py:dcerpc/raw_protocol: make use of assertPadding()
[samba.git] / python / samba / tests / dcerpc / raw_protocol.py
1 #!/usr/bin/env python3
2 # Unix SMB/CIFS implementation.
3 # Copyright (C) Stefan Metzmacher 2014,2015
4 #
5 # This program is free software; you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 3 of the License, or
8 # (at your option) any later version.
9 #
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13 # GNU General Public License for more details.
14 #
15 # You should have received a copy of the GNU General Public License
16 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
17 #
18
19 import sys
20 import os
21 import time
22
23 sys.path.insert(0, "bin/python")
24 os.environ["PYTHONUNBUFFERED"] = "1"
25
26 import samba.dcerpc.dcerpc as dcerpc
27 import samba.dcerpc.base as base
28 import samba.dcerpc.misc as misc
29 import samba.dcerpc.epmapper
30 import samba.dcerpc.mgmt
31 import samba.dcerpc.netlogon
32 import struct
33 from samba import gensec
34 from samba.tests.dcerpc.raw_testcase import RawDCERPCTest
35 from samba.compat import binary_type
36
37 global_ndr_print = False
38 global_hexdump = False
39
40
41 class TestDCERPC_BIND(RawDCERPCTest):
42
43     def setUp(self):
44         super(TestDCERPC_BIND, self).setUp()
45         self.do_ndr_print = global_ndr_print
46         self.do_hexdump = global_hexdump
47
48     def _test_no_auth_request_bind_pfc_flags(self, req_pfc_flags, rep_pfc_flags):
49         ndr32 = base.transfer_syntax_ndr()
50
51         tsf1_list = [ndr32]
52         ctx1 = dcerpc.ctx_list()
53         ctx1.context_id = 1
54         ctx1.num_transfer_syntaxes = len(tsf1_list)
55         ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
56         ctx1.transfer_syntaxes = tsf1_list
57
58         req = self.generate_bind(call_id=0, pfc_flags=req_pfc_flags, ctx_list=[ctx1])
59         self.send_pdu(req)
60         rep = self.recv_pdu()
61         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
62                         pfc_flags=rep_pfc_flags, auth_length=0)
63         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
64         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
65         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
66         self.assertEquals(rep.u.secondary_address_size, 4)
67         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
68         self.assertPadding(rep.u._pad1, 2)
69         self.assertEquals(rep.u.num_results, 1)
70         self.assertEquals(rep.u.ctx_list[0].result,
71                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
72         self.assertEquals(rep.u.ctx_list[0].reason,
73                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
74         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
75         self.assertEquals(rep.u.auth_info, b'\0' * 0)
76
77         # And now try a request
78         req = self.generate_request(call_id=1,
79                                     context_id=ctx1.context_id,
80                                     opnum=0,
81                                     stub=b"")
82         self.send_pdu(req)
83         rep = self.recv_pdu()
84         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
85                         auth_length=0)
86         self.assertNotEquals(rep.u.alloc_hint, 0)
87         self.assertEquals(rep.u.context_id, req.u.context_id)
88         self.assertEquals(rep.u.cancel_count, 0)
89         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
90
91     def _test_no_auth_request_alter_pfc_flags(self, req_pfc_flags, rep_pfc_flags):
92         ndr32 = base.transfer_syntax_ndr()
93
94         tsf1_list = [ndr32]
95         ctx1 = dcerpc.ctx_list()
96         ctx1.context_id = 1
97         ctx1.num_transfer_syntaxes = len(tsf1_list)
98         ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
99         ctx1.transfer_syntaxes = tsf1_list
100
101         req = self.generate_bind(call_id=0, ctx_list=[ctx1])
102         self.send_pdu(req)
103         rep = self.recv_pdu()
104         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
105                         auth_length=0)
106         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
107         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
108         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
109         self.assertEquals(rep.u.secondary_address_size, 4)
110         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
111         self.assertPadding(rep.u._pad1, 2)
112         self.assertEquals(rep.u.num_results, 1)
113         self.assertEquals(rep.u.ctx_list[0].result,
114                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
115         self.assertEquals(rep.u.ctx_list[0].reason,
116                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
117         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
118         self.assertEquals(rep.u.auth_info, b'\0' * 0)
119
120         # And now try a alter context
121         req = self.generate_alter(call_id=0, pfc_flags=req_pfc_flags, ctx_list=[ctx1])
122         self.send_pdu(req)
123         rep = self.recv_pdu()
124         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
125                         pfc_flags=rep_pfc_flags, auth_length=0)
126         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
127         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
128         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
129         self.assertEquals(rep.u.secondary_address_size, 0)
130         self.assertEquals(rep.u.secondary_address, "")
131         self.assertPadding(rep.u._pad1, 2)
132         self.assertEquals(rep.u.num_results, 1)
133         self.assertEquals(rep.u.ctx_list[0].result,
134                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
135         self.assertEquals(rep.u.ctx_list[0].reason,
136                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
137         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
138         self.assertEquals(rep.u.auth_info, b'\0' * 0)
139
140         # And now try a request
141         req = self.generate_request(call_id=1,
142                                     context_id=ctx1.context_id,
143                                     opnum=0,
144                                     stub=b"")
145         self.send_pdu(req)
146         rep = self.recv_pdu()
147         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
148                         auth_length=0)
149         self.assertNotEquals(rep.u.alloc_hint, 0)
150         self.assertEquals(rep.u.context_id, req.u.context_id)
151         self.assertEquals(rep.u.cancel_count, 0)
152         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
153
154     def test_no_auth_request(self):
155         return self._test_no_auth_request_bind_pfc_flags(
156                                         req_pfc_flags=0 |
157                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
158                                         dcerpc.DCERPC_PFC_FLAG_LAST,
159                                         rep_pfc_flags=0 |
160                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
161                                         dcerpc.DCERPC_PFC_FLAG_LAST)
162
163     def test_no_auth_request_bind_pfc_00(self):
164         return self._test_no_auth_request_bind_pfc_flags(
165                                         req_pfc_flags=0 |
166                                         0,
167                                         rep_pfc_flags=0 |
168                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
169                                         dcerpc.DCERPC_PFC_FLAG_LAST)
170
171     def test_no_auth_request_bind_pfc_FIRST(self):
172         return self._test_no_auth_request_bind_pfc_flags(
173                                         req_pfc_flags=0 |
174                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
175                                         0,
176                                         rep_pfc_flags=0 |
177                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
178                                         dcerpc.DCERPC_PFC_FLAG_LAST)
179
180     def test_no_auth_request_bind_pfc_LAST(self):
181         return self._test_no_auth_request_bind_pfc_flags(
182                                         req_pfc_flags=0 |
183                                         dcerpc.DCERPC_PFC_FLAG_LAST |
184                                         0,
185                                         rep_pfc_flags=0 |
186                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
187                                         dcerpc.DCERPC_PFC_FLAG_LAST)
188
189     # TODO: doesn't announce DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
190     # without authentication
191     def _test_no_auth_request_bind_pfc_HDR_SIGNING(self):
192         return self._test_no_auth_request_bind_pfc_flags(
193                                         req_pfc_flags=0 |
194                                         dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN |
195                                         0,
196                                         rep_pfc_flags=0 |
197                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
198                                         dcerpc.DCERPC_PFC_FLAG_LAST |
199                                         dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)
200
201     def test_no_auth_request_bind_pfc_08(self):
202         return self._test_no_auth_request_bind_pfc_flags(
203                                         req_pfc_flags=0 |
204                                         8 |
205                                         0,
206                                         rep_pfc_flags=0 |
207                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
208                                         dcerpc.DCERPC_PFC_FLAG_LAST)
209
210     def test_no_auth_request_bind_pfc_CONC_MPX(self):
211         return self._test_no_auth_request_bind_pfc_flags(
212                                         req_pfc_flags=0 |
213                                         dcerpc.DCERPC_PFC_FLAG_CONC_MPX |
214                                         0,
215                                         rep_pfc_flags=0 |
216                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
217                                         dcerpc.DCERPC_PFC_FLAG_LAST |
218                                         dcerpc.DCERPC_PFC_FLAG_CONC_MPX)
219
220     def test_no_auth_request_bind_pfc_DID_NOT_EXECUTE(self):
221         return self._test_no_auth_request_bind_pfc_flags(
222                                         req_pfc_flags=0 |
223                                         dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE |
224                                         0,
225                                         rep_pfc_flags=0 |
226                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
227                                         dcerpc.DCERPC_PFC_FLAG_LAST)
228
229     def test_no_auth_request_bind_pfc_MAYBE(self):
230         return self._test_no_auth_request_bind_pfc_flags(
231                                         req_pfc_flags=0 |
232                                         dcerpc.DCERPC_PFC_FLAG_MAYBE |
233                                         0,
234                                         rep_pfc_flags=0 |
235                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
236                                         dcerpc.DCERPC_PFC_FLAG_LAST)
237
238     def test_no_auth_request_bind_pfc_OBJECT_UUID(self):
239         return self._test_no_auth_request_bind_pfc_flags(
240                                         req_pfc_flags=0 |
241                                         dcerpc.DCERPC_PFC_FLAG_OBJECT_UUID |
242                                         0,
243                                         rep_pfc_flags=0 |
244                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
245                                         dcerpc.DCERPC_PFC_FLAG_LAST)
246
247     # TODO: doesn't announce DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
248     # without authentication
249     # TODO: doesn't announce DCERPC_PFC_FLAG_CONC_MPX
250     # by default
251     def _test_no_auth_request_bind_pfc_ff(self):
252         return self._test_no_auth_request_bind_pfc_flags(
253                                         req_pfc_flags=0 |
254                                         0xff |
255                                         0,
256                                         rep_pfc_flags=0 |
257                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
258                                         dcerpc.DCERPC_PFC_FLAG_LAST |
259                                         dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN |
260                                         dcerpc.DCERPC_PFC_FLAG_CONC_MPX)
261
262     def test_no_auth_request_alter_pfc_00(self):
263         return self._test_no_auth_request_alter_pfc_flags(
264                                         req_pfc_flags=0 |
265                                         0,
266                                         rep_pfc_flags=0 |
267                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
268                                         dcerpc.DCERPC_PFC_FLAG_LAST)
269
270     def test_no_auth_request_alter_pfc_FIRST(self):
271         return self._test_no_auth_request_alter_pfc_flags(
272                                         req_pfc_flags=0 |
273                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
274                                         0,
275                                         rep_pfc_flags=0 |
276                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
277                                         dcerpc.DCERPC_PFC_FLAG_LAST)
278
279     def test_no_auth_request_alter_pfc_LAST(self):
280         return self._test_no_auth_request_alter_pfc_flags(
281                                         req_pfc_flags=0 |
282                                         dcerpc.DCERPC_PFC_FLAG_LAST |
283                                         0,
284                                         rep_pfc_flags=0 |
285                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
286                                         dcerpc.DCERPC_PFC_FLAG_LAST)
287
288     # TODO: doesn't announce DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
289     # without authentication
290     def _test_no_auth_request_alter_pfc_HDR_SIGNING(self):
291         return self._test_no_auth_request_alter_pfc_flags(
292                                         req_pfc_flags=0 |
293                                         dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN |
294                                         0,
295                                         rep_pfc_flags=0 |
296                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
297                                         dcerpc.DCERPC_PFC_FLAG_LAST |
298                                         dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)
299
300     def test_no_auth_request_alter_pfc_08(self):
301         return self._test_no_auth_request_alter_pfc_flags(
302                                         req_pfc_flags=0 |
303                                         8 |
304                                         0,
305                                         rep_pfc_flags=0 |
306                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
307                                         dcerpc.DCERPC_PFC_FLAG_LAST)
308
309     def test_no_auth_request_alter_pfc_CONC_MPX(self):
310         return self._test_no_auth_request_alter_pfc_flags(
311                                         req_pfc_flags=0 |
312                                         dcerpc.DCERPC_PFC_FLAG_CONC_MPX |
313                                         0,
314                                         rep_pfc_flags=0 |
315                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
316                                         dcerpc.DCERPC_PFC_FLAG_LAST)
317
318     def test_no_auth_request_alter_pfc_DID_NOT_EXECUTE(self):
319         return self._test_no_auth_request_alter_pfc_flags(
320                                         req_pfc_flags=0 |
321                                         dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE |
322                                         0,
323                                         rep_pfc_flags=0 |
324                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
325                                         dcerpc.DCERPC_PFC_FLAG_LAST)
326
327     def test_no_auth_request_alter_pfc_MAYBE(self):
328         return self._test_no_auth_request_alter_pfc_flags(
329                                         req_pfc_flags=0 |
330                                         dcerpc.DCERPC_PFC_FLAG_MAYBE |
331                                         0,
332                                         rep_pfc_flags=0 |
333                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
334                                         dcerpc.DCERPC_PFC_FLAG_LAST)
335
336     def test_no_auth_request_alter_pfc_OBJECT_UUID(self):
337         return self._test_no_auth_request_alter_pfc_flags(
338                                         req_pfc_flags=0 |
339                                         dcerpc.DCERPC_PFC_FLAG_OBJECT_UUID |
340                                         0,
341                                         rep_pfc_flags=0 |
342                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
343                                         dcerpc.DCERPC_PFC_FLAG_LAST)
344
345     # TODO: doesn't announce DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
346     # without authentication
347     def _test_no_auth_request_alter_pfc_ff(self):
348         return self._test_no_auth_request_alter_pfc_flags(
349                                         req_pfc_flags=0 |
350                                         0xff |
351                                         0,
352                                         rep_pfc_flags=0 |
353                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
354                                         dcerpc.DCERPC_PFC_FLAG_LAST |
355                                         dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)
356
357     def test_no_auth_no_ctx(self):
358         # send an useless bind
359         req = self.generate_bind(call_id=0)
360         self.send_pdu(req)
361         rep = self.recv_pdu()
362         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
363                         auth_length=0)
364         self.assertEquals(rep.u.reject_reason,
365                           dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
366         self.assertEquals(rep.u.num_versions, 1)
367         self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
368         self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
369         self.assertPadding(rep.u._pad, 3)
370
371     def test_invalid_auth_noctx(self):
372         req = self.generate_bind(call_id=0)
373         req.auth_length = dcerpc.DCERPC_AUTH_TRAILER_LENGTH
374         self.send_pdu(req)
375         rep = self.recv_pdu()
376         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
377                         auth_length=0)
378         self.assertEquals(rep.u.reject_reason,
379                           dcerpc.DCERPC_BIND_NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED)
380         self.assertEquals(rep.u.num_versions, 1)
381         self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
382         self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
383         self.assertPadding(rep.u._pad, 3)
384
385     def test_no_auth_valid_valid_request(self):
386         ndr32 = base.transfer_syntax_ndr()
387
388         tsf1_list = [ndr32]
389         ctx1 = dcerpc.ctx_list()
390         ctx1.context_id = 1
391         ctx1.num_transfer_syntaxes = len(tsf1_list)
392         ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
393         ctx1.transfer_syntaxes = tsf1_list
394
395         req = self.generate_bind(call_id=0, ctx_list=[ctx1])
396         self.send_pdu(req)
397         rep = self.recv_pdu()
398         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
399                         auth_length=0)
400         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
401         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
402         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
403         self.assertEquals(rep.u.secondary_address_size, 4)
404         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
405         self.assertPadding(rep.u._pad1, 2)
406         self.assertEquals(rep.u.num_results, 1)
407         self.assertEquals(rep.u.ctx_list[0].result,
408                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
409         self.assertEquals(rep.u.ctx_list[0].reason,
410                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
411         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
412         self.assertEquals(rep.u.auth_info, b'\0' * 0)
413
414         # Send a bind again
415         tsf2_list = [ndr32]
416         ctx2 = dcerpc.ctx_list()
417         ctx2.context_id = 2
418         ctx2.num_transfer_syntaxes = len(tsf2_list)
419         ctx2.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
420         ctx2.transfer_syntaxes = tsf2_list
421
422         req = self.generate_bind(call_id=1, ctx_list=[ctx2])
423         self.send_pdu(req)
424         rep = self.recv_pdu()
425         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
426                         auth_length=0)
427         self.assertEquals(rep.u.reject_reason,
428                           dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
429         self.assertEquals(rep.u.num_versions, 1)
430         self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
431         self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
432         self.assertPadding(rep.u._pad, 3)
433
434         # wait for a disconnect
435         rep = self.recv_pdu()
436         self.assertIsNone(rep)
437         self.assertNotConnected()
438
439     def test_no_auth_invalid_valid_request(self):
440         # send an useless bind
441         req = self.generate_bind(call_id=0)
442         self.send_pdu(req)
443         rep = self.recv_pdu()
444         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
445                         auth_length=0)
446         self.assertEquals(rep.u.reject_reason,
447                           dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
448         self.assertEquals(rep.u.num_versions, 1)
449         self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
450         self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
451         self.assertPadding(rep.u._pad, 3)
452
453         # wait for a disconnect
454         rep = self.recv_pdu()
455         self.assertIsNone(rep)
456         self.assertNotConnected()
457
458     def test_alter_no_auth_no_ctx(self):
459         ndr32 = base.transfer_syntax_ndr()
460
461         tsf1_list = [ndr32]
462         ctx1 = dcerpc.ctx_list()
463         ctx1.context_id = 1
464         ctx1.num_transfer_syntaxes = len(tsf1_list)
465         ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
466         ctx1.transfer_syntaxes = tsf1_list
467
468         req = self.generate_bind(call_id=0, ctx_list=[ctx1])
469         self.send_pdu(req)
470         rep = self.recv_pdu()
471         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
472                         auth_length=0)
473         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
474         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
475         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
476         self.assertEquals(rep.u.secondary_address_size, 4)
477         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
478         self.assertPadding(rep.u._pad1, 2)
479         self.assertEquals(rep.u.num_results, 1)
480         self.assertEquals(rep.u.ctx_list[0].result,
481                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
482         self.assertEquals(rep.u.ctx_list[0].reason,
483                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
484         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
485         self.assertEquals(rep.u.auth_info, b'\0' * 0)
486
487         # Send a alter
488         req = self.generate_alter(call_id=1, ctx_list=[])
489         self.send_pdu(req)
490         rep = self.recv_pdu()
491         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
492                         pfc_flags=req.pfc_flags |
493                         dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
494                         auth_length=0)
495         self.assertNotEquals(rep.u.alloc_hint, 0)
496         self.assertEquals(rep.u.context_id, 0)
497         self.assertEquals(rep.u.cancel_count, 0)
498         self.assertEquals(rep.u.flags, 0)
499         self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
500         self.assertEquals(rep.u.reserved, 0)
501         self.assertEquals(len(rep.u.error_and_verifier), 0)
502
503         # wait for a disconnect
504         rep = self.recv_pdu()
505         self.assertIsNone(rep)
506         self.assertNotConnected()
507
508     def test_no_auth_presentation_ctx_valid1(self):
509         ndr32 = base.transfer_syntax_ndr()
510
511         zero_syntax = misc.ndr_syntax_id()
512
513         tsf1_list = [zero_syntax, ndr32]
514         ctx1 = dcerpc.ctx_list()
515         ctx1.context_id = 1
516         ctx1.num_transfer_syntaxes = len(tsf1_list)
517         ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
518         ctx1.transfer_syntaxes = tsf1_list
519
520         req = self.generate_bind(call_id=0, ctx_list=[ctx1])
521         self.send_pdu(req)
522         rep = self.recv_pdu()
523         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
524                         auth_length=0)
525         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
526         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
527         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
528         self.assertEquals(rep.u.secondary_address_size, 4)
529         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
530         self.assertPadding(rep.u._pad1, 2)
531         self.assertEquals(rep.u.num_results, 1)
532         self.assertEquals(rep.u.ctx_list[0].result,
533                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
534         self.assertEquals(rep.u.ctx_list[0].reason,
535                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
536         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
537         self.assertEquals(rep.u.auth_info, b'\0' * 0)
538
539         # Send a alter
540         req = self.generate_alter(call_id=1, ctx_list=[ctx1])
541         self.send_pdu(req)
542         rep = self.recv_pdu()
543         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
544                         auth_length=0)
545         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
546         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
547         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
548         self.assertEquals(rep.u.secondary_address_size, 0)
549         self.assertPadding(rep.u._pad1, 2)
550         self.assertEquals(rep.u.num_results, 1)
551         self.assertEquals(rep.u.ctx_list[0].result,
552                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
553         self.assertEquals(rep.u.ctx_list[0].reason,
554                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
555         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
556         self.assertEquals(rep.u.auth_info, b'\0' * 0)
557
558         req = self.generate_request(call_id=2,
559                                     context_id=ctx1.context_id,
560                                     opnum=0xffff,
561                                     stub=b"")
562         self.send_pdu(req)
563         rep = self.recv_pdu()
564         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
565                         pfc_flags=req.pfc_flags |
566                         dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
567                         auth_length=0)
568         self.assertNotEquals(rep.u.alloc_hint, 0)
569         self.assertEquals(rep.u.context_id, ctx1.context_id)
570         self.assertEquals(rep.u.cancel_count, 0)
571         self.assertEquals(rep.u.flags, 0)
572         self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_OP_RNG_ERROR)
573         self.assertEquals(rep.u.reserved, 0)
574         self.assertEquals(len(rep.u.error_and_verifier), 0)
575
576     def test_no_auth_presentation_ctx_invalid1(self):
577         ndr32 = base.transfer_syntax_ndr()
578
579         zero_syntax = misc.ndr_syntax_id()
580
581         tsf1_list = [ndr32]
582         ctx1 = dcerpc.ctx_list()
583         ctx1.context_id = 1
584         ctx1.num_transfer_syntaxes = len(tsf1_list)
585         ctx1.abstract_syntax = ndr32
586         ctx1.transfer_syntaxes = tsf1_list
587
588         req = self.generate_bind(call_id=0, ctx_list=[ctx1])
589         self.send_pdu(req)
590         rep = self.recv_pdu()
591         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
592                         auth_length=0)
593         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
594         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
595         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
596         self.assertEquals(rep.u.secondary_address_size, 4)
597         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
598         self.assertPadding(rep.u._pad1, 2)
599         self.assertEquals(rep.u.num_results, 1)
600         self.assertEquals(rep.u.ctx_list[0].result,
601                           dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
602         self.assertEquals(rep.u.ctx_list[0].reason,
603                           dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
604         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
605         self.assertEquals(rep.u.auth_info, b'\0' * 0)
606
607         # Send a alter
608         req = self.generate_alter(call_id=1, ctx_list=[ctx1])
609         self.send_pdu(req)
610         rep = self.recv_pdu()
611         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
612                         auth_length=0)
613         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
614         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
615         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
616         self.assertEquals(rep.u.secondary_address_size, 0)
617         self.assertPadding(rep.u._pad1, 2)
618         self.assertEquals(rep.u.num_results, 1)
619         self.assertEquals(rep.u.ctx_list[0].result,
620                           dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
621         self.assertEquals(rep.u.ctx_list[0].reason,
622                           dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
623         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
624         self.assertEquals(rep.u.auth_info, b'\0' * 0)
625
626         req = self.generate_request(call_id=2,
627                                     context_id=12345,
628                                     opnum=0,
629                                     stub=b"")
630         self.send_pdu(req)
631         rep = self.recv_pdu()
632         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
633                         pfc_flags=req.pfc_flags |
634                         dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
635                         auth_length=0)
636         self.assertNotEquals(rep.u.alloc_hint, 0)
637         self.assertEquals(rep.u.context_id, 0)
638         self.assertEquals(rep.u.cancel_count, 0)
639         self.assertEquals(rep.u.flags, 0)
640         self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_UNKNOWN_IF)
641         self.assertEquals(rep.u.reserved, 0)
642         self.assertEquals(len(rep.u.error_and_verifier), 0)
643
644         # Send a alter again to prove the connection is still alive
645         req = self.generate_alter(call_id=3, ctx_list=[ctx1])
646         self.send_pdu(req)
647         rep = self.recv_pdu()
648         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
649                         auth_length=0)
650         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
651         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
652         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
653         self.assertEquals(rep.u.secondary_address_size, 0)
654         self.assertPadding(rep.u._pad1, 2)
655         self.assertEquals(rep.u.num_results, 1)
656         self.assertEquals(rep.u.ctx_list[0].result,
657                           dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
658         self.assertEquals(rep.u.ctx_list[0].reason,
659                           dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
660         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
661         self.assertEquals(rep.u.auth_info, b'\0' * 0)
662
663     def test_no_auth_presentation_ctx_invalid2(self):
664         ndr32 = base.transfer_syntax_ndr()
665
666         zero_syntax = misc.ndr_syntax_id()
667
668         tsf1a_list = []
669         ctx1a = dcerpc.ctx_list()
670         ctx1a.context_id = 1
671         ctx1a.num_transfer_syntaxes = len(tsf1a_list)
672         ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
673         ctx1a.transfer_syntaxes = tsf1a_list
674
675         req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
676         self.send_pdu(req)
677         rep = self.recv_pdu()
678         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
679                         auth_length=0)
680         self.assertEquals(rep.u.reject_reason,
681                           dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
682         self.assertEquals(rep.u.num_versions, 1)
683         self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
684         self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
685         self.assertPadding(rep.u._pad, 3)
686
687         # wait for a disconnect
688         rep = self.recv_pdu()
689         self.assertIsNone(rep)
690         self.assertNotConnected()
691
692     def test_no_auth_presentation_ctx_invalid3(self):
693         ndr32 = base.transfer_syntax_ndr()
694
695         zero_syntax = misc.ndr_syntax_id()
696
697         tsf1a_list = [zero_syntax, ndr32, ndr32, ndr32]
698         ctx1a = dcerpc.ctx_list()
699         ctx1a.context_id = 1
700         ctx1a.num_transfer_syntaxes = len(tsf1a_list)
701         ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
702         ctx1a.transfer_syntaxes = tsf1a_list
703
704         req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
705         self.send_pdu(req)
706         rep = self.recv_pdu()
707         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
708                         auth_length=0)
709         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
710         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
711         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
712         self.assertEquals(rep.u.secondary_address_size, 4)
713         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
714         self.assertPadding(rep.u._pad1, 2)
715         self.assertEquals(rep.u.num_results, 1)
716         self.assertEquals(rep.u.ctx_list[0].result,
717                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
718         self.assertEquals(rep.u.ctx_list[0].reason,
719                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
720         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
721         self.assertEquals(rep.u.auth_info, b'\0' * 0)
722
723         tsf1b_list = []
724         ctx1b = dcerpc.ctx_list()
725         ctx1b.context_id = 1
726         ctx1b.num_transfer_syntaxes = len(tsf1b_list)
727         ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
728         ctx1b.transfer_syntaxes = tsf1b_list
729
730         # Send a alter
731         req = self.generate_alter(call_id=1, ctx_list=[ctx1b])
732         self.send_pdu(req)
733         rep = self.recv_pdu()
734         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
735                         pfc_flags=req.pfc_flags |
736                         dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
737                         auth_length=0)
738         self.assertNotEquals(rep.u.alloc_hint, 0)
739         self.assertEquals(rep.u.context_id, 0)
740         self.assertEquals(rep.u.cancel_count, 0)
741         self.assertEquals(rep.u.flags, 0)
742         self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
743         self.assertEquals(rep.u.reserved, 0)
744         self.assertEquals(len(rep.u.error_and_verifier), 0)
745
746         # wait for a disconnect
747         rep = self.recv_pdu()
748         self.assertIsNone(rep)
749         self.assertNotConnected()
750
751     def test_no_auth_presentation_ctx_invalid4(self):
752         ndr32 = base.transfer_syntax_ndr()
753         ndr64 = base.transfer_syntax_ndr64()
754
755         zero_syntax = misc.ndr_syntax_id()
756
757         tsf1a_list = [zero_syntax, ndr32, ndr32, ndr32]
758         ctx1a = dcerpc.ctx_list()
759         ctx1a.context_id = 1
760         ctx1a.num_transfer_syntaxes = len(tsf1a_list)
761         ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
762         ctx1a.transfer_syntaxes = tsf1a_list
763
764         req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
765         self.send_pdu(req)
766         rep = self.recv_pdu()
767         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
768                         auth_length=0)
769         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
770         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
771         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
772         self.assertEquals(rep.u.secondary_address_size, 4)
773         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
774         self.assertPadding(rep.u._pad1, 2)
775         self.assertEquals(rep.u.num_results, 1)
776         self.assertEquals(rep.u.ctx_list[0].result,
777                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
778         self.assertEquals(rep.u.ctx_list[0].reason,
779                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
780         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
781         self.assertEquals(rep.u.auth_info, b'\0' * 0)
782
783         # With a known but wrong syntax we get a protocol error
784         # see test_no_auth_presentation_ctx_valid2
785         tsf1b_list = [zero_syntax, samba.dcerpc.epmapper.abstract_syntax(), ndr64]
786         ctx1b = dcerpc.ctx_list()
787         ctx1b.context_id = 1
788         ctx1b.num_transfer_syntaxes = len(tsf1b_list)
789         ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
790         ctx1b.transfer_syntaxes = tsf1b_list
791
792         # Send a alter
793         req = self.generate_alter(call_id=1, ctx_list=[ctx1b])
794         self.send_pdu(req)
795         rep = self.recv_pdu()
796         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
797                         pfc_flags=req.pfc_flags |
798                         dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
799                         auth_length=0)
800         self.assertNotEquals(rep.u.alloc_hint, 0)
801         self.assertEquals(rep.u.context_id, 0)
802         self.assertEquals(rep.u.cancel_count, 0)
803         self.assertEquals(rep.u.flags, 0)
804         self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
805         self.assertEquals(rep.u.reserved, 0)
806         self.assertEquals(len(rep.u.error_and_verifier), 0)
807
808         # wait for a disconnect
809         rep = self.recv_pdu()
810         self.assertIsNone(rep)
811         self.assertNotConnected()
812
813     def test_no_auth_presentation_ctx_valid2(self):
814         ndr32 = base.transfer_syntax_ndr()
815
816         zero_syntax = misc.ndr_syntax_id()
817
818         tsf1a_list = [zero_syntax, ndr32, ndr32, ndr32]
819         ctx1a = dcerpc.ctx_list()
820         ctx1a.context_id = 1
821         ctx1a.num_transfer_syntaxes = len(tsf1a_list)
822         ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
823         ctx1a.transfer_syntaxes = tsf1a_list
824
825         req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
826         self.send_pdu(req)
827         rep = self.recv_pdu()
828         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
829                         auth_length=0)
830         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
831         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
832         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
833         self.assertEquals(rep.u.secondary_address_size, 4)
834         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
835         self.assertPadding(rep.u._pad1, 2)
836         self.assertEquals(rep.u.num_results, 1)
837         self.assertEquals(rep.u.ctx_list[0].result,
838                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
839         self.assertEquals(rep.u.ctx_list[0].reason,
840                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
841         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
842         self.assertEquals(rep.u.auth_info, b'\0' * 0)
843
844         # With a unknown but wrong syntaxes we get NO protocol error
845         # see test_no_auth_presentation_ctx_invalid4
846         tsf1b_list = [zero_syntax, samba.dcerpc.epmapper.abstract_syntax()]
847         ctx1b = dcerpc.ctx_list()
848         ctx1b.context_id = 1
849         ctx1b.num_transfer_syntaxes = len(tsf1b_list)
850         ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
851         ctx1b.transfer_syntaxes = tsf1b_list
852
853         # Send a alter
854         req = self.generate_alter(call_id=1, ctx_list=[ctx1b])
855         self.send_pdu(req)
856         rep = self.recv_pdu()
857         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
858                         auth_length=0)
859         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
860         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
861         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
862         self.assertEquals(rep.u.secondary_address_size, 0)
863         self.assertPadding(rep.u._pad1, 2)
864         self.assertEquals(rep.u.num_results, 1)
865         self.assertEquals(rep.u.ctx_list[0].result,
866                           dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
867         self.assertEquals(rep.u.ctx_list[0].reason,
868                           dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
869         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
870         self.assertEquals(rep.u.auth_info, b'\0' * 0)
871
872         req = self.generate_request(call_id=2,
873                                     context_id=ctx1a.context_id,
874                                     opnum=0xffff,
875                                     stub=b"")
876         self.send_pdu(req)
877         rep = self.recv_pdu()
878         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
879                         pfc_flags=req.pfc_flags |
880                         dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
881                         auth_length=0)
882         self.assertNotEquals(rep.u.alloc_hint, 0)
883         self.assertEquals(rep.u.context_id, ctx1a.context_id)
884         self.assertEquals(rep.u.cancel_count, 0)
885         self.assertEquals(rep.u.flags, 0)
886         self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_OP_RNG_ERROR)
887         self.assertEquals(rep.u.reserved, 0)
888         self.assertEquals(len(rep.u.error_and_verifier), 0)
889
890     def test_no_auth_presentation_ctx_no_ndr64(self):
891         ndr32 = base.transfer_syntax_ndr()
892         zero_syntax = misc.ndr_syntax_id()
893
894         tsfZ_list = [zero_syntax]
895         ctxZ = dcerpc.ctx_list()
896         ctxZ.context_id = 54321
897         ctxZ.num_transfer_syntaxes = len(tsfZ_list)
898         ctxZ.abstract_syntax = zero_syntax
899         ctxZ.transfer_syntaxes = tsfZ_list
900
901         req = self.generate_bind(call_id=0, ctx_list=[ctxZ])
902         self.send_pdu(req)
903         rep = self.recv_pdu()
904         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
905                         auth_length=0)
906         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
907         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
908         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
909         self.assertEquals(rep.u.secondary_address_size, 4)
910         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
911         self.assertPadding(rep.u._pad1, 2)
912         self.assertEquals(rep.u.num_results, 1)
913         self.assertEquals(rep.u.ctx_list[0].result,
914                           dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
915         self.assertEquals(rep.u.ctx_list[0].reason,
916                           dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
917         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
918         self.assertEquals(rep.u.auth_info, b'\0' * 0)
919
920         tsf0_list = [ndr32]
921         ctx0 = dcerpc.ctx_list()
922         ctx0.context_id = 0
923         ctx0.num_transfer_syntaxes = len(tsf0_list)
924         ctx0.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
925         ctx0.transfer_syntaxes = tsf0_list
926
927         req = self.generate_alter(call_id=0, ctx_list=[ctx0])
928         self.send_pdu(req)
929         rep = self.recv_pdu()
930         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
931                         auth_length=0)
932         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
933         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
934         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
935         self.assertEquals(rep.u.secondary_address_size, 0)
936         self.assertPadding(rep.u._pad1, 2)
937         self.assertEquals(rep.u.num_results, 1)
938         self.assertEquals(rep.u.ctx_list[0].result,
939                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
940         self.assertEquals(rep.u.ctx_list[0].reason,
941                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
942         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
943         self.assertEquals(rep.u.auth_info, b'\0' * 0)
944
945         req = self.generate_request(call_id=1,
946                                     context_id=ctx0.context_id,
947                                     opnum=0,
948                                     stub=b"")
949         self.send_pdu(req)
950         rep = self.recv_pdu()
951         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
952                         auth_length=0)
953         self.assertNotEquals(rep.u.alloc_hint, 0)
954         self.assertEquals(rep.u.context_id, req.u.context_id)
955         self.assertEquals(rep.u.cancel_count, 0)
956         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
957
958         tsf1_list = [zero_syntax, ndr32]
959         ctx1 = dcerpc.ctx_list()
960         ctx1.context_id = 1
961         ctx1.num_transfer_syntaxes = len(tsf1_list)
962         ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
963         ctx1.transfer_syntaxes = tsf1_list
964
965         req = self.generate_alter(call_id=1, ctx_list=[ctx1])
966         self.send_pdu(req)
967         rep = self.recv_pdu()
968         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
969                         auth_length=0)
970         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
971         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
972         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
973         self.assertEquals(rep.u.secondary_address_size, 0)
974         self.assertPadding(rep.u._pad1, 2)
975         self.assertEquals(rep.u.num_results, 1)
976         self.assertEquals(rep.u.ctx_list[0].result,
977                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
978         self.assertEquals(rep.u.ctx_list[0].reason,
979                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
980         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
981         self.assertEquals(rep.u.auth_info, b'\0' * 0)
982
983         req = self.generate_request(call_id=1,
984                                     context_id=ctx1.context_id,
985                                     opnum=0,
986                                     stub=b"")
987         self.send_pdu(req)
988         rep = self.recv_pdu()
989         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
990                         auth_length=0)
991         self.assertNotEquals(rep.u.alloc_hint, 0)
992         self.assertEquals(rep.u.context_id, req.u.context_id)
993         self.assertEquals(rep.u.cancel_count, 0)
994         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
995
996         tsf2_list = [ndr32, ndr32]
997         ctx2 = dcerpc.ctx_list()
998         ctx2.context_id = 2
999         ctx2.num_transfer_syntaxes = len(tsf2_list)
1000         ctx2.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1001         ctx2.transfer_syntaxes = tsf2_list
1002
1003         req = self.generate_alter(call_id=2, ctx_list=[ctx2])
1004         self.send_pdu(req)
1005         rep = self.recv_pdu()
1006         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1007                         auth_length=0)
1008         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1009         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1010         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1011         self.assertEquals(rep.u.secondary_address_size, 0)
1012         self.assertPadding(rep.u._pad1, 2)
1013         self.assertEquals(rep.u.num_results, 1)
1014         self.assertEquals(rep.u.ctx_list[0].result,
1015                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1016         self.assertEquals(rep.u.ctx_list[0].reason,
1017                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1018         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1019         self.assertEquals(rep.u.auth_info, b'\0' * 0)
1020
1021         req = self.generate_request(call_id=1,
1022                                     context_id=ctx2.context_id,
1023                                     opnum=0,
1024                                     stub=b"")
1025         self.send_pdu(req)
1026         rep = self.recv_pdu()
1027         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1028                         auth_length=0)
1029         self.assertNotEquals(rep.u.alloc_hint, 0)
1030         self.assertEquals(rep.u.context_id, req.u.context_id)
1031         self.assertEquals(rep.u.cancel_count, 0)
1032         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1033
1034         tsf3_list = [ndr32]
1035         ctx3 = dcerpc.ctx_list()
1036         ctx3.context_id = 3
1037         ctx3.num_transfer_syntaxes = len(tsf3_list)
1038         ctx3.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1039         ctx3.transfer_syntaxes = tsf3_list
1040
1041         tsf4_list = [ndr32]
1042         ctx4 = dcerpc.ctx_list()
1043         ctx4.context_id = 4
1044         ctx4.num_transfer_syntaxes = len(tsf4_list)
1045         ctx4.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1046         ctx4.transfer_syntaxes = tsf4_list
1047
1048         req = self.generate_alter(call_id=34, ctx_list=[ctx3, ctx4])
1049         self.send_pdu(req)
1050         rep = self.recv_pdu()
1051         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1052                         auth_length=0)
1053         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1054         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1055         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1056         self.assertEquals(rep.u.secondary_address_size, 0)
1057         self.assertPadding(rep.u._pad1, 2)
1058         self.assertEquals(rep.u.num_results, 2)
1059         self.assertEquals(rep.u.ctx_list[0].result,
1060                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1061         self.assertEquals(rep.u.ctx_list[0].reason,
1062                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1063         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1064         self.assertEquals(rep.u.ctx_list[1].result,
1065                           dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1066         self.assertEquals(rep.u.ctx_list[1].reason,
1067                           dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1068         self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1069         self.assertEquals(rep.u.auth_info, b'\0' * 0)
1070
1071         req = self.generate_request(call_id=1,
1072                                     context_id=ctx3.context_id,
1073                                     opnum=0,
1074                                     stub=b"")
1075         self.send_pdu(req)
1076         rep = self.recv_pdu()
1077         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1078                         auth_length=0)
1079         self.assertNotEquals(rep.u.alloc_hint, 0)
1080         self.assertEquals(rep.u.context_id, req.u.context_id)
1081         self.assertEquals(rep.u.cancel_count, 0)
1082         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1083
1084         req = self.generate_alter(call_id=43, ctx_list=[ctx4, ctx3])
1085         self.send_pdu(req)
1086         rep = self.recv_pdu()
1087         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1088                         auth_length=0)
1089         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1090         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1091         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1092         self.assertEquals(rep.u.secondary_address_size, 0)
1093         self.assertPadding(rep.u._pad1, 2)
1094         self.assertEquals(rep.u.num_results, 2)
1095         self.assertEquals(rep.u.ctx_list[0].result,
1096                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1097         self.assertEquals(rep.u.ctx_list[0].reason,
1098                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1099         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1100         self.assertEquals(rep.u.ctx_list[1].result,
1101                           dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1102         self.assertEquals(rep.u.ctx_list[1].reason,
1103                           dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1104         self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1105         self.assertEquals(rep.u.auth_info, b'\0' * 0)
1106
1107         req = self.generate_request(call_id=1,
1108                                     context_id=ctx4.context_id,
1109                                     opnum=0,
1110                                     stub=b"")
1111         self.send_pdu(req)
1112         rep = self.recv_pdu()
1113         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1114                         auth_length=0)
1115         self.assertNotEquals(rep.u.alloc_hint, 0)
1116         self.assertEquals(rep.u.context_id, req.u.context_id)
1117         self.assertEquals(rep.u.cancel_count, 0)
1118         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1119
1120         req = self.generate_request(call_id=1,
1121                                     context_id=ctx3.context_id,
1122                                     opnum=0,
1123                                     stub=b"")
1124         self.send_pdu(req)
1125         rep = self.recv_pdu()
1126         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1127                         auth_length=0)
1128         self.assertNotEquals(rep.u.alloc_hint, 0)
1129         self.assertEquals(rep.u.context_id, req.u.context_id)
1130         self.assertEquals(rep.u.cancel_count, 0)
1131         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1132
1133         req = self.generate_alter(call_id=44, ctx_list=[ctx4, ctx4])
1134         self.send_pdu(req)
1135         rep = self.recv_pdu()
1136         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1137                         auth_length=0)
1138         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1139         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1140         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1141         self.assertEquals(rep.u.secondary_address_size, 0)
1142         self.assertPadding(rep.u._pad1, 2)
1143         self.assertEquals(rep.u.num_results, 2)
1144         self.assertEquals(rep.u.ctx_list[0].result,
1145                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1146         self.assertEquals(rep.u.ctx_list[0].reason,
1147                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1148         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1149         self.assertEquals(rep.u.ctx_list[1].result,
1150                           dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1151         self.assertEquals(rep.u.ctx_list[1].reason,
1152                           dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1153         self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1154         self.assertEquals(rep.u.auth_info, b'\0' * 0)
1155
1156         req = self.generate_request(call_id=1,
1157                                     context_id=ctx4.context_id,
1158                                     opnum=0,
1159                                     stub=b"")
1160         self.send_pdu(req)
1161         rep = self.recv_pdu()
1162         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1163                         auth_length=0)
1164         self.assertNotEquals(rep.u.alloc_hint, 0)
1165         self.assertEquals(rep.u.context_id, req.u.context_id)
1166         self.assertEquals(rep.u.cancel_count, 0)
1167         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1168
1169         req = self.generate_request(call_id=1,
1170                                     context_id=ctx3.context_id,
1171                                     opnum=0,
1172                                     stub=b"")
1173         self.send_pdu(req)
1174         rep = self.recv_pdu()
1175         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1176                         auth_length=0)
1177         self.assertNotEquals(rep.u.alloc_hint, 0)
1178         self.assertEquals(rep.u.context_id, req.u.context_id)
1179         self.assertEquals(rep.u.cancel_count, 0)
1180         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1181
1182         tsf5mgmt_list = [ndr32]
1183         ctx5mgmt = dcerpc.ctx_list()
1184         ctx5mgmt.context_id = 5
1185         ctx5mgmt.num_transfer_syntaxes = len(tsf5mgmt_list)
1186         ctx5mgmt.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1187         ctx5mgmt.transfer_syntaxes = tsf5mgmt_list
1188
1189         tsf5epm_list = [ndr32]
1190         ctx5epm = dcerpc.ctx_list()
1191         ctx5epm.context_id = 5
1192         ctx5epm.num_transfer_syntaxes = len(tsf5epm_list)
1193         ctx5epm.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1194         ctx5epm.transfer_syntaxes = tsf5epm_list
1195
1196         req = self.generate_alter(call_id=55, ctx_list=[ctx5mgmt, ctx5epm])
1197         self.send_pdu(req)
1198         rep = self.recv_pdu()
1199         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1200                         auth_length=0)
1201         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1202         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1203         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1204         self.assertEquals(rep.u.secondary_address_size, 0)
1205         self.assertPadding(rep.u._pad1, 2)
1206         self.assertEquals(rep.u.num_results, 2)
1207         self.assertEquals(rep.u.ctx_list[0].result,
1208                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1209         self.assertEquals(rep.u.ctx_list[0].reason,
1210                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1211         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1212         self.assertEquals(rep.u.ctx_list[1].result,
1213                           dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1214         self.assertEquals(rep.u.ctx_list[1].reason,
1215                           dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1216         self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1217         self.assertEquals(rep.u.auth_info, b'\0' * 0)
1218
1219         req = self.generate_request(call_id=1,
1220                                     context_id=ctx5mgmt.context_id,
1221                                     opnum=0,
1222                                     stub=b"")
1223         self.send_pdu(req)
1224         rep = self.recv_pdu()
1225         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1226                         auth_length=0)
1227         self.assertNotEquals(rep.u.alloc_hint, 0)
1228         self.assertEquals(rep.u.context_id, req.u.context_id)
1229         self.assertEquals(rep.u.cancel_count, 0)
1230         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1231
1232         req = self.generate_alter(call_id=55, ctx_list=[ctx5mgmt, ctx5epm])
1233         self.send_pdu(req)
1234         rep = self.recv_pdu()
1235         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1236                         auth_length=0)
1237         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1238         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1239         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1240         self.assertEquals(rep.u.secondary_address_size, 0)
1241         self.assertPadding(rep.u._pad1, 2)
1242         self.assertEquals(rep.u.num_results, 2)
1243         self.assertEquals(rep.u.ctx_list[0].result,
1244                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1245         self.assertEquals(rep.u.ctx_list[0].reason,
1246                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1247         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1248         self.assertEquals(rep.u.ctx_list[1].result,
1249                           dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1250         self.assertEquals(rep.u.ctx_list[1].reason,
1251                           dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1252         self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1253         self.assertEquals(rep.u.auth_info, b'\0' * 0)
1254
1255         req = self.generate_request(call_id=1,
1256                                     context_id=ctx5mgmt.context_id,
1257                                     opnum=0,
1258                                     stub=b"")
1259         self.send_pdu(req)
1260         rep = self.recv_pdu()
1261         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1262                         auth_length=0)
1263         self.assertNotEquals(rep.u.alloc_hint, 0)
1264         self.assertEquals(rep.u.context_id, req.u.context_id)
1265         self.assertEquals(rep.u.cancel_count, 0)
1266         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1267
1268     def test_no_auth_bind_time_none_simple(self):
1269         features = 0
1270         btf = base.bind_time_features_syntax(features)
1271
1272         zero_syntax = misc.ndr_syntax_id()
1273
1274         tsf1_list = [btf]
1275         ctx1 = dcerpc.ctx_list()
1276         ctx1.context_id = 1
1277         ctx1.num_transfer_syntaxes = len(tsf1_list)
1278         ctx1.abstract_syntax = zero_syntax
1279         ctx1.transfer_syntaxes = tsf1_list
1280
1281         req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1282         self.send_pdu(req)
1283         rep = self.recv_pdu()
1284         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1285                         auth_length=0)
1286         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1287         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1288         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1289         self.assertEquals(rep.u.secondary_address_size, 4)
1290         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1291         self.assertPadding(rep.u._pad1, 2)
1292         self.assertEquals(rep.u.num_results, 1)
1293         self.assertEquals(rep.u.ctx_list[0].result,
1294                           dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1295         self.assertEquals(rep.u.ctx_list[0].reason, features)
1296         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1297         self.assertEquals(rep.u.auth_info, b'\0' * 0)
1298
1299     def test_no_auth_bind_time_none_ignore_additional(self):
1300         features1 = 0
1301         btf1 = base.bind_time_features_syntax(features1)
1302
1303         features2 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1304         features2 |= dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1305         btf2 = base.bind_time_features_syntax(features2)
1306
1307         zero_syntax = misc.ndr_syntax_id()
1308         ndr64 = base.transfer_syntax_ndr64()
1309
1310         tsf1_list = [btf1, btf2, zero_syntax]
1311         ctx1 = dcerpc.ctx_list()
1312         ctx1.context_id = 1
1313         ctx1.num_transfer_syntaxes = len(tsf1_list)
1314         ctx1.abstract_syntax = ndr64
1315         ctx1.transfer_syntaxes = tsf1_list
1316
1317         req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1318         self.send_pdu(req)
1319         rep = self.recv_pdu()
1320         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1321                         auth_length=0)
1322         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1323         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1324         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1325         self.assertEquals(rep.u.secondary_address_size, 4)
1326         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1327         self.assertPadding(rep.u._pad1, 2)
1328         self.assertEquals(rep.u.num_results, 1)
1329         self.assertEquals(rep.u.ctx_list[0].result,
1330                           dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1331         self.assertEquals(rep.u.ctx_list[0].reason, features1)
1332         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1333         self.assertEquals(rep.u.auth_info, b'\0' * 0)
1334
1335     def test_no_auth_bind_time_only_first(self):
1336         features1 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1337         btf1 = base.bind_time_features_syntax(features1)
1338
1339         features2 = dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1340         btf2 = base.bind_time_features_syntax(features2)
1341
1342         zero_syntax = misc.ndr_syntax_id()
1343
1344         tsf1_list = [zero_syntax, btf1, btf2, zero_syntax]
1345         ctx1 = dcerpc.ctx_list()
1346         ctx1.context_id = 1
1347         ctx1.num_transfer_syntaxes = len(tsf1_list)
1348         ctx1.abstract_syntax = zero_syntax
1349         ctx1.transfer_syntaxes = tsf1_list
1350
1351         req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1352         self.send_pdu(req)
1353         rep = self.recv_pdu()
1354         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1355                         auth_length=0)
1356         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1357         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1358         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1359         self.assertEquals(rep.u.secondary_address_size, 4)
1360         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1361         self.assertPadding(rep.u._pad1, 2)
1362         self.assertEquals(rep.u.num_results, 1)
1363         self.assertEquals(rep.u.ctx_list[0].result,
1364                           dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1365         self.assertEquals(rep.u.ctx_list[0].reason,
1366                           dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
1367         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1368         self.assertEquals(rep.u.auth_info, b'\0' * 0)
1369
1370     def test_no_auth_bind_time_twice(self):
1371         features1 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1372         btf1 = base.bind_time_features_syntax(features1)
1373
1374         features2 = dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1375         btf2 = base.bind_time_features_syntax(features2)
1376
1377         zero_syntax = misc.ndr_syntax_id()
1378
1379         tsf1_list = [btf1]
1380         ctx1 = dcerpc.ctx_list()
1381         ctx1.context_id = 1
1382         ctx1.num_transfer_syntaxes = len(tsf1_list)
1383         ctx1.abstract_syntax = zero_syntax
1384         ctx1.transfer_syntaxes = tsf1_list
1385
1386         tsf2_list = [btf2]
1387         ctx2 = dcerpc.ctx_list()
1388         ctx2.context_id = 2
1389         ctx2.num_transfer_syntaxes = len(tsf2_list)
1390         ctx2.abstract_syntax = zero_syntax
1391         ctx2.transfer_syntaxes = tsf2_list
1392
1393         req = self.generate_bind(call_id=0, ctx_list=[ctx1, ctx2])
1394         self.send_pdu(req)
1395         rep = self.recv_pdu()
1396         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
1397                         auth_length=0)
1398         self.assertEquals(rep.u.reject_reason,
1399                           dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1400         self.assertEquals(rep.u.num_versions, 1)
1401         self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
1402         self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
1403         self.assertPadding(rep.u._pad, 3)
1404
1405         # wait for a disconnect
1406         rep = self.recv_pdu()
1407         self.assertIsNone(rep)
1408         self.assertNotConnected()
1409
1410     def test_no_auth_bind_time_keep_on_orphan_simple(self):
1411         features = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1412         btf = base.bind_time_features_syntax(features)
1413
1414         zero_syntax = misc.ndr_syntax_id()
1415
1416         tsf1_list = [btf]
1417         ctx1 = dcerpc.ctx_list()
1418         ctx1.context_id = 1
1419         ctx1.num_transfer_syntaxes = len(tsf1_list)
1420         ctx1.abstract_syntax = zero_syntax
1421         ctx1.transfer_syntaxes = tsf1_list
1422
1423         req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1424         self.send_pdu(req)
1425         rep = self.recv_pdu()
1426         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1427                         auth_length=0)
1428         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1429         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1430         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1431         self.assertEquals(rep.u.secondary_address_size, 4)
1432         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1433         self.assertPadding(rep.u._pad1, 2)
1434         self.assertEquals(rep.u.num_results, 1)
1435         self.assertEquals(rep.u.ctx_list[0].result,
1436                           dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1437         self.assertEquals(rep.u.ctx_list[0].reason, features)
1438         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1439         self.assertEquals(rep.u.auth_info, b'\0' * 0)
1440
1441     def test_no_auth_bind_time_keep_on_orphan_ignore_additional(self):
1442         features1 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1443         btf1 = base.bind_time_features_syntax(features1)
1444
1445         features2 = dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1446         btf2 = base.bind_time_features_syntax(features2)
1447
1448         zero_syntax = misc.ndr_syntax_id()
1449         ndr64 = base.transfer_syntax_ndr64()
1450
1451         tsf1_list = [btf1, btf2, zero_syntax]
1452         ctx1 = dcerpc.ctx_list()
1453         ctx1.context_id = 1
1454         ctx1.num_transfer_syntaxes = len(tsf1_list)
1455         ctx1.abstract_syntax = ndr64
1456         ctx1.transfer_syntaxes = tsf1_list
1457
1458         req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1459         self.send_pdu(req)
1460         rep = self.recv_pdu()
1461         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1462                         auth_length=0)
1463         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1464         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1465         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1466         self.assertEquals(rep.u.secondary_address_size, 4)
1467         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1468         self.assertPadding(rep.u._pad1, 2)
1469         self.assertEquals(rep.u.num_results, 1)
1470         self.assertEquals(rep.u.ctx_list[0].result,
1471                           dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1472         self.assertEquals(rep.u.ctx_list[0].reason, features1)
1473         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1474         self.assertEquals(rep.u.auth_info, b'\0' * 0)
1475
1476     def _test_auth_type_level_bind_nak(self, auth_type, auth_level, creds=None,
1477                                        reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_AUTH_TYPE):
1478         ndr32 = base.transfer_syntax_ndr()
1479
1480         tsf1_list = [ndr32]
1481         ctx1 = dcerpc.ctx_list()
1482         ctx1.context_id = 1
1483         ctx1.num_transfer_syntaxes = len(tsf1_list)
1484         ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1485         ctx1.transfer_syntaxes = tsf1_list
1486         ctx_list = [ctx1]
1487
1488         auth_context_id = 0
1489
1490         if creds is not None:
1491             # We always start with DCERPC_AUTH_LEVEL_INTEGRITY
1492             auth_context = self.get_auth_context_creds(creds,
1493                                                        auth_type=auth_type,
1494                                                        auth_level=auth_level,
1495                                                        auth_context_id=auth_context_id,
1496                                                        g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
1497             from_server = b""
1498             (finished, to_server) = auth_context["gensec"].update(from_server)
1499             self.assertFalse(finished)
1500
1501             auth_info = self.generate_auth(auth_type=auth_context["auth_type"],
1502                                            auth_level=auth_context["auth_level"],
1503                                            auth_context_id=auth_context["auth_context_id"],
1504                                            auth_blob=to_server)
1505         else:
1506             to_server = b"none"
1507             auth_info = self.generate_auth(auth_type=auth_type,
1508                                            auth_level=auth_level,
1509                                            auth_context_id=auth_context_id,
1510                                            auth_blob=to_server)
1511
1512         req = self.generate_bind(call_id=0,
1513                                  ctx_list=ctx_list,
1514                                  auth_info=auth_info)
1515         self.send_pdu(req)
1516         rep = self.recv_pdu()
1517         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
1518                         auth_length=0)
1519         self.assertEquals(rep.u.reject_reason, reason)
1520         self.assertEquals(rep.u.num_versions, 1)
1521         self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
1522         self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
1523         self.assertPadding(rep.u._pad, 3)
1524
1525         # wait for a disconnect
1526         rep = self.recv_pdu()
1527         self.assertIsNone(rep)
1528         self.assertNotConnected()
1529
1530     def _test_auth_none_level_bind(self, auth_level,
1531                                    reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_AUTH_TYPE):
1532         return self._test_auth_type_level_bind_nak(auth_type=dcerpc.DCERPC_AUTH_LEVEL_NONE,
1533                                                    auth_level=auth_level, reason=reason)
1534
1535     def test_auth_none_none_bind(self):
1536         return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_NONE,
1537                                                reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1538
1539     def test_auth_none_connect_bind(self):
1540         return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_CONNECT)
1541
1542     def test_auth_none_call_bind(self):
1543         return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_CALL)
1544
1545     def test_auth_none_packet_bind(self):
1546         return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_PACKET)
1547
1548     def test_auth_none_integrity_bind(self):
1549         return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
1550
1551     def test_auth_none_privacy_bind(self):
1552         return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_PRIVACY)
1553
1554     def test_auth_none_0_bind(self):
1555         return self._test_auth_none_level_bind(0,
1556                                                reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1557
1558     def test_auth_none_7_bind(self):
1559         return self._test_auth_none_level_bind(7,
1560                                                reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1561
1562     def test_auth_none_255_bind(self):
1563         return self._test_auth_none_level_bind(255,
1564                                                reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1565
1566     def _test_auth_none_level_request(self, auth_level):
1567         ndr32 = base.transfer_syntax_ndr()
1568
1569         tsf1_list = [ndr32]
1570         ctx1 = dcerpc.ctx_list()
1571         ctx1.context_id = 1
1572         ctx1.num_transfer_syntaxes = len(tsf1_list)
1573         ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1574         ctx1.transfer_syntaxes = tsf1_list
1575         ctx_list = [ctx1]
1576
1577         auth_type = dcerpc.DCERPC_AUTH_TYPE_NONE
1578         auth_context_id = 0
1579
1580         req = self.generate_bind(call_id=0,
1581                                  ctx_list=ctx_list)
1582
1583         self.send_pdu(req)
1584         rep = self.recv_pdu()
1585         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
1586         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1587         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1588         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1589         self.assertEquals(rep.u.secondary_address_size, 4)
1590         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1591         self.assertPadding(rep.u._pad1, 2)
1592         self.assertEquals(rep.u.num_results, 1)
1593         self.assertEquals(rep.u.ctx_list[0].result,
1594                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1595         self.assertEquals(rep.u.ctx_list[0].reason,
1596                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1597         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1598         self.assertEquals(len(rep.u.auth_info), 0)
1599
1600         # And now try a request without auth_info
1601         req = self.generate_request(call_id=2,
1602                                     context_id=ctx1.context_id,
1603                                     opnum=0,
1604                                     stub=b"")
1605         self.send_pdu(req)
1606         rep = self.recv_pdu()
1607         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1608                         auth_length=0)
1609         self.assertNotEquals(rep.u.alloc_hint, 0)
1610         self.assertEquals(rep.u.context_id, req.u.context_id)
1611         self.assertEquals(rep.u.cancel_count, 0)
1612         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1613
1614         auth_info = self.generate_auth(auth_type=auth_type,
1615                                        auth_level=auth_level,
1616                                        auth_context_id=auth_context_id,
1617                                        auth_blob=b"none")
1618
1619         req = self.generate_request(call_id=3,
1620                                     context_id=ctx1.context_id,
1621                                     opnum=0,
1622                                     stub=b"",
1623                                     auth_info=auth_info)
1624         self.send_pdu(req)
1625         rep = self.recv_pdu()
1626         # We get a fault back
1627         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
1628                         auth_length=0)
1629         self.assertNotEquals(rep.u.alloc_hint, 0)
1630         self.assertEquals(rep.u.context_id, req.u.context_id)
1631         self.assertEquals(rep.u.cancel_count, 0)
1632         self.assertEquals(rep.u.flags, 0)
1633         self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
1634         self.assertEquals(rep.u.reserved, 0)
1635         self.assertEquals(len(rep.u.error_and_verifier), 0)
1636
1637         # wait for a disconnect
1638         rep = self.recv_pdu()
1639         self.assertIsNone(rep)
1640         self.assertNotConnected()
1641
1642     def test_auth_none_none_request(self):
1643         return self._test_auth_none_level_request(dcerpc.DCERPC_AUTH_LEVEL_NONE)
1644
1645     def test_auth_none_connect_request(self):
1646         return self._test_auth_none_level_request(dcerpc.DCERPC_AUTH_LEVEL_CONNECT)
1647
1648     def test_auth_none_call_request(self):
1649         return self._test_auth_none_level_request(dcerpc.DCERPC_AUTH_LEVEL_CALL)
1650
1651     def _test_neg_xmit_check_values(self,
1652                                     req_xmit=None,
1653                                     req_recv=None,
1654                                     rep_both=None,
1655                                     alter_xmit=None,
1656                                     alter_recv=None):
1657         ndr32 = base.transfer_syntax_ndr()
1658
1659         tsf1_list = [ndr32]
1660         ctx1 = dcerpc.ctx_list()
1661         ctx1.context_id = 1
1662         ctx1.num_transfer_syntaxes = len(tsf1_list)
1663         ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1664         ctx1.transfer_syntaxes = tsf1_list
1665
1666         req = self.generate_bind(call_id=0,
1667                                  max_xmit_frag=req_xmit,
1668                                  max_recv_frag=req_recv,
1669                                  ctx_list=[ctx1])
1670         self.send_pdu(req)
1671         rep = self.recv_pdu()
1672         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1673                         auth_length=0)
1674         self.assertEquals(rep.u.max_xmit_frag, rep_both)
1675         self.assertEquals(rep.u.max_recv_frag, rep_both)
1676         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1677         self.assertEquals(rep.u.secondary_address_size, 4)
1678         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1679         self.assertPadding(rep.u._pad1, 2)
1680         self.assertEquals(rep.u.num_results, 1)
1681         self.assertEquals(rep.u.ctx_list[0].result,
1682                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1683         self.assertEquals(rep.u.ctx_list[0].reason,
1684                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1685         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1686         self.assertEquals(rep.u.auth_info, b'\0' * 0)
1687
1688         assoc_group_id = rep.u.assoc_group_id
1689         if alter_xmit is None:
1690             alter_xmit = rep_both - 8
1691         if alter_recv is None:
1692             alter_recv = rep_both - 8
1693
1694         # max_{xmit,recv}_frag and assoc_group_id are completely
1695         # ignored in alter_context requests
1696         req = self.generate_alter(call_id=1,
1697                                   max_xmit_frag=alter_xmit,
1698                                   max_recv_frag=alter_recv,
1699                                   assoc_group_id=0xffffffff - rep.u.assoc_group_id,
1700                                   ctx_list=[ctx1])
1701         self.send_pdu(req)
1702         rep = self.recv_pdu()
1703         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1704                         auth_length=0)
1705         self.assertEquals(rep.u.max_xmit_frag, rep_both)
1706         self.assertEquals(rep.u.max_recv_frag, rep_both)
1707         self.assertEquals(rep.u.assoc_group_id, rep.u.assoc_group_id)
1708         self.assertEquals(rep.u.secondary_address_size, 0)
1709         self.assertPadding(rep.u._pad1, 2)
1710         self.assertEquals(rep.u.num_results, 1)
1711         self.assertEquals(rep.u.ctx_list[0].result,
1712                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1713         self.assertEquals(rep.u.ctx_list[0].reason,
1714                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1715         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1716         self.assertEquals(rep.u.auth_info, b'\0' * 0)
1717
1718         chunk_size = rep_both - dcerpc.DCERPC_REQUEST_LENGTH
1719         req = self.generate_request(call_id=2,
1720                                     context_id=ctx1.context_id,
1721                                     opnum=0,
1722                                     alloc_hint=0xffffffff,
1723                                     stub=b"\00" * chunk_size)
1724         self.send_pdu(req, ndr_print=True, hexdump=True)
1725         rep = self.recv_pdu(ndr_print=True, hexdump=True)
1726         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1727                         auth_length=0)
1728         self.assertNotEquals(rep.u.alloc_hint, 0)
1729         self.assertEquals(rep.u.context_id, req.u.context_id)
1730         self.assertEquals(rep.u.cancel_count, 0)
1731         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1732
1733         chunk_size = 5840 - dcerpc.DCERPC_REQUEST_LENGTH
1734         req = self.generate_request(call_id=2,
1735                                     context_id=ctx1.context_id,
1736                                     opnum=0,
1737                                     alloc_hint=0xffffffff,
1738                                     stub=b"\00" * chunk_size)
1739         self.send_pdu(req)
1740         rep = self.recv_pdu()
1741         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1742                         auth_length=0)
1743         self.assertNotEquals(rep.u.alloc_hint, 0)
1744         self.assertEquals(rep.u.context_id, req.u.context_id)
1745         self.assertEquals(rep.u.cancel_count, 0)
1746         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1747
1748         chunk_size += 1
1749         req = self.generate_request(call_id=3,
1750                                     context_id=ctx1.context_id,
1751                                     opnum=0,
1752                                     alloc_hint=0xffffffff,
1753                                     stub=b"\00" * chunk_size)
1754         self.send_pdu(req)
1755         rep = self.recv_pdu()
1756         # We get a fault
1757         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
1758                         auth_length=0)
1759         self.assertNotEquals(rep.u.alloc_hint, 0)
1760         self.assertEquals(rep.u.context_id, 0)
1761         self.assertEquals(rep.u.cancel_count, 0)
1762         self.assertEquals(rep.u.flags, 0)
1763         self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
1764         self.assertEquals(rep.u.reserved, 0)
1765         self.assertEquals(len(rep.u.error_and_verifier), 0)
1766
1767         # wait for a disconnect
1768         rep = self.recv_pdu()
1769         self.assertIsNone(rep)
1770         self.assertNotConnected()
1771
1772     def test_neg_xmit_ffff_ffff(self):
1773         return self._test_neg_xmit_check_values(req_xmit=0xffff,
1774                                                 req_recv=0xffff,
1775                                                 rep_both=5840)
1776
1777     def test_neg_xmit_0_ffff(self):
1778         return self._test_neg_xmit_check_values(req_xmit=0,
1779                                                 req_recv=0xffff,
1780                                                 rep_both=2048,
1781                                                 alter_xmit=0xffff,
1782                                                 alter_recv=0xffff)
1783
1784     def test_neg_xmit_ffff_0(self):
1785         return self._test_neg_xmit_check_values(req_xmit=0xffff,
1786                                                 req_recv=0,
1787                                                 rep_both=2048)
1788
1789     def test_neg_xmit_0_0(self):
1790         return self._test_neg_xmit_check_values(req_xmit=0,
1791                                                 req_recv=0,
1792                                                 rep_both=2048,
1793                                                 alter_xmit=0xffff,
1794                                                 alter_recv=0xffff)
1795
1796     def test_neg_xmit_3199_0(self):
1797         return self._test_neg_xmit_check_values(req_xmit=3199,
1798                                                 req_recv=0,
1799                                                 rep_both=2048)
1800
1801     def test_neg_xmit_0_3199(self):
1802         return self._test_neg_xmit_check_values(req_xmit=0,
1803                                                 req_recv=3199,
1804                                                 rep_both=2048)
1805
1806     def test_neg_xmit_3199_ffff(self):
1807         return self._test_neg_xmit_check_values(req_xmit=3199,
1808                                                 req_recv=0xffff,
1809                                                 rep_both=3192)
1810
1811     def test_neg_xmit_ffff_3199(self):
1812         return self._test_neg_xmit_check_values(req_xmit=0xffff,
1813                                                 req_recv=3199,
1814                                                 rep_both=3192)
1815
1816     def test_alloc_hint(self):
1817         ndr32 = base.transfer_syntax_ndr()
1818
1819         tsf1_list = [ndr32]
1820         ctx = dcerpc.ctx_list()
1821         ctx.context_id = 0
1822         ctx.num_transfer_syntaxes = len(tsf1_list)
1823         ctx.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1824         ctx.transfer_syntaxes = tsf1_list
1825
1826         req = self.generate_bind(call_id=0,
1827                                  ctx_list=[ctx])
1828         self.send_pdu(req)
1829         rep = self.recv_pdu()
1830         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1831                         auth_length=0)
1832         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1833         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1834         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1835         self.assertEquals(rep.u.secondary_address_size, 4)
1836         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1837         self.assertPadding(rep.u._pad1, 2)
1838         self.assertEquals(rep.u.num_results, 1)
1839         self.assertEquals(rep.u.ctx_list[0].result,
1840                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1841         self.assertEquals(rep.u.ctx_list[0].reason,
1842                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1843         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1844         self.assertEquals(rep.u.auth_info, b'\0' * 0)
1845
1846         # And now try a request without auth_info
1847         req = self.generate_request(call_id=2,
1848                                     context_id=ctx.context_id,
1849                                     opnum=0,
1850                                     alloc_hint=0xffffffff,
1851                                     stub=b"")
1852         self.send_pdu(req)
1853         rep = self.recv_pdu()
1854         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1855                         auth_length=0)
1856         self.assertNotEquals(rep.u.alloc_hint, 0)
1857         self.assertEquals(rep.u.context_id, req.u.context_id)
1858         self.assertEquals(rep.u.cancel_count, 0)
1859         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1860
1861         req = self.generate_request(call_id=3,
1862                                     context_id=ctx.context_id,
1863                                     opnum=1,
1864                                     alloc_hint=0xffffffff,
1865                                     stub=b"\04\00\00\00\00\00\00\00")
1866         self.send_pdu(req)
1867         rep = self.recv_pdu()
1868         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1869                         auth_length=0)
1870         self.assertNotEquals(rep.u.alloc_hint, 0)
1871         self.assertEquals(rep.u.context_id, req.u.context_id)
1872         self.assertEquals(rep.u.cancel_count, 0)
1873         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1874
1875         req = self.generate_request(call_id=4,
1876                                     context_id=ctx.context_id,
1877                                     opnum=1,
1878                                     alloc_hint=1,
1879                                     stub=b"\04\00\00\00\00\00\00\00")
1880         self.send_pdu(req)
1881         rep = self.recv_pdu()
1882         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1883                         auth_length=0)
1884         self.assertNotEquals(rep.u.alloc_hint, 0)
1885         self.assertEquals(rep.u.context_id, req.u.context_id)
1886         self.assertEquals(rep.u.cancel_count, 0)
1887         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1888
1889     def _get_netlogon_ctx(self):
1890         abstract = samba.dcerpc.netlogon.abstract_syntax()
1891         ndr32 = base.transfer_syntax_ndr()
1892
1893         (ctx, ack) = self.prepare_presentation(abstract, ndr32, context_id=0,
1894                                                epmap=True, return_ack=True)
1895
1896         server = '\\\\' + self.target_hostname
1897         if isinstance(server, binary_type):
1898             server_utf16 = server.decode('utf-8').encode('utf-16-le')
1899         else:
1900             server_utf16 = server.encode('utf-16-le')
1901         computer = 'UNKNOWNCOMPUTER'
1902         if isinstance(server, binary_type):
1903             computer_utf16 = computer.decode('utf-8').encode('utf-16-le')
1904         else:
1905             computer_utf16 = computer.encode('utf-16-le')
1906
1907         real_stub = struct.pack('<IIII', 0x00200000,
1908                                 len(server) + 1, 0, len(server) + 1)
1909         real_stub += server_utf16 + b'\x00\x00'
1910         mod_len = len(real_stub) % 4
1911         if mod_len != 0:
1912             real_stub += b'\x00' * (4 - mod_len)
1913         real_stub += struct.pack('<III',
1914                                  len(computer) + 1, 0, len(computer) + 1)
1915         real_stub += computer_utf16 + b'\x00\x00'
1916         real_stub += b'\x11\x22\x33\x44\x55\x66\x77\x88'
1917
1918         return (ctx, ack, real_stub)
1919
1920     def _test_fragmented_requests(self, remaining=None, alloc_hint=None,
1921                                   fault_first=None, fault_last=None):
1922         (ctx, rep, real_stub) = self._get_netlogon_ctx()
1923
1924         chunk = rep.u.max_recv_frag - dcerpc.DCERPC_REQUEST_LENGTH
1925
1926         total = 0
1927         first = True
1928         while remaining > 0:
1929             thistime = min(remaining, chunk)
1930             remaining -= thistime
1931             total += thistime
1932
1933             pfc_flags = 0
1934             if first:
1935                 pfc_flags |= dcerpc.DCERPC_PFC_FLAG_FIRST
1936                 first = False
1937                 stub = real_stub + b'\x00' * (thistime - len(real_stub))
1938             else:
1939                 stub = b"\x00" * thistime
1940
1941             if remaining == 0:
1942                 pfc_flags |= dcerpc.DCERPC_PFC_FLAG_LAST
1943
1944             # And now try a request without auth_info
1945             # netr_ServerReqChallenge()
1946             req = self.generate_request(call_id=0x21234,
1947                                         pfc_flags=pfc_flags,
1948                                         context_id=ctx.context_id,
1949                                         opnum=4,
1950                                         alloc_hint=alloc_hint,
1951                                         stub=stub)
1952             if alloc_hint >= thistime:
1953                 alloc_hint -= thistime
1954             else:
1955                 alloc_hint = 0
1956             self.send_pdu(req, hexdump=False)
1957             if fault_first is not None:
1958                 rep = self.recv_pdu()
1959                 # We get a fault back
1960                 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
1961                                 auth_length=0)
1962                 self.assertNotEquals(rep.u.alloc_hint, 0)
1963                 self.assertEquals(rep.u.context_id, req.u.context_id)
1964                 self.assertEquals(rep.u.cancel_count, 0)
1965                 self.assertEquals(rep.u.flags, 0)
1966                 self.assertEquals(rep.u.status, fault_first)
1967                 self.assertEquals(rep.u.reserved, 0)
1968                 self.assertEquals(len(rep.u.error_and_verifier), 0)
1969
1970                 # wait for a disconnect
1971                 rep = self.recv_pdu()
1972                 self.assertIsNone(rep)
1973                 self.assertNotConnected()
1974                 return
1975             if remaining == 0:
1976                 break
1977             if total >= 0x400000 and fault_last is not None:
1978                 rep = self.recv_pdu()
1979                 # We get a fault back
1980                 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
1981                                 auth_length=0)
1982                 self.assertNotEquals(rep.u.alloc_hint, 0)
1983                 self.assertEquals(rep.u.context_id, req.u.context_id)
1984                 self.assertEquals(rep.u.cancel_count, 0)
1985                 self.assertEquals(rep.u.flags, 0)
1986                 self.assertEquals(rep.u.status, fault_last)
1987                 self.assertEquals(rep.u.reserved, 0)
1988                 self.assertEquals(len(rep.u.error_and_verifier), 0)
1989
1990                 # wait for a disconnect
1991                 rep = self.recv_pdu()
1992                 self.assertIsNone(rep)
1993                 self.assertNotConnected()
1994                 return
1995             rep = self.recv_pdu(timeout=0.01)
1996             self.assertIsNone(rep)
1997             self.assertIsConnected()
1998
1999         if total >= 0x400000 and fault_last is not None:
2000             rep = self.recv_pdu()
2001             # We get a fault back
2002             self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2003                             auth_length=0)
2004             self.assertNotEquals(rep.u.alloc_hint, 0)
2005             self.assertEquals(rep.u.context_id, req.u.context_id)
2006             self.assertEquals(rep.u.cancel_count, 0)
2007             self.assertEquals(rep.u.flags, 0)
2008             self.assertEquals(rep.u.status, fault_last)
2009             self.assertEquals(rep.u.reserved, 0)
2010             self.assertEquals(len(rep.u.error_and_verifier), 0)
2011
2012             # wait for a disconnect
2013             rep = self.recv_pdu()
2014             self.assertIsNone(rep)
2015             self.assertNotConnected()
2016             return
2017         rep = self.recv_pdu()
2018         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2019                         auth_length=0)
2020         self.assertNotEquals(rep.u.alloc_hint, 0)
2021         self.assertEquals(rep.u.context_id, req.u.context_id)
2022         self.assertEquals(rep.u.cancel_count, 0)
2023         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2024
2025         self.assertEquals(len(rep.u.stub_and_verifier), 12)
2026         status = struct.unpack_from("<I", rep.u.stub_and_verifier, len(rep.u.stub_and_verifier) - 4)
2027         self.assertEquals(status[0], 0)
2028
2029     def test_fragmented_requests01(self):
2030         return self._test_fragmented_requests(remaining=0x400000,
2031                                               alloc_hint=0x400000)
2032
2033     def test_fragmented_requests02(self):
2034         return self._test_fragmented_requests(remaining=0x400000,
2035                                               alloc_hint=0x100000)
2036
2037     def test_fragmented_requests03(self):
2038         return self._test_fragmented_requests(remaining=0x400000,
2039                                               alloc_hint=0)
2040
2041     def test_fragmented_requests04(self):
2042         return self._test_fragmented_requests(remaining=0x400000,
2043                                               alloc_hint=0x400001,
2044                                               fault_first=dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2045
2046     def test_fragmented_requests05(self):
2047         return self._test_fragmented_requests(remaining=0x500001,
2048                                               alloc_hint=0,
2049                                               fault_last=dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2050
2051     def _test_same_requests(self, pfc_flags, fault_1st=False, fault_2nd=False):
2052         (ctx, rep, real_stub) = self._get_netlogon_ctx()
2053
2054         # netr_ServerReqChallenge with given flags
2055         req = self.generate_request(call_id=2,
2056                                     pfc_flags=pfc_flags,
2057                                     context_id=ctx.context_id,
2058                                     opnum=4,
2059                                     stub=real_stub)
2060         self.send_pdu(req)
2061         if fault_1st:
2062             rep = self.recv_pdu()
2063             # We get a fault back
2064             self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2065                             auth_length=0)
2066             self.assertNotEquals(rep.u.alloc_hint, 0)
2067             self.assertEquals(rep.u.context_id, 0)
2068             self.assertEquals(rep.u.cancel_count, 0)
2069             self.assertEquals(rep.u.flags, 0)
2070             self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2071             self.assertEquals(rep.u.reserved, 0)
2072             self.assertEquals(len(rep.u.error_and_verifier), 0)
2073
2074             # wait for a disconnect
2075             rep = self.recv_pdu()
2076             self.assertIsNone(rep)
2077             self.assertNotConnected()
2078             return
2079         rep = self.recv_pdu(timeout=0.1)
2080         self.assertIsNone(rep)
2081         self.assertIsConnected()
2082
2083         # netr_ServerReqChallenge without DCERPC_PFC_FLAG_LAST
2084         # with the same call_id
2085         req = self.generate_request(call_id=2,
2086                                     pfc_flags=pfc_flags,
2087                                     context_id=ctx.context_id,
2088                                     opnum=4,
2089                                     stub=real_stub)
2090         self.send_pdu(req)
2091         if fault_2nd:
2092             rep = self.recv_pdu()
2093             # We get a fault back
2094             self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2095                             auth_length=0)
2096             self.assertNotEquals(rep.u.alloc_hint, 0)
2097             self.assertEquals(rep.u.context_id, req.u.context_id)
2098             self.assertEquals(rep.u.cancel_count, 0)
2099             self.assertEquals(rep.u.flags, 0)
2100             self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2101             self.assertEquals(rep.u.reserved, 0)
2102             self.assertEquals(len(rep.u.error_and_verifier), 0)
2103
2104             # wait for a disconnect
2105             rep = self.recv_pdu()
2106             self.assertIsNone(rep)
2107             self.assertNotConnected()
2108             return
2109
2110         rep = self.recv_pdu(timeout=0.1)
2111         self.assertIsNone(rep)
2112         self.assertIsConnected()
2113
2114     def test_first_only_requests(self):
2115         return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2116                                         fault_2nd=True)
2117
2118     def test_none_only_requests(self):
2119         return self._test_same_requests(pfc_flags=0, fault_1st=True)
2120
2121     def test_last_only_requests(self):
2122         return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2123                                         fault_1st=True)
2124
2125     def test_first_maybe_requests(self):
2126         return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2127                                         dcerpc.DCERPC_PFC_FLAG_MAYBE,
2128                                         fault_2nd=True)
2129
2130     def test_first_didnot_requests(self):
2131         return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2132                                         dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
2133                                         fault_2nd=True)
2134
2135     def test_first_cmpx_requests(self):
2136         return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2137                                         dcerpc.DCERPC_PFC_FLAG_CONC_MPX,
2138                                         fault_2nd=True)
2139
2140     def test_first_08_requests(self):
2141         return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2142                                         0x08,
2143                                         fault_2nd=True)
2144
2145     def test_first_cancel_requests(self):
2146         (ctx, rep, real_stub) = self._get_netlogon_ctx()
2147
2148         # netr_ServerReqChallenge with given flags
2149         req = self.generate_request(call_id=2,
2150                                     pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2151                                     dcerpc.DCERPC_PFC_FLAG_PENDING_CANCEL,
2152                                     context_id=ctx.context_id,
2153                                     opnum=4,
2154                                     stub=real_stub)
2155         self.send_pdu(req)
2156         rep = self.recv_pdu()
2157         # We get a fault back
2158         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2159                         pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2160                         dcerpc.DCERPC_PFC_FLAG_LAST |
2161                         dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
2162                         auth_length=0)
2163         self.assertNotEquals(rep.u.alloc_hint, 0)
2164         self.assertEquals(rep.u.context_id, 0)
2165         self.assertEquals(rep.u.cancel_count, 0)
2166         self.assertEquals(rep.u.flags, 0)
2167         self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_NO_CALL_ACTIVE)
2168         self.assertEquals(rep.u.reserved, 0)
2169         self.assertEquals(len(rep.u.error_and_verifier), 0)
2170
2171         # wait for a disconnect
2172         rep = self.recv_pdu()
2173         self.assertIsNone(rep)
2174         self.assertNotConnected()
2175
2176     def test_2nd_cancel_requests(self):
2177         (ctx, rep, real_stub) = self._get_netlogon_ctx()
2178
2179         # netr_ServerReqChallenge with given flags
2180         req = self.generate_request(call_id=2,
2181                                     pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2182                                     context_id=ctx.context_id,
2183                                     opnum=4,
2184                                     stub=real_stub)
2185         self.send_pdu(req)
2186         rep = self.recv_pdu(timeout=0.1)
2187         self.assertIsNone(rep)
2188         self.assertIsConnected()
2189
2190         # netr_ServerReqChallenge with given flags
2191         req = self.generate_request(call_id=2,
2192                                     pfc_flags=dcerpc.DCERPC_PFC_FLAG_PENDING_CANCEL,
2193                                     context_id=ctx.context_id,
2194                                     opnum=4,
2195                                     stub=real_stub)
2196         self.send_pdu(req)
2197         rep = self.recv_pdu(timeout=0.1)
2198         self.assertIsNone(rep)
2199         self.assertIsConnected()
2200
2201         # netr_ServerReqChallenge with given flags
2202         req = self.generate_request(call_id=2,
2203                                     pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2204                                     context_id=ctx.context_id,
2205                                     opnum=4,
2206                                     stub=real_stub)
2207         self.send_pdu(req)
2208         rep = self.recv_pdu()
2209         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2210                         auth_length=0)
2211         self.assertNotEquals(rep.u.alloc_hint, 0)
2212         self.assertEquals(rep.u.context_id, req.u.context_id)
2213         self.assertEquals(rep.u.cancel_count, 0)
2214         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2215
2216         self.assertEquals(len(rep.u.stub_and_verifier), 12)
2217         status = struct.unpack_from("<I", rep.u.stub_and_verifier, len(rep.u.stub_and_verifier) - 4)
2218         self.assertEquals(status[0], 0)
2219
2220     def test_last_cancel_requests(self):
2221         (ctx, rep, real_stub) = self._get_netlogon_ctx()
2222
2223         # netr_ServerReqChallenge with given flags
2224         req = self.generate_request(call_id=2,
2225                                     pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2226                                     context_id=ctx.context_id,
2227                                     opnum=4,
2228                                     stub=real_stub[:4])
2229         self.send_pdu(req)
2230         rep = self.recv_pdu(timeout=0.1)
2231         self.assertIsNone(rep)
2232         self.assertIsConnected()
2233
2234         # netr_ServerReqChallenge with given flags
2235         req = self.generate_request(call_id=2,
2236                                     pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST |
2237                                     dcerpc.DCERPC_PFC_FLAG_PENDING_CANCEL,
2238                                     context_id=ctx.context_id,
2239                                     opnum=4,
2240                                     stub=real_stub[4:])
2241         self.send_pdu(req)
2242         rep = self.recv_pdu()
2243         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2244                         auth_length=0)
2245         self.assertNotEquals(rep.u.alloc_hint, 0)
2246         self.assertEquals(rep.u.context_id, req.u.context_id)
2247         self.assertEquals(rep.u.cancel_count, 0)
2248         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2249
2250         self.assertEquals(len(rep.u.stub_and_verifier), 12)
2251         status = struct.unpack_from("<I", rep.u.stub_and_verifier, len(rep.u.stub_and_verifier) - 4)
2252         self.assertEquals(status[0], 0)
2253
2254     def test_mix_requests(self):
2255         (ctx, rep, real_stub) = self._get_netlogon_ctx()
2256
2257         # netr_ServerReqChallenge with given flags
2258         req = self.generate_request(call_id=50,
2259                                     pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2260                                     context_id=ctx.context_id,
2261                                     opnum=4,
2262                                     stub=real_stub)
2263         self.send_pdu(req)
2264         rep = self.recv_pdu(timeout=0.1)
2265         self.assertIsNone(rep)
2266         self.assertIsConnected()
2267
2268         # netr_ServerReqChallenge with given flags
2269         req = self.generate_request(call_id=51,
2270                                     pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2271                                     context_id=ctx.context_id,
2272                                     opnum=4,
2273                                     stub=real_stub)
2274         self.send_pdu(req)
2275         rep = self.recv_pdu()
2276         # We get a fault back
2277         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, 50,
2278                         pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2279                         dcerpc.DCERPC_PFC_FLAG_LAST,
2280                         auth_length=0)
2281         self.assertNotEquals(rep.u.alloc_hint, 0)
2282         self.assertEquals(rep.u.context_id, req.u.context_id)
2283         self.assertEquals(rep.u.cancel_count, 0)
2284         self.assertEquals(rep.u.flags, 0)
2285         self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2286         self.assertEquals(rep.u.reserved, 0)
2287         self.assertEquals(len(rep.u.error_and_verifier), 0)
2288
2289     def test_co_cancel_no_request(self):
2290         ndr32 = base.transfer_syntax_ndr()
2291         abstract = samba.dcerpc.mgmt.abstract_syntax()
2292         ctx = self.prepare_presentation(abstract, ndr32, context_id=0xff)
2293
2294         req = self.generate_co_cancel(call_id=3)
2295         self.send_pdu(req)
2296         rep = self.recv_pdu(timeout=0.01)
2297         self.assertIsNone(rep)
2298         self.assertIsConnected()
2299
2300         # And now try a request
2301         req = self.generate_request(call_id=1,
2302                                     context_id=ctx.context_id,
2303                                     opnum=0,
2304                                     stub=b"")
2305         self.send_pdu(req)
2306         rep = self.recv_pdu()
2307         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2308                         auth_length=0)
2309         self.assertNotEquals(rep.u.alloc_hint, 0)
2310         self.assertEquals(rep.u.context_id, req.u.context_id)
2311         self.assertEquals(rep.u.cancel_count, 0)
2312         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2313
2314     def test_co_cancel_request_after_first(self):
2315         ndr32 = base.transfer_syntax_ndr()
2316         abstract = samba.dcerpc.mgmt.abstract_syntax()
2317         ctx = self.prepare_presentation(abstract, ndr32, context_id=0xff)
2318
2319         req = self.generate_request(call_id=1,
2320                                     pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2321                                     context_id=ctx.context_id,
2322                                     opnum=0,
2323                                     stub=b"")
2324         self.send_pdu(req)
2325         rep = self.recv_pdu(timeout=0.01)
2326         self.assertIsNone(rep)
2327         self.assertIsConnected()
2328
2329         req = self.generate_co_cancel(call_id=1)
2330         self.send_pdu(req)
2331         rep = self.recv_pdu(timeout=0.01)
2332         self.assertIsNone(rep)
2333         self.assertIsConnected()
2334
2335         req = self.generate_request(call_id=1,
2336                                     pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2337                                     context_id=ctx.context_id,
2338                                     opnum=0,
2339                                     stub=b"")
2340         self.send_pdu(req)
2341         rep = self.recv_pdu()
2342         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2343                         auth_length=0)
2344         self.assertNotEquals(rep.u.alloc_hint, 0)
2345         self.assertEquals(rep.u.context_id, req.u.context_id)
2346         self.assertEquals(rep.u.cancel_count, 0)
2347         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2348
2349         # And now try a request
2350         req = self.generate_request(call_id=2,
2351                                     context_id=ctx.context_id,
2352                                     opnum=0,
2353                                     stub=b"")
2354         self.send_pdu(req)
2355         rep = self.recv_pdu()
2356         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2357                         auth_length=0)
2358         self.assertNotEquals(rep.u.alloc_hint, 0)
2359         self.assertEquals(rep.u.context_id, req.u.context_id)
2360         self.assertEquals(rep.u.cancel_count, 0)
2361         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2362
2363     def test_orphaned_no_request(self):
2364         ndr32 = base.transfer_syntax_ndr()
2365         abstract = samba.dcerpc.mgmt.abstract_syntax()
2366         ctx = self.prepare_presentation(abstract, ndr32)
2367
2368         req = self.generate_orphaned(call_id=3)
2369         self.send_pdu(req)
2370         rep = self.recv_pdu(timeout=0.01)
2371         self.assertIsNone(rep)
2372         self.assertIsConnected()
2373
2374         # And now try a request
2375         req = self.generate_request(call_id=1,
2376                                     context_id=ctx.context_id,
2377                                     opnum=0,
2378                                     stub=b"")
2379         self.send_pdu(req)
2380         rep = self.recv_pdu()
2381         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2382                         auth_length=0)
2383         self.assertNotEquals(rep.u.alloc_hint, 0)
2384         self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2385         self.assertEquals(rep.u.cancel_count, 0)
2386         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2387
2388     def test_orphaned_request_after_first_last(self):
2389         ndr32 = base.transfer_syntax_ndr()
2390         abstract = samba.dcerpc.mgmt.abstract_syntax()
2391         ctx = self.prepare_presentation(abstract, ndr32)
2392
2393         req = self.generate_request(call_id=1,
2394                                     pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2395                                     context_id=ctx.context_id,
2396                                     opnum=0,
2397                                     stub=b"")
2398         self.send_pdu(req)
2399         rep = self.recv_pdu(timeout=0.1)
2400         self.assertIsNone(rep)
2401         self.assertIsConnected()
2402
2403         req = self.generate_orphaned(call_id=1)
2404         self.send_pdu(req)
2405         rep = self.recv_pdu(timeout=0.1)
2406         self.assertIsNone(rep)
2407         self.assertIsConnected()
2408
2409         req = self.generate_request(call_id=1,
2410                                     pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2411                                     context_id=ctx.context_id,
2412                                     opnum=0,
2413                                     stub=b"")
2414         self.send_pdu(req)
2415         rep = self.recv_pdu()
2416         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2417                         auth_length=0)
2418         self.assertNotEquals(rep.u.alloc_hint, 0)
2419         self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2420         self.assertEquals(rep.u.cancel_count, 0)
2421         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2422
2423         # And now try a request
2424         req = self.generate_request(call_id=2,
2425                                     context_id=ctx.context_id,
2426                                     opnum=0,
2427                                     stub=b"")
2428         self.send_pdu(req)
2429         rep = self.recv_pdu()
2430         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2431                         auth_length=0)
2432         self.assertNotEquals(rep.u.alloc_hint, 0)
2433         self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2434         self.assertEquals(rep.u.cancel_count, 0)
2435         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2436
2437     def test_orphaned_request_after_first_mpx_last(self):
2438         ndr32 = base.transfer_syntax_ndr()
2439         abstract = samba.dcerpc.mgmt.abstract_syntax()
2440
2441         pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST
2442         pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST
2443         pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_CONC_MPX
2444         ctx = self.prepare_presentation(abstract, ndr32, pfc_flags=pfc_flags)
2445
2446         req = self.generate_request(call_id=1,
2447                                     pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2448                                     context_id=ctx.context_id,
2449                                     opnum=0,
2450                                     stub=b"")
2451         self.send_pdu(req)
2452         rep = self.recv_pdu(timeout=0.1)
2453         self.assertIsNone(rep)
2454         self.assertIsConnected()
2455
2456         req = self.generate_orphaned(call_id=1)
2457         self.send_pdu(req)
2458         rep = self.recv_pdu(timeout=0.1)
2459         self.assertIsNone(rep)
2460         self.assertIsConnected()
2461
2462         req = self.generate_request(call_id=1,
2463                                     pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2464                                     context_id=ctx.context_id,
2465                                     opnum=0,
2466                                     stub=b"")
2467         self.send_pdu(req)
2468         rep = self.recv_pdu()
2469         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2470                         auth_length=0)
2471         self.assertNotEquals(rep.u.alloc_hint, 0)
2472         self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2473         self.assertEquals(rep.u.cancel_count, 0)
2474         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2475
2476         # And now try a request
2477         req = self.generate_request(call_id=2,
2478                                     context_id=ctx.context_id,
2479                                     opnum=0,
2480                                     stub=b"")
2481         self.send_pdu(req)
2482         rep = self.recv_pdu()
2483         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2484                         auth_length=0)
2485         self.assertNotEquals(rep.u.alloc_hint, 0)
2486         self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2487         self.assertEquals(rep.u.cancel_count, 0)
2488         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2489
2490     def test_orphaned_request_after_first_no_last(self):
2491         ndr32 = base.transfer_syntax_ndr()
2492         abstract = samba.dcerpc.mgmt.abstract_syntax()
2493         ctx = self.prepare_presentation(abstract, ndr32)
2494
2495         req1 = self.generate_request(call_id=1,
2496                                      pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2497                                      context_id=ctx.context_id,
2498                                      opnum=0,
2499                                      stub=b"")
2500         self.send_pdu(req1)
2501         rep = self.recv_pdu(timeout=0.1)
2502         self.assertIsNone(rep)
2503         self.assertIsConnected()
2504
2505         req = self.generate_orphaned(call_id=1)
2506         self.send_pdu(req)
2507         rep = self.recv_pdu(timeout=0.1)
2508         self.assertIsNone(rep)
2509         self.assertIsConnected()
2510
2511         # And now try a new request
2512         req2 = self.generate_request(call_id=2,
2513                                      context_id=ctx.context_id,
2514                                      opnum=0,
2515                                      stub=b"")
2516         self.send_pdu(req2)
2517         rep = self.recv_pdu()
2518         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req1.call_id,
2519                         auth_length=0)
2520         self.assertNotEquals(rep.u.alloc_hint, 0)
2521         self.assertEquals(rep.u.context_id, req1.u.context_id)
2522         self.assertEquals(rep.u.cancel_count, 0)
2523         self.assertEquals(rep.u.flags, 0)
2524         self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2525         self.assertEquals(rep.u.reserved, 0)
2526         self.assertEquals(len(rep.u.error_and_verifier), 0)
2527
2528         # wait for a disconnect
2529         rep = self.recv_pdu()
2530         self.assertIsNone(rep)
2531         self.assertNotConnected()
2532
2533     def test_orphaned_request_after_first_mpx_no_last(self):
2534         ndr32 = base.transfer_syntax_ndr()
2535         abstract = samba.dcerpc.mgmt.abstract_syntax()
2536
2537         pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST
2538         pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST
2539         pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_CONC_MPX
2540         ctx = self.prepare_presentation(abstract, ndr32,
2541                                         pfc_flags=pfc_flags)
2542
2543         req1 = self.generate_request(call_id=1,
2544                                      pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2545                                      context_id=ctx.context_id,
2546                                      opnum=0,
2547                                      stub=b"")
2548         self.send_pdu(req1)
2549         rep = self.recv_pdu(timeout=0.1)
2550         self.assertIsNone(rep)
2551         self.assertIsConnected()
2552
2553         req = self.generate_orphaned(call_id=1)
2554         self.send_pdu(req)
2555         rep = self.recv_pdu(timeout=0.1)
2556         self.assertIsNone(rep)
2557         self.assertIsConnected()
2558
2559         # And now try a new request
2560         req2 = self.generate_request(call_id=2,
2561                                      context_id=ctx.context_id - 1,
2562                                      opnum=0,
2563                                      stub=b"")
2564         self.send_pdu(req2)
2565         rep = self.recv_pdu()
2566         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req2.call_id,
2567                         auth_length=0)
2568         self.assertNotEquals(rep.u.alloc_hint, 0)
2569         self.assertEquals(rep.u.context_id, 0)
2570         self.assertEquals(rep.u.cancel_count, 0)
2571         self.assertEquals(rep.u.flags, 0)
2572         self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2573         self.assertEquals(rep.u.reserved, 0)
2574         self.assertEquals(len(rep.u.error_and_verifier), 0)
2575
2576         # wait for a disconnect
2577         rep = self.recv_pdu()
2578         self.assertIsNone(rep)
2579         self.assertNotConnected()
2580
2581     def test_spnego_connect_request(self):
2582         ndr32 = base.transfer_syntax_ndr()
2583
2584         tsf1_list = [ndr32]
2585         ctx1 = dcerpc.ctx_list()
2586         ctx1.context_id = 1
2587         ctx1.num_transfer_syntaxes = len(tsf1_list)
2588         ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2589         ctx1.transfer_syntaxes = tsf1_list
2590         ctx_list = [ctx1]
2591
2592         c = self.get_anon_creds()
2593         g = gensec.Security.start_client(self.settings)
2594         g.set_credentials(c)
2595         g.want_feature(gensec.FEATURE_DCE_STYLE)
2596         auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2597         auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
2598         auth_context_id = 2
2599         g.start_mech_by_authtype(auth_type, auth_level)
2600         from_server = b""
2601         (finished, to_server) = g.update(from_server)
2602         self.assertFalse(finished)
2603
2604         auth_info = self.generate_auth(auth_type=auth_type,
2605                                        auth_level=auth_level,
2606                                        auth_context_id=auth_context_id,
2607                                        auth_blob=to_server)
2608
2609         req = self.generate_bind(call_id=0,
2610                                  ctx_list=ctx_list,
2611                                  auth_info=auth_info)
2612
2613         self.send_pdu(req)
2614         rep = self.recv_pdu()
2615         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2616         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2617         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2618         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2619         self.assertEquals(rep.u.secondary_address_size, 4)
2620         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
2621         self.assertPadding(rep.u._pad1, 2)
2622         self.assertEquals(rep.u.num_results, 1)
2623         self.assertEquals(rep.u.ctx_list[0].result,
2624                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2625         self.assertEquals(rep.u.ctx_list[0].reason,
2626                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2627         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2628         self.assertNotEquals(len(rep.u.auth_info), 0)
2629         a = self.parse_auth(rep.u.auth_info)
2630
2631         from_server = a.credentials
2632         (finished, to_server) = g.update(from_server)
2633         self.assertFalse(finished)
2634
2635         auth_info = self.generate_auth(auth_type=auth_type,
2636                                        auth_level=auth_level,
2637                                        auth_context_id=auth_context_id,
2638                                        auth_blob=to_server)
2639
2640         req = self.generate_alter(call_id=0,
2641                                   ctx_list=ctx_list,
2642                                   assoc_group_id=rep.u.assoc_group_id,
2643                                   auth_info=auth_info)
2644
2645         self.send_pdu(req)
2646         rep = self.recv_pdu()
2647         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
2648         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2649         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2650         self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2651         self.assertEquals(rep.u.secondary_address_size, 0)
2652         self.assertPadding(rep.u._pad1, 2)
2653         self.assertEquals(rep.u.num_results, 1)
2654         self.assertEquals(rep.u.ctx_list[0].result,
2655                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2656         self.assertEquals(rep.u.ctx_list[0].reason,
2657                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2658         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2659         self.assertNotEquals(len(rep.u.auth_info), 0)
2660         a = self.parse_auth(rep.u.auth_info)
2661
2662         from_server = a.credentials
2663         (finished, to_server) = g.update(from_server)
2664         self.assertTrue(finished)
2665
2666         # And now try a request without auth_info
2667         req = self.generate_request(call_id=2,
2668                                     context_id=ctx1.context_id,
2669                                     opnum=0,
2670                                     stub=b"")
2671         self.send_pdu(req)
2672         rep = self.recv_pdu()
2673         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2674                         auth_length=0)
2675         self.assertNotEquals(rep.u.alloc_hint, 0)
2676         self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2677         self.assertEquals(rep.u.cancel_count, 0)
2678         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2679
2680         # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
2681         auth_info = self.generate_auth(auth_type=auth_type,
2682                                        auth_level=auth_level,
2683                                        auth_context_id=auth_context_id,
2684                                        auth_blob=b"\x01" +b"\x00" *15)
2685         req = self.generate_request(call_id=3,
2686                                     context_id=ctx1.context_id,
2687                                     opnum=0,
2688                                     stub=b"",
2689                                     auth_info=auth_info)
2690         self.send_pdu(req)
2691         rep = self.recv_pdu()
2692         # We don't get an auth_info back
2693         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2694                         auth_length=0)
2695         self.assertNotEquals(rep.u.alloc_hint, 0)
2696         self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2697         self.assertEquals(rep.u.cancel_count, 0)
2698         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2699
2700         # Now a request with auth_info DCERPC_AUTH_LEVEL_INTEGRITY
2701         auth_info = self.generate_auth(auth_type=auth_type,
2702                                        auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
2703                                        auth_context_id=auth_context_id,
2704                                        auth_blob=b"\x01" + b"\x00" * 15)
2705         req = self.generate_request(call_id=4,
2706                                     context_id=ctx1.context_id,
2707                                     opnum=0,
2708                                     stub=b"",
2709                                     auth_info=auth_info)
2710         self.send_pdu(req)
2711         rep = self.recv_pdu()
2712         # We get a fault back
2713         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2714                         auth_length=0)
2715         self.assertNotEquals(rep.u.alloc_hint, 0)
2716         self.assertEquals(rep.u.context_id, req.u.context_id)
2717         self.assertEquals(rep.u.cancel_count, 0)
2718         self.assertEquals(rep.u.flags, 0)
2719         self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2720         self.assertEquals(rep.u.reserved, 0)
2721         self.assertEquals(len(rep.u.error_and_verifier), 0)
2722
2723         # wait for a disconnect
2724         rep = self.recv_pdu()
2725         self.assertIsNone(rep)
2726         self.assertNotConnected()
2727
2728     def test_spnego_integrity_request(self):
2729         ndr32 = base.transfer_syntax_ndr()
2730
2731         tsf1_list = [ndr32]
2732         ctx1 = dcerpc.ctx_list()
2733         ctx1.context_id = 1
2734         ctx1.num_transfer_syntaxes = len(tsf1_list)
2735         ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2736         ctx1.transfer_syntaxes = tsf1_list
2737         ctx_list = [ctx1]
2738
2739         c = self.get_anon_creds()
2740         g = gensec.Security.start_client(self.settings)
2741         g.set_credentials(c)
2742         g.want_feature(gensec.FEATURE_DCE_STYLE)
2743         auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2744         auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
2745         auth_context_id = 2
2746         g.start_mech_by_authtype(auth_type, auth_level)
2747         from_server = b""
2748         (finished, to_server) = g.update(from_server)
2749         self.assertFalse(finished)
2750
2751         auth_info = self.generate_auth(auth_type=auth_type,
2752                                        auth_level=auth_level,
2753                                        auth_context_id=auth_context_id,
2754                                        auth_blob=to_server)
2755
2756         req = self.generate_bind(call_id=0,
2757                                  ctx_list=ctx_list,
2758                                  auth_info=auth_info)
2759
2760         self.send_pdu(req)
2761         rep = self.recv_pdu()
2762         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2763         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2764         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2765         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2766         self.assertEquals(rep.u.secondary_address_size, 4)
2767         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
2768         self.assertPadding(rep.u._pad1, 2)
2769         self.assertEquals(rep.u.num_results, 1)
2770         self.assertEquals(rep.u.ctx_list[0].result,
2771                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2772         self.assertEquals(rep.u.ctx_list[0].reason,
2773                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2774         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2775         self.assertNotEquals(len(rep.u.auth_info), 0)
2776         a = self.parse_auth(rep.u.auth_info)
2777
2778         from_server = a.credentials
2779         (finished, to_server) = g.update(from_server)
2780         self.assertFalse(finished)
2781
2782         auth_info = self.generate_auth(auth_type=auth_type,
2783                                        auth_level=auth_level,
2784                                        auth_context_id=auth_context_id,
2785                                        auth_blob=to_server)
2786
2787         req = self.generate_alter(call_id=0,
2788                                   ctx_list=ctx_list,
2789                                   assoc_group_id=rep.u.assoc_group_id,
2790                                   auth_info=auth_info)
2791
2792         self.send_pdu(req)
2793         rep = self.recv_pdu()
2794         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
2795         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2796         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2797         self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2798         self.assertEquals(rep.u.secondary_address_size, 0)
2799         self.assertPadding(rep.u._pad1, 2)
2800         self.assertEquals(rep.u.num_results, 1)
2801         self.assertEquals(rep.u.ctx_list[0].result,
2802                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2803         self.assertEquals(rep.u.ctx_list[0].reason,
2804                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2805         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2806         self.assertNotEquals(len(rep.u.auth_info), 0)
2807         a = self.parse_auth(rep.u.auth_info)
2808
2809         from_server = a.credentials
2810         (finished, to_server) = g.update(from_server)
2811         self.assertTrue(finished)
2812
2813         # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
2814         auth_info = self.generate_auth(auth_type=auth_type,
2815                                        auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
2816                                        auth_context_id=auth_context_id,
2817                                        auth_blob=b"\x01" + b"\x00" * 15)
2818         req = self.generate_request(call_id=3,
2819                                     context_id=ctx1.context_id,
2820                                     opnum=0,
2821                                     stub=b"",
2822                                     auth_info=auth_info)
2823         self.send_pdu(req)
2824         rep = self.recv_pdu()
2825         # We get a fault back
2826         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2827                         auth_length=0)
2828         self.assertNotEquals(rep.u.alloc_hint, 0)
2829         self.assertEquals(rep.u.context_id, req.u.context_id)
2830         self.assertEquals(rep.u.cancel_count, 0)
2831         self.assertEquals(rep.u.flags, 0)
2832         self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2833         self.assertEquals(rep.u.reserved, 0)
2834         self.assertEquals(len(rep.u.error_and_verifier), 0)
2835
2836         # wait for a disconnect
2837         rep = self.recv_pdu()
2838         self.assertIsNone(rep)
2839         self.assertNotConnected()
2840
2841     def test_spnego_unfinished_request(self):
2842         ndr32 = base.transfer_syntax_ndr()
2843
2844         tsf1_list = [ndr32]
2845         ctx1 = dcerpc.ctx_list()
2846         ctx1.context_id = 1
2847         ctx1.num_transfer_syntaxes = len(tsf1_list)
2848         ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2849         ctx1.transfer_syntaxes = tsf1_list
2850         ctx_list = [ctx1]
2851
2852         c = self.get_anon_creds()
2853         g = gensec.Security.start_client(self.settings)
2854         g.set_credentials(c)
2855         g.want_feature(gensec.FEATURE_DCE_STYLE)
2856         auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2857         auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
2858         auth_context_id = 2
2859         g.start_mech_by_authtype(auth_type, auth_level)
2860         from_server = b""
2861         (finished, to_server) = g.update(from_server)
2862         self.assertFalse(finished)
2863
2864         auth_info = self.generate_auth(auth_type=auth_type,
2865                                        auth_level=auth_level,
2866                                        auth_context_id=auth_context_id,
2867                                        auth_blob=to_server)
2868
2869         req = self.generate_bind(call_id=0,
2870                                  ctx_list=ctx_list,
2871                                  auth_info=auth_info)
2872
2873         self.send_pdu(req)
2874         rep = self.recv_pdu()
2875         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2876         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2877         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2878         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2879         assoc_group_id = rep.u.assoc_group_id
2880         self.assertEquals(rep.u.secondary_address_size, 4)
2881         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
2882         self.assertPadding(rep.u._pad1, 2)
2883         self.assertEquals(rep.u.num_results, 1)
2884         self.assertEquals(rep.u.ctx_list[0].result,
2885                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2886         self.assertEquals(rep.u.ctx_list[0].reason,
2887                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2888         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2889         self.assertNotEquals(len(rep.u.auth_info), 0)
2890         a = self.parse_auth(rep.u.auth_info)
2891
2892         from_server = a.credentials
2893         (finished, to_server) = g.update(from_server)
2894         self.assertFalse(finished)
2895
2896         # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
2897         auth_info = self.generate_auth(auth_type=auth_type,
2898                                        auth_level=auth_level,
2899                                        auth_context_id=auth_context_id,
2900                                        auth_blob=b"\x01" + b"\x00" * 15)
2901         req = self.generate_request(call_id=1,
2902                                     context_id=ctx1.context_id,
2903                                     opnum=0,
2904                                     stub=b"",
2905                                     auth_info=auth_info)
2906         self.send_pdu(req)
2907         rep = self.recv_pdu()
2908         # We get a fault
2909         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2910                         pfc_flags=req.pfc_flags |
2911                         dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
2912                         auth_length=0)
2913         self.assertNotEquals(rep.u.alloc_hint, 0)
2914         self.assertEquals(rep.u.context_id, 0)
2915         self.assertEquals(rep.u.cancel_count, 0)
2916         self.assertEquals(rep.u.flags, 0)
2917         self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2918         self.assertEquals(rep.u.reserved, 0)
2919         self.assertEquals(len(rep.u.error_and_verifier), 0)
2920
2921         # wait for a disconnect
2922         rep = self.recv_pdu()
2923         self.assertIsNone(rep)
2924         self.assertNotConnected()
2925
2926     def test_spnego_auth3(self):
2927         ndr32 = base.transfer_syntax_ndr()
2928
2929         tsf1_list = [ndr32]
2930         ctx1 = dcerpc.ctx_list()
2931         ctx1.context_id = 1
2932         ctx1.num_transfer_syntaxes = len(tsf1_list)
2933         ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2934         ctx1.transfer_syntaxes = tsf1_list
2935         ctx_list = [ctx1]
2936
2937         c = self.get_anon_creds()
2938         g = gensec.Security.start_client(self.settings)
2939         g.set_credentials(c)
2940         g.want_feature(gensec.FEATURE_DCE_STYLE)
2941         auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2942         auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
2943         auth_context_id = 2
2944         g.start_mech_by_authtype(auth_type, auth_level)
2945         from_server = b""
2946         (finished, to_server) = g.update(from_server)
2947         self.assertFalse(finished)
2948
2949         auth_info = self.generate_auth(auth_type=auth_type,
2950                                        auth_level=auth_level,
2951                                        auth_context_id=auth_context_id,
2952                                        auth_blob=to_server)
2953         req = self.generate_bind(call_id=0,
2954                                  ctx_list=ctx_list,
2955                                  auth_info=auth_info)
2956         self.send_pdu(req)
2957         rep = self.recv_pdu()
2958         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2959         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2960         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2961         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2962         self.assertEquals(rep.u.secondary_address_size, 4)
2963         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
2964         self.assertPadding(rep.u._pad1, 2)
2965         self.assertEquals(rep.u.num_results, 1)
2966         self.assertEquals(rep.u.ctx_list[0].result,
2967                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2968         self.assertEquals(rep.u.ctx_list[0].reason,
2969                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2970         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2971         self.assertNotEquals(len(rep.u.auth_info), 0)
2972         a = self.parse_auth(rep.u.auth_info)
2973
2974         from_server = a.credentials
2975         (finished, to_server) = g.update(from_server)
2976         self.assertFalse(finished)
2977
2978         auth_info = self.generate_auth(auth_type=auth_type,
2979                                        auth_level=auth_level,
2980                                        auth_context_id=auth_context_id,
2981                                        auth_blob=to_server)
2982         req = self.generate_auth3(call_id=0,
2983                                   auth_info=auth_info)
2984         self.send_pdu(req)
2985         rep = self.recv_pdu()
2986         self.assertIsNone(rep)
2987         self.assertIsConnected()
2988
2989         # And now try a request without auth_info
2990         req = self.generate_request(call_id=2,
2991                                     context_id=ctx1.context_id,
2992                                     opnum=0,
2993                                     stub=b"")
2994         self.send_pdu(req)
2995         rep = self.recv_pdu()
2996         # We get a fault back
2997         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2998                         auth_length=0)
2999         self.assertNotEquals(rep.u.alloc_hint, 0)
3000         self.assertEquals(rep.u.context_id, req.u.context_id)
3001         self.assertEquals(rep.u.cancel_count, 0)
3002         self.assertEquals(rep.u.flags, 0)
3003         self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
3004         self.assertEquals(rep.u.reserved, 0)
3005         self.assertEquals(len(rep.u.error_and_verifier), 0)
3006
3007         # wait for a disconnect
3008         rep = self.recv_pdu()
3009         self.assertIsNone(rep)
3010         self.assertNotConnected()
3011
3012     def test_spnego_connect_reauth_alter(self):
3013         ndr32 = base.transfer_syntax_ndr()
3014         ndr64 = base.transfer_syntax_ndr64()
3015
3016         tsf1_list = [ndr32]
3017         ctx1 = dcerpc.ctx_list()
3018         ctx1.context_id = 1
3019         ctx1.num_transfer_syntaxes = len(tsf1_list)
3020         ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3021         ctx1.transfer_syntaxes = tsf1_list
3022         ctx_list = [ctx1]
3023
3024         c = self.get_anon_creds()
3025         g = gensec.Security.start_client(self.settings)
3026         g.set_credentials(c)
3027         g.want_feature(gensec.FEATURE_DCE_STYLE)
3028         auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3029         auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3030         auth_context_id = 2
3031         g.start_mech_by_authtype(auth_type, auth_level)
3032         from_server = b""
3033         (finished, to_server) = g.update(from_server)
3034         self.assertFalse(finished)
3035
3036         auth_info = self.generate_auth(auth_type=auth_type,
3037                                        auth_level=auth_level,
3038                                        auth_context_id=auth_context_id,
3039                                        auth_blob=to_server)
3040
3041         req = self.generate_bind(call_id=0,
3042                                  ctx_list=ctx_list,
3043                                  auth_info=auth_info)
3044
3045         self.send_pdu(req)
3046         rep = self.recv_pdu()
3047         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3048         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3049         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3050         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3051         self.assertEquals(rep.u.secondary_address_size, 4)
3052         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3053         self.assertPadding(rep.u._pad1, 2)
3054         self.assertEquals(rep.u.num_results, 1)
3055         self.assertEquals(rep.u.ctx_list[0].result,
3056                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3057         self.assertEquals(rep.u.ctx_list[0].reason,