feat: add fragmented bind/alter-context auth support

[oiweiwei]

• add fragmented bind/alter-context support for auth trailers exceeding max negotiated size. (see: https://pubs.opengroup.org/onlinepubs/9629399/chap12.htm)

• add boundary checks for packet encoding.

See: #82

[rtpt-erikgeiser]

It still panics, but now pkt.start and pkt.end are both positive and in a reasonable range.

go-msrpc/dcerpc/packet.go

Line 411 in 4a46d46

n, err := pkt.Body.EncodeTo(raw[pkt.start:pkt.end], pkt.Header.PacketDRep, 0)

I'm sorry that I cannot provide you with an AP_REQ but maybe you can try patching Security.Init to return a ~6k buffer to test whether it still panics.

[oiweiwei]

@rtpt-erikgeiser right, wrong max_size of packet calculation, i'm on it.

[oiweiwei]

@rtpt-erikgeiser tried with zero-pad. it seems like Microsoft doesn't support v5.1 sort of things. hence, added auto-adjustable bind size, please check if it works for you.

[oiweiwei]

also, you can control the size of the fragment manually (see WithFragmentSize option)

[rtpt-erikgeiser]

No it panics with [0:6123] for a slice of capacity 4096. Do I need to use WithFragmentSize? I think it is good to have the option to set it, but usually the consumer of go-msrcp does not know that a larger fragment size will be required.

[oiweiwei]

@rtpt-erikgeiser i've updated and checked end-to-end with auth-pad. it seems to be working for bind when we send more data than we set in max-xmit-frag. could you please double-check on your side.

[rtpt-erikgeiser]

With the latest commit, it does not panic anymore, but I get bind: invalid checksum. I think such a large Kerberos ticket may be reproducible by adding the user to a large number of groups.

[oiweiwei]

@rtpt-erikgeiser thanks for the hint, will try to reproduce. i'm wondering if this is related to the issue: https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/kerberos-authentication-problems-if-user-belongs-to-groups (here it is said that maximum buffer for the ap request should be adjusted).