dcerpc_util: let dcerpc_pull_auth_trailer() ignore data_and_pad for bind, alter,...

Sometimes Windows sends 3 presentation contexts (NDR32, NDR64,
BindTimeFeatureNegotiation) in the first BIND of an association.

Binding an additional connection to the association seems to
reuse the BIND buffer and just changes the num_contexts field from
3 to 2 and leaves the BindTimeFeatureNegotiation context as padding
in places.

Note, the auth_pad_length field is send as 0 in that case,
which means we need to ignore it completely, as well as any
padding before the auth header.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 85b2dcd93848a590727dac243e8eb3614be75fad)

diff --git a/librpc/rpc/dcerpc_util.c b/librpc/rpc/dcerpc_util.c
index ffe80f3182df3a6d958f5affc8d3cb0b0c85c091..3258480087e67d12bcde55a56f1d89671e98ccf8 100644 (file)
--- a/librpc/rpc/dcerpc_util.c
+++ b/librpc/rpc/dcerpc_util.c
@@ -361,10 +361,9 @@ NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet *pkt,
         *
         * See also bug #11982.
         */
-       if (auth_data_only && data_and_pad == 0 &&
-           auth->auth_pad_length > 0) {
+       if (auth_data_only) {
                /*
-                * we need to ignore invalid auth_pad_length
+                * We need to ignore auth_pad_length
                 * values for BIND_*, ALTER_* and AUTH3 pdus.
                 */
                auth->auth_pad_length = 0;
@@ -384,34 +383,6 @@ NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet *pkt,
                return NT_STATUS_RPC_PROTOCOL_ERROR;
        }
 
-       if (auth_data_only && data_and_pad > auth->auth_pad_length) {
-               DBG_WARNING(__location__ ": ERROR: auth_data_only pad length mismatch. "
-                           "Client sent a longer BIND packet than expected by %"PRIu16" bytes "
-                           "(pkt_trailer->length=%zu - auth_length=%"PRIu16") "
-                           "= %"PRIu16" auth_pad_length=%"PRIu8"\n",
-                           data_and_pad - auth->auth_pad_length,
-                           pkt_trailer->length,
-                           auth_length,
-                           data_and_pad,
-                           auth->auth_pad_length);
-               talloc_free(ndr);
-               ZERO_STRUCTP(auth);
-               return NT_STATUS_RPC_PROTOCOL_ERROR;
-       }
-
-       if (auth_data_only && data_and_pad != auth->auth_pad_length) {
-               DBG_WARNING(__location__ ": ERROR: auth_data_only pad length mismatch. "
-                           "Calculated %"PRIu16" (pkt_trailer->length=%zu - auth_length=%"PRIu16") "
-                           "but auth_pad_length=%"PRIu8"\n",
-                           data_and_pad,
-                           pkt_trailer->length,
-                           auth_length,
-                           auth->auth_pad_length);
-               talloc_free(ndr);
-               ZERO_STRUCTP(auth);
-               return NT_STATUS_RPC_PROTOCOL_ERROR;
-       }
-
        DBG_DEBUG("auth_pad_length %"PRIu8"\n",
                  auth->auth_pad_length);
 

diff --git a/selftest/knownfail.d/dcerpc-auth-pad b/selftest/knownfail.d/dcerpc-auth-pad
index ae54bd75cc979b7d314d3c25068d38e716a9c945..29a7fcc48fd8e59eea214ff8bd8217e5a6e4a84c 100644 (file)
--- a/selftest/knownfail.d/dcerpc-auth-pad
+++ b/selftest/knownfail.d/dcerpc-auth-pad
@@ -1,11 +1,5 @@
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_full_pad_ntlm_alter
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_full_pad_ntlm_auth3
 ^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_full_pad_spnego_alter
 ^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_full_pad_spnego_auth3
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_mid_pad_ntlm_alter
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_mid_pad_ntlm_auth3
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_mid_pad_spnego_alter
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_mid_pad_spnego_auth3
 ^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_auth3_align2_ntlm
 ^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_auth3_align2_spnego
 ^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_ntlm_2889_alter