From: Stefan Metzmacher Date: Fri, 4 Aug 2023 11:57:12 +0000 (+0200) Subject: s4:torture/ndr: add tests for DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED X-Git-Tag: samba-4.17.11~59 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=95bb8115a370e7d33222d1cb94959e69eae5d1d5;p=thirdparty%2Fsamba.git s4:torture/ndr: add tests for DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED The PDUs were generated by Windows clients. And we fail to parse them currently. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15446 Signed-off-by: Stefan Metzmacher Reviewed-by: Volker Lendecke (cherry picked from commit c37adb762640b7df9731d6a60edce808aa8787f8) --- diff --git a/selftest/knownfail.d/samba4.local.ndr.dcerpc b/selftest/knownfail.d/samba4.local.ndr.dcerpc new file mode 100644 index 00000000000..9ba0e94617d --- /dev/null +++ b/selftest/knownfail.d/samba4.local.ndr.dcerpc @@ -0,0 +1,4 @@ +samba4.local.ndr.dcerpc.co_cancel.ncacn_packet_VALIDATE.ncacn_packet_co_cancel_check +samba4.local.ndr.dcerpc.orphaned.ncacn_packet_VALIDATE.ncacn_packet_orphaned_check +samba4.local.ndr.system.iconv.dcerpc.co_cancel.ncacn_packet_VALIDATE.ncacn_packet_co_cancel_check +samba4.local.ndr.system.iconv.dcerpc.orphaned.ncacn_packet_VALIDATE.ncacn_packet_orphaned_check diff --git a/source4/torture/ndr/dcerpc.c b/source4/torture/ndr/dcerpc.c new file mode 100644 index 00000000000..459817d4951 --- /dev/null +++ b/source4/torture/ndr/dcerpc.c @@ -0,0 +1,148 @@ +/* + Unix SMB/CIFS implementation. + test suite for dcerpc ndr operations + + Copyright (C) Stefan Metzmacher 2023 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "includes.h" +#include "torture/ndr/ndr.h" +#include "librpc/gen_ndr/ndr_dcerpc.h" +#include "torture/ndr/proto.h" + +/* + * ncacn_packet: struct ncacn_packet + * rpc_vers : 0x05 (5) + * rpc_vers_minor : 0x00 (0) + * ptype : DCERPC_PKT_CO_CANCEL (18) + * pfc_flags : 0x06 (6) + * 0: DCERPC_PFC_FLAG_FIRST + * 1: DCERPC_PFC_FLAG_LAST + * 1: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING + * 0: DCERPC_PFC_FLAG_CONC_MPX + * 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE + * 0: DCERPC_PFC_FLAG_MAYBE + * 0: DCERPC_PFC_FLAG_OBJECT_UUID + * drep: ARRAY(4) + * [0] : 0x10 (16) + * [1] : 0x00 (0) + * [2] : 0x00 (0) + * [3] : 0x00 (0) + * frag_length : 0x0010 (16) + * auth_length : 0x0000 (0) + * call_id : 0x00000001 (1) + * u : union dcerpc_payload(case 18) + * co_cancel: struct dcerpc_co_cancel + * auth_info : DATA_BLOB length=0 + */ +static const uint8_t ncacn_packet_co_cancel_data[] = { + 0x05, 0x00, 0x12, 0x06, 0x10, 0x00, 0x00, 0x00, + 0x10, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, +}; + +static bool ncacn_packet_co_cancel_check(struct torture_context *tctx, + struct ncacn_packet *pkt) +{ + torture_assert_int_equal(tctx, pkt->rpc_vers, 5, "rpc_vers"); + torture_assert_int_equal(tctx, pkt->rpc_vers_minor, 0, "rpc_vers_minor"); + torture_assert_int_equal(tctx, pkt->ptype, DCERPC_PKT_CO_CANCEL, "ptype"); + torture_assert_int_equal(tctx, pkt->pfc_flags, + DCERPC_PFC_FLAG_LAST | + DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING, + "pfc_flags"); + torture_assert_int_equal(tctx, pkt->drep[0], DCERPC_DREP_LE, "drep[0]"); + torture_assert_int_equal(tctx, pkt->drep[1], 0, "drep[1]"); + torture_assert_int_equal(tctx, pkt->drep[2], 0, "drep[2]"); + torture_assert_int_equal(tctx, pkt->drep[3], 0, "drep[3]"); + torture_assert_int_equal(tctx, pkt->frag_length, 16, "frag_length"); + torture_assert_int_equal(tctx, pkt->auth_length, 0, "auth_length"); + torture_assert_int_equal(tctx, pkt->call_id, 1, "call_id"); + torture_assert_int_equal(tctx, pkt->u.co_cancel.auth_info.length, 0, + "co_cancel.auth_info.length"); + return true; +} + +/* + * ncacn_packet: struct ncacn_packet + * rpc_vers : 0x05 (5) + * rpc_vers_minor : 0x00 (0) + * ptype : DCERPC_PKT_ORPHANED (19) + * pfc_flags : 0x03 (3) + * 1: DCERPC_PFC_FLAG_FIRST + * 1: DCERPC_PFC_FLAG_LAST + * 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING + * 0: DCERPC_PFC_FLAG_CONC_MPX + * 0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE + * 0: DCERPC_PFC_FLAG_MAYBE + * 0: DCERPC_PFC_FLAG_OBJECT_UUID + * drep: ARRAY(4) + * [0] : 0x10 (16) + * [1] : 0x00 (0) + * [2] : 0x00 (0) + * [3] : 0x00 (0) + * frag_length : 0x0010 (16) + * auth_length : 0x0000 (0) + * call_id : 0x00000008 (8) + * u : union dcerpc_payload(case 19) + * orphaned: struct dcerpc_orphaned + * auth_info : DATA_BLOB length=0 + */ +static const uint8_t ncacn_packet_orphaned_data[] = { + 0x05, 0x00, 0x13, 0x03, 0x10, 0x00, 0x00, 0x00, + 0x10, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, +}; + +static bool ncacn_packet_orphaned_check(struct torture_context *tctx, + struct ncacn_packet *pkt) +{ + torture_assert_int_equal(tctx, pkt->rpc_vers, 5, "rpc_vers"); + torture_assert_int_equal(tctx, pkt->rpc_vers_minor, 0, "rpc_vers_minor"); + torture_assert_int_equal(tctx, pkt->ptype, DCERPC_PKT_ORPHANED, "ptype"); + torture_assert_int_equal(tctx, pkt->pfc_flags, + DCERPC_PFC_FLAG_FIRST|DCERPC_PFC_FLAG_LAST, + "pfc_flags"); + torture_assert_int_equal(tctx, pkt->drep[0], DCERPC_DREP_LE, "drep[0]"); + torture_assert_int_equal(tctx, pkt->drep[1], 0, "drep[1]"); + torture_assert_int_equal(tctx, pkt->drep[2], 0, "drep[2]"); + torture_assert_int_equal(tctx, pkt->drep[3], 0, "drep[3]"); + torture_assert_int_equal(tctx, pkt->frag_length, 16, "frag_length"); + torture_assert_int_equal(tctx, pkt->auth_length, 0, "auth_length"); + torture_assert_int_equal(tctx, pkt->call_id, 8, "call_id"); + torture_assert_int_equal(tctx, pkt->u.orphaned.auth_info.length, 0, + "orphaned.auth_info.length"); + return true; +} + +struct torture_suite *ndr_dcerpc_suite(TALLOC_CTX *ctx) +{ + struct torture_suite *suite = torture_suite_create(ctx, "dcerpc"); + struct torture_suite *co_cancel = torture_suite_create(ctx, "co_cancel"); + struct torture_suite *orphaned = torture_suite_create(ctx, "orphaned"); + + torture_suite_add_suite(suite, co_cancel); + torture_suite_add_ndr_pull_validate_test(co_cancel, + ncacn_packet, + ncacn_packet_co_cancel_data, + ncacn_packet_co_cancel_check); + + torture_suite_add_suite(suite, orphaned); + torture_suite_add_ndr_pull_validate_test(orphaned, + ncacn_packet, + ncacn_packet_orphaned_data, + ncacn_packet_orphaned_check); + + return suite; +} diff --git a/source4/torture/ndr/ndr.c b/source4/torture/ndr/ndr.c index 99d8f8adca4..e2a2c33ca5a 100644 --- a/source4/torture/ndr/ndr.c +++ b/source4/torture/ndr/ndr.c @@ -759,6 +759,7 @@ struct torture_suite *torture_local_ndr(TALLOC_CTX *mem_ctx) { struct torture_suite *suite = torture_suite_create(mem_ctx, "ndr"); + torture_suite_add_suite(suite, ndr_dcerpc_suite(suite)); torture_suite_add_suite(suite, ndr_winreg_suite(suite)); torture_suite_add_suite(suite, ndr_atsvc_suite(suite)); torture_suite_add_suite(suite, ndr_lsa_suite(suite)); diff --git a/source4/torture/wscript_build b/source4/torture/wscript_build index d870a3ab807..6bfc6aeae65 100644 --- a/source4/torture/wscript_build +++ b/source4/torture/wscript_build @@ -47,6 +47,7 @@ if bld.CONFIG_SET('WITH_NTVFS_FILESERVER'): bld.SAMBA_SUBSYSTEM('TORTURE_NDR', source='''ndr/ndr.c + ndr/dcerpc.c ndr/winreg.c ndr/atsvc.c ndr/lsa.c