The Samba-Bugzilla – Attachment 16974 Details for
Bug 14875
CVE-2021-23192 [SECURITY] dcerpc requests don't check all fragments against the first auth_state
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch from master backported to 4.10
CVE-2021-23192-only-4.10-v1.patch (text/plain), 217.66 KB, created by
Jennifer Sutton
on 2021-11-09 04:05:16 UTC
(
hide
)
Description:
patch from master backported to 4.10
Filename:
MIME Type:
Creator:
Jennifer Sutton
Created:
2021-11-09 04:05:16 UTC
Size:
217.66 KB
patch
obsolete
>From 694a13416614b86d652166d45f540a3f1b93dc4d Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Fri, 2 Apr 2021 12:20:38 +0200 >Subject: [PATCH 1/9] CVE-2021-23192 rpc: Give dcerpc_util.c its own header > >Signed-off-by: Volker Lendecke <vl@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875 > >(cherry picked from commit 8945d99758d8bedd374f1c51304b87a6cf10498c) > >[jsutton@samba.org Added missing include files] > >[jsutton@samba.org Adapted #include directives for RPC refactoring] >--- > librpc/rpc/dcerpc_util.c | 1 + > librpc/rpc/dcerpc_util.h | 103 ++++++++++++++++++++ > librpc/rpc/rpc_common.h | 74 -------------- > source3/librpc/rpc/dcerpc_helpers.c | 1 + > source3/rpc_client/cli_pipe.c | 1 + > source3/rpc_client/rpc_transport_np.c | 1 + > source3/rpc_server/rpc_ncacn_np.c | 1 + > source3/rpc_server/rpc_server.c | 1 + > source3/rpc_server/srv_pipe.c | 1 + > source4/librpc/rpc/dcerpc.c | 1 + > source4/librpc/rpc/dcerpc_roh_channel_out.c | 1 + > source4/librpc/rpc/dcerpc_util.c | 1 + > source4/rpc_server/common/reply.c | 1 + > source4/rpc_server/dcerpc_server.c | 1 + > source4/rpc_server/dcesrv_auth.c | 1 + > 15 files changed, 116 insertions(+), 74 deletions(-) > create mode 100644 librpc/rpc/dcerpc_util.h > >diff --git a/librpc/rpc/dcerpc_util.c b/librpc/rpc/dcerpc_util.c >index 6bc97f7e7d8..43bffb79b10 100644 >--- a/librpc/rpc/dcerpc_util.c >+++ b/librpc/rpc/dcerpc_util.c >@@ -25,6 +25,7 @@ > #include "lib/tsocket/tsocket.h" > #include "lib/util/tevent_ntstatus.h" > #include "librpc/rpc/dcerpc.h" >+#include "librpc/rpc/dcerpc_util.h" > #include "librpc/gen_ndr/ndr_dcerpc.h" > #include "rpc_common.h" > #include "lib/util/bitmap.h" >diff --git a/librpc/rpc/dcerpc_util.h b/librpc/rpc/dcerpc_util.h >new file mode 100644 >index 00000000000..0ecaf428c3c >--- /dev/null >+++ b/librpc/rpc/dcerpc_util.h >@@ -0,0 +1,103 @@ >+/* >+ Unix SMB/CIFS implementation. >+ >+ Copyright (C) Stefan Metzmacher 2010-2011 >+ Copyright (C) Andrew Tridgell 2010-2011 >+ Copyright (C) Simo Sorce 2010 >+ >+ This program is free software; you can redistribute it and/or modify >+ it under the terms of the GNU General Public License as published by >+ the Free Software Foundation; either version 3 of the License, or >+ (at your option) any later version. >+ >+ This program is distributed in the hope that it will be useful, >+ but WITHOUT ANY WARRANTY; without even the implied warranty of >+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+ GNU General Public License for more details. >+ >+ You should have received a copy of the GNU General Public License >+ along with this program. If not, see <http://www.gnu.org/licenses/>. >+*/ >+ >+#ifndef __LIBRPC_RPC_DCERPC_UTIL_H__ >+#define __LIBRPC_RPC_DCERPC_UTIL_H__ >+ >+#include "replace.h" >+#include <talloc.h> >+#include "lib/util/data_blob.h" >+#include "librpc/rpc/rpc_common.h" >+#include "librpc/gen_ndr/dcerpc.h" >+ >+void dcerpc_set_frag_length(DATA_BLOB *blob, uint16_t v); >+uint16_t dcerpc_get_frag_length(const DATA_BLOB *blob); >+void dcerpc_set_auth_length(DATA_BLOB *blob, uint16_t v); >+uint16_t dcerpc_get_auth_length(const DATA_BLOB *blob); >+uint8_t dcerpc_get_endian_flag(DATA_BLOB *blob); >+uint8_t dcerpc_get_auth_type(const DATA_BLOB *blob); >+uint8_t dcerpc_get_auth_level(const DATA_BLOB *blob); >+uint32_t dcerpc_get_auth_context_id(const DATA_BLOB *blob); >+const char *dcerpc_default_transport_endpoint(TALLOC_CTX *mem_ctx, >+ enum dcerpc_transport_t transport, >+ const struct ndr_interface_table *table); >+ >+NTSTATUS dcerpc_pull_ncacn_packet(TALLOC_CTX *mem_ctx, >+ const DATA_BLOB *blob, >+ struct ncacn_packet *r); >+ >+/** >+* @brief Pull a dcerpc_auth structure, taking account of any auth >+* padding in the blob. For request/response packets we pass >+* the whole data blob, so auth_data_only must be set to false >+* as the blob contains data+pad+auth and no just pad+auth. >+* >+* @param pkt - The ncacn_packet strcuture >+* @param mem_ctx - The mem_ctx used to allocate dcerpc_auth elements >+* @param pkt_trailer - The packet trailer data, usually the trailing >+* auth_info blob, but in the request/response case >+* this is the stub_and_verifier blob. >+* @param auth - A preallocated dcerpc_auth *empty* structure >+* @param auth_length - The length of the auth trail, sum of auth header >+* lenght and pkt->auth_length >+* @param auth_data_only - Whether the pkt_trailer includes only the auth_blob >+* (+ padding) or also other data. >+* >+* @return - A NTSTATUS error code. >+*/ >+NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet *pkt, >+ TALLOC_CTX *mem_ctx, >+ const DATA_BLOB *pkt_trailer, >+ struct dcerpc_auth *auth, >+ uint32_t *auth_length, >+ bool auth_data_only); >+NTSTATUS dcerpc_verify_ncacn_packet_header(const struct ncacn_packet *pkt, >+ enum dcerpc_pkt_type ptype, >+ size_t max_auth_info, >+ uint8_t required_flags, >+ uint8_t optional_flags); >+NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state, >+ struct gensec_security *gensec, >+ TALLOC_CTX *mem_ctx, >+ enum dcerpc_pkt_type ptype, >+ uint8_t required_flags, >+ uint8_t optional_flags, >+ uint8_t payload_offset, >+ DATA_BLOB *payload_and_verifier, >+ DATA_BLOB *raw_packet, >+ const struct ncacn_packet *pkt); >+NTSTATUS dcerpc_ncacn_push_pkt_auth(const struct dcerpc_auth *auth_state, >+ struct gensec_security *gensec, >+ TALLOC_CTX *mem_ctx, >+ DATA_BLOB *raw_packet, >+ size_t sig_size, >+ uint8_t payload_offset, >+ const DATA_BLOB *payload, >+ const struct ncacn_packet *pkt); >+struct tevent_req *dcerpc_read_ncacn_packet_send(TALLOC_CTX *mem_ctx, >+ struct tevent_context *ev, >+ struct tstream_context *stream); >+NTSTATUS dcerpc_read_ncacn_packet_recv(struct tevent_req *req, >+ TALLOC_CTX *mem_ctx, >+ struct ncacn_packet **pkt, >+ DATA_BLOB *buffer); >+ >+#endif >diff --git a/librpc/rpc/rpc_common.h b/librpc/rpc/rpc_common.h >index f1535d74220..9b942e54820 100644 >--- a/librpc/rpc/rpc_common.h >+++ b/librpc/rpc/rpc_common.h >@@ -163,80 +163,6 @@ const char *derpc_transport_string_by_transport(enum dcerpc_transport_t t); > enum dcerpc_transport_t dcerpc_transport_by_name(const char *name); > enum dcerpc_transport_t dcerpc_transport_by_tower(const struct epm_tower *tower); > >-/* The following definitions come from ../librpc/rpc/dcerpc_util.c */ >- >-void dcerpc_set_frag_length(DATA_BLOB *blob, uint16_t v); >-uint16_t dcerpc_get_frag_length(const DATA_BLOB *blob); >-void dcerpc_set_auth_length(DATA_BLOB *blob, uint16_t v); >-uint16_t dcerpc_get_auth_length(const DATA_BLOB *blob); >-uint8_t dcerpc_get_endian_flag(DATA_BLOB *blob); >-uint8_t dcerpc_get_auth_type(const DATA_BLOB *blob); >-uint8_t dcerpc_get_auth_level(const DATA_BLOB *blob); >-uint32_t dcerpc_get_auth_context_id(const DATA_BLOB *blob); >-const char *dcerpc_default_transport_endpoint(TALLOC_CTX *mem_ctx, >- enum dcerpc_transport_t transport, >- const struct ndr_interface_table *table); >- >-NTSTATUS dcerpc_pull_ncacn_packet(TALLOC_CTX *mem_ctx, >- const DATA_BLOB *blob, >- struct ncacn_packet *r); >- >-/** >-* @brief Pull a dcerpc_auth structure, taking account of any auth >-* padding in the blob. For request/response packets we pass >-* the whole data blob, so auth_data_only must be set to false >-* as the blob contains data+pad+auth and no just pad+auth. >-* >-* @param pkt - The ncacn_packet strcuture >-* @param mem_ctx - The mem_ctx used to allocate dcerpc_auth elements >-* @param pkt_trailer - The packet trailer data, usually the trailing >-* auth_info blob, but in the request/response case >-* this is the stub_and_verifier blob. >-* @param auth - A preallocated dcerpc_auth *empty* structure >-* @param auth_length - The length of the auth trail, sum of auth header >-* lenght and pkt->auth_length >-* @param auth_data_only - Whether the pkt_trailer includes only the auth_blob >-* (+ padding) or also other data. >-* >-* @return - A NTSTATUS error code. >-*/ >-NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet *pkt, >- TALLOC_CTX *mem_ctx, >- const DATA_BLOB *pkt_trailer, >- struct dcerpc_auth *auth, >- uint32_t *auth_length, >- bool auth_data_only); >-NTSTATUS dcerpc_verify_ncacn_packet_header(const struct ncacn_packet *pkt, >- enum dcerpc_pkt_type ptype, >- size_t max_auth_info, >- uint8_t required_flags, >- uint8_t optional_flags); >-NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state, >- struct gensec_security *gensec, >- TALLOC_CTX *mem_ctx, >- enum dcerpc_pkt_type ptype, >- uint8_t required_flags, >- uint8_t optional_flags, >- uint8_t payload_offset, >- DATA_BLOB *payload_and_verifier, >- DATA_BLOB *raw_packet, >- const struct ncacn_packet *pkt); >-NTSTATUS dcerpc_ncacn_push_pkt_auth(const struct dcerpc_auth *auth_state, >- struct gensec_security *gensec, >- TALLOC_CTX *mem_ctx, >- DATA_BLOB *raw_packet, >- size_t sig_size, >- uint8_t payload_offset, >- const DATA_BLOB *payload, >- const struct ncacn_packet *pkt); >-struct tevent_req *dcerpc_read_ncacn_packet_send(TALLOC_CTX *mem_ctx, >- struct tevent_context *ev, >- struct tstream_context *stream); >-NTSTATUS dcerpc_read_ncacn_packet_recv(struct tevent_req *req, >- TALLOC_CTX *mem_ctx, >- struct ncacn_packet **pkt, >- DATA_BLOB *buffer); >- > /* The following definitions come from ../librpc/rpc/binding_handle.c */ > > struct dcerpc_binding_handle_ops { >diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c >index 1f67987561c..c609efd5b07 100644 >--- a/source3/librpc/rpc/dcerpc_helpers.c >+++ b/source3/librpc/rpc/dcerpc_helpers.c >@@ -20,6 +20,7 @@ > > #include "includes.h" > #include "librpc/rpc/dcerpc.h" >+#include "librpc/rpc/dcerpc_util.h" > #include "librpc/gen_ndr/ndr_dcerpc.h" > #include "librpc/crypto/gse.h" > #include "auth/gensec/gensec.h" >diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c >index 81b6bfb75bf..7bc3e57be26 100644 >--- a/source3/rpc_client/cli_pipe.c >+++ b/source3/rpc_client/cli_pipe.c >@@ -30,6 +30,7 @@ > #include "librpc/gen_ndr/ndr_dcerpc.h" > #include "librpc/gen_ndr/ndr_netlogon_c.h" > #include "librpc/rpc/dcerpc.h" >+#include "librpc/rpc/dcerpc_util.h" > #include "rpc_dce.h" > #include "cli_pipe.h" > #include "libsmb/libsmb.h" >diff --git a/source3/rpc_client/rpc_transport_np.c b/source3/rpc_client/rpc_transport_np.c >index 9dc5c5634fc..b24023661ff 100644 >--- a/source3/rpc_client/rpc_transport_np.c >+++ b/source3/rpc_client/rpc_transport_np.c >@@ -19,6 +19,7 @@ > > #include "includes.h" > #include "../lib/util/tevent_ntstatus.h" >+#include "librpc/rpc/dcerpc_util.h" > #include "rpc_client/rpc_transport.h" > #include "librpc/ndr/ndr_table.h" > #include "libcli/smb/smbXcli_base.h" >diff --git a/source3/rpc_server/rpc_ncacn_np.c b/source3/rpc_server/rpc_ncacn_np.c >index 5ee98a10d70..b53e1a49d0b 100644 >--- a/source3/rpc_server/rpc_ncacn_np.c >+++ b/source3/rpc_server/rpc_ncacn_np.c >@@ -39,6 +39,7 @@ > #include "rpc_server/rpc_config.h" > #include "librpc/ndr/ndr_table.h" > #include "rpc_server/rpc_server.h" >+#include "librpc/rpc/dcerpc_util.h" > > #undef DBGC_CLASS > #define DBGC_CLASS DBGC_RPC_SRV >diff --git a/source3/rpc_server/rpc_server.c b/source3/rpc_server/rpc_server.c >index 36dff114f90..5182b072a3a 100644 >--- a/source3/rpc_server/rpc_server.c >+++ b/source3/rpc_server/rpc_server.c >@@ -33,6 +33,7 @@ > #include "rpc_server/rpc_ncacn_np.h" > #include "rpc_server/srv_pipe_hnd.h" > #include "rpc_server/srv_pipe.h" >+#include "librpc/rpc/dcerpc_util.h" > > /* Creates a pipes_struct and initializes it with the information > * sent from the client */ >diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c >index 7a1c6159467..9152e021270 100644 >--- a/source3/rpc_server/srv_pipe.c >+++ b/source3/rpc_server/srv_pipe.c >@@ -51,6 +51,7 @@ > #include "../librpc/gen_ndr/ndr_epmapper.h" > #include "../librpc/gen_ndr/ndr_echo.h" > #include "../librpc/gen_ndr/ndr_winspool.h" >+#include "librpc/rpc/dcerpc_util.h" > > #undef DBGC_CLASS > #define DBGC_CLASS DBGC_RPC_SRV >diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c >index a0b00aff817..76a33827a30 100644 >--- a/source4/librpc/rpc/dcerpc.c >+++ b/source4/librpc/rpc/dcerpc.c >@@ -26,6 +26,7 @@ > #include "lib/events/events.h" > #include "librpc/rpc/dcerpc.h" > #include "librpc/rpc/dcerpc_proto.h" >+#include "librpc/rpc/dcerpc_util.h" > #include "librpc/gen_ndr/ndr_misc.h" > #include "librpc/gen_ndr/ndr_dcerpc.h" > #include "auth/gensec/gensec.h" >diff --git a/source4/librpc/rpc/dcerpc_roh_channel_out.c b/source4/librpc/rpc/dcerpc_roh_channel_out.c >index 23cbce3022d..cec3c5bfed9 100644 >--- a/source4/librpc/rpc/dcerpc_roh_channel_out.c >+++ b/source4/librpc/rpc/dcerpc_roh_channel_out.c >@@ -37,6 +37,7 @@ > #include "librpc/rpc/dcerpc.h" > #include "librpc/rpc/dcerpc_roh.h" > #include "librpc/rpc/dcerpc_proto.h" >+#include "librpc/rpc/dcerpc_util.h" > #include "lib/http/http.h" > > struct roh_connect_channel_state { >diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c >index 39f7d87fc83..61fbbef82f5 100644 >--- a/source4/librpc/rpc/dcerpc_util.c >+++ b/source4/librpc/rpc/dcerpc_util.c >@@ -29,6 +29,7 @@ > #include "librpc/gen_ndr/ndr_dcerpc.h" > #include "librpc/gen_ndr/ndr_misc.h" > #include "librpc/rpc/dcerpc_proto.h" >+#include "librpc/rpc/dcerpc_util.h" > #include "auth/credentials/credentials.h" > #include "auth/gensec/gensec.h" > #include "param/param.h" >diff --git a/source4/rpc_server/common/reply.c b/source4/rpc_server/common/reply.c >index 68def745fd1..f698decc9dc 100644 >--- a/source4/rpc_server/common/reply.c >+++ b/source4/rpc_server/common/reply.c >@@ -28,6 +28,7 @@ > #include "rpc_server/dcerpc_server_proto.h" > #include "rpc_server/common/proto.h" > #include "librpc/rpc/dcerpc_proto.h" >+#include "librpc/rpc/dcerpc_util.h" > #include "system/filesys.h" > #include "libcli/security/security.h" > #include "param/param.h" >diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c >index 9c5bb4f6026..9e105d5054d 100644 >--- a/source4/rpc_server/dcerpc_server.c >+++ b/source4/rpc_server/dcerpc_server.c >@@ -28,6 +28,7 @@ > #include "rpc_server/dcerpc_server_proto.h" > #include "rpc_server/common/proto.h" > #include "librpc/rpc/dcerpc_proto.h" >+#include "librpc/rpc/dcerpc_util.h" > #include "system/filesys.h" > #include "libcli/security/security.h" > #include "param/param.h" >diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c >index c71e4868436..0f3dc1cfafe 100644 >--- a/source4/rpc_server/dcesrv_auth.c >+++ b/source4/rpc_server/dcesrv_auth.c >@@ -25,6 +25,7 @@ > #include "rpc_server/dcerpc_server_proto.h" > #include "rpc_server/common/proto.h" > #include "librpc/rpc/dcerpc_proto.h" >+#include "librpc/rpc/dcerpc_util.h" > #include "librpc/gen_ndr/ndr_dcerpc.h" > #include "auth/credentials/credentials.h" > #include "auth/gensec/gensec.h" >-- >2.25.1 > > >From 7ff02de0328ea93607093abe47db357859697264 Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Fri, 2 Apr 2021 13:41:21 +0200 >Subject: [PATCH 2/9] CVE-2021-23192 librpc: Remove the gensec dependency from > library dcerpc-binding > >This means yet another library, but having to depend on gensec just >for dcerpc_parse_binding() and basic packet parsing seems like a bit >overkill to me. > >Signed-off-by: Volker Lendecke <vl@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> > >Autobuild-User(master): Jeremy Allison <jra@samba.org> >Autobuild-Date(master): Tue Apr 6 23:33:14 UTC 2021 on sn-devel-184 > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875 > >(cherry picked from commit 4d3b6506d30e4bf302f832493dad00a83b73d370) > >[jsutton@samba.org Adapted for RPC refactoring and remove #include > directives] >--- > libcli/auth/wscript_build | 10 +- > librpc/rpc/dcerpc_pkt_auth.c | 361 +++++++++++++++++++++++++++++++ > librpc/rpc/dcerpc_pkt_auth.h | 58 +++++ > librpc/rpc/dcerpc_util.c | 335 ---------------------------- > librpc/rpc/dcerpc_util.h | 18 -- > librpc/wscript_build | 14 +- > source3/wscript_build | 8 +- > source4/librpc/rpc/dcerpc.c | 1 + > source4/librpc/wscript_build | 21 +- > source4/rpc_server/dcesrv_auth.c | 1 + > 10 files changed, 468 insertions(+), 359 deletions(-) > create mode 100644 librpc/rpc/dcerpc_pkt_auth.c > create mode 100644 librpc/rpc/dcerpc_pkt_auth.h > >diff --git a/libcli/auth/wscript_build b/libcli/auth/wscript_build >index 394505d166d..997215d630f 100644 >--- a/libcli/auth/wscript_build >+++ b/libcli/auth/wscript_build >@@ -30,7 +30,15 @@ bld.SAMBA_SUBSYSTEM('COMMON_SCHANNEL', > > bld.SAMBA_SUBSYSTEM('NETLOGON_CREDS_CLI', > source='netlogon_creds_cli.c', >- deps='dbwrap util_tdb tevent-util samba-hostconfig RPC_NDR_NETLOGON NDR_NETLOGON' >+ deps=''' >+ dbwrap >+ util_tdb >+ tevent-util >+ samba-hostconfig >+ gensec >+ RPC_NDR_NETLOGON >+ NDR_NETLOGON >+ ''' > ) > > bld.SAMBA_SUBSYSTEM('PAM_ERRORS', >diff --git a/librpc/rpc/dcerpc_pkt_auth.c b/librpc/rpc/dcerpc_pkt_auth.c >new file mode 100644 >index 00000000000..24f88194417 >--- /dev/null >+++ b/librpc/rpc/dcerpc_pkt_auth.c >@@ -0,0 +1,361 @@ >+/* >+ Unix SMB/CIFS implementation. >+ raw dcerpc operations >+ >+ Copyright (C) Andrew Tridgell 2003-2005 >+ Copyright (C) Jelmer Vernooij 2004-2005 >+ >+ This program is free software; you can redistribute it and/or modify >+ it under the terms of the GNU General Public License as published by >+ the Free Software Foundation; either version 3 of the License, or >+ (at your option) any later version. >+ >+ This program is distributed in the hope that it will be useful, >+ but WITHOUT ANY WARRANTY; without even the implied warranty of >+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+ GNU General Public License for more details. >+ >+ You should have received a copy of the GNU General Public License >+ along with this program. If not, see <http://www.gnu.org/licenses/>. >+*/ >+ >+#include "replace.h" >+#include "lib/util/samba_util.h" >+#include "librpc/rpc/dcerpc_util.h" >+#include "librpc/rpc/dcerpc_pkt_auth.h" >+#include "librpc/gen_ndr/ndr_dcerpc.h" >+#include "auth/gensec/gensec.h" >+ >+NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state, >+ struct gensec_security *gensec, >+ TALLOC_CTX *mem_ctx, >+ enum dcerpc_pkt_type ptype, >+ uint8_t required_flags, >+ uint8_t optional_flags, >+ uint8_t payload_offset, >+ DATA_BLOB *payload_and_verifier, >+ DATA_BLOB *raw_packet, >+ const struct ncacn_packet *pkt) >+{ >+ NTSTATUS status; >+ struct dcerpc_auth auth; >+ uint32_t auth_length; >+ >+ if (auth_state == NULL) { >+ return NT_STATUS_INTERNAL_ERROR; >+ } >+ >+ status = dcerpc_verify_ncacn_packet_header(pkt, ptype, >+ payload_and_verifier->length, >+ required_flags, optional_flags); >+ if (!NT_STATUS_IS_OK(status)) { >+ return status; >+ } >+ >+ switch (auth_state->auth_level) { >+ case DCERPC_AUTH_LEVEL_PRIVACY: >+ case DCERPC_AUTH_LEVEL_INTEGRITY: >+ case DCERPC_AUTH_LEVEL_PACKET: >+ break; >+ >+ case DCERPC_AUTH_LEVEL_CONNECT: >+ if (pkt->auth_length != 0) { >+ break; >+ } >+ return NT_STATUS_OK; >+ case DCERPC_AUTH_LEVEL_NONE: >+ if (pkt->auth_length != 0) { >+ return NT_STATUS_ACCESS_DENIED; >+ } >+ return NT_STATUS_OK; >+ >+ default: >+ return NT_STATUS_RPC_UNSUPPORTED_AUTHN_LEVEL; >+ } >+ >+ if (pkt->auth_length == 0) { >+ return NT_STATUS_RPC_PROTOCOL_ERROR; >+ } >+ >+ if (gensec == NULL) { >+ return NT_STATUS_INTERNAL_ERROR; >+ } >+ >+ status = dcerpc_pull_auth_trailer(pkt, mem_ctx, >+ payload_and_verifier, >+ &auth, &auth_length, false); >+ if (!NT_STATUS_IS_OK(status)) { >+ return status; >+ } >+ >+ if (payload_and_verifier->length < auth_length) { >+ /* >+ * should be checked in dcerpc_pull_auth_trailer() >+ */ >+ return NT_STATUS_INTERNAL_ERROR; >+ } >+ >+ payload_and_verifier->length -= auth_length; >+ >+ if (payload_and_verifier->length < auth.auth_pad_length) { >+ /* >+ * should be checked in dcerpc_pull_auth_trailer() >+ */ >+ return NT_STATUS_INTERNAL_ERROR; >+ } >+ >+ if (auth.auth_type != auth_state->auth_type) { >+ return NT_STATUS_ACCESS_DENIED; >+ } >+ >+ if (auth.auth_level != auth_state->auth_level) { >+ return NT_STATUS_ACCESS_DENIED; >+ } >+ >+ if (auth.auth_context_id != auth_state->auth_context_id) { >+ return NT_STATUS_ACCESS_DENIED; >+ } >+ >+ /* check signature or unseal the packet */ >+ switch (auth_state->auth_level) { >+ case DCERPC_AUTH_LEVEL_PRIVACY: >+ status = gensec_unseal_packet(gensec, >+ raw_packet->data + payload_offset, >+ payload_and_verifier->length, >+ raw_packet->data, >+ raw_packet->length - >+ auth.credentials.length, >+ &auth.credentials); >+ if (!NT_STATUS_IS_OK(status)) { >+ return NT_STATUS_RPC_SEC_PKG_ERROR; >+ } >+ memcpy(payload_and_verifier->data, >+ raw_packet->data + payload_offset, >+ payload_and_verifier->length); >+ break; >+ >+ case DCERPC_AUTH_LEVEL_INTEGRITY: >+ case DCERPC_AUTH_LEVEL_PACKET: >+ status = gensec_check_packet(gensec, >+ payload_and_verifier->data, >+ payload_and_verifier->length, >+ raw_packet->data, >+ raw_packet->length - >+ auth.credentials.length, >+ &auth.credentials); >+ if (!NT_STATUS_IS_OK(status)) { >+ return NT_STATUS_RPC_SEC_PKG_ERROR; >+ } >+ break; >+ >+ case DCERPC_AUTH_LEVEL_CONNECT: >+ /* for now we ignore possible signatures here */ >+ break; >+ >+ default: >+ return NT_STATUS_RPC_UNSUPPORTED_AUTHN_LEVEL; >+ } >+ >+ /* >+ * remove the indicated amount of padding >+ * >+ * A possible overflow is checked above. >+ */ >+ payload_and_verifier->length -= auth.auth_pad_length; >+ >+ return NT_STATUS_OK; >+} >+ >+NTSTATUS dcerpc_ncacn_push_pkt_auth(const struct dcerpc_auth *auth_state, >+ struct gensec_security *gensec, >+ TALLOC_CTX *mem_ctx, >+ DATA_BLOB *raw_packet, >+ size_t sig_size, >+ uint8_t payload_offset, >+ const DATA_BLOB *payload, >+ const struct ncacn_packet *pkt) >+{ >+ TALLOC_CTX *frame = talloc_stackframe(); >+ NTSTATUS status; >+ enum ndr_err_code ndr_err; >+ struct ndr_push *ndr = NULL; >+ uint32_t payload_length; >+ uint32_t whole_length; >+ DATA_BLOB blob = data_blob_null; >+ DATA_BLOB sig = data_blob_null; >+ struct dcerpc_auth _out_auth_info; >+ struct dcerpc_auth *out_auth_info = NULL; >+ >+ *raw_packet = data_blob_null; >+ >+ if (auth_state == NULL) { >+ TALLOC_FREE(frame); >+ return NT_STATUS_INTERNAL_ERROR; >+ } >+ >+ switch (auth_state->auth_level) { >+ case DCERPC_AUTH_LEVEL_PRIVACY: >+ case DCERPC_AUTH_LEVEL_INTEGRITY: >+ case DCERPC_AUTH_LEVEL_PACKET: >+ if (sig_size == 0) { >+ TALLOC_FREE(frame); >+ return NT_STATUS_INTERNAL_ERROR; >+ } >+ >+ if (gensec == NULL) { >+ TALLOC_FREE(frame); >+ return NT_STATUS_INTERNAL_ERROR; >+ } >+ >+ _out_auth_info = (struct dcerpc_auth) { >+ .auth_type = auth_state->auth_type, >+ .auth_level = auth_state->auth_level, >+ .auth_context_id = auth_state->auth_context_id, >+ }; >+ out_auth_info = &_out_auth_info; >+ break; >+ >+ case DCERPC_AUTH_LEVEL_CONNECT: >+ /* >+ * TODO: let the gensec mech decide if it wants to generate a >+ * signature that might be needed for schannel... >+ */ >+ if (sig_size != 0) { >+ TALLOC_FREE(frame); >+ return NT_STATUS_INTERNAL_ERROR; >+ } >+ >+ if (gensec == NULL) { >+ TALLOC_FREE(frame); >+ return NT_STATUS_INTERNAL_ERROR; >+ } >+ break; >+ >+ case DCERPC_AUTH_LEVEL_NONE: >+ if (sig_size != 0) { >+ TALLOC_FREE(frame); >+ return NT_STATUS_INTERNAL_ERROR; >+ } >+ break; >+ >+ default: >+ TALLOC_FREE(frame); >+ return NT_STATUS_INTERNAL_ERROR; >+ } >+ >+ ndr = ndr_push_init_ctx(frame); >+ if (ndr == NULL) { >+ TALLOC_FREE(frame); >+ return NT_STATUS_NO_MEMORY; >+ } >+ >+ ndr_err = ndr_push_ncacn_packet(ndr, NDR_SCALARS|NDR_BUFFERS, pkt); >+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { >+ TALLOC_FREE(frame); >+ return ndr_map_error2ntstatus(ndr_err); >+ } >+ >+ if (out_auth_info != NULL) { >+ /* >+ * pad to 16 byte multiple in the payload portion of the >+ * packet. This matches what w2k3 does. Note that we can't use >+ * ndr_push_align() as that is relative to the start of the >+ * whole packet, whereas w2k8 wants it relative to the start >+ * of the stub. >+ */ >+ out_auth_info->auth_pad_length = >+ DCERPC_AUTH_PAD_LENGTH(payload->length); >+ ndr_err = ndr_push_zero(ndr, out_auth_info->auth_pad_length); >+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { >+ TALLOC_FREE(frame); >+ return ndr_map_error2ntstatus(ndr_err); >+ } >+ >+ payload_length = payload->length + >+ out_auth_info->auth_pad_length; >+ >+ ndr_err = ndr_push_dcerpc_auth(ndr, NDR_SCALARS|NDR_BUFFERS, >+ out_auth_info); >+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { >+ TALLOC_FREE(frame); >+ return ndr_map_error2ntstatus(ndr_err); >+ } >+ >+ whole_length = ndr->offset; >+ >+ ndr_err = ndr_push_zero(ndr, sig_size); >+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { >+ TALLOC_FREE(frame); >+ return ndr_map_error2ntstatus(ndr_err); >+ } >+ } else { >+ payload_length = payload->length; >+ whole_length = ndr->offset; >+ } >+ >+ /* extract the whole packet as a blob */ >+ blob = ndr_push_blob(ndr); >+ >+ /* >+ * Setup the frag and auth length in the packet buffer. >+ * This is needed if the GENSEC mech does AEAD signing >+ * of the packet headers. The signature itself will be >+ * appended later. >+ */ >+ dcerpc_set_frag_length(&blob, blob.length); >+ dcerpc_set_auth_length(&blob, sig_size); >+ >+ /* sign or seal the packet */ >+ switch (auth_state->auth_level) { >+ case DCERPC_AUTH_LEVEL_PRIVACY: >+ status = gensec_seal_packet(gensec, >+ frame, >+ blob.data + payload_offset, >+ payload_length, >+ blob.data, >+ whole_length, >+ &sig); >+ if (!NT_STATUS_IS_OK(status)) { >+ TALLOC_FREE(frame); >+ return status; >+ } >+ break; >+ >+ case DCERPC_AUTH_LEVEL_INTEGRITY: >+ case DCERPC_AUTH_LEVEL_PACKET: >+ status = gensec_sign_packet(gensec, >+ frame, >+ blob.data + payload_offset, >+ payload_length, >+ blob.data, >+ whole_length, >+ &sig); >+ if (!NT_STATUS_IS_OK(status)) { >+ TALLOC_FREE(frame); >+ return status; >+ } >+ break; >+ >+ case DCERPC_AUTH_LEVEL_CONNECT: >+ case DCERPC_AUTH_LEVEL_NONE: >+ break; >+ >+ default: >+ TALLOC_FREE(frame); >+ return NT_STATUS_INTERNAL_ERROR; >+ } >+ >+ if (sig.length != sig_size) { >+ TALLOC_FREE(frame); >+ return NT_STATUS_RPC_SEC_PKG_ERROR; >+ } >+ >+ if (sig_size != 0) { >+ memcpy(blob.data + whole_length, sig.data, sig_size); >+ } >+ >+ *raw_packet = blob; >+ talloc_steal(mem_ctx, raw_packet->data); >+ TALLOC_FREE(frame); >+ return NT_STATUS_OK; >+} >diff --git a/librpc/rpc/dcerpc_pkt_auth.h b/librpc/rpc/dcerpc_pkt_auth.h >new file mode 100644 >index 00000000000..c0d23b91c05 >--- /dev/null >+++ b/librpc/rpc/dcerpc_pkt_auth.h >@@ -0,0 +1,58 @@ >+/* >+ Unix SMB/CIFS implementation. >+ >+ Copyright (C) Stefan Metzmacher 2010-2011 >+ Copyright (C) Andrew Tridgell 2010-2011 >+ Copyright (C) Simo Sorce 2010 >+ >+ This program is free software; you can redistribute it and/or modify >+ it under the terms of the GNU General Public License as published by >+ the Free Software Foundation; either version 3 of the License, or >+ (at your option) any later version. >+ >+ This program is distributed in the hope that it will be useful, >+ but WITHOUT ANY WARRANTY; without even the implied warranty of >+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+ GNU General Public License for more details. >+ >+ You should have received a copy of the GNU General Public License >+ along with this program. If not, see <http://www.gnu.org/licenses/>. >+*/ >+ >+#ifndef __LIBRPC_RPC_DCERPC_PKT_AUTH_H__ >+#define __LIBRPC_RPC_DCERPC_PKT_AUTH_H__ >+ >+#include "replace.h" >+#include <talloc.h> >+#include "lib/util/data_blob.h" >+#include "libcli/util/ntstatus.h" >+#include "librpc/rpc/rpc_common.h" >+#include "librpc/gen_ndr/dcerpc.h" >+ >+NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state, >+ struct gensec_security *gensec, >+ TALLOC_CTX *mem_ctx, >+ enum dcerpc_pkt_type ptype, >+ uint8_t required_flags, >+ uint8_t optional_flags, >+ uint8_t payload_offset, >+ DATA_BLOB *payload_and_verifier, >+ DATA_BLOB *raw_packet, >+ const struct ncacn_packet *pkt); >+NTSTATUS dcerpc_ncacn_push_pkt_auth(const struct dcerpc_auth *auth_state, >+ struct gensec_security *gensec, >+ TALLOC_CTX *mem_ctx, >+ DATA_BLOB *raw_packet, >+ size_t sig_size, >+ uint8_t payload_offset, >+ const DATA_BLOB *payload, >+ const struct ncacn_packet *pkt); >+struct tevent_req *dcerpc_read_ncacn_packet_send(TALLOC_CTX *mem_ctx, >+ struct tevent_context *ev, >+ struct tstream_context *stream); >+NTSTATUS dcerpc_read_ncacn_packet_recv(struct tevent_req *req, >+ TALLOC_CTX *mem_ctx, >+ struct ncacn_packet **pkt, >+ DATA_BLOB *buffer); >+ >+#endif >diff --git a/librpc/rpc/dcerpc_util.c b/librpc/rpc/dcerpc_util.c >index 43bffb79b10..304420ab1c0 100644 >--- a/librpc/rpc/dcerpc_util.c >+++ b/librpc/rpc/dcerpc_util.c >@@ -29,7 +29,6 @@ > #include "librpc/gen_ndr/ndr_dcerpc.h" > #include "rpc_common.h" > #include "lib/util/bitmap.h" >-#include "auth/gensec/gensec.h" > > /* we need to be able to get/set the fragment length without doing a full > decode */ >@@ -460,340 +459,6 @@ NTSTATUS dcerpc_verify_ncacn_packet_header(const struct ncacn_packet *pkt, > return NT_STATUS_OK; > } > >-NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state, >- struct gensec_security *gensec, >- TALLOC_CTX *mem_ctx, >- enum dcerpc_pkt_type ptype, >- uint8_t required_flags, >- uint8_t optional_flags, >- uint8_t payload_offset, >- DATA_BLOB *payload_and_verifier, >- DATA_BLOB *raw_packet, >- const struct ncacn_packet *pkt) >-{ >- NTSTATUS status; >- struct dcerpc_auth auth; >- uint32_t auth_length; >- >- if (auth_state == NULL) { >- return NT_STATUS_INTERNAL_ERROR; >- } >- >- status = dcerpc_verify_ncacn_packet_header(pkt, ptype, >- payload_and_verifier->length, >- required_flags, optional_flags); >- if (!NT_STATUS_IS_OK(status)) { >- return status; >- } >- >- switch (auth_state->auth_level) { >- case DCERPC_AUTH_LEVEL_PRIVACY: >- case DCERPC_AUTH_LEVEL_INTEGRITY: >- case DCERPC_AUTH_LEVEL_PACKET: >- break; >- >- case DCERPC_AUTH_LEVEL_CONNECT: >- if (pkt->auth_length != 0) { >- break; >- } >- return NT_STATUS_OK; >- case DCERPC_AUTH_LEVEL_NONE: >- if (pkt->auth_length != 0) { >- return NT_STATUS_ACCESS_DENIED; >- } >- return NT_STATUS_OK; >- >- default: >- return NT_STATUS_RPC_UNSUPPORTED_AUTHN_LEVEL; >- } >- >- if (pkt->auth_length == 0) { >- return NT_STATUS_RPC_PROTOCOL_ERROR; >- } >- >- if (gensec == NULL) { >- return NT_STATUS_INTERNAL_ERROR; >- } >- >- status = dcerpc_pull_auth_trailer(pkt, mem_ctx, >- payload_and_verifier, >- &auth, &auth_length, false); >- if (!NT_STATUS_IS_OK(status)) { >- return status; >- } >- >- if (payload_and_verifier->length < auth_length) { >- /* >- * should be checked in dcerpc_pull_auth_trailer() >- */ >- return NT_STATUS_INTERNAL_ERROR; >- } >- >- payload_and_verifier->length -= auth_length; >- >- if (payload_and_verifier->length < auth.auth_pad_length) { >- /* >- * should be checked in dcerpc_pull_auth_trailer() >- */ >- return NT_STATUS_INTERNAL_ERROR; >- } >- >- if (auth.auth_type != auth_state->auth_type) { >- return NT_STATUS_ACCESS_DENIED; >- } >- >- if (auth.auth_level != auth_state->auth_level) { >- return NT_STATUS_ACCESS_DENIED; >- } >- >- if (auth.auth_context_id != auth_state->auth_context_id) { >- return NT_STATUS_ACCESS_DENIED; >- } >- >- /* check signature or unseal the packet */ >- switch (auth_state->auth_level) { >- case DCERPC_AUTH_LEVEL_PRIVACY: >- status = gensec_unseal_packet(gensec, >- raw_packet->data + payload_offset, >- payload_and_verifier->length, >- raw_packet->data, >- raw_packet->length - >- auth.credentials.length, >- &auth.credentials); >- if (!NT_STATUS_IS_OK(status)) { >- return NT_STATUS_RPC_SEC_PKG_ERROR; >- } >- memcpy(payload_and_verifier->data, >- raw_packet->data + payload_offset, >- payload_and_verifier->length); >- break; >- >- case DCERPC_AUTH_LEVEL_INTEGRITY: >- case DCERPC_AUTH_LEVEL_PACKET: >- status = gensec_check_packet(gensec, >- payload_and_verifier->data, >- payload_and_verifier->length, >- raw_packet->data, >- raw_packet->length - >- auth.credentials.length, >- &auth.credentials); >- if (!NT_STATUS_IS_OK(status)) { >- return NT_STATUS_RPC_SEC_PKG_ERROR; >- } >- break; >- >- case DCERPC_AUTH_LEVEL_CONNECT: >- /* for now we ignore possible signatures here */ >- break; >- >- default: >- return NT_STATUS_RPC_UNSUPPORTED_AUTHN_LEVEL; >- } >- >- /* >- * remove the indicated amount of padding >- * >- * A possible overflow is checked above. >- */ >- payload_and_verifier->length -= auth.auth_pad_length; >- >- return NT_STATUS_OK; >-} >- >-NTSTATUS dcerpc_ncacn_push_pkt_auth(const struct dcerpc_auth *auth_state, >- struct gensec_security *gensec, >- TALLOC_CTX *mem_ctx, >- DATA_BLOB *raw_packet, >- size_t sig_size, >- uint8_t payload_offset, >- const DATA_BLOB *payload, >- const struct ncacn_packet *pkt) >-{ >- TALLOC_CTX *frame = talloc_stackframe(); >- NTSTATUS status; >- enum ndr_err_code ndr_err; >- struct ndr_push *ndr = NULL; >- uint32_t payload_length; >- uint32_t whole_length; >- DATA_BLOB blob = data_blob_null; >- DATA_BLOB sig = data_blob_null; >- struct dcerpc_auth _out_auth_info; >- struct dcerpc_auth *out_auth_info = NULL; >- >- *raw_packet = data_blob_null; >- >- if (auth_state == NULL) { >- TALLOC_FREE(frame); >- return NT_STATUS_INTERNAL_ERROR; >- } >- >- switch (auth_state->auth_level) { >- case DCERPC_AUTH_LEVEL_PRIVACY: >- case DCERPC_AUTH_LEVEL_INTEGRITY: >- case DCERPC_AUTH_LEVEL_PACKET: >- if (sig_size == 0) { >- TALLOC_FREE(frame); >- return NT_STATUS_INTERNAL_ERROR; >- } >- >- if (gensec == NULL) { >- TALLOC_FREE(frame); >- return NT_STATUS_INTERNAL_ERROR; >- } >- >- _out_auth_info = (struct dcerpc_auth) { >- .auth_type = auth_state->auth_type, >- .auth_level = auth_state->auth_level, >- .auth_context_id = auth_state->auth_context_id, >- }; >- out_auth_info = &_out_auth_info; >- break; >- >- case DCERPC_AUTH_LEVEL_CONNECT: >- /* >- * TODO: let the gensec mech decide if it wants to generate a >- * signature that might be needed for schannel... >- */ >- if (sig_size != 0) { >- TALLOC_FREE(frame); >- return NT_STATUS_INTERNAL_ERROR; >- } >- >- if (gensec == NULL) { >- TALLOC_FREE(frame); >- return NT_STATUS_INTERNAL_ERROR; >- } >- break; >- >- case DCERPC_AUTH_LEVEL_NONE: >- if (sig_size != 0) { >- TALLOC_FREE(frame); >- return NT_STATUS_INTERNAL_ERROR; >- } >- break; >- >- default: >- TALLOC_FREE(frame); >- return NT_STATUS_INTERNAL_ERROR; >- } >- >- ndr = ndr_push_init_ctx(frame); >- if (ndr == NULL) { >- TALLOC_FREE(frame); >- return NT_STATUS_NO_MEMORY; >- } >- >- ndr_err = ndr_push_ncacn_packet(ndr, NDR_SCALARS|NDR_BUFFERS, pkt); >- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { >- TALLOC_FREE(frame); >- return ndr_map_error2ntstatus(ndr_err); >- } >- >- if (out_auth_info != NULL) { >- /* >- * pad to 16 byte multiple in the payload portion of the >- * packet. This matches what w2k3 does. Note that we can't use >- * ndr_push_align() as that is relative to the start of the >- * whole packet, whereas w2k8 wants it relative to the start >- * of the stub. >- */ >- out_auth_info->auth_pad_length = >- DCERPC_AUTH_PAD_LENGTH(payload->length); >- ndr_err = ndr_push_zero(ndr, out_auth_info->auth_pad_length); >- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { >- TALLOC_FREE(frame); >- return ndr_map_error2ntstatus(ndr_err); >- } >- >- payload_length = payload->length + >- out_auth_info->auth_pad_length; >- >- ndr_err = ndr_push_dcerpc_auth(ndr, NDR_SCALARS|NDR_BUFFERS, >- out_auth_info); >- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { >- TALLOC_FREE(frame); >- return ndr_map_error2ntstatus(ndr_err); >- } >- >- whole_length = ndr->offset; >- >- ndr_err = ndr_push_zero(ndr, sig_size); >- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { >- TALLOC_FREE(frame); >- return ndr_map_error2ntstatus(ndr_err); >- } >- } else { >- payload_length = payload->length; >- whole_length = ndr->offset; >- } >- >- /* extract the whole packet as a blob */ >- blob = ndr_push_blob(ndr); >- >- /* >- * Setup the frag and auth length in the packet buffer. >- * This is needed if the GENSEC mech does AEAD signing >- * of the packet headers. The signature itself will be >- * appended later. >- */ >- dcerpc_set_frag_length(&blob, blob.length); >- dcerpc_set_auth_length(&blob, sig_size); >- >- /* sign or seal the packet */ >- switch (auth_state->auth_level) { >- case DCERPC_AUTH_LEVEL_PRIVACY: >- status = gensec_seal_packet(gensec, >- frame, >- blob.data + payload_offset, >- payload_length, >- blob.data, >- whole_length, >- &sig); >- if (!NT_STATUS_IS_OK(status)) { >- TALLOC_FREE(frame); >- return status; >- } >- break; >- >- case DCERPC_AUTH_LEVEL_INTEGRITY: >- case DCERPC_AUTH_LEVEL_PACKET: >- status = gensec_sign_packet(gensec, >- frame, >- blob.data + payload_offset, >- payload_length, >- blob.data, >- whole_length, >- &sig); >- if (!NT_STATUS_IS_OK(status)) { >- TALLOC_FREE(frame); >- return status; >- } >- break; >- >- case DCERPC_AUTH_LEVEL_CONNECT: >- case DCERPC_AUTH_LEVEL_NONE: >- break; >- >- default: >- TALLOC_FREE(frame); >- return NT_STATUS_INTERNAL_ERROR; >- } >- >- if (sig.length != sig_size) { >- TALLOC_FREE(frame); >- return NT_STATUS_RPC_SEC_PKG_ERROR; >- } >- >- if (sig_size != 0) { >- memcpy(blob.data + whole_length, sig.data, sig_size); >- } >- >- *raw_packet = blob; >- talloc_steal(mem_ctx, raw_packet->data); >- TALLOC_FREE(frame); >- return NT_STATUS_OK; >-} >- > struct dcerpc_read_ncacn_packet_state { > #if 0 > struct { >diff --git a/librpc/rpc/dcerpc_util.h b/librpc/rpc/dcerpc_util.h >index 0ecaf428c3c..a9bc7bd3832 100644 >--- a/librpc/rpc/dcerpc_util.h >+++ b/librpc/rpc/dcerpc_util.h >@@ -74,24 +74,6 @@ NTSTATUS dcerpc_verify_ncacn_packet_header(const struct ncacn_packet *pkt, > size_t max_auth_info, > uint8_t required_flags, > uint8_t optional_flags); >-NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state, >- struct gensec_security *gensec, >- TALLOC_CTX *mem_ctx, >- enum dcerpc_pkt_type ptype, >- uint8_t required_flags, >- uint8_t optional_flags, >- uint8_t payload_offset, >- DATA_BLOB *payload_and_verifier, >- DATA_BLOB *raw_packet, >- const struct ncacn_packet *pkt); >-NTSTATUS dcerpc_ncacn_push_pkt_auth(const struct dcerpc_auth *auth_state, >- struct gensec_security *gensec, >- TALLOC_CTX *mem_ctx, >- DATA_BLOB *raw_packet, >- size_t sig_size, >- uint8_t payload_offset, >- const DATA_BLOB *payload, >- const struct ncacn_packet *pkt); > struct tevent_req *dcerpc_read_ncacn_packet_send(TALLOC_CTX *mem_ctx, > struct tevent_context *ev, > struct tstream_context *stream); >diff --git a/librpc/wscript_build b/librpc/wscript_build >index 4c0c5a09988..426c9c44d77 100644 >--- a/librpc/wscript_build >+++ b/librpc/wscript_build >@@ -737,12 +737,24 @@ bld.SAMBA_LIBRARY('ndr', > ) > > bld.SAMBA_LIBRARY('dcerpc-binding', >- source='rpc/dcerpc_error.c rpc/binding.c rpc/dcerpc_util.c rpc/binding_handle.c', >+ source=''' >+ rpc/dcerpc_error.c >+ rpc/binding.c >+ rpc/dcerpc_util.c >+ rpc/binding_handle.c >+ ''', > deps='ndr tevent NDR_DCERPC LIBTSOCKET tevent-util gensec', > pc_files=[], > public_headers='rpc/rpc_common.h', > vnum='0.0.1') > >+bld.SAMBA_LIBRARY('dcerpc-pkt-auth', >+ private_library=True, >+ source=''' >+ rpc/dcerpc_pkt_auth.c >+ ''', >+ deps='dcerpc-binding gensec') >+ > bld.SAMBA_SUBSYSTEM('NDR_WINBIND', > source='gen_ndr/ndr_winbind.c', > public_deps='ndr NDR_LSA' >diff --git a/source3/wscript_build b/source3/wscript_build >index 26e251f442a..1d86b48f1e5 100644 >--- a/source3/wscript_build >+++ b/source3/wscript_build >@@ -1039,9 +1039,11 @@ bld.SAMBA3_LIBRARY('cli_spoolss', > rpc_client/init_spoolss.c > ''', > deps=''' >- RPC_NDR_SPOOLSS >- smbconf >- secrets3''', >+ RPC_NDR_SPOOLSS >+ smbconf >+ secrets3 >+ gensec >+ ''', > private_library=True) > > bld.SAMBA3_SUBSYSTEM('LIBCLI_WINREG', >diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c >index 76a33827a30..4cc715a2286 100644 >--- a/source4/librpc/rpc/dcerpc.c >+++ b/source4/librpc/rpc/dcerpc.c >@@ -27,6 +27,7 @@ > #include "librpc/rpc/dcerpc.h" > #include "librpc/rpc/dcerpc_proto.h" > #include "librpc/rpc/dcerpc_util.h" >+#include "librpc/rpc/dcerpc_pkt_auth.h" > #include "librpc/gen_ndr/ndr_misc.h" > #include "librpc/gen_ndr/ndr_dcerpc.h" > #include "auth/gensec/gensec.h" >diff --git a/source4/librpc/wscript_build b/source4/librpc/wscript_build >index d452e7012dc..3999d4bcab5 100644 >--- a/source4/librpc/wscript_build >+++ b/source4/librpc/wscript_build >@@ -157,7 +157,26 @@ bld.SAMBA_LIBRARY('dcerpc', > rpc/dcerpc_roh_channel_in.c rpc/dcerpc_roh_channel_out.c rpc/dcerpc_roh.c > rpc/dcerpc_connect.c rpc/dcerpc_secondary.c''', > pc_files='dcerpc.pc', >- deps='samba_socket LIBCLI_RESOLVE LIBCLI_SMB LIBCLI_SMB2 ndr NDR_DCERPC RPC_NDR_EPMAPPER NDR_SCHANNEL RPC_NDR_NETLOGON RPC_NDR_MGMT gensec LIBCLI_AUTH smbclient-raw LP_RESOLVE tevent-util dcerpc-binding param_options http', >+ deps=''' >+ samba_socket >+ LIBCLI_RESOLVE >+ LIBCLI_SMB >+ LIBCLI_SMB2 >+ ndr >+ NDR_DCERPC >+ RPC_NDR_EPMAPPER >+ NDR_SCHANNEL >+ RPC_NDR_NETLOGON >+ RPC_NDR_MGMT >+ gensec >+ LIBCLI_AUTH >+ smbclient-raw >+ LP_RESOLVE >+ tevent-util >+ dcerpc-binding >+ dcerpc-pkt-auth >+ param_options >+ http''', > autoproto='rpc/dcerpc_proto.h', > public_deps='samba-credentials tevent talloc', > public_headers='''rpc/dcerpc.h''', >diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c >index 0f3dc1cfafe..9f0cf0c802b 100644 >--- a/source4/rpc_server/dcesrv_auth.c >+++ b/source4/rpc_server/dcesrv_auth.c >@@ -26,6 +26,7 @@ > #include "rpc_server/common/proto.h" > #include "librpc/rpc/dcerpc_proto.h" > #include "librpc/rpc/dcerpc_util.h" >+#include "librpc/rpc/dcerpc_pkt_auth.h" > #include "librpc/gen_ndr/ndr_dcerpc.h" > #include "auth/credentials/credentials.h" > #include "auth/gensec/gensec.h" >-- >2.25.1 > > >From b752f9f9c06358afd4aa62c81c88976dfa511e32 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Fri, 13 Nov 2020 11:25:41 +0100 >Subject: [PATCH 3/9] CVE-2021-23192: dcesrv_core: add better debugging to > dcesrv_fault_disconnect() > >It's better to see the location that triggered the fault. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Samuel Cabrero <scabrero@samba.org> > >[jsutton@samba.org Adapted to refactoring from > source4/rpc_server/dcerpc_server.c to librpc/rpc/dcesrv_core.c] >--- > source4/rpc_server/dcerpc_server.c | 28 +++++++++++++++++++++++----- > 1 file changed, 23 insertions(+), 5 deletions(-) > >diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c >index 9e105d5054d..7afabd4ec75 100644 >--- a/source4/rpc_server/dcerpc_server.c >+++ b/source4/rpc_server/dcerpc_server.c >@@ -788,19 +788,37 @@ static NTSTATUS dcesrv_bind_nak(struct dcesrv_call_state *call, uint32_t reason) > return NT_STATUS_OK; > } > >-static NTSTATUS dcesrv_fault_disconnect(struct dcesrv_call_state *call, >- uint32_t fault_code) >+static NTSTATUS _dcesrv_fault_disconnect_flags(struct dcesrv_call_state *call, >+ uint32_t fault_code, >+ uint8_t extra_flags, >+ const char *func, >+ const char *location) > { >+ const char *reason = NULL; >+ >+ reason = talloc_asprintf(call, "%s:%s: fault=%u (%s) flags=0x%x", >+ func, location, >+ fault_code, >+ dcerpc_errstr(call, fault_code), >+ extra_flags); >+ if (reason == NULL) { >+ reason = location; >+ } >+ > /* > * We add the call to the pending_call_list > * in order to defer the termination. > */ >- dcesrv_call_disconnect_after(call, "dcesrv_fault_disconnect"); >+ dcesrv_call_disconnect_after(call, reason); > >- return dcesrv_fault_with_flags(call, fault_code, >- DCERPC_PFC_FLAG_DID_NOT_EXECUTE); >+ return dcesrv_fault_with_flags(call, fault_code, extra_flags); > } > >+#define dcesrv_fault_disconnect(call, fault_code) \ >+ _dcesrv_fault_disconnect_flags(call, fault_code, \ >+ DCERPC_PFC_FLAG_DID_NOT_EXECUTE, \ >+ __func__, __location__) >+ > static int dcesrv_connection_context_destructor(struct dcesrv_connection_context *c) > { > DLIST_REMOVE(c->conn->contexts, c); >-- >2.25.1 > > >From 15f54c140d793a0450d075f8f84520aa1c29a7b2 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Fri, 13 Nov 2020 11:27:19 +0100 >Subject: [PATCH 4/9] CVE-2021-23192: dcesrv_core: add > dcesrv_fault_disconnect0() that skips DCERPC_PFC_FLAG_DID_NOT_EXECUTE > >That makes the callers much simpler and allow better debugging. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Samuel Cabrero <scabrero@samba.org> > >[jsutton@samba.org Adapted to refactoring from > source4/rpc_server/dcerpc_server.c to librpc/rpc/dcesrv_core.c] >--- > source4/rpc_server/dcerpc_server.c | 47 ++++++++++-------------------- > 1 file changed, 16 insertions(+), 31 deletions(-) > >diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c >index 7afabd4ec75..95cadbc673a 100644 >--- a/source4/rpc_server/dcerpc_server.c >+++ b/source4/rpc_server/dcerpc_server.c >@@ -818,6 +818,9 @@ static NTSTATUS _dcesrv_fault_disconnect_flags(struct dcesrv_call_state *call, > _dcesrv_fault_disconnect_flags(call, fault_code, \ > DCERPC_PFC_FLAG_DID_NOT_EXECUTE, \ > __func__, __location__) >+#define dcesrv_fault_disconnect0(call, fault_code) \ >+ _dcesrv_fault_disconnect_flags(call, fault_code, 0, \ >+ __func__, __location__) > > static int dcesrv_connection_context_destructor(struct dcesrv_connection_context *c) > { >@@ -2188,10 +2191,7 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, > * Note that we don't check against the negotiated > * max_recv_frag, but a hard coded value. > */ >- dcesrv_call_disconnect_after(call, >- "dcesrv_auth_request - frag_length too large"); >- return dcesrv_fault(call, >- DCERPC_NCA_S_PROTO_ERROR); >+ return dcesrv_fault_disconnect0(call, DCERPC_NCA_S_PROTO_ERROR); > } > > if (call->pkt.pfc_flags & DCERPC_PFC_FLAG_FIRST) { >@@ -2201,10 +2201,7 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, > * if DCERPC_PFC_FLAG_CONC_MPX was negotiated. > */ > if (!(dce_conn->state_flags & DCESRV_CALL_STATE_FLAG_MULTIPLEXED)) { >- dcesrv_call_disconnect_after(call, >- "dcesrv_auth_request - " >- "existing pending call without CONN_MPX"); >- return dcesrv_fault(call, >+ return dcesrv_fault_disconnect0(call, > DCERPC_NCA_S_PROTO_ERROR); > } > } >@@ -2222,10 +2219,7 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, > TALLOC_FREE(call); > call = dce_conn->incoming_fragmented_call_list; > } >- dcesrv_call_disconnect_after(call, >- "dcesrv_auth_request - " >- "existing fragmented call"); >- return dcesrv_fault(call, >+ return dcesrv_fault_disconnect0(call, > DCERPC_NCA_S_PROTO_ERROR); > } > if (call->pkt.pfc_flags & DCERPC_PFC_FLAG_PENDING_CANCEL) { >@@ -2246,10 +2240,7 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, > existing = dcesrv_find_fragmented_call(dce_conn, > call->pkt.call_id); > if (existing == NULL) { >- dcesrv_call_disconnect_after(call, >- "dcesrv_auth_request - " >- "no existing fragmented call"); >- return dcesrv_fault(call, >+ return dcesrv_fault_disconnect0(call, > DCERPC_NCA_S_PROTO_ERROR); > } > er = &existing->pkt.u.request; >@@ -2302,12 +2293,10 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, > * here, because we don't want to set > * DCERPC_PFC_FLAG_DID_NOT_EXECUTE > */ >- dcesrv_call_disconnect_after(call, >- "dcesrv_auth_request - failed"); > if (call->fault_code == 0) { > call->fault_code = DCERPC_FAULT_ACCESS_DENIED; > } >- return dcesrv_fault(call, call->fault_code); >+ return dcesrv_fault_disconnect0(call, call->fault_code); > } > } > >@@ -2324,20 +2313,17 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, > */ > available = dce_conn->max_total_request_size; > if (er->stub_and_verifier.length > available) { >- dcesrv_call_disconnect_after(existing, >- "dcesrv_auth_request - existing payload too large"); >- return dcesrv_fault(existing, DCERPC_FAULT_ACCESS_DENIED); >+ return dcesrv_fault_disconnect0(existing, >+ DCERPC_FAULT_ACCESS_DENIED); > } > available -= er->stub_and_verifier.length; > if (nr->alloc_hint > available) { >- dcesrv_call_disconnect_after(existing, >- "dcesrv_auth_request - alloc hint too large"); >- return dcesrv_fault(existing, DCERPC_FAULT_ACCESS_DENIED); >+ return dcesrv_fault_disconnect0(existing, >+ DCERPC_FAULT_ACCESS_DENIED); > } > if (nr->stub_and_verifier.length > available) { >- dcesrv_call_disconnect_after(existing, >- "dcesrv_auth_request - new payload too large"); >- return dcesrv_fault(existing, DCERPC_FAULT_ACCESS_DENIED); >+ return dcesrv_fault_disconnect0(existing, >+ DCERPC_FAULT_ACCESS_DENIED); > } > alloc_hint = er->stub_and_verifier.length + nr->alloc_hint; > /* allocate at least 1 byte */ >@@ -2376,9 +2362,8 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, > * Up to 4 MByte are allowed by all fragments > */ > if (call->pkt.u.request.alloc_hint > dce_conn->max_total_request_size) { >- dcesrv_call_disconnect_after(call, >- "dcesrv_auth_request - initial alloc hint too large"); >- return dcesrv_fault(call, DCERPC_FAULT_ACCESS_DENIED); >+ return dcesrv_fault_disconnect0(call, >+ DCERPC_FAULT_ACCESS_DENIED); > } > dcesrv_call_set_list(call, DCESRV_LIST_FRAGMENTED_CALL_LIST); > return NT_STATUS_OK; >-- >2.25.1 > > >From a9458a6608afdce97b6560ef4c07a7ebba2c1957 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Wed, 11 Nov 2020 16:59:06 +0100 >Subject: [PATCH 5/9] CVE-2021-23192: python/tests/dcerpc: change > assertNotEquals() into assertNotEqual() > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Samuel Cabrero <scabrero@samba.org> >--- > python/samba/tests/dcerpc/raw_protocol.py | 288 +++++++++++----------- > python/samba/tests/dcerpc/raw_testcase.py | 14 +- > 2 files changed, 151 insertions(+), 151 deletions(-) > >diff --git a/python/samba/tests/dcerpc/raw_protocol.py b/python/samba/tests/dcerpc/raw_protocol.py >index c4c9cbfa299..7a37755d134 100755 >--- a/python/samba/tests/dcerpc/raw_protocol.py >+++ b/python/samba/tests/dcerpc/raw_protocol.py >@@ -66,7 +66,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > pfc_flags=rep_pfc_flags, auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -87,7 +87,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -109,7 +109,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -129,7 +129,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > pfc_flags=rep_pfc_flags, auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 0) > self.assertEqual(rep.u.secondary_address, "") > self.assertPadding(rep.u._pad1, 2) >@@ -150,7 +150,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -397,7 +397,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -470,7 +470,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -490,7 +490,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > pfc_flags=req.pfc_flags | > dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, 0) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -522,7 +522,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -542,7 +542,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 0) > self.assertPadding(rep.u._pad1, 2) > self.assertEqual(rep.u.num_results, 1) >@@ -563,7 +563,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > pfc_flags=req.pfc_flags | > dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, ctx1.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -590,7 +590,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -610,7 +610,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 0) > self.assertPadding(rep.u._pad1, 2) > self.assertEqual(rep.u.num_results, 1) >@@ -631,7 +631,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > pfc_flags=req.pfc_flags | > dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, 0) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -647,7 +647,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 0) > self.assertPadding(rep.u._pad1, 2) > self.assertEqual(rep.u.num_results, 1) >@@ -706,7 +706,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -733,7 +733,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > pfc_flags=req.pfc_flags | > dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, 0) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -766,7 +766,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -795,7 +795,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > pfc_flags=req.pfc_flags | > dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, 0) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -827,7 +827,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -856,7 +856,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 0) > self.assertPadding(rep.u._pad1, 2) > self.assertEqual(rep.u.num_results, 1) >@@ -877,7 +877,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > pfc_flags=req.pfc_flags | > dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, ctx1a.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -903,7 +903,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -929,7 +929,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 0) > self.assertPadding(rep.u._pad1, 2) > self.assertEqual(rep.u.num_results, 1) >@@ -948,7 +948,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -967,7 +967,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 0) > self.assertPadding(rep.u._pad1, 2) > self.assertEqual(rep.u.num_results, 1) >@@ -986,7 +986,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -1005,7 +1005,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 0) > self.assertPadding(rep.u._pad1, 2) > self.assertEqual(rep.u.num_results, 1) >@@ -1024,7 +1024,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -1050,7 +1050,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 0) > self.assertPadding(rep.u._pad1, 2) > self.assertEqual(rep.u.num_results, 2) >@@ -1074,7 +1074,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -1086,7 +1086,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 0) > self.assertPadding(rep.u._pad1, 2) > self.assertEqual(rep.u.num_results, 2) >@@ -1110,7 +1110,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -1123,7 +1123,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -1135,7 +1135,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 0) > self.assertPadding(rep.u._pad1, 2) > self.assertEqual(rep.u.num_results, 2) >@@ -1159,7 +1159,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -1172,7 +1172,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -1198,7 +1198,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 0) > self.assertPadding(rep.u._pad1, 2) > self.assertEqual(rep.u.num_results, 2) >@@ -1222,7 +1222,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -1234,7 +1234,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 0) > self.assertPadding(rep.u._pad1, 2) > self.assertEqual(rep.u.num_results, 2) >@@ -1258,7 +1258,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -1283,7 +1283,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -1319,7 +1319,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -1353,7 +1353,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -1425,7 +1425,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -1460,7 +1460,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -1495,7 +1495,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -1618,7 +1618,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -1639,7 +1639,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -1659,7 +1659,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > # We get a fault back > self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -1706,7 +1706,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, rep_both) > self.assertEqual(rep.u.max_recv_frag, rep_both) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -1758,7 +1758,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu(ndr_print=True, hexdump=True) > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -1773,7 +1773,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -1789,7 +1789,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > # We get a fault > self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, 0) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -1864,7 +1864,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > auth_length=0) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -1886,7 +1886,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -1900,7 +1900,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -1914,7 +1914,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -1992,7 +1992,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > # We get a fault back > self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -2012,7 +2012,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > # We get a fault back > self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -2034,7 +2034,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > # We get a fault back > self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -2050,7 +2050,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -2096,7 +2096,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > # We get a fault back > self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, 0) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -2126,7 +2126,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > # We get a fault back > self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -2193,7 +2193,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > dcerpc.DCERPC_PFC_FLAG_LAST | > dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, 0) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -2241,7 +2241,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -2275,7 +2275,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -2311,7 +2311,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST | > dcerpc.DCERPC_PFC_FLAG_LAST, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -2339,7 +2339,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -2374,7 +2374,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -2388,7 +2388,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -2413,7 +2413,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -2448,7 +2448,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -2462,7 +2462,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -2501,7 +2501,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -2515,7 +2515,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -2550,7 +2550,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req1.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req1.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -2598,7 +2598,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req2.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, 0) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -2648,7 +2648,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -2658,7 +2658,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.assertEqual(rep.u.ctx_list[0].reason, > dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) > self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) >- self.assertNotEquals(len(rep.u.auth_info), 0) >+ self.assertNotEqual(len(rep.u.auth_info), 0) > a = self.parse_auth(rep.u.auth_info) > > from_server = a.credentials >@@ -2689,7 +2689,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.assertEqual(rep.u.ctx_list[0].reason, > dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) > self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) >- self.assertNotEquals(len(rep.u.auth_info), 0) >+ self.assertNotEqual(len(rep.u.auth_info), 0) > a = self.parse_auth(rep.u.auth_info) > > from_server = a.credentials >@@ -2705,7 +2705,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -2725,7 +2725,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > # We don't get an auth_info back > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -2745,7 +2745,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > # We get a fault back > self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -2795,7 +2795,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -2805,7 +2805,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.assertEqual(rep.u.ctx_list[0].reason, > dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) > self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) >- self.assertNotEquals(len(rep.u.auth_info), 0) >+ self.assertNotEqual(len(rep.u.auth_info), 0) > a = self.parse_auth(rep.u.auth_info) > > from_server = a.credentials >@@ -2836,7 +2836,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.assertEqual(rep.u.ctx_list[0].reason, > dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) > self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) >- self.assertNotEquals(len(rep.u.auth_info), 0) >+ self.assertNotEqual(len(rep.u.auth_info), 0) > a = self.parse_auth(rep.u.auth_info) > > from_server = a.credentials >@@ -2858,7 +2858,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > # We get a fault back > self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -2908,7 +2908,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > assoc_group_id = rep.u.assoc_group_id > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) >@@ -2919,7 +2919,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.assertEqual(rep.u.ctx_list[0].reason, > dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) > self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) >- self.assertNotEquals(len(rep.u.auth_info), 0) >+ self.assertNotEqual(len(rep.u.auth_info), 0) > a = self.parse_auth(rep.u.auth_info) > > from_server = a.credentials >@@ -2943,7 +2943,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > pfc_flags=req.pfc_flags | > dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, 0) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -2991,7 +2991,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -3001,7 +3001,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.assertEqual(rep.u.ctx_list[0].reason, > dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) > self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) >- self.assertNotEquals(len(rep.u.auth_info), 0) >+ self.assertNotEqual(len(rep.u.auth_info), 0) > a = self.parse_auth(rep.u.auth_info) > > from_server = a.credentials >@@ -3029,7 +3029,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > # We get a fault back > self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -3080,7 +3080,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -3090,7 +3090,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.assertEqual(rep.u.ctx_list[0].reason, > dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) > self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) >- self.assertNotEquals(len(rep.u.auth_info), 0) >+ self.assertNotEqual(len(rep.u.auth_info), 0) > a = self.parse_auth(rep.u.auth_info) > > from_server = a.credentials >@@ -3119,7 +3119,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.assertEqual(rep.u.ctx_list[0].reason, > dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) > self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) >- self.assertNotEquals(len(rep.u.auth_info), 0) >+ self.assertNotEqual(len(rep.u.auth_info), 0) > a = self.parse_auth(rep.u.auth_info) > > from_server = a.credentials >@@ -3135,7 +3135,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -3155,7 +3155,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > # We don't get an auth_info back > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -3187,7 +3187,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > pfc_flags=req.pfc_flags | > dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, 0) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -3238,7 +3238,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -3248,7 +3248,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.assertEqual(rep.u.ctx_list[0].reason, > dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) > self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) >- self.assertNotEquals(len(rep.u.auth_info), 0) >+ self.assertNotEqual(len(rep.u.auth_info), 0) > a = self.parse_auth(rep.u.auth_info) > > from_server = a.credentials >@@ -3277,7 +3277,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.assertEqual(rep.u.ctx_list[0].reason, > dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) > self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) >- self.assertNotEquals(len(rep.u.auth_info), 0) >+ self.assertNotEqual(len(rep.u.auth_info), 0) > a = self.parse_auth(rep.u.auth_info) > > from_server = a.credentials >@@ -3293,7 +3293,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -3313,7 +3313,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > # We don't get an auth_info back > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -3344,7 +3344,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > pfc_flags=req.pfc_flags | > dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, 0) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -3391,7 +3391,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -3401,7 +3401,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.assertEqual(rep.u.ctx_list[0].reason, > dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) > self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) >- self.assertNotEquals(len(rep.u.auth_info), 0) >+ self.assertNotEqual(len(rep.u.auth_info), 0) > a = self.parse_auth(rep.u.auth_info) > > from_server = a.credentials >@@ -3422,7 +3422,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > pfc_flags=req.pfc_flags | > dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, 0) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -3475,7 +3475,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -3485,7 +3485,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.assertEqual(rep.u.ctx_list[0].reason, > dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) > self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) >- self.assertNotEquals(len(rep.u.auth_info), 0) >+ self.assertNotEqual(len(rep.u.auth_info), 0) > a = self.parse_auth(rep.u.auth_info) > > from_server = a.credentials >@@ -3506,7 +3506,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > pfc_flags=req.pfc_flags | > dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, 0) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -3561,7 +3561,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -3571,7 +3571,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.assertEqual(rep.u.ctx_list[0].reason, > dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) > self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) >- self.assertNotEquals(len(rep.u.auth_info), 0) >+ self.assertNotEqual(len(rep.u.auth_info), 0) > a = self.parse_auth(rep.u.auth_info) > > from_server = a.credentials >@@ -3593,7 +3593,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > pfc_flags=req.pfc_flags | > dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, 0) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -3641,7 +3641,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -3651,7 +3651,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.assertEqual(rep.u.ctx_list[0].reason, > dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) > self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) >- self.assertNotEquals(len(rep.u.auth_info), 0) >+ self.assertNotEqual(len(rep.u.auth_info), 0) > a = self.parse_auth(rep.u.auth_info) > > from_server = a.credentials >@@ -3673,7 +3673,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > pfc_flags=req.pfc_flags | > dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, 0) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -3728,7 +3728,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -3738,7 +3738,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.assertEqual(rep.u.ctx_list[0].reason, > dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) > self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) >- self.assertNotEquals(len(rep.u.auth_info), 0) >+ self.assertNotEqual(len(rep.u.auth_info), 0) > a = self.parse_auth(rep.u.auth_info) > > from_server = a.credentials >@@ -3760,7 +3760,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > pfc_flags=req.pfc_flags | > dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, 0) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -3815,7 +3815,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -3825,7 +3825,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.assertEqual(rep.u.ctx_list[0].reason, > dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) > self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) >- self.assertNotEquals(len(rep.u.auth_info), 0) >+ self.assertNotEqual(len(rep.u.auth_info), 0) > a = self.parse_auth(rep.u.auth_info) > > from_server = a.credentials >@@ -3847,7 +3847,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > pfc_flags=req.pfc_flags | > dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, 0) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -3912,7 +3912,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -3922,7 +3922,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.assertEqual(rep.u.ctx_list[0].reason, > dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) > self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) >- self.assertNotEquals(len(rep.u.auth_info), 0) >+ self.assertNotEqual(len(rep.u.auth_info), 0) > a = self.parse_auth(rep.u.auth_info) > > from_server = a.credentials >@@ -3966,7 +3966,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.assertEqual(rep.u.ctx_list[0].reason, > dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) > self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) >- self.assertNotEquals(len(rep.u.auth_info), 0) >+ self.assertNotEqual(len(rep.u.auth_info), 0) > a = self.parse_auth(rep.u.auth_info) > > from_server = a.credentials >@@ -3982,7 +3982,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -4002,7 +4002,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > # We don't get an auth_info back > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -4126,7 +4126,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -4136,7 +4136,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.assertEqual(rep.u.ctx_list[0].reason, > dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) > self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) >- self.assertNotEquals(len(rep.u.auth_info), 0) >+ self.assertNotEqual(len(rep.u.auth_info), 0) > a = self.parse_auth(rep.u.auth_info) > > from_server = a.credentials >@@ -4173,7 +4173,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > pfc_flags=req.pfc_flags | > dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, 0) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -4238,7 +4238,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -4248,7 +4248,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.assertEqual(rep.u.ctx_list[0].reason, > dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) > self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) >- self.assertNotEquals(len(rep.u.auth_info), 0) >+ self.assertNotEqual(len(rep.u.auth_info), 0) > a = self.parse_auth(rep.u.auth_info) > > from_server = a.credentials >@@ -4277,7 +4277,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > rep = self.recv_pdu() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -4297,7 +4297,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > # We don't get an auth_info back > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -4357,7 +4357,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id) > self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag) > self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag) >- self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id) >+ self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id) > self.assertEqual(rep.u.secondary_address_size, 4) > self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port) > self.assertPadding(rep.u._pad1, 2) >@@ -4367,7 +4367,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.assertEqual(rep.u.ctx_list[0].reason, > dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED) > self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32) >- self.assertNotEquals(len(rep.u.auth_info), 0) >+ self.assertNotEqual(len(rep.u.auth_info), 0) > a = self.parse_auth(rep.u.auth_info) > > from_server = a.credentials >@@ -4388,7 +4388,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > pfc_flags=req.pfc_flags | > dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, 0) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -4503,7 +4503,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id, > pfc_flags=req.pfc_flags | response_fault_flags, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, ctx1.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -4670,7 +4670,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > (rep, rep_blob) = self.recv_pdu_raw() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=sig_size) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -4738,7 +4738,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > pfc_flags=req.pfc_flags | > dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, ctx1.context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -4787,7 +4787,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > (rep, rep_blob) = self.recv_pdu_raw() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=sig_size) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >@@ -4852,7 +4852,7 @@ class TestDCERPC_BIND(RawDCERPCTest): > (rep, rep_blob) = self.recv_pdu_raw() > self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=sig_size) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >diff --git a/python/samba/tests/dcerpc/raw_testcase.py b/python/samba/tests/dcerpc/raw_testcase.py >index ba7440df13b..8b3601a9398 100644 >--- a/python/samba/tests/dcerpc/raw_testcase.py >+++ b/python/samba/tests/dcerpc/raw_testcase.py >@@ -318,7 +318,7 @@ class RawDCERPCTest(TestCase): > pfc_flags=req.pfc_flags | > samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, 0) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -358,7 +358,7 @@ class RawDCERPCTest(TestCase): > if assoc_group_id != 0: > self.assertEqual(rep.u.assoc_group_id, assoc_group_id) > else: >- self.assertNotEquals(rep.u.assoc_group_id, 0) >+ self.assertNotEqual(rep.u.assoc_group_id, 0) > assoc_group_id = rep.u.assoc_group_id > sda_str = self.secondary_address > sda_len = len(sda_str) + 1 >@@ -382,7 +382,7 @@ class RawDCERPCTest(TestCase): > self.assertEqual(rep.auth_length, 0) > self.assertEqual(len(rep.u.auth_info), 0) > return ack >- self.assertNotEquals(rep.auth_length, 0) >+ self.assertNotEqual(rep.auth_length, 0) > self.assertGreater(len(rep.u.auth_info), samba.dcerpc.dcerpc.DCERPC_AUTH_TRAILER_LENGTH) > self.assertEqual(rep.auth_length, len(rep.u.auth_info) - samba.dcerpc.dcerpc.DCERPC_AUTH_TRAILER_LENGTH) > >@@ -423,7 +423,7 @@ class RawDCERPCTest(TestCase): > pfc_flags=req.pfc_flags | > samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE, > auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, 0) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -448,7 +448,7 @@ class RawDCERPCTest(TestCase): > if finished: > self.assertEqual(rep.auth_length, 0) > else: >- self.assertNotEquals(rep.auth_length, 0) >+ self.assertNotEqual(rep.auth_length, 0) > self.assertGreaterEqual(len(rep.u.auth_info), samba.dcerpc.dcerpc.DCERPC_AUTH_TRAILER_LENGTH) > self.assertEqual(rep.auth_length, len(rep.u.auth_info) - samba.dcerpc.dcerpc.DCERPC_AUTH_TRAILER_LENGTH) > >@@ -544,7 +544,7 @@ class RawDCERPCTest(TestCase): > if fault_status: > self.verify_pdu(rep, samba.dcerpc.dcerpc.DCERPC_PKT_FAULT, req.call_id, > pfc_flags=fault_pfc_flags, auth_length=0) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, fault_context_id) > self.assertEqual(rep.u.cancel_count, 0) > self.assertEqual(rep.u.flags, 0) >@@ -560,7 +560,7 @@ class RawDCERPCTest(TestCase): > > self.verify_pdu(rep, samba.dcerpc.dcerpc.DCERPC_PKT_RESPONSE, req.call_id, > auth_length=expected_auth_length) >- self.assertNotEquals(rep.u.alloc_hint, 0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) >-- >2.25.1 > > >From 3261fcb24e4db6b823a01e8421b2aecca8c070a7 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Tue, 17 Nov 2020 09:50:58 +0100 >Subject: [PATCH 6/9] CVE-2021-23192: python/tests/dcerpc: let > generate_request_auth() use g_auth_level in all places > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Samuel Cabrero <scabrero@samba.org> >--- > python/samba/tests/dcerpc/raw_testcase.py | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > >diff --git a/python/samba/tests/dcerpc/raw_testcase.py b/python/samba/tests/dcerpc/raw_testcase.py >index 8b3601a9398..a27da30fda1 100644 >--- a/python/samba/tests/dcerpc/raw_testcase.py >+++ b/python/samba/tests/dcerpc/raw_testcase.py >@@ -919,12 +919,12 @@ class RawDCERPCTest(TestCase): > req_data = req_blob[ofs_stub:ofs_trailer] > req_whole = req_blob[0:ofs_sig] > >- if auth_context["auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_PRIVACY: >+ if auth_context["g_auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_PRIVACY: > # TODO: not yet supported here > self.assertTrue(False) >- elif auth_context["auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_PACKET: >+ elif auth_context["g_auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_PACKET: > req_sig = auth_context["gensec"].sign_packet(req_data, req_whole) >- elif auth_context["auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_CONNECT: >+ elif auth_context["g_auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_CONNECT: > self.assertEqual(auth_context["auth_type"], > dcerpc.DCERPC_AUTH_TYPE_NTLMSSP) > req_sig = b"\x01" +b"\x00" *15 >-- >2.25.1 > > >From 21a00ce17e437023136cb34f7939c126b8517435 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Tue, 17 Nov 2020 17:43:06 +0100 >Subject: [PATCH 7/9] CVE-2021-23192: python/tests/dcerpc: fix > do_single_request(send_req=False) > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Samuel Cabrero <scabrero@samba.org> >--- > python/samba/tests/dcerpc/raw_testcase.py | 37 ++++++++++++----------- > 1 file changed, 20 insertions(+), 17 deletions(-) > >diff --git a/python/samba/tests/dcerpc/raw_testcase.py b/python/samba/tests/dcerpc/raw_testcase.py >index a27da30fda1..7cffccbf1d0 100644 >--- a/python/samba/tests/dcerpc/raw_testcase.py >+++ b/python/samba/tests/dcerpc/raw_testcase.py >@@ -523,26 +523,25 @@ class RawDCERPCTest(TestCase): > if hexdump: > sys.stderr.write("stub_in: %d\n%s" % (len(stub_in), self.hexdump(stub_in))) > >- pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST >- pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST >- if object is not None: >- pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_OBJECT_UUID >- >- req = self.generate_request_auth(call_id=call_id, >- context_id=ctx.context_id, >- pfc_flags=pfc_flags, >- object=object, >- opnum=io.opnum(), >- stub=stub_in, >- auth_context=auth_context) >- if send_req: >+ pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST >+ pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST >+ if object is not None: >+ pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_OBJECT_UUID >+ >+ req = self.generate_request_auth(call_id=call_id, >+ context_id=ctx.context_id, >+ pfc_flags=pfc_flags, >+ object=object, >+ opnum=io.opnum(), >+ stub=stub_in, >+ auth_context=auth_context) > self.send_pdu(req, ndr_print=ndr_print, hexdump=hexdump) > if recv_rep: > (rep, rep_blob) = self.recv_pdu_raw(timeout=timeout, > ndr_print=ndr_print, > hexdump=hexdump) > if fault_status: >- self.verify_pdu(rep, samba.dcerpc.dcerpc.DCERPC_PKT_FAULT, req.call_id, >+ self.verify_pdu(rep, samba.dcerpc.dcerpc.DCERPC_PKT_FAULT, call_id, > pfc_flags=fault_pfc_flags, auth_length=0) > self.assertNotEqual(rep.u.alloc_hint, 0) > self.assertEqual(rep.u.context_id, fault_context_id) >@@ -556,12 +555,16 @@ class RawDCERPCTest(TestCase): > expected_auth_length = 0 > if auth_context is not None and \ > auth_context["auth_level"] >= dcerpc.DCERPC_AUTH_LEVEL_PACKET: >- expected_auth_length = req.auth_length >+ if send_req: >+ expected_auth_length = req.auth_length >+ else: >+ expected_auth_length = rep.auth_length >+ > >- self.verify_pdu(rep, samba.dcerpc.dcerpc.DCERPC_PKT_RESPONSE, req.call_id, >+ self.verify_pdu(rep, samba.dcerpc.dcerpc.DCERPC_PKT_RESPONSE, call_id, > auth_length=expected_auth_length) > self.assertNotEqual(rep.u.alloc_hint, 0) >- self.assertEqual(rep.u.context_id, req.u.context_id & 0xff) >+ self.assertEqual(rep.u.context_id, ctx.context_id & 0xff) > self.assertEqual(rep.u.cancel_count, 0) > self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint) > stub_out = self.check_response_auth(rep, rep_blob, auth_context) >-- >2.25.1 > > >From 70b34a3de9abbb81493bfec293dee37071d55630 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Tue, 17 Nov 2020 18:14:46 +0100 >Subject: [PATCH 8/9] CVE-2021-23192: python/tests/dcerpc: add tests to check > how security contexts relate to fragmented requests > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Samuel Cabrero <scabrero@samba.org> > >[jsutton@samba.org Adapted to fix conflict] >--- > python/samba/tests/dcerpc/raw_protocol.py | 1273 +++++++++++++++++++++ > selftest/knownfail.d/dcerpc-auth-fraq | 20 + > 2 files changed, 1293 insertions(+) > create mode 100644 selftest/knownfail.d/dcerpc-auth-fraq > >diff --git a/python/samba/tests/dcerpc/raw_protocol.py b/python/samba/tests/dcerpc/raw_protocol.py >index 7a37755d134..a529ce36107 100755 >--- a/python/samba/tests/dcerpc/raw_protocol.py >+++ b/python/samba/tests/dcerpc/raw_protocol.py >@@ -1681,6 +1681,1279 @@ class TestDCERPC_BIND(RawDCERPCTest): > def test_auth_none_call_request(self): > return self._test_auth_none_level_request(dcerpc.DCERPC_AUTH_LEVEL_CALL) > >+ def test_ntlmssp_multi_auth_first1_lastSame2(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_FAULT_SEC_PKG_ERROR >+ auth_context_2nd = 2 >+ expected_call_id = None >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = False >+ forced_call_id = None >+ forced_context_id = None >+ forced_opnum = None >+ forced_auth_context_id = None >+ forced_auth_type = None >+ forced_auth_level = None >+ return self._test_generic_auth_first_last(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_first1_lastNext2(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ auth_context_2nd = 2 >+ expected_call_id = None >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = False >+ forced_call_id = 4 >+ forced_context_id = None >+ forced_opnum = None >+ forced_auth_context_id = None >+ forced_auth_type = None >+ forced_auth_level = None >+ return self._test_generic_auth_first_last(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_first1_lastSame111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = None >+ auth_context_2nd = 1 >+ expected_call_id = None >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = False >+ forced_call_id = None >+ forced_context_id = 111 >+ forced_opnum = 111 >+ forced_auth_context_id = 111 >+ forced_auth_type = 111 >+ forced_auth_level = 111 >+ return self._test_generic_auth_first_last(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_first1_lastNext111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ auth_context_2nd = 1 >+ expected_call_id = None >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = False >+ forced_call_id = 4 >+ forced_context_id = 111 >+ forced_opnum = 111 >+ forced_auth_context_id = 111 >+ forced_auth_type = 111 >+ forced_auth_level = 111 >+ return self._test_generic_auth_first_last(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_MPX_first1_lastNext111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ auth_context_2nd = 1 >+ expected_call_id = 4 >+ expected_context_id = 0 >+ not_executed = False >+ conc_mpx = True >+ forced_call_id = 4 >+ forced_context_id = 111 >+ forced_opnum = 111 >+ forced_auth_context_id = 111 >+ forced_auth_type = 111 >+ forced_auth_level = 111 >+ return self._test_generic_auth_first_last(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_first1_lastSameNone(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ auth_context_2nd = None >+ expected_call_id = None >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = False >+ forced_call_id = None >+ forced_context_id = None >+ forced_opnum = None >+ forced_auth_context_id = None >+ forced_auth_type = None >+ forced_auth_level = None >+ return self._test_generic_auth_first_last(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_MPX_first1_lastSameNone(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ auth_context_2nd = None >+ expected_call_id = None >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = True >+ forced_call_id = None >+ forced_context_id = None >+ forced_opnum = None >+ forced_auth_context_id = None >+ forced_auth_type = None >+ forced_auth_level = None >+ return self._test_generic_auth_first_last(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_first1_lastNextNone(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ auth_context_2nd = None >+ expected_call_id = None >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = False >+ forced_call_id = 4 >+ forced_context_id = None >+ forced_opnum = None >+ forced_auth_context_id = None >+ forced_auth_type = None >+ forced_auth_level = None >+ return self._test_generic_auth_first_last(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_MPX_first1_lastNextNone(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ auth_context_2nd = None >+ expected_call_id = 4 >+ expected_context_id = 0 >+ not_executed = False >+ conc_mpx = True >+ forced_call_id = 4 >+ forced_context_id = None >+ forced_opnum = None >+ forced_auth_context_id = None >+ forced_auth_type = None >+ forced_auth_level = None >+ return self._test_generic_auth_first_last(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_first1_lastSameNone111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ auth_context_2nd = None >+ expected_call_id = None >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = False >+ forced_call_id = None >+ forced_context_id = 111 >+ forced_opnum = 111 >+ forced_auth_context_id = None >+ forced_auth_type = None >+ forced_auth_level = None >+ return self._test_generic_auth_first_last(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_MPX_first1_lastSameNone111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ auth_context_2nd = None >+ expected_call_id = None >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = True >+ forced_call_id = None >+ forced_context_id = 111 >+ forced_opnum = 111 >+ forced_auth_context_id = None >+ forced_auth_type = None >+ forced_auth_level = None >+ return self._test_generic_auth_first_last(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_first1_lastNextNone111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ auth_context_2nd = None >+ expected_call_id = None >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = False >+ forced_call_id = 4 >+ forced_context_id = 111 >+ forced_opnum = 111 >+ forced_auth_context_id = None >+ forced_auth_type = None >+ forced_auth_level = None >+ return self._test_generic_auth_first_last(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_MPX_first1_lastNextNone111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ auth_context_2nd = None >+ expected_call_id = 4 >+ expected_context_id = 0 >+ not_executed = False >+ conc_mpx = True >+ forced_call_id = 4 >+ forced_context_id = 111 >+ forced_opnum = 111 >+ forced_auth_context_id = None >+ forced_auth_type = None >+ forced_auth_level = None >+ return self._test_generic_auth_first_last(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def _test_generic_auth_first_2nd(self, >+ auth_type, >+ pfc_flags_2nd, >+ expected_fault, >+ auth_context_2nd=2, >+ skip_first=False, >+ expected_call_id=None, >+ expected_context_id=None, >+ conc_mpx=False, >+ not_executed=False, >+ forced_call_id=None, >+ forced_context_id=None, >+ forced_opnum=None, >+ forced_auth_context_id=None, >+ forced_auth_type=None, >+ forced_auth_level=None): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ auth_level1 = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY >+ auth_context_id1=1 >+ auth_level2 = dcerpc.DCERPC_AUTH_LEVEL_PACKET >+ auth_context_id2=2 >+ >+ creds = self.get_user_creds() >+ >+ abstract = samba.dcerpc.mgmt.abstract_syntax() >+ transfer = base.transfer_syntax_ndr() >+ >+ tsf1_list = [transfer] >+ ctx = samba.dcerpc.dcerpc.ctx_list() >+ ctx.context_id = 1 >+ ctx.num_transfer_syntaxes = len(tsf1_list) >+ ctx.abstract_syntax = abstract >+ ctx.transfer_syntaxes = tsf1_list >+ >+ auth_context1 = self.get_auth_context_creds(creds=creds, >+ auth_type=auth_type, >+ auth_level=auth_level1, >+ auth_context_id=auth_context_id1, >+ hdr_signing=False) >+ auth_context2 = self.get_auth_context_creds(creds=creds, >+ auth_type=auth_type, >+ auth_level=auth_level2, >+ auth_context_id=auth_context_id2, >+ hdr_signing=False) >+ >+ bind_pfc_flags = dcerpc.DCERPC_PFC_FLAG_FIRST | dcerpc.DCERPC_PFC_FLAG_LAST >+ if conc_mpx: >+ bind_pfc_flags |= dcerpc.DCERPC_PFC_FLAG_CONC_MPX >+ >+ ack0 = self.do_generic_bind(call_id=0, >+ ctx=ctx, >+ pfc_flags=bind_pfc_flags) >+ >+ ack1 = self.do_generic_bind(call_id=1, >+ ctx=ctx, >+ auth_context=auth_context1, >+ assoc_group_id = ack0.u.assoc_group_id, >+ start_with_alter=True) >+ if auth_context_2nd == 2: >+ ack2 = self.do_generic_bind(call_id=2, >+ ctx=ctx, >+ auth_context=auth_context2, >+ assoc_group_id = ack0.u.assoc_group_id, >+ start_with_alter=True) >+ >+ ndr_print = self.do_ndr_print >+ hexdump = self.do_hexdump >+ inq_if_ids = samba.dcerpc.mgmt.inq_if_ids() >+ io = inq_if_ids >+ if ndr_print: >+ sys.stderr.write("in: %s" % samba.ndr.ndr_print_in(io)) >+ stub_in = samba.ndr.ndr_pack_in(io) >+ stub_in += b'\xfe'*45 # add some padding in order to have some payload >+ if hexdump: >+ sys.stderr.write("stub_in: %d\n%s" % (len(stub_in), self.hexdump(stub_in))) >+ >+ call_id = 3 >+ context_id = ctx.context_id >+ opnum = io.opnum() >+ >+ if not skip_first: >+ pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST >+ stub_in_tmp = stub_in[0:16] >+ req = self.generate_request_auth(call_id=call_id, >+ context_id=context_id, >+ pfc_flags=pfc_flags, >+ opnum=opnum, >+ alloc_hint=len(stub_in), >+ stub=stub_in_tmp, >+ auth_context=auth_context1) >+ self.send_pdu(req, ndr_print=ndr_print, hexdump=hexdump) >+ rep = self.recv_pdu(timeout=0.01) >+ self.assertIsNone(rep) >+ self.assertIsConnected() >+ >+ # context_id, opnum and auth header values are completely ignored >+ if auth_context_2nd == 1: >+ auth_context_copy = auth_context1.copy() >+ elif auth_context_2nd == 2: >+ auth_context_copy = auth_context2.copy() >+ else: >+ auth_context_copy = None >+ >+ expected_pfc_flags = dcerpc.DCERPC_PFC_FLAG_FIRST | dcerpc.DCERPC_PFC_FLAG_LAST >+ if expected_context_id is None: >+ expected_context_id = context_id >+ if expected_call_id is None: >+ expected_call_id = call_id >+ if not_executed: >+ expected_pfc_flags |= dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE >+ >+ if forced_call_id is not None: >+ call_id = forced_call_id >+ if forced_context_id is not None: >+ context_id = forced_context_id >+ if forced_opnum is not None: >+ opnum = forced_opnum >+ if forced_auth_context_id is not None: >+ auth_context_copy["auth_context_id"] = forced_auth_context_id >+ if forced_auth_type is not None: >+ auth_context_copy["auth_type"] = forced_auth_type >+ if forced_auth_level is not None: >+ auth_context_copy["auth_level"] = forced_auth_level >+ >+ pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST >+ stub_in_tmp = stub_in[16:-1] >+ req = self.generate_request_auth(call_id=call_id, >+ context_id=context_id, >+ pfc_flags=pfc_flags_2nd, >+ opnum=opnum, >+ alloc_hint=len(stub_in_tmp), >+ stub=stub_in_tmp, >+ auth_context=auth_context_copy) >+ self.send_pdu(req, ndr_print=ndr_print, hexdump=hexdump) >+ if expected_fault is None: >+ self.do_single_request(call_id=3, ctx=ctx, io=io, send_req=False, auth_context=auth_context1) >+ return >+ rep = self.recv_pdu() >+ self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, expected_call_id, >+ pfc_flags=expected_pfc_flags, >+ auth_length=0) >+ self.assertNotEqual(rep.u.alloc_hint, 0) >+ self.assertEqual(rep.u.context_id, expected_context_id) >+ self.assertEqual(rep.u.cancel_count, 0) >+ self.assertEqual(rep.u.flags, 0) >+ self.assertEqual(rep.u.status, expected_fault) >+ self.assertEqual(rep.u.reserved, 0) >+ self.assertEqual(len(rep.u.error_and_verifier), 0) >+ >+ if not_executed: >+ # still alive >+ rep = self.recv_pdu(timeout=0.01) >+ self.assertIsNone(rep) >+ self.assertIsConnected() >+ return >+ >+ # wait for a disconnect >+ rep = self.recv_pdu() >+ self.assertIsNone(rep) >+ self.assertNotConnected() >+ >+ def _test_generic_auth_first_last(self, >+ auth_type, >+ expected_fault, >+ auth_context_2nd=2, >+ expected_call_id=None, >+ expected_context_id=None, >+ conc_mpx=False, >+ not_executed=False, >+ forced_call_id=None, >+ forced_context_id=None, >+ forced_opnum=None, >+ forced_auth_context_id=None, >+ forced_auth_type=None, >+ forced_auth_level=None): >+ pfc_flags_2nd = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST >+ return self._test_generic_auth_first_2nd(auth_type, >+ pfc_flags_2nd, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def _test_generic_auth_first_first(self, >+ auth_type, >+ expected_fault, >+ auth_context_2nd=2, >+ expected_call_id=None, >+ expected_context_id=None, >+ conc_mpx=False, >+ not_executed=False, >+ forced_call_id=None, >+ forced_context_id=None, >+ forced_opnum=None, >+ forced_auth_context_id=None, >+ forced_auth_type=None, >+ forced_auth_level=None): >+ pfc_flags_2nd = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST >+ return self._test_generic_auth_first_2nd(auth_type, >+ pfc_flags_2nd, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_first1_firstSame2(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_FAULT_SEC_PKG_ERROR >+ auth_context_2nd = 2 >+ expected_call_id = None >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = False >+ forced_call_id = None >+ forced_context_id = None >+ forced_opnum = None >+ forced_auth_context_id = None >+ forced_auth_type = None >+ forced_auth_level = None >+ return self._test_generic_auth_first_first(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_first1_firstNext2(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ auth_context_2nd = 2 >+ expected_call_id = 3 >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = False >+ forced_call_id = 4 >+ forced_context_id = None >+ forced_opnum = None >+ forced_auth_context_id = None >+ forced_auth_type = None >+ forced_auth_level = None >+ return self._test_generic_auth_first_first(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_first1_firstSame111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ auth_context_2nd = 1 >+ expected_call_id = None >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = False >+ forced_call_id = None >+ forced_context_id = 111 >+ forced_opnum = 111 >+ forced_auth_context_id = 111 >+ forced_auth_type = 111 >+ forced_auth_level = 111 >+ return self._test_generic_auth_first_first(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_MPX_first1_firstSame111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ auth_context_2nd = 1 >+ expected_call_id = None >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = True >+ forced_call_id = None >+ forced_context_id = 111 >+ forced_opnum = 111 >+ forced_auth_context_id = 111 >+ forced_auth_type = 111 >+ forced_auth_level = 111 >+ return self._test_generic_auth_first_first(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_first1_firstNext111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ auth_context_2nd = 1 >+ expected_call_id = 3 >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = False >+ forced_call_id = 4 >+ forced_context_id = 111 >+ forced_opnum = 111 >+ forced_auth_context_id = 111 >+ forced_auth_type = 111 >+ forced_auth_level = 111 >+ return self._test_generic_auth_first_first(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_MPX_first1_firstNext111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ auth_context_2nd = 1 >+ expected_call_id = 4 >+ expected_context_id = 0 >+ not_executed = False >+ conc_mpx = True >+ forced_call_id = 4 >+ forced_context_id = 111 >+ forced_opnum = 111 >+ forced_auth_context_id = 111 >+ forced_auth_type = 111 >+ forced_auth_level = 111 >+ return self._test_generic_auth_first_first(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_first1_firstSameNone(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ auth_context_2nd = None >+ expected_call_id = None >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = False >+ forced_call_id = None >+ forced_context_id = None >+ forced_opnum = None >+ forced_auth_context_id = None >+ forced_auth_type = None >+ forced_auth_level = None >+ return self._test_generic_auth_first_first(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_MPX_first1_firstSameNone(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ auth_context_2nd = None >+ expected_call_id = None >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = True >+ forced_call_id = None >+ forced_context_id = None >+ forced_opnum = None >+ forced_auth_context_id = None >+ forced_auth_type = None >+ forced_auth_level = None >+ return self._test_generic_auth_first_first(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_first1_firstNextNone(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ auth_context_2nd = None >+ expected_call_id = None >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = False >+ forced_call_id = 4 >+ forced_context_id = None >+ forced_opnum = None >+ forced_auth_context_id = None >+ forced_auth_type = None >+ forced_auth_level = None >+ return self._test_generic_auth_first_first(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_MPX_first1_firstNextNone(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ auth_context_2nd = None >+ expected_call_id = 4 >+ expected_context_id = 0 >+ not_executed = False >+ conc_mpx = True >+ forced_call_id = 4 >+ forced_context_id = None >+ forced_opnum = None >+ forced_auth_context_id = None >+ forced_auth_type = None >+ forced_auth_level = None >+ return self._test_generic_auth_first_first(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_first1_firstSameNone111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ auth_context_2nd = None >+ expected_call_id = None >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = False >+ forced_call_id = None >+ forced_context_id = 111 >+ forced_opnum = 111 >+ forced_auth_context_id = None >+ forced_auth_type = None >+ forced_auth_level = None >+ return self._test_generic_auth_first_first(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_MPX_first1_firstSameNone111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ auth_context_2nd = None >+ expected_call_id = None >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = True >+ forced_call_id = None >+ forced_context_id = 111 >+ forced_opnum = 111 >+ forced_auth_context_id = None >+ forced_auth_type = None >+ forced_auth_level = None >+ return self._test_generic_auth_first_first(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_first1_firstNextNone111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ auth_context_2nd = None >+ expected_call_id = None >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = False >+ forced_call_id = 4 >+ forced_context_id = 111 >+ forced_opnum = 111 >+ forced_auth_context_id = None >+ forced_auth_type = None >+ forced_auth_level = None >+ return self._test_generic_auth_first_first(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_multi_auth_MPX_first1_firstNextNone111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ auth_context_2nd = None >+ expected_call_id = 4 >+ expected_context_id = 0 >+ not_executed = False >+ conc_mpx = True >+ forced_call_id = 4 >+ forced_context_id = 111 >+ forced_opnum = 111 >+ forced_auth_context_id = None >+ forced_auth_type = None >+ forced_auth_level = None >+ return self._test_generic_auth_first_first(auth_type, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def _test_generic_auth_middle(self, >+ auth_type, >+ expected_fault, >+ expected_context_id=None, >+ not_executed=False, >+ conc_mpx=False, >+ forced_context_id=None, >+ forced_opnum=None, >+ forced_auth_context_id=None, >+ forced_auth_type=None, >+ forced_auth_level=None): >+ auth_context_2nd = 1 >+ skip_first = True >+ pfc_flags_2nd = 0 >+ expected_call_id = None >+ forced_call_id = None >+ return self._test_generic_auth_first_2nd(auth_type, >+ pfc_flags_2nd, >+ expected_fault, >+ auth_context_2nd=auth_context_2nd, >+ skip_first=skip_first, >+ expected_call_id=expected_call_id, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_call_id=forced_call_id, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_auth_middle_alone(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ expected_context_id = 0 >+ not_executed = False >+ conc_mpx = False >+ forced_context_id = None >+ forced_opnum = None >+ forced_auth_context_id = None >+ forced_auth_type = None >+ forced_auth_level = None >+ return self._test_generic_auth_middle(auth_type, >+ expected_fault, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_auth_MPX_middle_alone(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = True >+ forced_context_id = None >+ forced_opnum = None >+ forced_auth_context_id = None >+ forced_auth_type = None >+ forced_auth_level = None >+ return self._test_generic_auth_middle(auth_type, >+ expected_fault, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_auth_middle_all_111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ expected_context_id = 0 >+ not_executed = False >+ conc_mpx = False >+ forced_context_id = 111 >+ forced_opnum = 111 >+ forced_auth_context_id = 111 >+ forced_auth_type = 111 >+ forced_auth_level = 111 >+ return self._test_generic_auth_middle(auth_type, >+ expected_fault, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_auth_MPX_middle_all_111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_UNKNOWN_IF >+ expected_context_id = 0 >+ not_executed = True >+ conc_mpx = True >+ forced_context_id = 111 >+ forced_opnum = 111 >+ forced_auth_context_id = 111 >+ forced_auth_type = 111 >+ forced_auth_level = 111 >+ return self._test_generic_auth_middle(auth_type, >+ expected_fault, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_auth_middle_auth_all_111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ expected_context_id = 0 >+ not_executed = False >+ conc_mpx = False >+ forced_context_id = None >+ forced_opnum = 111 >+ forced_auth_context_id = 111 >+ forced_auth_type = 111 >+ forced_auth_level = 111 >+ return self._test_generic_auth_middle(auth_type, >+ expected_fault, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_auth_MPX_middle_auth_all_111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_FAULT_ACCESS_DENIED >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = True >+ forced_context_id = None >+ forced_opnum = 111 >+ forced_auth_context_id = 111 >+ forced_auth_type = 111 >+ forced_auth_level = 111 >+ return self._test_generic_auth_middle(auth_type, >+ expected_fault, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_auth_middle_auth_context_111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ expected_context_id = 0 >+ not_executed = False >+ conc_mpx = False >+ forced_context_id = None >+ forced_opnum = None >+ forced_auth_context_id = 111 >+ forced_auth_type = None >+ forced_auth_level = None >+ return self._test_generic_auth_middle(auth_type, >+ expected_fault, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_auth_MPX_middle_auth_context_111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_FAULT_ACCESS_DENIED >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = True >+ forced_context_id = None >+ forced_opnum = None >+ forced_auth_context_id = 111 >+ forced_auth_type = None >+ forced_auth_level = None >+ return self._test_generic_auth_middle(auth_type, >+ expected_fault, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_auth_middle_auth_type_111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ expected_context_id = 0 >+ not_executed = False >+ conc_mpx = False >+ forced_context_id = None >+ forced_opnum = None >+ forced_auth_context_id = None >+ forced_auth_type = 111 >+ forced_auth_level = None >+ return self._test_generic_auth_middle(auth_type, >+ expected_fault, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_auth_MPX_middle_auth_type_111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_FAULT_ACCESS_DENIED >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = True >+ forced_context_id = None >+ forced_opnum = None >+ forced_auth_context_id = None >+ forced_auth_type = 111 >+ forced_auth_level = None >+ return self._test_generic_auth_middle(auth_type, >+ expected_fault, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_auth_middle_auth_level_111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR >+ expected_context_id = 0 >+ not_executed = False >+ conc_mpx = False >+ forced_context_id = None >+ forced_opnum = None >+ forced_auth_context_id = None >+ forced_auth_type = None >+ forced_auth_level = 111 >+ return self._test_generic_auth_middle(auth_type, >+ expected_fault, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ >+ def test_ntlmssp_auth_MPX_middle_auth_level_111(self): >+ auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP >+ expected_fault = dcerpc.DCERPC_FAULT_ACCESS_DENIED >+ expected_context_id = None >+ not_executed = False >+ conc_mpx = True >+ forced_context_id = None >+ forced_opnum = None >+ forced_auth_context_id = None >+ forced_auth_type = None >+ forced_auth_level = 111 >+ return self._test_generic_auth_middle(auth_type, >+ expected_fault, >+ expected_context_id=expected_context_id, >+ not_executed=not_executed, >+ conc_mpx=conc_mpx, >+ forced_context_id=forced_context_id, >+ forced_opnum=forced_opnum, >+ forced_auth_context_id=forced_auth_context_id, >+ forced_auth_type=forced_auth_type, >+ forced_auth_level=forced_auth_level) >+ > def _test_neg_xmit_check_values(self, > req_xmit=None, > req_recv=None, >diff --git a/selftest/knownfail.d/dcerpc-auth-fraq b/selftest/knownfail.d/dcerpc-auth-fraq >new file mode 100644 >index 00000000000..f3c62b65e9e >--- /dev/null >+++ b/selftest/knownfail.d/dcerpc-auth-fraq >@@ -0,0 +1,20 @@ >+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_all_111 >+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_alone >+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_all_111 >+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_context_111 >+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_level_111 >+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_type_111 >+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_firstSame111 >+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_firstSameNone >+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_firstSameNone111 >+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_lastSameNone >+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_lastSameNone111 >+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_firstSame2 >+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNext111 >+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNext2 >+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNextNone >+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNextNone111 >+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSame111 >+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSame2 >+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSameNone >+^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSameNone111 >-- >2.25.1 > > >From ee6963bbaddb13c28347d181a8d0a56e85556c65 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Mon, 16 Nov 2020 14:15:06 +0100 >Subject: [PATCH 9/9] CVE-2021-23192: dcesrv_core: only the first fragment > specifies the auth_contexts > >All other fragments blindly inherit it. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Samuel Cabrero <scabrero@samba.org> > >[jsutton@samba.org Adapted to refactoring from > source4/rpc_server/dcerpc_server.c to librpc/rpc/dcesrv_core.c] >--- > librpc/rpc/dcerpc_pkt_auth.c | 19 +++--- > librpc/rpc/dcerpc_pkt_auth.h | 1 + > selftest/knownfail.d/dcerpc-auth-fraq | 20 ------- > source4/librpc/rpc/dcerpc.c | 1 + > source4/rpc_server/dcerpc_server.c | 86 +++++++++++++++++++++------ > source4/rpc_server/dcesrv_auth.c | 28 +++++++++ > 6 files changed, 109 insertions(+), 46 deletions(-) > delete mode 100644 selftest/knownfail.d/dcerpc-auth-fraq > >diff --git a/librpc/rpc/dcerpc_pkt_auth.c b/librpc/rpc/dcerpc_pkt_auth.c >index 24f88194417..eafdfcd70dc 100644 >--- a/librpc/rpc/dcerpc_pkt_auth.c >+++ b/librpc/rpc/dcerpc_pkt_auth.c >@@ -28,6 +28,7 @@ > > NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state, > struct gensec_security *gensec, >+ bool check_pkt_auth_fields, > TALLOC_CTX *mem_ctx, > enum dcerpc_pkt_type ptype, > uint8_t required_flags, >@@ -104,16 +105,18 @@ NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state, > return NT_STATUS_INTERNAL_ERROR; > } > >- if (auth.auth_type != auth_state->auth_type) { >- return NT_STATUS_ACCESS_DENIED; >- } >+ if (check_pkt_auth_fields) { >+ if (auth.auth_type != auth_state->auth_type) { >+ return NT_STATUS_ACCESS_DENIED; >+ } > >- if (auth.auth_level != auth_state->auth_level) { >- return NT_STATUS_ACCESS_DENIED; >- } >+ if (auth.auth_level != auth_state->auth_level) { >+ return NT_STATUS_ACCESS_DENIED; >+ } > >- if (auth.auth_context_id != auth_state->auth_context_id) { >- return NT_STATUS_ACCESS_DENIED; >+ if (auth.auth_context_id != auth_state->auth_context_id) { >+ return NT_STATUS_ACCESS_DENIED; >+ } > } > > /* check signature or unseal the packet */ >diff --git a/librpc/rpc/dcerpc_pkt_auth.h b/librpc/rpc/dcerpc_pkt_auth.h >index c0d23b91c05..1dcee12f53c 100644 >--- a/librpc/rpc/dcerpc_pkt_auth.h >+++ b/librpc/rpc/dcerpc_pkt_auth.h >@@ -31,6 +31,7 @@ > > NTSTATUS dcerpc_ncacn_pull_pkt_auth(const struct dcerpc_auth *auth_state, > struct gensec_security *gensec, >+ bool check_pkt_auth_fields, > TALLOC_CTX *mem_ctx, > enum dcerpc_pkt_type ptype, > uint8_t required_flags, >diff --git a/selftest/knownfail.d/dcerpc-auth-fraq b/selftest/knownfail.d/dcerpc-auth-fraq >deleted file mode 100644 >index f3c62b65e9e..00000000000 >--- a/selftest/knownfail.d/dcerpc-auth-fraq >+++ /dev/null >@@ -1,20 +0,0 @@ >-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_all_111 >-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_alone >-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_all_111 >-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_context_111 >-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_level_111 >-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_auth_MPX_middle_auth_type_111 >-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_firstSame111 >-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_firstSameNone >-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_firstSameNone111 >-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_lastSameNone >-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_MPX_first1_lastSameNone111 >-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_firstSame2 >-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNext111 >-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNext2 >-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNextNone >-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastNextNone111 >-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSame111 >-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSame2 >-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSameNone >-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_ntlmssp_multi_auth_first1_lastSameNone111 >diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c >index 4cc715a2286..ef5ac009f5f 100644 >--- a/source4/librpc/rpc/dcerpc.c >+++ b/source4/librpc/rpc/dcerpc.c >@@ -726,6 +726,7 @@ static NTSTATUS ncacn_pull_pkt_auth(struct dcecli_connection *c, > > status = dcerpc_ncacn_pull_pkt_auth(&tmp_auth, > c->security_state.generic_state, >+ true, /* check_pkt_auth_fields */ > mem_ctx, > ptype, > required_flags, >diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c >index 95cadbc673a..726379edd8c 100644 >--- a/source4/rpc_server/dcerpc_server.c >+++ b/source4/rpc_server/dcerpc_server.c >@@ -1900,6 +1900,10 @@ static NTSTATUS dcesrv_request(struct dcesrv_call_state *call) > struct ndr_pull *pull; > NTSTATUS status; > >+ if (auth->auth_invalid) { >+ return dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR); >+ } >+ > if (!auth->auth_finished) { > return dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR); > } >@@ -2058,6 +2062,7 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, > enum dcerpc_AuthType auth_type = 0; > enum dcerpc_AuthLevel auth_level = 0; > uint32_t auth_context_id = 0; >+ bool auth_invalid = false; > > call = talloc_zero(dce_conn, struct dcesrv_call_state); > if (!call) { >@@ -2090,12 +2095,16 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, > > if (call->auth_state == NULL) { > struct dcesrv_auth *a = NULL; >+ bool check_type_level = true; > > auth_type = dcerpc_get_auth_type(&blob); > auth_level = dcerpc_get_auth_level(&blob); > auth_context_id = dcerpc_get_auth_context_id(&blob); > > if (call->pkt.ptype == DCERPC_PKT_REQUEST) { >+ if (!(call->pkt.pfc_flags & DCERPC_PFC_FLAG_FIRST)) { >+ check_type_level = false; >+ } > dce_conn->default_auth_level_connect = NULL; > if (auth_level == DCERPC_AUTH_LEVEL_CONNECT) { > dce_conn->got_explicit_auth_level_connect = true; >@@ -2105,14 +2114,19 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, > for (a = dce_conn->auth_states; a != NULL; a = a->next) { > num_auth_ctx++; > >- if (a->auth_type != auth_type) { >+ if (a->auth_context_id != auth_context_id) { > continue; > } >- if (a->auth_finished && a->auth_level != auth_level) { >- continue; >+ >+ if (a->auth_type != auth_type) { >+ auth_invalid = true; > } >- if (a->auth_context_id != auth_context_id) { >- continue; >+ if (a->auth_level != auth_level) { >+ auth_invalid = true; >+ } >+ >+ if (check_type_level && auth_invalid) { >+ a->auth_invalid = true; > } > > DLIST_PROMOTE(dce_conn->auth_states, a); >@@ -2139,6 +2153,7 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, > /* > * This can never be valid. > */ >+ auth_invalid = true; > a->auth_invalid = true; > } > call->auth_state = a; >@@ -2207,6 +2222,18 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, > } > /* only one request is possible in the fragmented list */ > if (dce_conn->incoming_fragmented_call_list != NULL) { >+ call->fault_code = DCERPC_NCA_S_PROTO_ERROR; >+ >+ existing = dcesrv_find_fragmented_call(dce_conn, >+ call->pkt.call_id); >+ if (existing != NULL && call->auth_state != existing->auth_state) { >+ call->context = dcesrv_find_context(call->conn, >+ call->pkt.u.request.context_id); >+ >+ if (call->pkt.auth_length != 0 && existing->context == call->context) { >+ call->fault_code = DCERPC_FAULT_SEC_PKG_ERROR; >+ } >+ } > if (!(dce_conn->state_flags & DCESRV_CALL_STATE_FLAG_MULTIPLEXED)) { > /* > * Without DCERPC_PFC_FLAG_CONC_MPX >@@ -2216,11 +2243,14 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, > * This is important to get the > * call_id and context_id right. > */ >+ dce_conn->incoming_fragmented_call_list->fault_code = call->fault_code; > TALLOC_FREE(call); > call = dce_conn->incoming_fragmented_call_list; > } >- return dcesrv_fault_disconnect0(call, >- DCERPC_NCA_S_PROTO_ERROR); >+ if (existing != NULL) { >+ call->context = existing->context; >+ } >+ return dcesrv_fault_disconnect0(call, call->fault_code); > } > if (call->pkt.pfc_flags & DCERPC_PFC_FLAG_PENDING_CANCEL) { > return dcesrv_fault_disconnect(call, >@@ -2233,17 +2263,43 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, > DCERPC_PFC_FLAG_DID_NOT_EXECUTE); > } > } else { >- const struct dcerpc_request *nr = &call->pkt.u.request; >- const struct dcerpc_request *er = NULL; > int cmp; > > existing = dcesrv_find_fragmented_call(dce_conn, > call->pkt.call_id); > if (existing == NULL) { >+ if (!(dce_conn->state_flags & DCESRV_CALL_STATE_FLAG_MULTIPLEXED)) { >+ /* >+ * Without DCERPC_PFC_FLAG_CONC_MPX >+ * we need to return the FAULT on the >+ * already existing call. >+ * >+ * This is important to get the >+ * call_id and context_id right. >+ */ >+ if (dce_conn->incoming_fragmented_call_list != NULL) { >+ TALLOC_FREE(call); >+ call = dce_conn->incoming_fragmented_call_list; >+ } >+ return dcesrv_fault_disconnect0(call, >+ DCERPC_NCA_S_PROTO_ERROR); >+ } >+ if (dce_conn->incoming_fragmented_call_list != NULL) { >+ return dcesrv_fault_disconnect0(call, DCERPC_NCA_S_PROTO_ERROR); >+ } >+ call->context = dcesrv_find_context(call->conn, >+ call->pkt.u.request.context_id); >+ if (call->context == NULL) { >+ return dcesrv_fault_with_flags(call, DCERPC_NCA_S_UNKNOWN_IF, >+ DCERPC_PFC_FLAG_DID_NOT_EXECUTE); >+ } >+ if (auth_invalid) { >+ return dcesrv_fault_disconnect0(call, >+ DCERPC_FAULT_ACCESS_DENIED); >+ } > return dcesrv_fault_disconnect0(call, > DCERPC_NCA_S_PROTO_ERROR); > } >- er = &existing->pkt.u.request; > > if (call->pkt.ptype != existing->pkt.ptype) { > /* trying to play silly buggers are we? */ >@@ -2256,14 +2312,8 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, > return dcesrv_fault_disconnect(existing, > DCERPC_NCA_S_PROTO_ERROR); > } >- if (nr->context_id != er->context_id) { >- return dcesrv_fault_disconnect(existing, >- DCERPC_NCA_S_PROTO_ERROR); >- } >- if (nr->opnum != er->opnum) { >- return dcesrv_fault_disconnect(existing, >- DCERPC_NCA_S_PROTO_ERROR); >- } >+ call->auth_state = existing->auth_state; >+ call->context = existing->context; > } > } > >diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c >index 9f0cf0c802b..05a6d4a80f4 100644 >--- a/source4/rpc_server/dcesrv_auth.c >+++ b/source4/rpc_server/dcesrv_auth.c >@@ -484,6 +484,10 @@ bool dcesrv_auth_prepare_auth3(struct dcesrv_call_state *call) > return false; > } > >+ if (auth->auth_invalid) { >+ return false; >+ } >+ > /* We can't work without an existing gensec state */ > if (auth->gensec_security == NULL) { > return false; >@@ -570,6 +574,10 @@ bool dcesrv_auth_alter(struct dcesrv_call_state *call) > return false; > } > >+ if (auth->auth_invalid) { >+ return false; >+ } >+ > if (call->in_auth_info.auth_type != auth->auth_type) { > return false; > } >@@ -636,6 +644,7 @@ bool dcesrv_auth_pkt_pull(struct dcesrv_call_state *call, > .auth_level = auth->auth_level, > .auth_context_id = auth->auth_context_id, > }; >+ bool check_pkt_auth_fields; > NTSTATUS status; > > if (!auth->auth_started) { >@@ -651,8 +660,27 @@ bool dcesrv_auth_pkt_pull(struct dcesrv_call_state *call, > return false; > } > >+ if (call->pkt.pfc_flags & DCERPC_PFC_FLAG_FIRST) { >+ /* >+ * The caller most likely checked this >+ * already, but we better double check. >+ */ >+ check_pkt_auth_fields = true; >+ } else { >+ /* >+ * The caller already found first fragment >+ * and is passing the auth_state of it. >+ * A server is supposed to use the >+ * setting of the first fragment and >+ * completely ignore the values >+ * on the remaining fragments >+ */ >+ check_pkt_auth_fields = false; >+ } >+ > status = dcerpc_ncacn_pull_pkt_auth(&tmp_auth, > auth->gensec_security, >+ check_pkt_auth_fields, > call, > pkt->ptype, > required_flags, >-- >2.25.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
abartlet
:
review+
Actions:
View
Attachments on
bug 14875
:
16887
|
16888
|
16889
|
16901
|
16913
|
16915
|
16919
|
16920
|
16923
|
16928
|
16929
|
16960
|
16962
|
16968
| 16974