dcesrv: fix pad length mismatch handling for invalid bind packets (bug #14356)

https://bugzilla.samba.org/show_bug.cgi?id=14356

Checklist

• Commits have Signed-off-by: with name/author being identical to the commit author
• (optional) This MR is just one part towards a larger feature.
• (optional, if backport required) Bugzilla bug filed and BUG: tag added
• Test suite updated with functionality tests
• Test suite updated with negative tests
• Documentation updated
• CI timeout is 3h or higher (see Settings/CICD/General pipelines/ Timeout)

Reviewer's checklist:

• There is a test suite reasonably covering new functionality or modifications
• Function naming, parameters, return values, types, etc., are consistent and according to README.Coding.md
• This feature/change has adequate documentation added
• No obvious mistakes in the code

added 28 commits

• 80790878...2624a029 - 18 earlier commits
• 30284bbf - tests/dcerpc/raw_protocol: test invalid schannel binds
• 8fb99e88 - dcerpc_util: let dcerpc_pull_auth_trailer() check that auth_offset is 4 bytes aligned
• 19ae08c6 - dcerpc_util: let dcerpc_pull_auth_trailer() expose the reject reason
• 2c4d2de3 - dcerpc_util: let dcerpc_pull_auth_trailer() ignore data_and_pad for bind, alter, auth3
• d7d1352c - dcesrv_core: a failure from gensec_update results in NAK_REASON_INVALID_CHECKSUM
• 7eee1c54 - dcesrv_core: alter_context logon failures should result in DCERPC_FAULT_ACCESS_DENIED
• 205666ea - gensec:ntlmssp: only allow messages up to 2888 bytes
• dc5641bf - gensec:spnego: ignore trailing bytes in SPNEGO_SERVER_START state
• 60a71830 - dcesrv_core: fix the auth3 for large ntlmssp messages
• 406ef42f - dcesrv_core: better fault codes dcesrv_auth_prepare_auth3()

Compare with previous version

tests/dcerpc/raw_protocol: more more test for auth padding during ALTER_CONTEXT/AUTH3

s/more more/add more/ ?

added 22 commits

• 406ef42f...6a45150b - 12 earlier commits
• 2667f388 - tests/dcerpc/raw_protocol: test invalid schannel binds
• 4c33c759 - dcerpc_util: let dcerpc_pull_auth_trailer() check that auth_offset is 4 bytes aligned
• 16fb5926 - dcerpc_util: let dcerpc_pull_auth_trailer() expose the reject reason
• f4464edb - dcerpc_util: let dcerpc_pull_auth_trailer() ignore data_and_pad for bind, alter, auth3
• 4da7c150 - dcesrv_core: a failure from gensec_update results in NAK_REASON_INVALID_CHECKSUM
• 50ab89b4 - dcesrv_core: alter_context logon failures should result in DCERPC_FAULT_ACCESS_DENIED
• 0fc5f639 - gensec:ntlmssp: only allow messages up to 2888 bytes
• 6c6c605d - gensec:spnego: ignore trailing bytes in SPNEGO_SERVER_START state
• 7acba743 - dcesrv_core: fix the auth3 for large ntlmssp messages
• cf769e0f - dcesrv_core: better fault codes dcesrv_auth_prepare_auth3()

Compare with previous version

resolved all threads

Only changes in the commit message, so no new pipeline

9263ce5752063235836d5f77220b0151df6c9408

closed