call_id is None: + expected_call_id = call_id + if not_executed: + expected_pfc_flags |= dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE + + if forced_call_id is not None: + call_id = forced_call_id + if forced_context_id is not None: + context_id = forced_context_id + if forced_opnum is not None: + opnum = forced_opnum + if forced_auth_context_id is not None: + auth_context_copy["auth_context_id"] = forced_auth_context_id + if forced_auth_type is not None: + auth_context_copy["auth_type"] = forced_auth_type + if forced_auth_level is not None: + auth_context_copy["auth_level"] = forced_auth_level + + pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST + stub_in_tmp = stub_in[16:-1] + req = self.generate_request_auth(call_id=call_id, + context_id=context_id, + pfc_flags=pfc_flags_2nd, + opnum=opnum, + alloc_hint=len(stub_in_tmp), + stub=stub_in_tmp, + auth_context=auth_context_copy) + self.send_pdu(req, ndr_print=ndr_print, hexdump=hexdump) + if expected_fault is None: + self.do_single_request(call_id=3, ctx=ctx, io=io, send_req=False, auth_context=auth_context1) + return + rep = self.recv_pdu() + self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, expected_call_id, + pfc_flags=expected_pfc_flags, + auth_length=0) + self.assertNotEqual(rep.u.alloc_hint, 0) + self.assertEqual(rep.u.context_id, expected_context_id) + self.assertEqual(rep.u.cancel_count, 0) + self.assertEqual(rep.u.flags, 0) + self.assertEqual(rep.u.status, expected_fault) + self.assertEqual(rep.u.reserved, 0) + self.assertEqual(len(rep.u.error_and_verifier), 0) + + if not_executed: + # still alive + rep = self.recv_pdu(timeout=0.01) + self.assertIsNone(rep) + self.assertIsConnected() + return + + # wait for a disconnect + rep = self.recv_pdu() + self.assertIsNone(rep) + self.assertNotConnected() + + def _test_generic_auth_first_last(self, + auth_type, + expected_fault, + auth_context_2nd=2, + expected_call_id=None, + expected_context_id=None, + conc_mpx=False, + not_executed=False, + forced_call_id=None, + forced_context_id=None, + forced_opnum=None, + forced_auth_context_id=None, + forced_auth_type=None, + forced_auth_level=None): + pfc_flags_2nd = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST + return self._test_generic_auth_first_2nd(auth_type, + pfc_flags_2nd, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def _test_generic_auth_first_first(self, + auth_type, + expected_fault, + auth_context_2nd=2, + expected_call_id=None, + expected_context_id=None, + conc_mpx=False, + not_executed=False, + forced_call_id=None, + forced_context_id=None, + forced_opnum=None, + forced_auth_context_id=None, + forced_auth_type=None, + forced_auth_level=None): + pfc_flags_2nd = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST + return self._test_generic_auth_first_2nd(auth_type, + pfc_flags_2nd, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_first1_firstSame2(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_FAULT_SEC_PKG_ERROR + auth_context_2nd = 2 + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = False + forced_call_id = None + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_first(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_first1_firstNext2(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = 2 + expected_call_id = 3 + expected_context_id = None + not_executed = False + conc_mpx = False + forced_call_id = 4 + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_first(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_first1_firstSame111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = 1 + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = False + forced_call_id = None + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = 111 + forced_auth_type = 111 + forced_auth_level = 111 + return self._test_generic_auth_first_first(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_MPX_first1_firstSame111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = 1 + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = True + forced_call_id = None + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = 111 + forced_auth_type = 111 + forced_auth_level = 111 + return self._test_generic_auth_first_first(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_first1_firstNext111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = 1 + expected_call_id = 3 + expected_context_id = None + not_executed = False + conc_mpx = False + forced_call_id = 4 + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = 111 + forced_auth_type = 111 + forced_auth_level = 111 + return self._test_generic_auth_first_first(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_MPX_first1_firstNext111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = 1 + expected_call_id = 4 + expected_context_id = 0 + not_executed = False + conc_mpx = True + forced_call_id = 4 + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = 111 + forced_auth_type = 111 + forced_auth_level = 111 + return self._test_generic_auth_first_first(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_first1_firstSameNone(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = None + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = False + forced_call_id = None + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_first(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_MPX_first1_firstSameNone(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = None + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = True + forced_call_id = None + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_first(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_first1_firstNextNone(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = None + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = False + forced_call_id = 4 + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_first(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_MPX_first1_firstNextNone(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = None + expected_call_id = 4 + expected_context_id = 0 + not_executed = False + conc_mpx = True + forced_call_id = 4 + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_first(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_first1_firstSameNone111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = None + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = False + forced_call_id = None + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_first(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_MPX_first1_firstSameNone111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = None + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = True + forced_call_id = None + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_first(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_first1_firstNextNone111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = None + expected_call_id = None + expected_context_id = None + not_executed = False + conc_mpx = False + forced_call_id = 4 + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_first(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_multi_auth_MPX_first1_firstNextNone111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + auth_context_2nd = None + expected_call_id = 4 + expected_context_id = 0 + not_executed = False + conc_mpx = True + forced_call_id = 4 + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_first_first(auth_type, + expected_fault, + auth_context_2nd=auth_context_2nd, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def _test_generic_auth_middle(self, + auth_type, + expected_fault, + expected_context_id=None, + not_executed=False, + conc_mpx=False, + forced_context_id=None, + forced_opnum=None, + forced_auth_context_id=None, + forced_auth_type=None, + forced_auth_level=None): + auth_context_2nd = 1 + skip_first = True + pfc_flags_2nd = 0 + expected_call_id = None + forced_call_id = None + return self._test_generic_auth_first_2nd(auth_type, + pfc_flags_2nd, + expected_fault, + auth_context_2nd=auth_context_2nd, + skip_first=skip_first, + expected_call_id=expected_call_id, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_call_id=forced_call_id, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_auth_middle_alone(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + expected_context_id = 0 + not_executed = False + conc_mpx = False + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_middle(auth_type, + expected_fault, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_auth_MPX_middle_alone(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + expected_context_id = None + not_executed = False + conc_mpx = True + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_middle(auth_type, + expected_fault, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_auth_middle_all_111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + expected_context_id = 0 + not_executed = False + conc_mpx = False + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = 111 + forced_auth_type = 111 + forced_auth_level = 111 + return self._test_generic_auth_middle(auth_type, + expected_fault, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_auth_MPX_middle_all_111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_UNKNOWN_IF + expected_context_id = 0 + not_executed = True + conc_mpx = True + forced_context_id = 111 + forced_opnum = 111 + forced_auth_context_id = 111 + forced_auth_type = 111 + forced_auth_level = 111 + return self._test_generic_auth_middle(auth_type, + expected_fault, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_auth_middle_auth_all_111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + expected_context_id = 0 + not_executed = False + conc_mpx = False + forced_context_id = None + forced_opnum = 111 + forced_auth_context_id = 111 + forced_auth_type = 111 + forced_auth_level = 111 + return self._test_generic_auth_middle(auth_type, + expected_fault, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_auth_MPX_middle_auth_all_111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_FAULT_ACCESS_DENIED + expected_context_id = None + not_executed = False + conc_mpx = True + forced_context_id = None + forced_opnum = 111 + forced_auth_context_id = 111 + forced_auth_type = 111 + forced_auth_level = 111 + return self._test_generic_auth_middle(auth_type, + expected_fault, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_auth_middle_auth_context_111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + expected_context_id = 0 + not_executed = False + conc_mpx = False + forced_context_id = None + forced_opnum = None + forced_auth_context_id = 111 + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_middle(auth_type, + expected_fault, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_auth_MPX_middle_auth_context_111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_FAULT_ACCESS_DENIED + expected_context_id = None + not_executed = False + conc_mpx = True + forced_context_id = None + forced_opnum = None + forced_auth_context_id = 111 + forced_auth_type = None + forced_auth_level = None + return self._test_generic_auth_middle(auth_type, + expected_fault, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_auth_middle_auth_type_111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + expected_context_id = 0 + not_executed = False + conc_mpx = False + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = 111 + forced_auth_level = None + return self._test_generic_auth_middle(auth_type, + expected_fault, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_auth_MPX_middle_auth_type_111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_FAULT_ACCESS_DENIED + expected_context_id = None + not_executed = False + conc_mpx = True + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = 111 + forced_auth_level = None + return self._test_generic_auth_middle(auth_type, + expected_fault, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_auth_middle_auth_level_111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR + expected_context_id = 0 + not_executed = False + conc_mpx = False + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = 111 + return self._test_generic_auth_middle(auth_type, + expected_fault, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + + def test_ntlmssp_auth_MPX_middle_auth_level_111(self): + auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP + expected_fault = dcerpc.DCERPC_FAULT_ACCESS_DENIED + expected_context_id = None + not_executed = False + conc_mpx = True + forced_context_id = None + forced_opnum = None + forced_auth_context_id = None + forced_auth_type = None + forced_auth_level = 111 + return self._test_generic_auth_middle(auth_type, + expected_fault, + expected_context_id=expected_context_id, + not_executed=not_executed, + conc_mpx=conc_mpx, + forced_context_id=forced_context_id, + forced_opnum=forced_opnum, + forced_auth_context_id=forced_auth_context_id, + forced_auth_type=forced_auth_type, + forced_auth_level=forced_auth_level) + def _test_neg_xmit_check_values(self, req_xmit=None, req_recv=None, diff --git a/selftest/knownfail.d/dcerpc-auth-fraq b/selftest/knownfail.d/dcerpc-auth-fraq new file mode 100644 index 000000000000..f3c62b65e9e9 --- /dev/null +++ b/selftest/knownfail.d/dcerpc-auth-fraq @@ -0,0 +1,20 @@ +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_all_111 +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_alone +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_all_111 +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_context_111 +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_level_111 +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_type_111 +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_firstSame111 +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_firstSameNone +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_firstSameNone111 +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_lastSameNone +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_lastSameNone111 +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_firstSame2 +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNext111 +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNext2 +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNextNone +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNextNone111 +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSame111 +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSame2 +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSameNone +^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSameNone111 -- 2.25.1 From 7511761fbb4c3ca54363c9016e2b64b06ca001e6 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 16 Nov 2020 14:15:06 +0100 Subject: [PATCH 9/9] CVE-2021-23192: dcesrv_core: only the first fragment specifies the auth_contexts All other fragments blindly inherit it. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875 Signed-off-by: Stefan Metzmacher Reviewed-by: Samuel Cabrero --- librpc/rpc/dcerpc_pkt_auth.c | 19 +++--- librpc/rpc/dcerpc_pkt_auth.h | 1 + librpc/rpc/dcesrv_auth.c | 28 +++++++++ librpc/rpc/dcesrv_core.c | 86 +++++++++++++++++++++------ selftest/knownfail.d/dcerpc-auth-fraq | 20 ------- source4/librpc/rpc/dcerpc.c | 1 + 6 files changed, 109 insertions(+), 46 deletions(-) delete mode 100644 selftest/knownfail.d/dcerpc-auth-fraq diff --git a/librpc/rpc/dcerpc_pkt_auth.c b/librpc/rpc/dcerpc_pkt_auth.c index 322d7497893c..1cb191468b5d 100644 --- a/librpc/rpc/dcerpc_pkt_auth.c +++ b/librpc/rpc/dcerpc_pkt_auth.c @@ -39,6 +39,7 @@ NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state, struct gensec_security *gensec, + bool check_pkt_auth_fields, TALLOC_CTX *mem_ctx, enum dcerpc_pkt_type ptype, uint8_t required_flags, @@ -115,16 +116,18 @@ NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state, return NT_STATUS_INTERNAL_ERROR; } - if (auth.auth_type != auth_state->auth_type) { - return NT_STATUS_ACCESS_DENIED; - } + if (check_pkt_auth_fields) { + if (auth.auth_type != auth_state->auth_type) { + return NT_STATUS_ACCESS_DENIED; + } - if (auth.auth_level != auth_state->auth_level) { - return NT_STATUS_ACCESS_DENIED; - } + if (auth.auth_level != auth_state->auth_level) { + return NT_STATUS_ACCESS_DENIED; + } - if (auth.auth_context_id != auth_state->auth_context_id) { - return NT_STATUS_ACCESS_DENIED; + if (auth.auth_context_id != auth_state->auth_context_id) { + return NT_STATUS_ACCESS_DENIED; + } } /* check signature or unseal the packet */ diff --git a/librpc/rpc/dcerpc_pkt_auth.h b/librpc/rpc/dcerpc_pkt_auth.h index c0d23b91c057..1dcee12f53c2 100644 --- a/librpc/rpc/dcerpc_pkt_auth.h +++ b/librpc/rpc/dcerpc_pkt_auth.h @@ -31,6 +31,7 @@ NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state, struct gensec_security *gensec, + bool check_pkt_auth_fields, TALLOC_CTX *mem_ctx, enum dcerpc_pkt_type ptype, uint8_t required_flags, diff --git a/librpc/rpc/dcesrv_auth.c b/librpc/rpc/dcesrv_auth.c index 8dda86d88e2c..9d8df6c42e29 100644 --- a/librpc/rpc/dcesrv_auth.c +++ b/librpc/rpc/dcesrv_auth.c @@ -438,6 +438,10 @@ bool dcesrv_auth_prepare_auth3(struct dcesrv_call_state *call) return false; } + if (auth->auth_invalid) { + return false; + } + /* We can't work without an existing gensec state */ if (auth->gensec_security == NULL) { return false; @@ -524,6 +528,10 @@ bool dcesrv_auth_alter(struct dcesrv_call_state *call) return false; } + if (auth->auth_invalid) { + return false; + } + if (call->in_auth_info.auth_type != auth->auth_type) { return false; } @@ -590,6 +598,7 @@ bool dcesrv_auth_pkt_pull(struct dcesrv_call_state *call, .auth_level = auth->auth_level, .auth_context_id = auth->auth_context_id, }; + bool check_pkt_auth_fields; NTSTATUS status; if (!auth->auth_started) { @@ -605,8 +614,27 @@ bool dcesrv_auth_pkt_pull(struct dcesrv_call_state *call, return false; } + if (call->pkt.pfc_flags & DCERPC_PFC_FLAG_FIRST) { + /* + * The caller most likely checked this + * already, but we better double check. + */ + check_pkt_auth_fields = true; + } else { + /* + * The caller already found first fragment + * and is passing the auth_state of it. + * A server is supposed to use the + * setting of the first fragment and + * completely ignore the values + * on the remaining fragments + */ + check_pkt_auth_fields = false; + } + status = dcerpc_ncacn_pull_pkt_auth(&tmp_auth, auth->gensec_security, + check_pkt_auth_fields, call, pkt->ptype, required_flags, diff --git a/librpc/rpc/dcesrv_core.c b/librpc/rpc/dcesrv_core.c index 32f5a8e14ad0..7d53b945b41c 100644 --- a/librpc/rpc/dcesrv_core.c +++ b/librpc/rpc/dcesrv_core.c @@ -1803,6 +1803,10 @@ static NTSTATUS dcesrv_request(struct dcesrv_call_state *call) struct ndr_pull *pull; NTSTATUS status; + if (auth->auth_invalid) { + return dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR); + } + if (!auth->auth_finished) { return dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR); } @@ -1966,6 +1970,7 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, enum dcerpc_AuthType auth_type = 0; enum dcerpc_AuthLevel auth_level = 0; uint32_t auth_context_id = 0; + bool auth_invalid = false; call = talloc_zero(dce_conn, struct dcesrv_call_state); if (!call) { @@ -1997,12 +2002,16 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, if (call->auth_state == NULL) { struct dcesrv_auth *a = NULL; + bool check_type_level = true; auth_type = dcerpc_get_auth_type(&blob); auth_level = dcerpc_get_auth_level(&blob); auth_context_id = dcerpc_get_auth_context_id(&blob); if (call->pkt.ptype == DCERPC_PKT_REQUEST) { + if (!(call->pkt.pfc_flags & DCERPC_PFC_FLAG_FIRST)) { + check_type_level = false; + } dce_conn->default_auth_level_connect = NULL; if (auth_level == DCERPC_AUTH_LEVEL_CONNECT) { dce_conn->got_explicit_auth_level_connect = true; @@ -2012,14 +2021,19 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, for (a = dce_conn->auth_states; a != NULL; a = a->next) { num_auth_ctx++; - if (a->auth_type != auth_type) { + if (a->auth_context_id != auth_context_id) { continue; } - if (a->auth_finished && a->auth_level != auth_level) { - continue; + + if (a->auth_type != auth_type) { + auth_invalid = true; } - if (a->auth_context_id != auth_context_id) { - continue; + if (a->auth_level != auth_level) { + auth_invalid = true; + } + + if (check_type_level && auth_invalid) { + a->auth_invalid = true; } DLIST_PROMOTE(dce_conn->auth_states, a); @@ -2046,6 +2060,7 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, /* * This can never be valid. */ + auth_invalid = true; a->auth_invalid = true; } call->auth_state = a; @@ -2114,6 +2129,18 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, } /* only one request is possible in the fragmented list */ if (dce_conn->incoming_fragmented_call_list != NULL) { + call->fault_code = DCERPC_NCA_S_PROTO_ERROR; + + existing = dcesrv_find_fragmented_call(dce_conn, + call->pkt.call_id); + if (existing != NULL && call->auth_state != existing->auth_state) { + call->context = dcesrv_find_context(call->conn, + call->pkt.u.request.context_id); + + if (call->pkt.auth_length != 0 && existing->context == call->context) { + call->fault_code = DCERPC_FAULT_SEC_PKG_ERROR; + } + } if (!(dce_conn->state_flags & DCESRV_CALL_STATE_FLAG_MULTIPLEXED)) { /* * Without DCERPC_PFC_FLAG_CONC_MPX @@ -2123,11 +2150,14 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, * This is important to get the * call_id and context_id right. */ + dce_conn->incoming_fragmented_call_list->fault_code = call->fault_code; TALLOC_FREE(call); call = dce_conn->incoming_fragmented_call_list; } - return dcesrv_fault_disconnect0(call, - DCERPC_NCA_S_PROTO_ERROR); + if (existing != NULL) { + call->context = existing->context; + } + return dcesrv_fault_disconnect0(call, call->fault_code); } if (call->pkt.pfc_flags & DCERPC_PFC_FLAG_PENDING_CANCEL) { return dcesrv_fault_disconnect(call, @@ -2140,17 +2170,43 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, DCERPC_PFC_FLAG_DID_NOT_EXECUTE); } } else { - const struct dcerpc_request *nr = &call->pkt.u.request; - const struct dcerpc_request *er = NULL; int cmp; existing = dcesrv_find_fragmented_call(dce_conn, call->pkt.call_id); if (existing == NULL) { + if (!(dce_conn->state_flags & DCESRV_CALL_STATE_FLAG_MULTIPLEXED)) { + /* + * Without DCERPC_PFC_FLAG_CONC_MPX + * we need to return the FAULT on the + * already existing call. + * + * This is important to get the + * call_id and context_id right. + */ + if (dce_conn->incoming_fragmented_call_list != NULL) { + TALLOC_FREE(call); + call = dce_conn->incoming_fragmented_call_list; + } + return dcesrv_fault_disconnect0(call, + DCERPC_NCA_S_PROTO_ERROR); + } + if (dce_conn->incoming_fragmented_call_list != NULL) { + return dcesrv_fault_disconnect0(call, DCERPC_NCA_S_PROTO_ERROR); + } + call->context = dcesrv_find_context(call->conn, + call->pkt.u.request.context_id); + if (call->context == NULL) { + return dcesrv_fault_with_flags(call, DCERPC_NCA_S_UNKNOWN_IF, + DCERPC_PFC_FLAG_DID_NOT_EXECUTE); + } + if (auth_invalid) { + return dcesrv_fault_disconnect0(call, + DCERPC_FAULT_ACCESS_DENIED); + } return dcesrv_fault_disconnect0(call, DCERPC_NCA_S_PROTO_ERROR); } - er = &existing->pkt.u.request; if (call->pkt.ptype != existing->pkt.ptype) { /* trying to play silly buggers are we? */ @@ -2163,14 +2219,8 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, return dcesrv_fault_disconnect(existing, DCERPC_NCA_S_PROTO_ERROR); } - if (nr->context_id != er->context_id) { - return dcesrv_fault_disconnect(existing, - DCERPC_NCA_S_PROTO_ERROR); - } - if (nr->opnum != er->opnum) { - return dcesrv_fault_disconnect(existing, - DCERPC_NCA_S_PROTO_ERROR); - } + call->auth_state = existing->auth_state; + call->context = existing->context; } } diff --git a/selftest/knownfail.d/dcerpc-auth-fraq b/selftest/knownfail.d/dcerpc-auth-fraq deleted file mode 100644 index f3c62b65e9e9..000000000000 --- a/selftest/knownfail.d/dcerpc-auth-fraq +++ /dev/null @@ -1,20 +0,0 @@ -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_all_111 -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_alone -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_all_111 -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_context_111 -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_level_111 -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_type_111 -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_firstSame111 -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_firstSameNone -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_firstSameNone111 -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_lastSameNone -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_lastSameNone111 -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_firstSame2 -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNext111 -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNext2 -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNextNone -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNextNone111 -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSame111 -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSame2 -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSameNone -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSameNone111 diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c index 4847e8a02004..baf6df6e498b 100644 --- a/source4/librpc/rpc/dcerpc.c +++ b/source4/librpc/rpc/dcerpc.c @@ -726,6 +726,7 @@ static NTSTATUS ncacn_pull_pkt_auth(struct dcecli_connection *c, status = dcerpc_ncacn_pull_pkt_auth(&tmp_auth, c->security_state.generic_state, + true, /* check_pkt_auth_fields */ mem_ctx, ptype, required_flags, -- 2.25.1