The branch, v4-21-test has been updated
via 00e1c97fee9 third_party/heimdal: Import
lorikeet-heimdal-202410161454 (commit 0d61538a16b5051c820702f0711102112cd01a83)
via a7ea9b5026f smbd: fix sharing access check for directories
via 5c3e5377fe6 smbd: fix share access check for overwrite dispostions
via 66c09de1f30 smbtorture: add subtests for overwrite dispositions vs
sharemodes
via 88caf2c0911 smbtorture: fix smb2.notify.mask test
via a2ee15f58de smbtorture: prepare test_overwrite_read_only_file() for
more subtests
via 27e364a4933 dcesrv_core: better fault codes
dcesrv_auth_prepare_auth3()
via 4b60c66a9e7 dcesrv_core: fix the auth3 for large ntlmssp messages
via dae81f45a37 gensec:spnego: ignore trailing bytes in
SPNEGO_SERVER_START state
via f18b49489f1 gensec:ntlmssp: only allow messages up to 2888 bytes
via 657953d8e48 dcesrv_core: alter_context logon failures should result
in DCERPC_FAULT_ACCESS_DENIED
via aa0e68958cc dcesrv_core: a failure from gensec_update results in
NAK_REASON_INVALID_CHECKSUM
via f27161ef539 dcerpc_util: let dcerpc_pull_auth_trailer() ignore
data_and_pad for bind, alter, auth3
via 178e654eca1 dcerpc_util: let dcerpc_pull_auth_trailer() expose the
reject reason
via 5740e9daadc dcerpc_util: let dcerpc_pull_auth_trailer() check that
auth_offset is 4 bytes aligned
via a91d040b859 tests/dcerpc/raw_protocol: test invalid schannel binds
via 8add039c0bc tests/dcerpc/raw_protocol: add more tests for auth_pad
alignment
via 68ade99138d tests/dcerpc/raw_protocol: add tests for max
auth_padding, auth_len or auth_offset
via b019eb56d69 tests/dcerpc/raw_protocol: fix comment in
test_spnego_change_auth_type1
via 5fbb57e0dd5 tests/dcerpc/raw_protocol: test_no_auth_ctx_request
via 058328859c7 dcesrv_core: introduce
dcesrv_connection->transport_max_recv_frag
via 80129a9b077 tests/dcerpc/raw_protocol: run test_neg_xmit_ffff_ffff
over tcp and smb
via 2553c9aeded dcesrv_core: add more verbose debugging for missing
association groups
via 465bcb60550 RawDCERPCTest: add some more auth_length related asserts
via fcbb5243d5a RawDCERPCTest: split prepare_pdu() and send_pdu_blob()
out of send_pdu()
via 82ce898457b s4:librpc: provide py_schannel bindings
via bea355c2316 dcerpc_util: don't allow auth_padding for BIND,
ALTER_CONTEXT and AUTH3 pdus
via 79d8431c864 tests/dcerpc/raw_protocol: add more test for auth
padding during ALTER_CONTEXT/AUTH3
via cbcd11f2fb2 dcesrv_core: return
NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED for binds without contexts
via 346dab391d6 dcesrv_core: disconnect after a fault with non
AUTH_LEVEL_CONNECT bind
via b56c35c3366 s4:selftest: only run ad_member with
AUTH_LEVEL_CONNECT_LSA=1
via c0f40a78313 tests/dcerpc/raw_protocol: pass against Windows 2022
and require special env vars for legacy servers
via 9e35e26e038 RawDCERPCTest: ignore errors in smb_pipe_socket.close()
via 189e4e8b262 s4:tortore/rpc: let rpc.backupkey without privacy pass
against Windows 2022
from 53cf535b450 VERSION: Bump version up to Samba 4.21.2...
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-21-test
- Log -----------------------------------------------------------------
commit 00e1c97fee9cc197c34967d9099fec03f75658e0
Author: Stefan Metzmacher <[email protected]>
Date: Tue Apr 30 18:24:33 2024 +0200
third_party/heimdal: Import lorikeet-heimdal-202410161454 (commit
0d61538a16b5051c820702f0711102112cd01a83)
gsskrb5: let GSS_C_DCE_STYLE imply GSS_C_MUTUAL_FLAG as acceptor
Windows clients forget GSS_C_MUTUAL_FLAG in some situations where they
use GSS_C_DCE_STYLE, in the assumption that GSS_C_MUTUAL_FLAG is
implied.
Both Windows and MIT as server already imply GSS_C_MUTUAL_FLAG
when GSS_C_DCE_STYLE is used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15740
PR: https://github.com/heimdal/heimdal/pull/1266
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
Autobuild-User(master): Stefan Metzmacher <[email protected]>
Autobuild-Date(master): Wed Oct 16 19:05:15 UTC 2024 on atb-devel-224
(cherry picked from commit ce10b28566eb7b3e26a1e404b278d3d761ac183e)
Autobuild-User(v4-21-test): Jule Anger <[email protected]>
Autobuild-Date(v4-21-test): Thu Nov 7 10:27:56 UTC 2024 on atb-devel-224
commit a7ea9b5026f9f8ba55a0a296c116c1bc857c1260
Author: Ralph Boehme <[email protected]>
Date: Fri Oct 25 17:22:57 2024 +0200
smbd: fix sharing access check for directories
This was missing from commit 6140c3177a0330f42411618c3fca28930ea02a21 and
causes
all opens of directories to be handled as stat opens, bypassing the
sharemode
check.
Not adding a test at this time, as my (hopefully) soon to be merged
Directory
Leases branch has a test which actually detected this problem.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15732
Signed-off-by: Ralph Boehme <[email protected]>
Reviewed-by: Stefan Metzmacher <[email protected]>
(cherry picked from commit 20206a335a6af71b99f6441df145feea6563cf5a)
commit 5c3e5377fe6a9ea3890e030fe36af274dc6c8357
Author: Ralph Boehme <[email protected]>
Date: Wed Oct 2 14:09:33 2024 +0200
smbd: fix share access check for overwrite dispostions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15732
Signed-off-by: Ralph Boehme <[email protected]>
Reviewed-by: Stefan Metzmacher <[email protected]>
Autobuild-User(master): Ralph Böhme <[email protected]>
Autobuild-Date(master): Mon Oct 14 12:23:04 UTC 2024 on atb-devel-224
(cherry picked from commit 6140c3177a0330f42411618c3fca28930ea02a21)
commit 66c09de1f30104f36a98893936ac8bf213bcb2bf
Author: Ralph Boehme <[email protected]>
Date: Wed Oct 2 14:08:36 2024 +0200
smbtorture: add subtests for overwrite dispositions vs sharemodes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15732
Signed-off-by: Ralph Boehme <[email protected]>
Reviewed-by: Stefan Metzmacher <[email protected]>
(cherry picked from commit 849afe05ade140898b1eab9b28d46edc8357c844)
commit 88caf2c0911fc237307e47c6fd8f4e32519947ca
Author: Ralph Boehme <[email protected]>
Date: Wed Oct 2 18:17:17 2024 +0200
smbtorture: fix smb2.notify.mask test
The strange function custom_smb2_create() was somehow causing
NT_STATUS_DELETE_PENDING failures:
failure: mask [
(../../source4/torture/smb2/notify.c:490) Incorrect status
NT_STATUS_DELETE_PENDING - should be NT_STATUS_OK
]
I couldn't figure out what was causing this exactly, but after doing these
cleanups the error went away.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15732
Signed-off-by: Ralph Boehme <[email protected]>
Reviewed-by: Stefan Metzmacher <[email protected]>
(cherry picked from commit 4591f27ca81dff997ef7474565fc9c373abfa4a9)
commit a2ee15f58deca9882a330901b291c46a4d354b69
Author: Ralph Boehme <[email protected]>
Date: Wed Oct 2 14:07:49 2024 +0200
smbtorture: prepare test_overwrite_read_only_file() for more subtests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15732
Signed-off-by: Ralph Boehme <[email protected]>
Reviewed-by: Stefan Metzmacher <[email protected]>
(cherry picked from commit f88e52a6f487a216dbb805fabc08e862abb9b643)
commit 27e364a49334a25e89f150a7eb08cb984853f7c8
Author: Stefan Metzmacher <[email protected]>
Date: Fri Nov 13 02:47:51 2020 +0100
dcesrv_core: better fault codes dcesrv_auth_prepare_auth3()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
Autobuild-User(master): Andreas Schneider <[email protected]>
Autobuild-Date(master): Thu Oct 10 15:17:46 UTC 2024 on atb-devel-224
(cherry picked from commit 9263ce5752063235836d5f77220b0151df6c9408)
commit 4b60c66a9e70a2cad901f4c80382877b99df2c61
Author: Stefan Metzmacher <[email protected]>
Date: Fri Nov 13 10:55:43 2020 +0100
dcesrv_core: fix the auth3 for large ntlmssp messages
I know finding any real logic in reading the patch,
doesn't really show what's going on. I tried hard
to simplify it, but this is the only way I found
that fixed the test_auth_pad_ntlm_2889_auth3 test
without breaking other tests...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
(cherry picked from commit 8b8e4ff1b19ba06821d774d0e1a8b1cad7f06120)
commit dae81f45a374a457a0a0dee058741cb844dfaa26
Author: Stefan Metzmacher <[email protected]>
Date: Wed Nov 11 17:03:29 2020 +0100
gensec:spnego: ignore trailing bytes in SPNEGO_SERVER_START state
This matches Windows (at least Server 2012_R2).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
(cherry picked from commit 86808d66f30136850f857b749e768c88de3a079f)
commit f18b49489f13037250fecc6bb1d2b0992f546854
Author: Stefan Metzmacher <[email protected]>
Date: Thu Nov 12 10:00:07 2020 +0100
gensec:ntlmssp: only allow messages up to 2888 bytes
This matches Windows (at least Server 2012_R2).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
(cherry picked from commit 55dd8bdb05b4e814beb50d11a6f12c94e5f6e9d5)
commit 657953d8e48e685b1b1374d9da062e480e449634
Author: Stefan Metzmacher <[email protected]>
Date: Thu Nov 12 16:41:21 2020 +0100
dcesrv_core: alter_context logon failures should result in
DCERPC_FAULT_ACCESS_DENIED
We should use DCERPC_FAULT_ACCESS_DENIED as default for
gensec status results of e.g. NT_STATUS_LOGON_FAILURE or
NT_STATUS_INVALID_PARAMTER.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
(cherry picked from commit 31a422b7e58d7a670ebedb7c91f240a3134a9624)
commit aa0e68958ccd2f1b070369498541d694d07487b4
Author: Stefan Metzmacher <[email protected]>
Date: Thu Nov 12 16:41:05 2020 +0100
dcesrv_core: a failure from gensec_update results in
NAK_REASON_INVALID_CHECKSUM
We already report that for gensec_start_mech_by_authtype() failures,
but we also need to do that for any invalid authentication.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
(cherry picked from commit 97545873ebc2daf9c3daee914a90687625a08225)
commit f27161ef5397f75f5039ff3f0d5a190cac5d2ae7
Author: Stefan Metzmacher <[email protected]>
Date: Wed Nov 11 17:07:54 2020 +0100
dcerpc_util: let dcerpc_pull_auth_trailer() ignore data_and_pad for bind,
alter, auth3
Sometimes Windows sends 3 presentation contexts (NDR32, NDR64,
BindTimeFeatureNegotiation) in the first BIND of an association.
Binding an additional connection to the association seems to
reuse the BIND buffer and just changes the num_contexts field from
3 to 2 and leaves the BindTimeFeatureNegotiation context as padding
in places.
Note, the auth_pad_length field is send as 0 in that case,
which means we need to ignore it completely, as well as any
padding before the auth header.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
(cherry picked from commit 85b2dcd93848a590727dac243e8eb3614be75fad)
commit 178e654eca1936d88da7c7e1de056ac2fa409e87
Author: Stefan Metzmacher <[email protected]>
Date: Wed Nov 11 17:59:45 2020 +0100
dcerpc_util: let dcerpc_pull_auth_trailer() expose the reject reason
If dcerpc_pull_auth_trailer() returns NT_STATUS_RPC_PROTOCOL_ERROR
it will return the BIND reject code in auth->auth_context_id.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
(cherry picked from commit 7a6a1aae6fa74ab0f55c1160aedd2d79c9a44a90)
commit 5740e9daadc2710562d056ef6db93b0f337182fb
Author: Stefan Metzmacher <[email protected]>
Date: Wed Nov 11 17:05:21 2020 +0100
dcerpc_util: let dcerpc_pull_auth_trailer() check that auth_offset is 4
bytes aligned
That what Windows also asserts.
It also makes sure that ndr_pull_dcerpc_auth() will
start with ndr->offset = 0 and don't tries to eat
possible padding.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
(cherry picked from commit 890fff1ca0c4e1eb8ef26c4f88aa18aeda3afc4f)
commit a91d040b859c80a41f20ff281335491b04e458ca
Author: Stefan Metzmacher <[email protected]>
Date: Thu Nov 12 11:10:46 2020 +0100
tests/dcerpc/raw_protocol: test invalid schannel binds
Note the ad_member will keep these as expected failures,
as it doesn't provide the netlogon service,
while the knownfail for the ADDC is only temporary.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
(cherry picked from commit f7a3827010a859839a3ae7d0cdf297a15610d286)
commit 8add039c0bc727f70e0647a6b457f2dd563f10bb
Author: Stefan Metzmacher <[email protected]>
Date: Thu Nov 12 17:22:19 2020 +0100
tests/dcerpc/raw_protocol: add more tests for auth_pad alignment
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
(cherry picked from commit 0bc562eb26cad3a5cb8da2da54db86932791f3de)
commit 68ade99138d965654608c3720a7bf51de00a5963
Author: Stefan Metzmacher <[email protected]>
Date: Wed Nov 11 01:19:23 2020 +0100
tests/dcerpc/raw_protocol: add tests for max auth_padding, auth_len or
auth_offset
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
(cherry picked from commit 0da9e4d7430c7dbb37783e6152f7672bf29498e9)
commit b019eb56d6979cd2183e0bf0a19a57ab1d6ed104
Author: Stefan Metzmacher <[email protected]>
Date: Tue Nov 17 17:44:51 2020 +0100
tests/dcerpc/raw_protocol: fix comment in test_spnego_change_auth_type1
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
(cherry picked from commit 7b5c3f9b1f334eb9d7906338e2e64196a6530068)
commit 5fbb57e0dd5b46bb8f7aaa3fff089f959f3824de
Author: Stefan Metzmacher <[email protected]>
Date: Tue Nov 17 10:05:41 2020 +0100
tests/dcerpc/raw_protocol: test_no_auth_ctx_request
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
(cherry picked from commit 57fb07f5a3369d679f8918f853303b56e58dfb3d)
commit 058328859c7fbb84824b561a66819b58b28f842d
Author: Stefan Metzmacher <[email protected]>
Date: Thu Nov 12 16:38:32 2020 +0100
dcesrv_core: introduce dcesrv_connection->transport_max_recv_frag
The max fragment size depends on the transport.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
(cherry picked from commit 09e8dd23ce0c08c5c04bd74121f3664f420af877)
commit 80129a9b07785ff30c36c64e2823bd8482d3d89c
Author: Stefan Metzmacher <[email protected]>
Date: Mon Nov 16 15:01:49 2020 +0100
tests/dcerpc/raw_protocol: run test_neg_xmit_ffff_ffff over tcp and smb
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
(cherry picked from commit a2d894fd37aaa9bce64ad95e01412681a08790ea)
commit 2553c9aeded9927a87fc39982aedc9da1ef9a6e4
Author: Stefan Metzmacher <[email protected]>
Date: Mon Nov 16 16:58:35 2020 +0100
dcesrv_core: add more verbose debugging for missing association groups
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
(cherry picked from commit ac5818f2dd348e61b4be35505bee00b330ec4450)
commit 465bcb605507ce9c0149890c00ed535ad0bdde8f
Author: Stefan Metzmacher <[email protected]>
Date: Wed Nov 11 16:49:25 2020 +0100
RawDCERPCTest: add some more auth_length related asserts
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
(cherry picked from commit bb8ad1f22924b581bfb66555713e98efa91372b2)
commit fcbb5243d5a3097b23cfebbd03c199b9b2586464
Author: Stefan Metzmacher <[email protected]>
Date: Mon Nov 9 14:00:43 2020 +0100
RawDCERPCTest: split prepare_pdu() and send_pdu_blob() out of send_pdu()
This will make it possible to alter pdus before sending them to the
server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
(cherry picked from commit 444f9c6624f5c997dfdc4ae0bfb8823a56fbef70)
commit 82ce898457b4d016e820f9acdb9d638dd73837dc
Author: Stefan Metzmacher <[email protected]>
Date: Thu Nov 12 10:34:38 2020 +0100
s4:librpc: provide py_schannel bindings
This will be used in the dcerpc.raw_protocol test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
(cherry picked from commit 0acbbeab4db0c8bc8ff655d652e249fecb3c4ef9)
commit bea355c23165c5d0435a528d057a3050738dfdef
Author: Stefan Metzmacher <[email protected]>
Date: Tue Sep 24 09:32:24 2024 +0200
dcerpc_util: don't allow auth_padding for BIND, ALTER_CONTEXT and AUTH3 pdus
This is how Windows 2022 (and 2025 preview) behaves...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
(cherry picked from commit be02d4077db1d6c35b2e480937a04b5e70545a6d)
commit 79d8431c86418eba31d731f291cd39b478256cd2
Author: Stefan Metzmacher <[email protected]>
Date: Tue Sep 24 09:56:05 2024 +0200
tests/dcerpc/raw_protocol: add more test for auth padding during
ALTER_CONTEXT/AUTH3
The aim is to keep testing the code paths, which are no longer
testing because allow_bind_auth_pad is false now, which
means the existing tests fail directly at the BIND,
but we also want to test the error handling on
ALTER_CONTEXT (and AUTH3).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
(cherry picked from commit 9309283ddbcc60cb8dac8ecd3f4bcecfbf8ac732)
commit cbcd11f2fb232780452882ef5f1116611385b6a8
Author: Stefan Metzmacher <[email protected]>
Date: Tue Sep 24 09:05:15 2024 +0200
dcesrv_core: return NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED for binds
without contexts
This is the error Windows 2022 (and 2025 preview) return.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
(cherry picked from commit 8e6696b2ac6990f3d6bac804c9a0f1a2b8f0ada0)
commit 346dab391d6a0382bcdff4acb9a6cef4ca8d8010
Author: Stefan Metzmacher <[email protected]>
Date: Mon Sep 23 16:09:39 2024 +0200
dcesrv_core: disconnect after a fault with non AUTH_LEVEL_CONNECT bind
Without an auth context using DCERPC_AUTH_LEVEL_PACKET or higher
the fault to reject requests with an invalid auth level
should trigger a disconnect after sending the fault to
the client.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
(cherry picked from commit 31c2f35bba003daee39756e83def0f3d45c19c6b)
commit b56c35c33668f050e993b141bbaf072b64da5a0c
Author: Stefan Metzmacher <[email protected]>
Date: Mon Sep 23 15:13:59 2024 +0200
s4:selftest: only run ad_member with AUTH_LEVEL_CONNECT_LSA=1
We only want to test against
'allow dcerpc auth level connect:lsarpc = yes' once
in order to have the related code tests.
We use the ad_memeber for that special test and
use the default on the tested ADDC.
This reveals some knownfails, which will be fixed in
the next commit...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
(cherry picked from commit 93bd5ba609f93ce8298f12f2a7b0ad333e0f48bf)
commit c0f40a7831362c46e4a12fcb3b46d185cb361040
Author: Stefan Metzmacher <[email protected]>
Date: Mon Sep 23 15:13:59 2024 +0200
tests/dcerpc/raw_protocol: pass against Windows 2022 and require special
env vars for legacy servers
Test works against Windows 2022 and works like this:
SMB_CONF_PATH=/dev/null SERVER=172.31.9.118 \
TARGET_HOSTNAME=w2022-118.w2022-l7.base IGNORE_RANDOM_PAD=1 \
DOMAIN=W2022-L7 REALM=W2022-L7.BASE \
USERNAME=administrator PASSWORD=A1b2C3d4 \
python/samba/tests/dcerpc/raw_protocol.py -v -f TestDCERPC_BIND
Against a legacy Windows2012R2 server this still works:
SMB_CONF_PATH=/dev/null SERVER=172.31.9.188 \
TARGET_HOSTNAME=w2012r2-188.w2012r2-l6.base ALLOW_BIND_AUTH_PAD=1 \
LEGACY_BIND_NACK_NO_REASON=1 AUTH_LEVEL_CONNECT_LSA=1 \
IGNORE_RANDOM_PAD=1 DOMAIN=W2012R2-L6 REALM=W2012R2-L6.BASE \
USERNAME=administrator PASSWORD=A1b2C3d4 \
python/samba/tests/dcerpc/raw_protocol.py -v -f TestDCERPC_BIND
Currently Samba behaves like 2012R2, but the next commits
will change that...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
(cherry picked from commit 98d908bfd07283878a7a6a630c2bfe5d27b5ffd8)
commit 9e35e26e038932733cf6e571c3fefe3387ff9e5f
Author: Stefan Metzmacher <[email protected]>
Date: Sat Sep 21 12:32:55 2024 +0200
RawDCERPCTest: ignore errors in smb_pipe_socket.close()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
(cherry picked from commit b51ab42284211981a1ee6c8865845c7dfc985cb4)
commit 189e4e8b262701f6cd64c2e1d9b0306e96589a6d
Author: Stefan Metzmacher <[email protected]>
Date: Wed Sep 25 23:10:25 2024 +0200
s4:tortore/rpc: let rpc.backupkey without privacy pass against Windows 2022
The server disconnects after the first fault.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
(cherry picked from commit 8c6b5b87434e96d4cb695c0a5cf8aa0a0472c6a4)
-----------------------------------------------------------------------
Summary of changes:
auth/gensec/spnego.c | 24 +-
auth/ntlmssp/ntlmssp.c | 9 +
auth/ntlmssp/ntlmssp_client.c | 6 -
auth/ntlmssp/ntlmssp_server.c | 6 -
librpc/idl/wscript_build | 2 +-
librpc/rpc/dcerpc_util.c | 75 +-
librpc/rpc/dcesrv_auth.c | 71 +-
librpc/rpc/dcesrv_core.c | 107 +-
librpc/rpc/dcesrv_core.h | 2 +
python/samba/tests/dcerpc/raw_protocol.py | 1555 +++++++++++++++++++++++---
python/samba/tests/dcerpc/raw_testcase.py | 52 +-
selftest/expectedfail.d/ntlm-auth | 4 +
selftest/expectedfail.d/samba4.rpc.backupkey | 28 +
selftest/target/Samba4.pm | 1 -
source3/smbd/open.c | 7 +-
source4/librpc/wscript_build | 7 +
source4/selftest/tests.py | 14 +-
source4/torture/rpc/backupkey.c | 80 +-
source4/torture/smb2/acls.c | 124 +-
source4/torture/smb2/notify.c | 34 +-
third_party/heimdal/lib/gssapi/krb5/8003.c | 10 +
21 files changed, 1930 insertions(+), 288 deletions(-)
create mode 100644 selftest/expectedfail.d/samba4.rpc.backupkey
Changeset truncated at 500 lines:
diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c
index 378ba3402c4..741d85b9a5e 100644
--- a/auth/gensec/spnego.c
+++ b/auth/gensec/spnego.c
@@ -1758,6 +1758,7 @@ static NTSTATUS gensec_spnego_update_in(struct
gensec_security *gensec_security,
const DATA_BLOB in, TALLOC_CTX *mem_ctx,
DATA_BLOB *full_in)
{
+ DATA_BLOB consume = data_blob_null;
struct spnego_state *spnego_state =
talloc_get_type_abort(gensec_security->private_data,
struct spnego_state);
@@ -1824,17 +1825,26 @@ static NTSTATUS gensec_spnego_update_in(struct
gensec_security *gensec_security,
return NT_STATUS_INVALID_PARAMETER;
}
+ consume = in;
expected = spnego_state->in_needed - spnego_state->in_frag.length;
- if (in.length > expected) {
+ if (consume.length > expected) {
+ if (spnego_state->state_position != SPNEGO_SERVER_START) {
+ /*
+ * we got more than expected
+ */
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
/*
- * we got more than expected
+ * In SPNEGO_SERVER_START we need to ignore unexpected
+ * bytes at the end.
*/
- return NT_STATUS_INVALID_PARAMETER;
+ consume.length = expected;
}
- if (in.length == spnego_state->in_needed) {
+ if (consume.length == spnego_state->in_needed) {
/*
- * if the in.length contains the full blob
+ * if the consume.length contains the full blob
* we are done.
*
* Note: this implies spnego_state->in_frag.length == 0,
@@ -1842,13 +1852,13 @@ static NTSTATUS gensec_spnego_update_in(struct
gensec_security *gensec_security,
* because we already know that we did not get
* more than expected.
*/
- *full_in = in;
+ *full_in = consume;
spnego_state->in_needed = 0;
return NT_STATUS_OK;
}
ok = data_blob_append(spnego_state, &spnego_state->in_frag,
- in.data, in.length);
+ consume.data, consume.length);
if (!ok) {
return NT_STATUS_NO_MEMORY;
}
diff --git a/auth/ntlmssp/ntlmssp.c b/auth/ntlmssp/ntlmssp.c
index 745f2628d21..c9360a5fa2d 100644
--- a/auth/ntlmssp/ntlmssp.c
+++ b/auth/ntlmssp/ntlmssp.c
@@ -36,6 +36,8 @@ struct auth_session_info;
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
+#define NTLMSSP_MAX_UPDATE_SIZE 2888
+
/**
* Callbacks for NTLMSSP - for both client and server operating modes
*
@@ -136,6 +138,13 @@ static NTSTATUS gensec_ntlmssp_update_find(struct
gensec_security *gensec_securi
}
}
+ if (input.length > NTLMSSP_MAX_UPDATE_SIZE) {
+ DBG_WARNING("reject large command=%u message, length %zu >
%u)\n",
+ ntlmssp_command, input.length,
+ NTLMSSP_MAX_UPDATE_SIZE);
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
if (ntlmssp_command != gensec_ntlmssp->ntlmssp_state->expected_state) {
DEBUG(2, ("got NTLMSSP command %u, expected %u\n",
ntlmssp_command,
gensec_ntlmssp->ntlmssp_state->expected_state));
diff --git a/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_client.c
index a50ff661f5f..8c2a1f9c0aa 100644
--- a/auth/ntlmssp/ntlmssp_client.c
+++ b/auth/ntlmssp/ntlmssp_client.c
@@ -142,12 +142,6 @@ NTSTATUS gensec_ntlmssp_resume_ccache(struct
gensec_security *gensec_security,
/* parse the NTLMSSP packet */
- if (in.length > UINT16_MAX) {
- DEBUG(1, ("%s: reject large request of length %u\n",
- __func__, (unsigned int)in.length));
- return NT_STATUS_INVALID_PARAMETER;
- }
-
ok = msrpc_parse(ntlmssp_state, &in, "Cdd",
"NTLMSSP",
&ntlmssp_command,
diff --git a/auth/ntlmssp/ntlmssp_server.c b/auth/ntlmssp/ntlmssp_server.c
index 1e49379a8ed..2e25c4efab5 100644
--- a/auth/ntlmssp/ntlmssp_server.c
+++ b/auth/ntlmssp/ntlmssp_server.c
@@ -124,12 +124,6 @@ NTSTATUS gensec_ntlmssp_server_negotiate(struct
gensec_security *gensec_security
#endif
if (request.length) {
- if (request.length > UINT16_MAX) {
- DEBUG(1, ("ntlmssp_server_negotiate: reject large
request of length %u\n",
- (unsigned int)request.length));
- return NT_STATUS_INVALID_PARAMETER;
- }
-
if ((request.length < 16) || !msrpc_parse(ntlmssp_state,
&request, "Cdd",
"NTLMSSP",
&ntlmssp_command,
diff --git a/librpc/idl/wscript_build b/librpc/idl/wscript_build
index f3781fa9fd8..c7d6413b47f 100644
--- a/librpc/idl/wscript_build
+++ b/librpc/idl/wscript_build
@@ -98,7 +98,6 @@ bld.SAMBA_PIDL_LIST('PIDL',
ODJ.idl
printcap.idl
rap.idl
- schannel.idl
smb2_lease_struct.idl
''',
options='--header --ndr-parser',
@@ -135,6 +134,7 @@ bld.SAMBA_PIDL_LIST('PIDL',
idmap.idl
krb5pac.idl
krb5ccache.idl
+ schannel.idl
messaging.idl
misc.idl
nbt.idl
diff --git a/librpc/rpc/dcerpc_util.c b/librpc/rpc/dcerpc_util.c
index 66b38a4acf2..51a8a11ac4a 100644
--- a/librpc/rpc/dcerpc_util.c
+++ b/librpc/rpc/dcerpc_util.c
@@ -240,8 +240,10 @@ NTSTATUS dcerpc_pull_auth_trailer(const struct
ncacn_packet *pkt,
enum ndr_err_code ndr_err;
uint16_t data_and_pad;
uint16_t auth_length;
+ uint16_t auth_offset;
uint32_t tmp_length;
uint32_t max_pad_len = 0;
+ DATA_BLOB auth_blob;
ZERO_STRUCTP(auth);
if (_auth_length != NULL) {
@@ -277,12 +279,21 @@ NTSTATUS dcerpc_pull_auth_trailer(const struct
ncacn_packet *pkt,
auth_length = DCERPC_AUTH_TRAILER_LENGTH + pkt->auth_length;
if (pkt_trailer->length < auth_length) {
- return NT_STATUS_RPC_PROTOCOL_ERROR;
+ return NT_STATUS_INTERNAL_ERROR;
}
data_and_pad = pkt_trailer->length - auth_length;
+ auth_offset = pkt->frag_length - auth_length;
+ if ((auth_offset % 4) != 0) {
+ DBG_WARNING("auth_offset[%u] not 4 byte aligned\n",
+ (unsigned)auth_offset);
+ auth->auth_context_id = DCERPC_BIND_NAK_REASON_NOT_SPECIFIED;
+ return NT_STATUS_RPC_PROTOCOL_ERROR;
+ }
- ndr = ndr_pull_init_blob(pkt_trailer, mem_ctx);
+ auth_blob = data_blob_const(pkt_trailer->data + data_and_pad,
+ auth_length);
+ ndr = ndr_pull_init_blob(&auth_blob, mem_ctx);
if (!ndr) {
return NT_STATUS_NO_MEMORY;
}
@@ -291,12 +302,6 @@ NTSTATUS dcerpc_pull_auth_trailer(const struct
ncacn_packet *pkt,
ndr->flags |= LIBNDR_FLAG_BIGENDIAN;
}
- ndr_err = ndr_pull_advance(ndr, data_and_pad);
- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- talloc_free(ndr);
- return ndr_map_error2ntstatus(ndr_err);
- }
-
ndr_err = ndr_pull_dcerpc_auth(ndr, NDR_SCALARS|NDR_BUFFERS, auth);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
talloc_free(ndr);
@@ -324,11 +329,20 @@ NTSTATUS dcerpc_pull_auth_trailer(const struct
ncacn_packet *pkt,
* protection for REQUEST and RESPONSE pdus, where the
* auth_pad_length field is actually used by the caller.
*/
- tmp_length = DCERPC_REQUEST_LENGTH;
- tmp_length += DCERPC_AUTH_TRAILER_LENGTH;
- tmp_length += pkt->auth_length;
- if (tmp_length < pkt->frag_length) {
- max_pad_len = pkt->frag_length - tmp_length;
+ switch (pkt->ptype) {
+ case DCERPC_PKT_BIND:
+ case DCERPC_PKT_ALTER:
+ case DCERPC_PKT_AUTH3:
+ max_pad_len = 0;
+ break;
+ default:
+ tmp_length = DCERPC_REQUEST_LENGTH;
+ tmp_length += DCERPC_AUTH_TRAILER_LENGTH;
+ tmp_length += pkt->auth_length;
+ if (tmp_length < pkt->frag_length) {
+ max_pad_len = pkt->frag_length - tmp_length;
+ }
+ break;
}
if (max_pad_len < auth->auth_pad_length) {
DEBUG(1, (__location__ ": ERROR: pad length too large. "
@@ -337,6 +351,7 @@ NTSTATUS dcerpc_pull_auth_trailer(const struct ncacn_packet
*pkt,
auth->auth_pad_length));
talloc_free(ndr);
ZERO_STRUCTP(auth);
+ auth->auth_context_id =
DCERPC_BIND_NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED;
return NT_STATUS_RPC_PROTOCOL_ERROR;
}
@@ -347,10 +362,9 @@ NTSTATUS dcerpc_pull_auth_trailer(const struct
ncacn_packet *pkt,
*
* See also bug #11982.
*/
- if (auth_data_only && data_and_pad == 0 &&
- auth->auth_pad_length > 0) {
+ if (auth_data_only) {
/*
- * we need to ignore invalid auth_pad_length
+ * We need to ignore auth_pad_length
* values for BIND_*, ALTER_* and AUTH3 pdus.
*/
auth->auth_pad_length = 0;
@@ -366,34 +380,7 @@ NTSTATUS dcerpc_pull_auth_trailer(const struct
ncacn_packet *pkt,
auth->auth_pad_length);
talloc_free(ndr);
ZERO_STRUCTP(auth);
- return NT_STATUS_RPC_PROTOCOL_ERROR;
- }
-
- if (auth_data_only && data_and_pad > auth->auth_pad_length) {
- DBG_WARNING(__location__ ": ERROR: auth_data_only pad length
mismatch. "
- "Client sent a longer BIND packet than expected by
%"PRIu16" bytes "
- "(pkt_trailer->length=%zu - auth_length=%"PRIu16") "
- "= %"PRIu16" auth_pad_length=%"PRIu8"\n",
- data_and_pad - auth->auth_pad_length,
- pkt_trailer->length,
- auth_length,
- data_and_pad,
- auth->auth_pad_length);
- talloc_free(ndr);
- ZERO_STRUCTP(auth);
- return NT_STATUS_RPC_PROTOCOL_ERROR;
- }
-
- if (auth_data_only && data_and_pad != auth->auth_pad_length) {
- DBG_WARNING(__location__ ": ERROR: auth_data_only pad length
mismatch. "
- "Calculated %"PRIu16" (pkt_trailer->length=%zu -
auth_length=%"PRIu16") "
- "but auth_pad_length=%"PRIu8"\n",
- data_and_pad,
- pkt_trailer->length,
- auth_length,
- auth->auth_pad_length);
- talloc_free(ndr);
- ZERO_STRUCTP(auth);
+ auth->auth_context_id = DCERPC_BIND_NAK_REASON_NOT_SPECIFIED;
return NT_STATUS_RPC_PROTOCOL_ERROR;
}
diff --git a/librpc/rpc/dcesrv_auth.c b/librpc/rpc/dcesrv_auth.c
index 1fc6255892d..b2f6e607a24 100644
--- a/librpc/rpc/dcesrv_auth.c
+++ b/librpc/rpc/dcesrv_auth.c
@@ -130,6 +130,12 @@ static bool dcesrv_auth_prepare_gensec(struct
dcesrv_call_state *call)
auth->auth_level = call->in_auth_info.auth_level;
auth->auth_context_id = call->in_auth_info.auth_context_id;
+ if (auth->auth_level == DCERPC_AUTH_LEVEL_CONNECT &&
+ !call->conn->got_explicit_auth_level_connect)
+ {
+ call->conn->default_auth_level_connect = auth;
+ }
+
cb->auth.become_root();
status = cb->auth.gensec_prepare(
auth,
@@ -320,8 +326,13 @@ bool dcesrv_auth_bind(struct dcesrv_call_state *call)
*/
auth->auth_type = DCERPC_AUTH_TYPE_NONE;
auth->auth_level = DCERPC_AUTH_LEVEL_NONE;
- auth->auth_context_id =
- DCERPC_BIND_NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED;
+ if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROTOCOL_ERROR)) {
+ auth->auth_context_id =
+ call->in_auth_info.auth_context_id;
+ } else {
+ auth->auth_context_id =
+ DCERPC_BIND_NAK_REASON_NOT_SPECIFIED;
+ }
return false;
}
@@ -374,12 +385,6 @@ NTSTATUS dcesrv_auth_complete(struct dcesrv_call_state
*call, NTSTATUS status)
}
auth->auth_finished = true;
- if (auth->auth_level == DCERPC_AUTH_LEVEL_CONNECT &&
- !call->conn->got_explicit_auth_level_connect)
- {
- call->conn->default_auth_level_connect = auth;
- }
-
if (call->pkt.ptype != DCERPC_PKT_AUTH3) {
return NT_STATUS_OK;
}
@@ -440,11 +445,38 @@ bool dcesrv_auth_prepare_auth3(struct dcesrv_call_state
*call)
struct dcesrv_auth *auth = call->auth_state;
NTSTATUS status;
- if (pkt->auth_length == 0) {
+ if (pkt->frag_length > call->conn->transport_max_recv_frag) {
+ /*
+ * Note that we don't check against the negotiated
+ * max_recv_frag, but a hard coded value from
+ * the transport.
+ */
+ call->fault_code = DCERPC_NCA_S_PROTO_ERROR;
+ return false;
+ }
+
+ if (pkt->auth_length > 4096) {
+ call->fault_code = DCERPC_NCA_S_PROTO_ERROR;
return false;
}
if (auth->auth_finished) {
+ call->fault_code = DCERPC_NCA_S_PROTO_ERROR;
+ return false;
+ }
+
+ if (!auth->auth_started) {
+ call->fault_code = DCERPC_NCA_S_PROTO_ERROR;
+ return false;
+ }
+
+ if (auth->auth_invalid) {
+ call->fault_code = DCERPC_NCA_S_PROTO_ERROR;
+ return false;
+ }
+
+ if (pkt->auth_length == 0) {
+ call->fault_code = DCERPC_NCA_S_FAULT_REMOTE_NO_MEMORY;
return false;
}
@@ -460,23 +492,36 @@ bool dcesrv_auth_prepare_auth3(struct dcesrv_call_state
*call)
status = dcerpc_pull_auth_trailer(pkt, call, &pkt->u.auth3.auth_info,
&call->in_auth_info, NULL, true);
if (!NT_STATUS_IS_OK(status)) {
+ struct dcerpc_auth *auth_info = &call->in_auth_info;
+ uint32_t nr = auth_info->auth_context_id;
+
/*
* Windows returns DCERPC_NCA_S_FAULT_REMOTE_NO_MEMORY
- * instead of DCERPC_NCA_S_PROTO_ERROR.
+ * instead of DCERPC_NCA_S_PROTO_ERROR in most cases.
*/
call->fault_code = DCERPC_NCA_S_FAULT_REMOTE_NO_MEMORY;
+
+ if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROTOCOL_ERROR) &&
+ nr != DCERPC_BIND_NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED)
+ {
+ call->fault_code = DCERPC_NCA_S_PROTO_ERROR;
+ }
+
return false;
}
if (call->in_auth_info.auth_type != auth->auth_type) {
+ call->fault_code = DCERPC_NCA_S_FAULT_REMOTE_NO_MEMORY;
return false;
}
if (call->in_auth_info.auth_level != auth->auth_level) {
+ call->fault_code = DCERPC_NCA_S_FAULT_REMOTE_NO_MEMORY;
return false;
}
if (call->in_auth_info.auth_context_id != auth->auth_context_id) {
+ call->fault_code = DCERPC_FAULT_ACCESS_DENIED;
return false;
}
@@ -615,12 +660,12 @@ bool dcesrv_auth_pkt_pull(struct dcesrv_call_state *call,
return false;
}
- if (!auth->auth_finished) {
- call->fault_code = DCERPC_NCA_S_PROTO_ERROR;
+ if (auth->auth_invalid) {
return false;
}
- if (auth->auth_invalid) {
+ if (!auth->auth_finished) {
+ call->fault_code = DCERPC_NCA_S_PROTO_ERROR;
return false;
}
diff --git a/librpc/rpc/dcesrv_core.c b/librpc/rpc/dcesrv_core.c
index c0a4150e3b3..66478001640 100644
--- a/librpc/rpc/dcesrv_core.c
+++ b/librpc/rpc/dcesrv_core.c
@@ -36,6 +36,7 @@
#include "system/network.h"
#include "lib/util/idtree_random.h"
#include "nsswitch/winbind_client.h"
+#include "libcli/smb/tstream_smbXcli_np.h"
/**
* @file
@@ -676,6 +677,8 @@ _PUBLIC_ NTSTATUS dcesrv_endpoint_connect(struct
dcesrv_context *dce_ctx,
{
struct dcesrv_auth *auth = NULL;
struct dcesrv_connection *p = NULL;
+ enum dcerpc_transport_t transport =
+ dcerpc_binding_get_transport(ep->ep_description);
if (!session_info) {
return NT_STATUS_ACCESS_DENIED;
@@ -695,9 +698,21 @@ _PUBLIC_ NTSTATUS dcesrv_endpoint_connect(struct
dcesrv_context *dce_ctx,
p->event_ctx = event_ctx;
p->state_flags = state_flags;
p->allow_bind = true;
- p->max_recv_frag = 5840;
- p->max_xmit_frag = 5840;
p->max_total_request_size = DCERPC_NCACN_REQUEST_DEFAULT_MAX_SIZE;
+ /*
+ * SMB uses 4280, while all others use 5480
+ * note that p->transport_max_recv_frag is fixed
+ * for the lifetime of the connection, it's not
+ * negotiated by bind.
+ */
+ if (transport == NCACN_NP) {
+ p->transport_max_recv_frag = TSTREAM_SMBXCLI_NP_MAX_BUF_SIZE;
+ } else {
+ p->transport_max_recv_frag = DCERPC_FRAG_MAX_SIZE;
+ }
+ /* these might be overwritten by BIND */
+ p->max_recv_frag = p->transport_max_recv_frag;
+ p->max_xmit_frag = p->transport_max_recv_frag;
p->support_hdr_signing = lpcfg_parm_bool(dce_ctx->lp_ctx,
NULL,
@@ -1116,12 +1131,20 @@ static NTSTATUS dcesrv_bind(struct dcesrv_call_state
*call)
DCERPC_BIND_NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED);
}
+ /*
+ * Note that BIND and ALTER allow frag_len up to UINT16_MAX,
+ * so we don't check again frag_len against
+ * call->conn->transport_max_recv_frag
+ */
+
/* max_recv_frag and max_xmit_frag result always in the same value! */
max_req = MIN(call->pkt.u.bind.max_xmit_frag,
call->pkt.u.bind.max_recv_frag);
/*
* The values are between 2048 and 5840 tested against Windows 2012R2
* via ncacn_ip_tcp on port 135.
+ *
+ * call->conn->transport_max_recv_frag stays fixed at 5840 (4280 for
SMB)
*/
max_req = MAX(2048, max_req);
max_rep = MIN(max_req, conn->max_recv_frag);
@@ -1135,13 +1158,23 @@ static NTSTATUS dcesrv_bind(struct dcesrv_call_state
*call)
status = dce_ctx->callbacks->assoc_group.find(
call, dce_ctx->callbacks->assoc_group.private_data);
if (!NT_STATUS_IS_OK(status)) {
- DBG_NOTICE("Failed to find assoc_group 0x%08x: %s\n",
- call->pkt.u.bind.assoc_group_id, nt_errstr(status));
+ char *raddr = NULL;
+
+ raddr = tsocket_address_string(call->conn->remote_address,
call);
+
+ endpoint = dcerpc_binding_get_string_option(
+ call->conn->endpoint->ep_description,
+ "endpoint");
+
+ DBG_WARNING("Failed to find assoc_group 0x%08x on ep[%s]
raddr[%s]: %s\n",
+ call->pkt.u.bind.assoc_group_id,
+ endpoint, raddr, nt_errstr(status));
return dcesrv_bind_nak(call, 0);
--
Samba Shared Repository
