dcesrv_core: fix the auth3 for large ntlmssp messages

I know finding any real logic in reading the patch,
doesn't really show what's going on. I tried hard
to simplify it, but this is the only way I found
that fixed the test_auth_pad_ntlm_2889_auth3 test
without breaking other tests...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 8b8e4ff1b19ba06821d774d0e1a8b1cad7f06120)

diff --git a/librpc/rpc/dcesrv_auth.c b/librpc/rpc/dcesrv_auth.c
index 5c3190a82ebfc434fed7e5cd26e2c3fef6952680..c5dbec973d12ab976b9b524eb3a85f8f7358e025 100644 (file)
--- a/librpc/rpc/dcesrv_auth.c
+++ b/librpc/rpc/dcesrv_auth.c
@@ -130,6 +130,12 @@ static bool dcesrv_auth_prepare_gensec(struct dcesrv_call_state *call)
        auth->auth_level = call->in_auth_info.auth_level;
        auth->auth_context_id = call->in_auth_info.auth_context_id;
 
+       if (auth->auth_level == DCERPC_AUTH_LEVEL_CONNECT &&
+           !call->conn->got_explicit_auth_level_connect)
+       {
+               call->conn->default_auth_level_connect = auth;
+       }
+
        cb->auth.become_root();
        status = cb->auth.gensec_prepare(
                auth,
@@ -379,12 +385,6 @@ NTSTATUS dcesrv_auth_complete(struct dcesrv_call_state *call, NTSTATUS status)
        }
        auth->auth_finished = true;
 
-       if (auth->auth_level == DCERPC_AUTH_LEVEL_CONNECT &&
-           !call->conn->got_explicit_auth_level_connect)
-       {
-               call->conn->default_auth_level_connect = auth;
-       }
-
        if (call->pkt.ptype != DCERPC_PKT_AUTH3) {
                return NT_STATUS_OK;
        }
@@ -620,12 +620,12 @@ bool dcesrv_auth_pkt_pull(struct dcesrv_call_state *call,
                return false;
        }
 
-       if (!auth->auth_finished) {
-               call->fault_code = DCERPC_NCA_S_PROTO_ERROR;
+       if (auth->auth_invalid) {
                return false;
        }
 
-       if (auth->auth_invalid) {
+       if (!auth->auth_finished) {
+               call->fault_code = DCERPC_NCA_S_PROTO_ERROR;
                return false;
        }
 

diff --git a/librpc/rpc/dcesrv_core.c b/librpc/rpc/dcesrv_core.c
index 0c8c7ebb17c36892e3750a46d9ea5cefa29252a4..ebe6e662202ec90f8a13d9b5bab5cd5e2febba9c 100644 (file)
--- a/librpc/rpc/dcesrv_core.c
+++ b/librpc/rpc/dcesrv_core.c
@@ -2338,7 +2338,13 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn,
                dcesrv_default_auth_state_prepare_request(call);
 
                if (call->auth_state->auth_started &&
+                   !call->auth_state->auth_invalid &&
                    !call->auth_state->auth_finished) {
+                       /*
+                        * We have this check here instead of
+                        * relying on the check in dcesrv_auth_pkt_pull()
+                        * because the fault should have context_id=0
+                        */
                        return dcesrv_fault_disconnect(call,
                                        DCERPC_NCA_S_PROTO_ERROR);
                }

diff --git a/selftest/knownfail.d/dcerpc-auth-pad b/selftest/knownfail.d/dcerpc-auth-pad
index cbfd1442c8648a057a538a09bd8e1e463fa1c156..4c77d6227370fc848ec7919e5fbca76d00fe322d 100644 (file)
--- a/selftest/knownfail.d/dcerpc-auth-pad
+++ b/selftest/knownfail.d/dcerpc-auth-pad
@@ -1,4 +1,3 @@
 ^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_auth3_align2_ntlm
 ^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_auth3_align2_spnego
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_ntlm_2889_auth3
 ^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_tail_pad_spnego_auth3