From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 11 Nov 2020 16:59:45 +0000 (+0100)
Subject: dcerpc_util: let dcerpc_pull_auth_trailer() expose the reject reason
X-Git-Tag: ldb-2.9.2~86
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=8c33f14b97f235695bb0b6006875018b3c219656;p=thirdparty%2Fsamba.git

dcerpc_util: let dcerpc_pull_auth_trailer() expose the reject reason

If dcerpc_pull_auth_trailer() returns NT_STATUS_RPC_PROTOCOL_ERROR
it will return the BIND reject code in auth->auth_context_id.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 7a6a1aae6fa74ab0f55c1160aedd2d79c9a44a90)
---

diff --git a/librpc/rpc/dcerpc_util.c b/librpc/rpc/dcerpc_util.c
index 8684df35b7f..ffe80f3182d 100644
--- a/librpc/rpc/dcerpc_util.c
+++ b/librpc/rpc/dcerpc_util.c
@@ -278,7 +278,7 @@ NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet *pkt,
 
 	auth_length = DCERPC_AUTH_TRAILER_LENGTH + pkt->auth_length;
 	if (pkt_trailer->length < auth_length) {
-		return NT_STATUS_RPC_PROTOCOL_ERROR;
+		return NT_STATUS_INTERNAL_ERROR;
 	}
 
 	data_and_pad = pkt_trailer->length - auth_length;
@@ -286,6 +286,7 @@ NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet *pkt,
 	if ((auth_offset % 4) != 0) {
 		DBG_WARNING("auth_offset[%u] not 4 byte aligned\n",
 			    (unsigned)auth_offset);
+		auth->auth_context_id = DCERPC_BIND_NAK_REASON_NOT_SPECIFIED;
 		return NT_STATUS_RPC_PROTOCOL_ERROR;
 	}
 
@@ -349,6 +350,7 @@ NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet *pkt,
 			  auth->auth_pad_length));
 		talloc_free(ndr);
 		ZERO_STRUCTP(auth);
+		auth->auth_context_id = DCERPC_BIND_NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED;
 		return NT_STATUS_RPC_PROTOCOL_ERROR;
 	}
 
@@ -378,6 +380,7 @@ NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet *pkt,
 			    auth->auth_pad_length);
 		talloc_free(ndr);
 		ZERO_STRUCTP(auth);
+		auth->auth_context_id = DCERPC_BIND_NAK_REASON_NOT_SPECIFIED;
 		return NT_STATUS_RPC_PROTOCOL_ERROR;
 	}
 
diff --git a/librpc/rpc/dcesrv_auth.c b/librpc/rpc/dcesrv_auth.c
index 1fc6255892d..5c3190a82eb 100644
--- a/librpc/rpc/dcesrv_auth.c
+++ b/librpc/rpc/dcesrv_auth.c
@@ -320,8 +320,13 @@ bool dcesrv_auth_bind(struct dcesrv_call_state *call)
 		 */
 		auth->auth_type = DCERPC_AUTH_TYPE_NONE;
 		auth->auth_level = DCERPC_AUTH_LEVEL_NONE;
-		auth->auth_context_id =
-			DCERPC_BIND_NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED;
+		if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROTOCOL_ERROR)) {
+			auth->auth_context_id =
+				call->in_auth_info.auth_context_id;
+		} else {
+			auth->auth_context_id =
+				DCERPC_BIND_NAK_REASON_NOT_SPECIFIED;
+		}
 		return false;
 	}
 
diff --git a/selftest/knownfail.d/dcerpc-auth-pad b/selftest/knownfail.d/dcerpc-auth-pad
index 9ea88114ce7..ae54bd75cc9 100644
--- a/selftest/knownfail.d/dcerpc-auth-pad
+++ b/selftest/knownfail.d/dcerpc-auth-pad
@@ -6,8 +6,6 @@
 ^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_mid_pad_ntlm_auth3
 ^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_mid_pad_spnego_alter
 ^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_mid_pad_spnego_auth3
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_bind_align2_ntlm
-^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_bind_align2_spnego
 ^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_auth3_align2_ntlm
 ^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_auth3_align2_spnego
 ^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_pad_ntlm_2889_alter