Skip to content

DCE/RPC: various fixes#4941

Merged
gpotter2 merged 7 commits intosecdev:masterfrom
gpotter2:dcerpc-assocgroup
Mar 11, 2026
Merged

DCE/RPC: various fixes#4941
gpotter2 merged 7 commits intosecdev:masterfrom
gpotter2:dcerpc-assocgroup

Conversation

@gpotter2
Copy link
Member

@gpotter2 gpotter2 commented Mar 11, 2026
edited
Loading

This PR does a bunch of things related to DCE/RPC:

  • fixes Problem in DCERPC implementation #4900 by properly taking the association group id into account when computing the call_id. (BTW, contrary to what C706 says, it seems the group is also taken into account when using alter context, at least on windows)
  • also register the names of [MS-DCOM] interfaces to have them shown nicely in OBJREF
  • improve handling of impersonation type, also properly propagates it for NTLM
  • generally a better and more per-spec handling of SPNs when it comes to DCOM
  • fix the security trailer version being wrong which would lead in ACCESS_DENIED

@gpotter2 gpotter2 mentioned this pull request Mar 11, 2026
Closed
@gpotter2 gpotter2 force-pushed the dcerpc-assocgroup branch from bbc34d3 to 662a27c Compare March 11, 2026 11:54
@codecov
Copy link

codecov bot commented Mar 11, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 48.83721% with 22 lines in your changes missing coverage. Please review.
✅ Project coverage is 80.27%. Comparing base (9802dca) to head (86c5fc4).
⚠️ Report is 1 commits behind head on master.

Files with missing lines Patch % Lines
scapy/layers/msrpce/msdcom.py 5.88% 16 Missing ⚠️
scapy/layers/msrpce/rpcclient.py 72.72% 3 Missing ⚠️
scapy/layers/msrpce/msnrpc.py 0.00% 2 Missing ⚠️
scapy/layers/dcerpc.py 92.30% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #4941      +/-   ##
==========================================
- Coverage   80.28%   80.27%   -0.02%     
==========================================
  Files         375      375              
  Lines       92410    92431      +21     
==========================================
+ Hits        74194    74201       +7     
- Misses      18216    18230      +14
Files with missing lines Coverage Δ
scapy/layers/ms_nrtp.py 81.78% <ø> (ø)
scapy/layers/msrpce/rpcserver.py 87.23% <ø> (+1.59%) ⬆️
scapy/layers/ntlm.py 81.32% <ø> (ø)
scapy/layers/dcerpc.py 90.64% <92.30%> (+0.05%) ⬆️
scapy/layers/msrpce/msnrpc.py 64.24% <0.00%> (-0.20%) ⬇️
scapy/layers/msrpce/rpcclient.py 57.58% <72.72%> (ø)
scapy/layers/msrpce/msdcom.py 35.57% <5.88%> (-0.76%) ⬇️

... and 5 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@gpotter2 gpotter2 changed the title DCE/RPC: respect the association group for call_id DCE/RPC: various fixes Mar 11, 2026
@gpotter2 gpotter2 merged commit dbaaf69 into secdev:master Mar 11, 2026
44 of 45 checks passed
@gpotter2 gpotter2 deleted the dcerpc-assocgroup branch March 11, 2026 14:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Problem in DCERPC implementation

1 participant

@gpotter2