818bd42c95004191c1ae0a5046ea04703bdca43b
[samba.git] / python / samba / tests / dcerpc / raw_protocol.py
1 #!/usr/bin/env python3
2 # Unix SMB/CIFS implementation.
3 # Copyright (C) Stefan Metzmacher 2014,2015
4 #
5 # This program is free software; you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 3 of the License, or
8 # (at your option) any later version.
9 #
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13 # GNU General Public License for more details.
14 #
15 # You should have received a copy of the GNU General Public License
16 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
17 #
18
19 import sys
20 import os
21 import time
22
23 sys.path.insert(0, "bin/python")
24 os.environ["PYTHONUNBUFFERED"] = "1"
25
26 import samba.dcerpc.dcerpc as dcerpc
27 import samba.dcerpc.base as base
28 import samba.dcerpc.misc as misc
29 import samba.dcerpc.epmapper
30 import samba.dcerpc.mgmt
31 import samba.dcerpc.netlogon
32 import struct
33 from samba import gensec
34 from samba.tests.dcerpc.raw_testcase import RawDCERPCTest
35 from samba.compat import binary_type
36
37 global_ndr_print = False
38 global_hexdump = False
39
40
41 class TestDCERPC_BIND(RawDCERPCTest):
42
43     def setUp(self):
44         super(TestDCERPC_BIND, self).setUp()
45         self.do_ndr_print = global_ndr_print
46         self.do_hexdump = global_hexdump
47
48     def _test_no_auth_request_bind_pfc_flags(self, req_pfc_flags, rep_pfc_flags):
49         ndr32 = base.transfer_syntax_ndr()
50
51         tsf1_list = [ndr32]
52         ctx1 = dcerpc.ctx_list()
53         ctx1.context_id = 1
54         ctx1.num_transfer_syntaxes = len(tsf1_list)
55         ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
56         ctx1.transfer_syntaxes = tsf1_list
57
58         req = self.generate_bind(call_id=0, pfc_flags=req_pfc_flags, ctx_list=[ctx1])
59         self.send_pdu(req)
60         rep = self.recv_pdu()
61         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
62                         pfc_flags=rep_pfc_flags, auth_length=0)
63         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
64         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
65         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
66         self.assertEquals(rep.u.secondary_address_size, 4)
67         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
68         self.assertEquals(len(rep.u._pad1), 2)
69         # sometimes windows sends random bytes
70         # self.assertEquals(rep.u._pad1, '\0' * 2)
71         self.assertEquals(rep.u.num_results, 1)
72         self.assertEquals(rep.u.ctx_list[0].result,
73                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
74         self.assertEquals(rep.u.ctx_list[0].reason,
75                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
76         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
77         self.assertEquals(rep.u.auth_info, b'\0' * 0)
78
79         # And now try a request
80         req = self.generate_request(call_id=1,
81                                     context_id=ctx1.context_id,
82                                     opnum=0,
83                                     stub=b"")
84         self.send_pdu(req)
85         rep = self.recv_pdu()
86         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
87                         auth_length=0)
88         self.assertNotEquals(rep.u.alloc_hint, 0)
89         self.assertEquals(rep.u.context_id, req.u.context_id)
90         self.assertEquals(rep.u.cancel_count, 0)
91         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
92
93     def _test_no_auth_request_alter_pfc_flags(self, req_pfc_flags, rep_pfc_flags):
94         ndr32 = base.transfer_syntax_ndr()
95
96         tsf1_list = [ndr32]
97         ctx1 = dcerpc.ctx_list()
98         ctx1.context_id = 1
99         ctx1.num_transfer_syntaxes = len(tsf1_list)
100         ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
101         ctx1.transfer_syntaxes = tsf1_list
102
103         req = self.generate_bind(call_id=0, ctx_list=[ctx1])
104         self.send_pdu(req)
105         rep = self.recv_pdu()
106         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
107                         auth_length=0)
108         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
109         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
110         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
111         self.assertEquals(rep.u.secondary_address_size, 4)
112         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
113         self.assertEquals(len(rep.u._pad1), 2)
114         # sometimes windows sends random bytes
115         # self.assertEquals(rep.u._pad1, '\0' * 2)
116         self.assertEquals(rep.u.num_results, 1)
117         self.assertEquals(rep.u.ctx_list[0].result,
118                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
119         self.assertEquals(rep.u.ctx_list[0].reason,
120                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
121         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
122         self.assertEquals(rep.u.auth_info, b'\0' * 0)
123
124         # And now try a alter context
125         req = self.generate_alter(call_id=0, pfc_flags=req_pfc_flags, ctx_list=[ctx1])
126         self.send_pdu(req)
127         rep = self.recv_pdu()
128         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
129                         pfc_flags=rep_pfc_flags, auth_length=0)
130         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
131         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
132         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
133         self.assertEquals(rep.u.secondary_address_size, 0)
134         self.assertEquals(rep.u.secondary_address, "")
135         self.assertEquals(len(rep.u._pad1), 2)
136         # sometimes windows sends random bytes
137         # self.assertEquals(rep.u._pad1, '\0' * 2)
138         self.assertEquals(rep.u.num_results, 1)
139         self.assertEquals(rep.u.ctx_list[0].result,
140                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
141         self.assertEquals(rep.u.ctx_list[0].reason,
142                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
143         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
144         self.assertEquals(rep.u.auth_info, b'\0' * 0)
145
146         # And now try a request
147         req = self.generate_request(call_id=1,
148                                     context_id=ctx1.context_id,
149                                     opnum=0,
150                                     stub=b"")
151         self.send_pdu(req)
152         rep = self.recv_pdu()
153         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
154                         auth_length=0)
155         self.assertNotEquals(rep.u.alloc_hint, 0)
156         self.assertEquals(rep.u.context_id, req.u.context_id)
157         self.assertEquals(rep.u.cancel_count, 0)
158         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
159
160     def test_no_auth_request(self):
161         return self._test_no_auth_request_bind_pfc_flags(
162                                         req_pfc_flags=0 |
163                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
164                                         dcerpc.DCERPC_PFC_FLAG_LAST,
165                                         rep_pfc_flags=0 |
166                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
167                                         dcerpc.DCERPC_PFC_FLAG_LAST)
168
169     def test_no_auth_request_bind_pfc_00(self):
170         return self._test_no_auth_request_bind_pfc_flags(
171                                         req_pfc_flags=0 |
172                                         0,
173                                         rep_pfc_flags=0 |
174                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
175                                         dcerpc.DCERPC_PFC_FLAG_LAST)
176
177     def test_no_auth_request_bind_pfc_FIRST(self):
178         return self._test_no_auth_request_bind_pfc_flags(
179                                         req_pfc_flags=0 |
180                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
181                                         0,
182                                         rep_pfc_flags=0 |
183                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
184                                         dcerpc.DCERPC_PFC_FLAG_LAST)
185
186     def test_no_auth_request_bind_pfc_LAST(self):
187         return self._test_no_auth_request_bind_pfc_flags(
188                                         req_pfc_flags=0 |
189                                         dcerpc.DCERPC_PFC_FLAG_LAST |
190                                         0,
191                                         rep_pfc_flags=0 |
192                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
193                                         dcerpc.DCERPC_PFC_FLAG_LAST)
194
195     # TODO: doesn't announce DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
196     # without authentication
197     def _test_no_auth_request_bind_pfc_HDR_SIGNING(self):
198         return self._test_no_auth_request_bind_pfc_flags(
199                                         req_pfc_flags=0 |
200                                         dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN |
201                                         0,
202                                         rep_pfc_flags=0 |
203                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
204                                         dcerpc.DCERPC_PFC_FLAG_LAST |
205                                         dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)
206
207     def test_no_auth_request_bind_pfc_08(self):
208         return self._test_no_auth_request_bind_pfc_flags(
209                                         req_pfc_flags=0 |
210                                         8 |
211                                         0,
212                                         rep_pfc_flags=0 |
213                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
214                                         dcerpc.DCERPC_PFC_FLAG_LAST)
215
216     def test_no_auth_request_bind_pfc_CONC_MPX(self):
217         return self._test_no_auth_request_bind_pfc_flags(
218                                         req_pfc_flags=0 |
219                                         dcerpc.DCERPC_PFC_FLAG_CONC_MPX |
220                                         0,
221                                         rep_pfc_flags=0 |
222                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
223                                         dcerpc.DCERPC_PFC_FLAG_LAST |
224                                         dcerpc.DCERPC_PFC_FLAG_CONC_MPX)
225
226     def test_no_auth_request_bind_pfc_DID_NOT_EXECUTE(self):
227         return self._test_no_auth_request_bind_pfc_flags(
228                                         req_pfc_flags=0 |
229                                         dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE |
230                                         0,
231                                         rep_pfc_flags=0 |
232                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
233                                         dcerpc.DCERPC_PFC_FLAG_LAST)
234
235     def test_no_auth_request_bind_pfc_MAYBE(self):
236         return self._test_no_auth_request_bind_pfc_flags(
237                                         req_pfc_flags=0 |
238                                         dcerpc.DCERPC_PFC_FLAG_MAYBE |
239                                         0,
240                                         rep_pfc_flags=0 |
241                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
242                                         dcerpc.DCERPC_PFC_FLAG_LAST)
243
244     def test_no_auth_request_bind_pfc_OBJECT_UUID(self):
245         return self._test_no_auth_request_bind_pfc_flags(
246                                         req_pfc_flags=0 |
247                                         dcerpc.DCERPC_PFC_FLAG_OBJECT_UUID |
248                                         0,
249                                         rep_pfc_flags=0 |
250                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
251                                         dcerpc.DCERPC_PFC_FLAG_LAST)
252
253     # TODO: doesn't announce DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
254     # without authentication
255     # TODO: doesn't announce DCERPC_PFC_FLAG_CONC_MPX
256     # by default
257     def _test_no_auth_request_bind_pfc_ff(self):
258         return self._test_no_auth_request_bind_pfc_flags(
259                                         req_pfc_flags=0 |
260                                         0xff |
261                                         0,
262                                         rep_pfc_flags=0 |
263                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
264                                         dcerpc.DCERPC_PFC_FLAG_LAST |
265                                         dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN |
266                                         dcerpc.DCERPC_PFC_FLAG_CONC_MPX)
267
268     def test_no_auth_request_alter_pfc_00(self):
269         return self._test_no_auth_request_alter_pfc_flags(
270                                         req_pfc_flags=0 |
271                                         0,
272                                         rep_pfc_flags=0 |
273                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
274                                         dcerpc.DCERPC_PFC_FLAG_LAST)
275
276     def test_no_auth_request_alter_pfc_FIRST(self):
277         return self._test_no_auth_request_alter_pfc_flags(
278                                         req_pfc_flags=0 |
279                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
280                                         0,
281                                         rep_pfc_flags=0 |
282                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
283                                         dcerpc.DCERPC_PFC_FLAG_LAST)
284
285     def test_no_auth_request_alter_pfc_LAST(self):
286         return self._test_no_auth_request_alter_pfc_flags(
287                                         req_pfc_flags=0 |
288                                         dcerpc.DCERPC_PFC_FLAG_LAST |
289                                         0,
290                                         rep_pfc_flags=0 |
291                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
292                                         dcerpc.DCERPC_PFC_FLAG_LAST)
293
294     # TODO: doesn't announce DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
295     # without authentication
296     def _test_no_auth_request_alter_pfc_HDR_SIGNING(self):
297         return self._test_no_auth_request_alter_pfc_flags(
298                                         req_pfc_flags=0 |
299                                         dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN |
300                                         0,
301                                         rep_pfc_flags=0 |
302                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
303                                         dcerpc.DCERPC_PFC_FLAG_LAST |
304                                         dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)
305
306     def test_no_auth_request_alter_pfc_08(self):
307         return self._test_no_auth_request_alter_pfc_flags(
308                                         req_pfc_flags=0 |
309                                         8 |
310                                         0,
311                                         rep_pfc_flags=0 |
312                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
313                                         dcerpc.DCERPC_PFC_FLAG_LAST)
314
315     def test_no_auth_request_alter_pfc_CONC_MPX(self):
316         return self._test_no_auth_request_alter_pfc_flags(
317                                         req_pfc_flags=0 |
318                                         dcerpc.DCERPC_PFC_FLAG_CONC_MPX |
319                                         0,
320                                         rep_pfc_flags=0 |
321                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
322                                         dcerpc.DCERPC_PFC_FLAG_LAST)
323
324     def test_no_auth_request_alter_pfc_DID_NOT_EXECUTE(self):
325         return self._test_no_auth_request_alter_pfc_flags(
326                                         req_pfc_flags=0 |
327                                         dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE |
328                                         0,
329                                         rep_pfc_flags=0 |
330                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
331                                         dcerpc.DCERPC_PFC_FLAG_LAST)
332
333     def test_no_auth_request_alter_pfc_MAYBE(self):
334         return self._test_no_auth_request_alter_pfc_flags(
335                                         req_pfc_flags=0 |
336                                         dcerpc.DCERPC_PFC_FLAG_MAYBE |
337                                         0,
338                                         rep_pfc_flags=0 |
339                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
340                                         dcerpc.DCERPC_PFC_FLAG_LAST)
341
342     def test_no_auth_request_alter_pfc_OBJECT_UUID(self):
343         return self._test_no_auth_request_alter_pfc_flags(
344                                         req_pfc_flags=0 |
345                                         dcerpc.DCERPC_PFC_FLAG_OBJECT_UUID |
346                                         0,
347                                         rep_pfc_flags=0 |
348                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
349                                         dcerpc.DCERPC_PFC_FLAG_LAST)
350
351     # TODO: doesn't announce DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
352     # without authentication
353     def _test_no_auth_request_alter_pfc_ff(self):
354         return self._test_no_auth_request_alter_pfc_flags(
355                                         req_pfc_flags=0 |
356                                         0xff |
357                                         0,
358                                         rep_pfc_flags=0 |
359                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
360                                         dcerpc.DCERPC_PFC_FLAG_LAST |
361                                         dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)
362
363     def test_no_auth_no_ctx(self):
364         # send an useless bind
365         req = self.generate_bind(call_id=0)
366         self.send_pdu(req)
367         rep = self.recv_pdu()
368         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
369                         auth_length=0)
370         self.assertEquals(rep.u.reject_reason,
371                           dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
372         self.assertEquals(rep.u.num_versions, 1)
373         self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
374         self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
375         self.assertEquals(len(rep.u._pad), 3)
376         self.assertEquals(rep.u._pad, b'\0' * 3)
377
378     def test_invalid_auth_noctx(self):
379         req = self.generate_bind(call_id=0)
380         req.auth_length = dcerpc.DCERPC_AUTH_TRAILER_LENGTH
381         self.send_pdu(req)
382         rep = self.recv_pdu()
383         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
384                         auth_length=0)
385         self.assertEquals(rep.u.reject_reason,
386                           dcerpc.DCERPC_BIND_NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED)
387         self.assertEquals(rep.u.num_versions, 1)
388         self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
389         self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
390         self.assertEquals(len(rep.u._pad), 3)
391         self.assertEquals(rep.u._pad, b'\0' * 3)
392
393     def test_no_auth_valid_valid_request(self):
394         ndr32 = base.transfer_syntax_ndr()
395
396         tsf1_list = [ndr32]
397         ctx1 = dcerpc.ctx_list()
398         ctx1.context_id = 1
399         ctx1.num_transfer_syntaxes = len(tsf1_list)
400         ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
401         ctx1.transfer_syntaxes = tsf1_list
402
403         req = self.generate_bind(call_id=0, ctx_list=[ctx1])
404         self.send_pdu(req)
405         rep = self.recv_pdu()
406         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
407                         auth_length=0)
408         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
409         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
410         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
411         self.assertEquals(rep.u.secondary_address_size, 4)
412         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
413         self.assertEquals(len(rep.u._pad1), 2)
414         self.assertEquals(rep.u._pad1, b'\0' * 2)
415         self.assertEquals(rep.u.num_results, 1)
416         self.assertEquals(rep.u.ctx_list[0].result,
417                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
418         self.assertEquals(rep.u.ctx_list[0].reason,
419                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
420         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
421         self.assertEquals(rep.u.auth_info, b'\0' * 0)
422
423         # Send a bind again
424         tsf2_list = [ndr32]
425         ctx2 = dcerpc.ctx_list()
426         ctx2.context_id = 2
427         ctx2.num_transfer_syntaxes = len(tsf2_list)
428         ctx2.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
429         ctx2.transfer_syntaxes = tsf2_list
430
431         req = self.generate_bind(call_id=1, ctx_list=[ctx2])
432         self.send_pdu(req)
433         rep = self.recv_pdu()
434         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
435                         auth_length=0)
436         self.assertEquals(rep.u.reject_reason,
437                           dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
438         self.assertEquals(rep.u.num_versions, 1)
439         self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
440         self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
441         self.assertEquals(len(rep.u._pad), 3)
442         self.assertEquals(rep.u._pad, b'\0' * 3)
443
444         # wait for a disconnect
445         rep = self.recv_pdu()
446         self.assertIsNone(rep)
447         self.assertNotConnected()
448
449     def test_no_auth_invalid_valid_request(self):
450         # send an useless bind
451         req = self.generate_bind(call_id=0)
452         self.send_pdu(req)
453         rep = self.recv_pdu()
454         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
455                         auth_length=0)
456         self.assertEquals(rep.u.reject_reason,
457                           dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
458         self.assertEquals(rep.u.num_versions, 1)
459         self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
460         self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
461         self.assertEquals(len(rep.u._pad), 3)
462         self.assertEquals(rep.u._pad, b'\0' * 3)
463
464         # wait for a disconnect
465         rep = self.recv_pdu()
466         self.assertIsNone(rep)
467         self.assertNotConnected()
468
469     def test_alter_no_auth_no_ctx(self):
470         ndr32 = base.transfer_syntax_ndr()
471
472         tsf1_list = [ndr32]
473         ctx1 = dcerpc.ctx_list()
474         ctx1.context_id = 1
475         ctx1.num_transfer_syntaxes = len(tsf1_list)
476         ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
477         ctx1.transfer_syntaxes = tsf1_list
478
479         req = self.generate_bind(call_id=0, ctx_list=[ctx1])
480         self.send_pdu(req)
481         rep = self.recv_pdu()
482         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
483                         auth_length=0)
484         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
485         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
486         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
487         self.assertEquals(rep.u.secondary_address_size, 4)
488         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
489         self.assertEquals(len(rep.u._pad1), 2)
490         self.assertEquals(rep.u._pad1, b'\0' * 2)
491         self.assertEquals(rep.u.num_results, 1)
492         self.assertEquals(rep.u.ctx_list[0].result,
493                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
494         self.assertEquals(rep.u.ctx_list[0].reason,
495                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
496         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
497         self.assertEquals(rep.u.auth_info, b'\0' * 0)
498
499         # Send a alter
500         req = self.generate_alter(call_id=1, ctx_list=[])
501         self.send_pdu(req)
502         rep = self.recv_pdu()
503         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
504                         pfc_flags=req.pfc_flags |
505                         dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
506                         auth_length=0)
507         self.assertNotEquals(rep.u.alloc_hint, 0)
508         self.assertEquals(rep.u.context_id, 0)
509         self.assertEquals(rep.u.cancel_count, 0)
510         self.assertEquals(rep.u.flags, 0)
511         self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
512         self.assertEquals(rep.u.reserved, 0)
513         self.assertEquals(len(rep.u.error_and_verifier), 0)
514
515         # wait for a disconnect
516         rep = self.recv_pdu()
517         self.assertIsNone(rep)
518         self.assertNotConnected()
519
520     def test_no_auth_presentation_ctx_valid1(self):
521         ndr32 = base.transfer_syntax_ndr()
522
523         zero_syntax = misc.ndr_syntax_id()
524
525         tsf1_list = [zero_syntax, ndr32]
526         ctx1 = dcerpc.ctx_list()
527         ctx1.context_id = 1
528         ctx1.num_transfer_syntaxes = len(tsf1_list)
529         ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
530         ctx1.transfer_syntaxes = tsf1_list
531
532         req = self.generate_bind(call_id=0, ctx_list=[ctx1])
533         self.send_pdu(req)
534         rep = self.recv_pdu()
535         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
536                         auth_length=0)
537         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
538         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
539         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
540         self.assertEquals(rep.u.secondary_address_size, 4)
541         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
542         self.assertEquals(len(rep.u._pad1), 2)
543         self.assertEquals(rep.u._pad1, b'\0' * 2)
544         self.assertEquals(rep.u.num_results, 1)
545         self.assertEquals(rep.u.ctx_list[0].result,
546                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
547         self.assertEquals(rep.u.ctx_list[0].reason,
548                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
549         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
550         self.assertEquals(rep.u.auth_info, b'\0' * 0)
551
552         # Send a alter
553         req = self.generate_alter(call_id=1, ctx_list=[ctx1])
554         self.send_pdu(req)
555         rep = self.recv_pdu()
556         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
557                         auth_length=0)
558         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
559         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
560         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
561         self.assertEquals(rep.u.secondary_address_size, 0)
562         self.assertEquals(len(rep.u._pad1), 2)
563         #self.assertEquals(rep.u._pad1, '\0' * 2)
564         self.assertEquals(rep.u.num_results, 1)
565         self.assertEquals(rep.u.ctx_list[0].result,
566                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
567         self.assertEquals(rep.u.ctx_list[0].reason,
568                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
569         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
570         self.assertEquals(rep.u.auth_info, b'\0' * 0)
571
572         req = self.generate_request(call_id=2,
573                                     context_id=ctx1.context_id,
574                                     opnum=0xffff,
575                                     stub=b"")
576         self.send_pdu(req)
577         rep = self.recv_pdu()
578         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
579                         pfc_flags=req.pfc_flags |
580                         dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
581                         auth_length=0)
582         self.assertNotEquals(rep.u.alloc_hint, 0)
583         self.assertEquals(rep.u.context_id, ctx1.context_id)
584         self.assertEquals(rep.u.cancel_count, 0)
585         self.assertEquals(rep.u.flags, 0)
586         self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_OP_RNG_ERROR)
587         self.assertEquals(rep.u.reserved, 0)
588         self.assertEquals(len(rep.u.error_and_verifier), 0)
589
590     def test_no_auth_presentation_ctx_invalid1(self):
591         ndr32 = base.transfer_syntax_ndr()
592
593         zero_syntax = misc.ndr_syntax_id()
594
595         tsf1_list = [ndr32]
596         ctx1 = dcerpc.ctx_list()
597         ctx1.context_id = 1
598         ctx1.num_transfer_syntaxes = len(tsf1_list)
599         ctx1.abstract_syntax = ndr32
600         ctx1.transfer_syntaxes = tsf1_list
601
602         req = self.generate_bind(call_id=0, ctx_list=[ctx1])
603         self.send_pdu(req)
604         rep = self.recv_pdu()
605         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
606                         auth_length=0)
607         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
608         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
609         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
610         self.assertEquals(rep.u.secondary_address_size, 4)
611         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
612         self.assertEquals(len(rep.u._pad1), 2)
613         self.assertEquals(rep.u._pad1, b'\0' * 2)
614         self.assertEquals(rep.u.num_results, 1)
615         self.assertEquals(rep.u.ctx_list[0].result,
616                           dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
617         self.assertEquals(rep.u.ctx_list[0].reason,
618                           dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
619         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
620         self.assertEquals(rep.u.auth_info, b'\0' * 0)
621
622         # Send a alter
623         req = self.generate_alter(call_id=1, ctx_list=[ctx1])
624         self.send_pdu(req)
625         rep = self.recv_pdu()
626         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
627                         auth_length=0)
628         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
629         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
630         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
631         self.assertEquals(rep.u.secondary_address_size, 0)
632         self.assertEquals(len(rep.u._pad1), 2)
633         #self.assertEquals(rep.u._pad1, '\0' * 2)
634         self.assertEquals(rep.u.num_results, 1)
635         self.assertEquals(rep.u.ctx_list[0].result,
636                           dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
637         self.assertEquals(rep.u.ctx_list[0].reason,
638                           dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
639         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
640         self.assertEquals(rep.u.auth_info, b'\0' * 0)
641
642         req = self.generate_request(call_id=2,
643                                     context_id=12345,
644                                     opnum=0,
645                                     stub=b"")
646         self.send_pdu(req)
647         rep = self.recv_pdu()
648         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
649                         pfc_flags=req.pfc_flags |
650                         dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
651                         auth_length=0)
652         self.assertNotEquals(rep.u.alloc_hint, 0)
653         self.assertEquals(rep.u.context_id, 0)
654         self.assertEquals(rep.u.cancel_count, 0)
655         self.assertEquals(rep.u.flags, 0)
656         self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_UNKNOWN_IF)
657         self.assertEquals(rep.u.reserved, 0)
658         self.assertEquals(len(rep.u.error_and_verifier), 0)
659
660         # Send a alter again to prove the connection is still alive
661         req = self.generate_alter(call_id=3, ctx_list=[ctx1])
662         self.send_pdu(req)
663         rep = self.recv_pdu()
664         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
665                         auth_length=0)
666         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
667         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
668         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
669         self.assertEquals(rep.u.secondary_address_size, 0)
670         self.assertEquals(len(rep.u._pad1), 2)
671         #self.assertEquals(rep.u._pad1, '\0' * 2)
672         self.assertEquals(rep.u.num_results, 1)
673         self.assertEquals(rep.u.ctx_list[0].result,
674                           dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
675         self.assertEquals(rep.u.ctx_list[0].reason,
676                           dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
677         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
678         self.assertEquals(rep.u.auth_info, b'\0' * 0)
679
680     def test_no_auth_presentation_ctx_invalid2(self):
681         ndr32 = base.transfer_syntax_ndr()
682
683         zero_syntax = misc.ndr_syntax_id()
684
685         tsf1a_list = []
686         ctx1a = dcerpc.ctx_list()
687         ctx1a.context_id = 1
688         ctx1a.num_transfer_syntaxes = len(tsf1a_list)
689         ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
690         ctx1a.transfer_syntaxes = tsf1a_list
691
692         req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
693         self.send_pdu(req)
694         rep = self.recv_pdu()
695         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
696                         auth_length=0)
697         self.assertEquals(rep.u.reject_reason,
698                           dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
699         self.assertEquals(rep.u.num_versions, 1)
700         self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
701         self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
702         self.assertEquals(len(rep.u._pad), 3)
703         self.assertEquals(rep.u._pad, b'\0' * 3)
704
705         # wait for a disconnect
706         rep = self.recv_pdu()
707         self.assertIsNone(rep)
708         self.assertNotConnected()
709
710     def test_no_auth_presentation_ctx_invalid3(self):
711         ndr32 = base.transfer_syntax_ndr()
712
713         zero_syntax = misc.ndr_syntax_id()
714
715         tsf1a_list = [zero_syntax, ndr32, ndr32, ndr32]
716         ctx1a = dcerpc.ctx_list()
717         ctx1a.context_id = 1
718         ctx1a.num_transfer_syntaxes = len(tsf1a_list)
719         ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
720         ctx1a.transfer_syntaxes = tsf1a_list
721
722         req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
723         self.send_pdu(req)
724         rep = self.recv_pdu()
725         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
726                         auth_length=0)
727         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
728         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
729         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
730         self.assertEquals(rep.u.secondary_address_size, 4)
731         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
732         self.assertEquals(len(rep.u._pad1), 2)
733         self.assertEquals(rep.u._pad1, b'\0' * 2)
734         self.assertEquals(rep.u.num_results, 1)
735         self.assertEquals(rep.u.ctx_list[0].result,
736                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
737         self.assertEquals(rep.u.ctx_list[0].reason,
738                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
739         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
740         self.assertEquals(rep.u.auth_info, b'\0' * 0)
741
742         tsf1b_list = []
743         ctx1b = dcerpc.ctx_list()
744         ctx1b.context_id = 1
745         ctx1b.num_transfer_syntaxes = len(tsf1b_list)
746         ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
747         ctx1b.transfer_syntaxes = tsf1b_list
748
749         # Send a alter
750         req = self.generate_alter(call_id=1, ctx_list=[ctx1b])
751         self.send_pdu(req)
752         rep = self.recv_pdu()
753         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
754                         pfc_flags=req.pfc_flags |
755                         dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
756                         auth_length=0)
757         self.assertNotEquals(rep.u.alloc_hint, 0)
758         self.assertEquals(rep.u.context_id, 0)
759         self.assertEquals(rep.u.cancel_count, 0)
760         self.assertEquals(rep.u.flags, 0)
761         self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
762         self.assertEquals(rep.u.reserved, 0)
763         self.assertEquals(len(rep.u.error_and_verifier), 0)
764
765         # wait for a disconnect
766         rep = self.recv_pdu()
767         self.assertIsNone(rep)
768         self.assertNotConnected()
769
770     def test_no_auth_presentation_ctx_invalid4(self):
771         ndr32 = base.transfer_syntax_ndr()
772         ndr64 = base.transfer_syntax_ndr64()
773
774         zero_syntax = misc.ndr_syntax_id()
775
776         tsf1a_list = [zero_syntax, ndr32, ndr32, ndr32]
777         ctx1a = dcerpc.ctx_list()
778         ctx1a.context_id = 1
779         ctx1a.num_transfer_syntaxes = len(tsf1a_list)
780         ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
781         ctx1a.transfer_syntaxes = tsf1a_list
782
783         req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
784         self.send_pdu(req)
785         rep = self.recv_pdu()
786         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
787                         auth_length=0)
788         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
789         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
790         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
791         self.assertEquals(rep.u.secondary_address_size, 4)
792         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
793         self.assertEquals(len(rep.u._pad1), 2)
794         self.assertEquals(rep.u._pad1, b'\0' * 2)
795         self.assertEquals(rep.u.num_results, 1)
796         self.assertEquals(rep.u.ctx_list[0].result,
797                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
798         self.assertEquals(rep.u.ctx_list[0].reason,
799                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
800         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
801         self.assertEquals(rep.u.auth_info, b'\0' * 0)
802
803         # With a known but wrong syntax we get a protocol error
804         # see test_no_auth_presentation_ctx_valid2
805         tsf1b_list = [zero_syntax, samba.dcerpc.epmapper.abstract_syntax(), ndr64]
806         ctx1b = dcerpc.ctx_list()
807         ctx1b.context_id = 1
808         ctx1b.num_transfer_syntaxes = len(tsf1b_list)
809         ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
810         ctx1b.transfer_syntaxes = tsf1b_list
811
812         # Send a alter
813         req = self.generate_alter(call_id=1, ctx_list=[ctx1b])
814         self.send_pdu(req)
815         rep = self.recv_pdu()
816         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
817                         pfc_flags=req.pfc_flags |
818                         dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
819                         auth_length=0)
820         self.assertNotEquals(rep.u.alloc_hint, 0)
821         self.assertEquals(rep.u.context_id, 0)
822         self.assertEquals(rep.u.cancel_count, 0)
823         self.assertEquals(rep.u.flags, 0)
824         self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
825         self.assertEquals(rep.u.reserved, 0)
826         self.assertEquals(len(rep.u.error_and_verifier), 0)
827
828         # wait for a disconnect
829         rep = self.recv_pdu()
830         self.assertIsNone(rep)
831         self.assertNotConnected()
832
833     def test_no_auth_presentation_ctx_valid2(self):
834         ndr32 = base.transfer_syntax_ndr()
835
836         zero_syntax = misc.ndr_syntax_id()
837
838         tsf1a_list = [zero_syntax, ndr32, ndr32, ndr32]
839         ctx1a = dcerpc.ctx_list()
840         ctx1a.context_id = 1
841         ctx1a.num_transfer_syntaxes = len(tsf1a_list)
842         ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
843         ctx1a.transfer_syntaxes = tsf1a_list
844
845         req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
846         self.send_pdu(req)
847         rep = self.recv_pdu()
848         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
849                         auth_length=0)
850         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
851         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
852         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
853         self.assertEquals(rep.u.secondary_address_size, 4)
854         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
855         self.assertEquals(len(rep.u._pad1), 2)
856         self.assertEquals(rep.u._pad1, b'\0' * 2)
857         self.assertEquals(rep.u.num_results, 1)
858         self.assertEquals(rep.u.ctx_list[0].result,
859                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
860         self.assertEquals(rep.u.ctx_list[0].reason,
861                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
862         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
863         self.assertEquals(rep.u.auth_info, b'\0' * 0)
864
865         # With a unknown but wrong syntaxes we get NO protocol error
866         # see test_no_auth_presentation_ctx_invalid4
867         tsf1b_list = [zero_syntax, samba.dcerpc.epmapper.abstract_syntax()]
868         ctx1b = dcerpc.ctx_list()
869         ctx1b.context_id = 1
870         ctx1b.num_transfer_syntaxes = len(tsf1b_list)
871         ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
872         ctx1b.transfer_syntaxes = tsf1b_list
873
874         # Send a alter
875         req = self.generate_alter(call_id=1, ctx_list=[ctx1b])
876         self.send_pdu(req)
877         rep = self.recv_pdu()
878         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
879                         auth_length=0)
880         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
881         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
882         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
883         self.assertEquals(rep.u.secondary_address_size, 0)
884         self.assertEquals(len(rep.u._pad1), 2)
885         #self.assertEquals(rep.u._pad1, '\0' * 2)
886         self.assertEquals(rep.u.num_results, 1)
887         self.assertEquals(rep.u.ctx_list[0].result,
888                           dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
889         self.assertEquals(rep.u.ctx_list[0].reason,
890                           dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
891         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
892         self.assertEquals(rep.u.auth_info, b'\0' * 0)
893
894         req = self.generate_request(call_id=2,
895                                     context_id=ctx1a.context_id,
896                                     opnum=0xffff,
897                                     stub=b"")
898         self.send_pdu(req)
899         rep = self.recv_pdu()
900         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
901                         pfc_flags=req.pfc_flags |
902                         dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
903                         auth_length=0)
904         self.assertNotEquals(rep.u.alloc_hint, 0)
905         self.assertEquals(rep.u.context_id, ctx1a.context_id)
906         self.assertEquals(rep.u.cancel_count, 0)
907         self.assertEquals(rep.u.flags, 0)
908         self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_OP_RNG_ERROR)
909         self.assertEquals(rep.u.reserved, 0)
910         self.assertEquals(len(rep.u.error_and_verifier), 0)
911
912     def test_no_auth_presentation_ctx_no_ndr64(self):
913         ndr32 = base.transfer_syntax_ndr()
914         zero_syntax = misc.ndr_syntax_id()
915
916         tsfZ_list = [zero_syntax]
917         ctxZ = dcerpc.ctx_list()
918         ctxZ.context_id = 54321
919         ctxZ.num_transfer_syntaxes = len(tsfZ_list)
920         ctxZ.abstract_syntax = zero_syntax
921         ctxZ.transfer_syntaxes = tsfZ_list
922
923         req = self.generate_bind(call_id=0, ctx_list=[ctxZ])
924         self.send_pdu(req)
925         rep = self.recv_pdu()
926         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
927                         auth_length=0)
928         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
929         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
930         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
931         self.assertEquals(rep.u.secondary_address_size, 4)
932         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
933         self.assertEquals(len(rep.u._pad1), 2)
934         self.assertEquals(rep.u._pad1, b'\0' * 2)
935         self.assertEquals(rep.u.num_results, 1)
936         self.assertEquals(rep.u.ctx_list[0].result,
937                           dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
938         self.assertEquals(rep.u.ctx_list[0].reason,
939                           dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
940         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
941         self.assertEquals(rep.u.auth_info, b'\0' * 0)
942
943         tsf0_list = [ndr32]
944         ctx0 = dcerpc.ctx_list()
945         ctx0.context_id = 0
946         ctx0.num_transfer_syntaxes = len(tsf0_list)
947         ctx0.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
948         ctx0.transfer_syntaxes = tsf0_list
949
950         req = self.generate_alter(call_id=0, ctx_list=[ctx0])
951         self.send_pdu(req)
952         rep = self.recv_pdu()
953         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
954                         auth_length=0)
955         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
956         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
957         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
958         self.assertEquals(rep.u.secondary_address_size, 0)
959         self.assertEquals(len(rep.u._pad1), 2)
960         #self.assertEquals(rep.u._pad1, '\0' * 2)
961         self.assertEquals(rep.u.num_results, 1)
962         self.assertEquals(rep.u.ctx_list[0].result,
963                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
964         self.assertEquals(rep.u.ctx_list[0].reason,
965                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
966         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
967         self.assertEquals(rep.u.auth_info, b'\0' * 0)
968
969         req = self.generate_request(call_id=1,
970                                     context_id=ctx0.context_id,
971                                     opnum=0,
972                                     stub=b"")
973         self.send_pdu(req)
974         rep = self.recv_pdu()
975         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
976                         auth_length=0)
977         self.assertNotEquals(rep.u.alloc_hint, 0)
978         self.assertEquals(rep.u.context_id, req.u.context_id)
979         self.assertEquals(rep.u.cancel_count, 0)
980         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
981
982         tsf1_list = [zero_syntax, ndr32]
983         ctx1 = dcerpc.ctx_list()
984         ctx1.context_id = 1
985         ctx1.num_transfer_syntaxes = len(tsf1_list)
986         ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
987         ctx1.transfer_syntaxes = tsf1_list
988
989         req = self.generate_alter(call_id=1, ctx_list=[ctx1])
990         self.send_pdu(req)
991         rep = self.recv_pdu()
992         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
993                         auth_length=0)
994         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
995         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
996         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
997         self.assertEquals(rep.u.secondary_address_size, 0)
998         self.assertEquals(len(rep.u._pad1), 2)
999         #self.assertEquals(rep.u._pad1, '\0' * 2)
1000         self.assertEquals(rep.u.num_results, 1)
1001         self.assertEquals(rep.u.ctx_list[0].result,
1002                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1003         self.assertEquals(rep.u.ctx_list[0].reason,
1004                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1005         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1006         self.assertEquals(rep.u.auth_info, b'\0' * 0)
1007
1008         req = self.generate_request(call_id=1,
1009                                     context_id=ctx1.context_id,
1010                                     opnum=0,
1011                                     stub=b"")
1012         self.send_pdu(req)
1013         rep = self.recv_pdu()
1014         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1015                         auth_length=0)
1016         self.assertNotEquals(rep.u.alloc_hint, 0)
1017         self.assertEquals(rep.u.context_id, req.u.context_id)
1018         self.assertEquals(rep.u.cancel_count, 0)
1019         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1020
1021         tsf2_list = [ndr32, ndr32]
1022         ctx2 = dcerpc.ctx_list()
1023         ctx2.context_id = 2
1024         ctx2.num_transfer_syntaxes = len(tsf2_list)
1025         ctx2.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1026         ctx2.transfer_syntaxes = tsf2_list
1027
1028         req = self.generate_alter(call_id=2, ctx_list=[ctx2])
1029         self.send_pdu(req)
1030         rep = self.recv_pdu()
1031         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1032                         auth_length=0)
1033         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1034         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1035         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1036         self.assertEquals(rep.u.secondary_address_size, 0)
1037         self.assertEquals(len(rep.u._pad1), 2)
1038         #self.assertEquals(rep.u._pad1, '\0' * 2)
1039         self.assertEquals(rep.u.num_results, 1)
1040         self.assertEquals(rep.u.ctx_list[0].result,
1041                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1042         self.assertEquals(rep.u.ctx_list[0].reason,
1043                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1044         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1045         self.assertEquals(rep.u.auth_info, b'\0' * 0)
1046
1047         req = self.generate_request(call_id=1,
1048                                     context_id=ctx2.context_id,
1049                                     opnum=0,
1050                                     stub=b"")
1051         self.send_pdu(req)
1052         rep = self.recv_pdu()
1053         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1054                         auth_length=0)
1055         self.assertNotEquals(rep.u.alloc_hint, 0)
1056         self.assertEquals(rep.u.context_id, req.u.context_id)
1057         self.assertEquals(rep.u.cancel_count, 0)
1058         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1059
1060         tsf3_list = [ndr32]
1061         ctx3 = dcerpc.ctx_list()
1062         ctx3.context_id = 3
1063         ctx3.num_transfer_syntaxes = len(tsf3_list)
1064         ctx3.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1065         ctx3.transfer_syntaxes = tsf3_list
1066
1067         tsf4_list = [ndr32]
1068         ctx4 = dcerpc.ctx_list()
1069         ctx4.context_id = 4
1070         ctx4.num_transfer_syntaxes = len(tsf4_list)
1071         ctx4.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1072         ctx4.transfer_syntaxes = tsf4_list
1073
1074         req = self.generate_alter(call_id=34, ctx_list=[ctx3, ctx4])
1075         self.send_pdu(req)
1076         rep = self.recv_pdu()
1077         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1078                         auth_length=0)
1079         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1080         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1081         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1082         self.assertEquals(rep.u.secondary_address_size, 0)
1083         self.assertEquals(len(rep.u._pad1), 2)
1084         #self.assertEquals(rep.u._pad1, '\0' * 2)
1085         self.assertEquals(rep.u.num_results, 2)
1086         self.assertEquals(rep.u.ctx_list[0].result,
1087                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1088         self.assertEquals(rep.u.ctx_list[0].reason,
1089                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1090         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1091         self.assertEquals(rep.u.ctx_list[1].result,
1092                           dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1093         self.assertEquals(rep.u.ctx_list[1].reason,
1094                           dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1095         self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1096         self.assertEquals(rep.u.auth_info, b'\0' * 0)
1097
1098         req = self.generate_request(call_id=1,
1099                                     context_id=ctx3.context_id,
1100                                     opnum=0,
1101                                     stub=b"")
1102         self.send_pdu(req)
1103         rep = self.recv_pdu()
1104         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1105                         auth_length=0)
1106         self.assertNotEquals(rep.u.alloc_hint, 0)
1107         self.assertEquals(rep.u.context_id, req.u.context_id)
1108         self.assertEquals(rep.u.cancel_count, 0)
1109         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1110
1111         req = self.generate_alter(call_id=43, ctx_list=[ctx4, ctx3])
1112         self.send_pdu(req)
1113         rep = self.recv_pdu()
1114         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1115                         auth_length=0)
1116         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1117         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1118         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1119         self.assertEquals(rep.u.secondary_address_size, 0)
1120         self.assertEquals(len(rep.u._pad1), 2)
1121         #self.assertEquals(rep.u._pad1, '\0' * 2)
1122         self.assertEquals(rep.u.num_results, 2)
1123         self.assertEquals(rep.u.ctx_list[0].result,
1124                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1125         self.assertEquals(rep.u.ctx_list[0].reason,
1126                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1127         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1128         self.assertEquals(rep.u.ctx_list[1].result,
1129                           dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1130         self.assertEquals(rep.u.ctx_list[1].reason,
1131                           dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1132         self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1133         self.assertEquals(rep.u.auth_info, b'\0' * 0)
1134
1135         req = self.generate_request(call_id=1,
1136                                     context_id=ctx4.context_id,
1137                                     opnum=0,
1138                                     stub=b"")
1139         self.send_pdu(req)
1140         rep = self.recv_pdu()
1141         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1142                         auth_length=0)
1143         self.assertNotEquals(rep.u.alloc_hint, 0)
1144         self.assertEquals(rep.u.context_id, req.u.context_id)
1145         self.assertEquals(rep.u.cancel_count, 0)
1146         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1147
1148         req = self.generate_request(call_id=1,
1149                                     context_id=ctx3.context_id,
1150                                     opnum=0,
1151                                     stub=b"")
1152         self.send_pdu(req)
1153         rep = self.recv_pdu()
1154         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1155                         auth_length=0)
1156         self.assertNotEquals(rep.u.alloc_hint, 0)
1157         self.assertEquals(rep.u.context_id, req.u.context_id)
1158         self.assertEquals(rep.u.cancel_count, 0)
1159         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1160
1161         req = self.generate_alter(call_id=44, ctx_list=[ctx4, ctx4])
1162         self.send_pdu(req)
1163         rep = self.recv_pdu()
1164         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1165                         auth_length=0)
1166         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1167         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1168         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1169         self.assertEquals(rep.u.secondary_address_size, 0)
1170         self.assertEquals(len(rep.u._pad1), 2)
1171         #self.assertEquals(rep.u._pad1, '\0' * 2)
1172         self.assertEquals(rep.u.num_results, 2)
1173         self.assertEquals(rep.u.ctx_list[0].result,
1174                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1175         self.assertEquals(rep.u.ctx_list[0].reason,
1176                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1177         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1178         self.assertEquals(rep.u.ctx_list[1].result,
1179                           dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1180         self.assertEquals(rep.u.ctx_list[1].reason,
1181                           dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1182         self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1183         self.assertEquals(rep.u.auth_info, b'\0' * 0)
1184
1185         req = self.generate_request(call_id=1,
1186                                     context_id=ctx4.context_id,
1187                                     opnum=0,
1188                                     stub=b"")
1189         self.send_pdu(req)
1190         rep = self.recv_pdu()
1191         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1192                         auth_length=0)
1193         self.assertNotEquals(rep.u.alloc_hint, 0)
1194         self.assertEquals(rep.u.context_id, req.u.context_id)
1195         self.assertEquals(rep.u.cancel_count, 0)
1196         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1197
1198         req = self.generate_request(call_id=1,
1199                                     context_id=ctx3.context_id,
1200                                     opnum=0,
1201                                     stub=b"")
1202         self.send_pdu(req)
1203         rep = self.recv_pdu()
1204         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1205                         auth_length=0)
1206         self.assertNotEquals(rep.u.alloc_hint, 0)
1207         self.assertEquals(rep.u.context_id, req.u.context_id)
1208         self.assertEquals(rep.u.cancel_count, 0)
1209         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1210
1211         tsf5mgmt_list = [ndr32]
1212         ctx5mgmt = dcerpc.ctx_list()
1213         ctx5mgmt.context_id = 5
1214         ctx5mgmt.num_transfer_syntaxes = len(tsf5mgmt_list)
1215         ctx5mgmt.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1216         ctx5mgmt.transfer_syntaxes = tsf5mgmt_list
1217
1218         tsf5epm_list = [ndr32]
1219         ctx5epm = dcerpc.ctx_list()
1220         ctx5epm.context_id = 5
1221         ctx5epm.num_transfer_syntaxes = len(tsf5epm_list)
1222         ctx5epm.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1223         ctx5epm.transfer_syntaxes = tsf5epm_list
1224
1225         req = self.generate_alter(call_id=55, ctx_list=[ctx5mgmt, ctx5epm])
1226         self.send_pdu(req)
1227         rep = self.recv_pdu()
1228         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1229                         auth_length=0)
1230         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1231         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1232         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1233         self.assertEquals(rep.u.secondary_address_size, 0)
1234         self.assertEquals(len(rep.u._pad1), 2)
1235         #self.assertEquals(rep.u._pad1, '\0' * 2)
1236         self.assertEquals(rep.u.num_results, 2)
1237         self.assertEquals(rep.u.ctx_list[0].result,
1238                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1239         self.assertEquals(rep.u.ctx_list[0].reason,
1240                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1241         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1242         self.assertEquals(rep.u.ctx_list[1].result,
1243                           dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1244         self.assertEquals(rep.u.ctx_list[1].reason,
1245                           dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1246         self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1247         self.assertEquals(rep.u.auth_info, b'\0' * 0)
1248
1249         req = self.generate_request(call_id=1,
1250                                     context_id=ctx5mgmt.context_id,
1251                                     opnum=0,
1252                                     stub=b"")
1253         self.send_pdu(req)
1254         rep = self.recv_pdu()
1255         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1256                         auth_length=0)
1257         self.assertNotEquals(rep.u.alloc_hint, 0)
1258         self.assertEquals(rep.u.context_id, req.u.context_id)
1259         self.assertEquals(rep.u.cancel_count, 0)
1260         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1261
1262         req = self.generate_alter(call_id=55, ctx_list=[ctx5mgmt, ctx5epm])
1263         self.send_pdu(req)
1264         rep = self.recv_pdu()
1265         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1266                         auth_length=0)
1267         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1268         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1269         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1270         self.assertEquals(rep.u.secondary_address_size, 0)
1271         self.assertEquals(len(rep.u._pad1), 2)
1272         #self.assertEquals(rep.u._pad1, '\0' * 2)
1273         self.assertEquals(rep.u.num_results, 2)
1274         self.assertEquals(rep.u.ctx_list[0].result,
1275                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1276         self.assertEquals(rep.u.ctx_list[0].reason,
1277                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1278         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1279         self.assertEquals(rep.u.ctx_list[1].result,
1280                           dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1281         self.assertEquals(rep.u.ctx_list[1].reason,
1282                           dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1283         self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1284         self.assertEquals(rep.u.auth_info, b'\0' * 0)
1285
1286         req = self.generate_request(call_id=1,
1287                                     context_id=ctx5mgmt.context_id,
1288                                     opnum=0,
1289                                     stub=b"")
1290         self.send_pdu(req)
1291         rep = self.recv_pdu()
1292         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1293                         auth_length=0)
1294         self.assertNotEquals(rep.u.alloc_hint, 0)
1295         self.assertEquals(rep.u.context_id, req.u.context_id)
1296         self.assertEquals(rep.u.cancel_count, 0)
1297         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1298
1299     def test_no_auth_bind_time_none_simple(self):
1300         features = 0
1301         btf = base.bind_time_features_syntax(features)
1302
1303         zero_syntax = misc.ndr_syntax_id()
1304
1305         tsf1_list = [btf]
1306         ctx1 = dcerpc.ctx_list()
1307         ctx1.context_id = 1
1308         ctx1.num_transfer_syntaxes = len(tsf1_list)
1309         ctx1.abstract_syntax = zero_syntax
1310         ctx1.transfer_syntaxes = tsf1_list
1311
1312         req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1313         self.send_pdu(req)
1314         rep = self.recv_pdu()
1315         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1316                         auth_length=0)
1317         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1318         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1319         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1320         self.assertEquals(rep.u.secondary_address_size, 4)
1321         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1322         self.assertEquals(len(rep.u._pad1), 2)
1323         self.assertEquals(rep.u._pad1, b'\0' * 2)
1324         self.assertEquals(rep.u.num_results, 1)
1325         self.assertEquals(rep.u.ctx_list[0].result,
1326                           dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1327         self.assertEquals(rep.u.ctx_list[0].reason, features)
1328         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1329         self.assertEquals(rep.u.auth_info, b'\0' * 0)
1330
1331     def test_no_auth_bind_time_none_ignore_additional(self):
1332         features1 = 0
1333         btf1 = base.bind_time_features_syntax(features1)
1334
1335         features2 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1336         features2 |= dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1337         btf2 = base.bind_time_features_syntax(features2)
1338
1339         zero_syntax = misc.ndr_syntax_id()
1340         ndr64 = base.transfer_syntax_ndr64()
1341
1342         tsf1_list = [btf1, btf2, zero_syntax]
1343         ctx1 = dcerpc.ctx_list()
1344         ctx1.context_id = 1
1345         ctx1.num_transfer_syntaxes = len(tsf1_list)
1346         ctx1.abstract_syntax = ndr64
1347         ctx1.transfer_syntaxes = tsf1_list
1348
1349         req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1350         self.send_pdu(req)
1351         rep = self.recv_pdu()
1352         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1353                         auth_length=0)
1354         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1355         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1356         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1357         self.assertEquals(rep.u.secondary_address_size, 4)
1358         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1359         self.assertEquals(len(rep.u._pad1), 2)
1360         self.assertEquals(rep.u._pad1, b'\0' * 2)
1361         self.assertEquals(rep.u.num_results, 1)
1362         self.assertEquals(rep.u.ctx_list[0].result,
1363                           dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1364         self.assertEquals(rep.u.ctx_list[0].reason, features1)
1365         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1366         self.assertEquals(rep.u.auth_info, b'\0' * 0)
1367
1368     def test_no_auth_bind_time_only_first(self):
1369         features1 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1370         btf1 = base.bind_time_features_syntax(features1)
1371
1372         features2 = dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1373         btf2 = base.bind_time_features_syntax(features2)
1374
1375         zero_syntax = misc.ndr_syntax_id()
1376
1377         tsf1_list = [zero_syntax, btf1, btf2, zero_syntax]
1378         ctx1 = dcerpc.ctx_list()
1379         ctx1.context_id = 1
1380         ctx1.num_transfer_syntaxes = len(tsf1_list)
1381         ctx1.abstract_syntax = zero_syntax
1382         ctx1.transfer_syntaxes = tsf1_list
1383
1384         req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1385         self.send_pdu(req)
1386         rep = self.recv_pdu()
1387         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1388                         auth_length=0)
1389         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1390         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1391         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1392         self.assertEquals(rep.u.secondary_address_size, 4)
1393         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1394         self.assertEquals(len(rep.u._pad1), 2)
1395         self.assertEquals(rep.u._pad1, b'\0' * 2)
1396         self.assertEquals(rep.u.num_results, 1)
1397         self.assertEquals(rep.u.ctx_list[0].result,
1398                           dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1399         self.assertEquals(rep.u.ctx_list[0].reason,
1400                           dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
1401         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1402         self.assertEquals(rep.u.auth_info, b'\0' * 0)
1403
1404     def test_no_auth_bind_time_twice(self):
1405         features1 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1406         btf1 = base.bind_time_features_syntax(features1)
1407
1408         features2 = dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1409         btf2 = base.bind_time_features_syntax(features2)
1410
1411         zero_syntax = misc.ndr_syntax_id()
1412
1413         tsf1_list = [btf1]
1414         ctx1 = dcerpc.ctx_list()
1415         ctx1.context_id = 1
1416         ctx1.num_transfer_syntaxes = len(tsf1_list)
1417         ctx1.abstract_syntax = zero_syntax
1418         ctx1.transfer_syntaxes = tsf1_list
1419
1420         tsf2_list = [btf2]
1421         ctx2 = dcerpc.ctx_list()
1422         ctx2.context_id = 2
1423         ctx2.num_transfer_syntaxes = len(tsf2_list)
1424         ctx2.abstract_syntax = zero_syntax
1425         ctx2.transfer_syntaxes = tsf2_list
1426
1427         req = self.generate_bind(call_id=0, ctx_list=[ctx1, ctx2])
1428         self.send_pdu(req)
1429         rep = self.recv_pdu()
1430         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
1431                         auth_length=0)
1432         self.assertEquals(rep.u.reject_reason,
1433                           dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1434         self.assertEquals(rep.u.num_versions, 1)
1435         self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
1436         self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
1437         self.assertEquals(len(rep.u._pad), 3)
1438         self.assertEquals(rep.u._pad, b'\0' * 3)
1439
1440         # wait for a disconnect
1441         rep = self.recv_pdu()
1442         self.assertIsNone(rep)
1443         self.assertNotConnected()
1444
1445     def test_no_auth_bind_time_keep_on_orphan_simple(self):
1446         features = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1447         btf = base.bind_time_features_syntax(features)
1448
1449         zero_syntax = misc.ndr_syntax_id()
1450
1451         tsf1_list = [btf]
1452         ctx1 = dcerpc.ctx_list()
1453         ctx1.context_id = 1
1454         ctx1.num_transfer_syntaxes = len(tsf1_list)
1455         ctx1.abstract_syntax = zero_syntax
1456         ctx1.transfer_syntaxes = tsf1_list
1457
1458         req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1459         self.send_pdu(req)
1460         rep = self.recv_pdu()
1461         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1462                         auth_length=0)
1463         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1464         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1465         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1466         self.assertEquals(rep.u.secondary_address_size, 4)
1467         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1468         self.assertEquals(len(rep.u._pad1), 2)
1469         self.assertEquals(rep.u._pad1, b'\0' * 2)
1470         self.assertEquals(rep.u.num_results, 1)
1471         self.assertEquals(rep.u.ctx_list[0].result,
1472                           dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1473         self.assertEquals(rep.u.ctx_list[0].reason, features)
1474         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1475         self.assertEquals(rep.u.auth_info, b'\0' * 0)
1476
1477     def test_no_auth_bind_time_keep_on_orphan_ignore_additional(self):
1478         features1 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1479         btf1 = base.bind_time_features_syntax(features1)
1480
1481         features2 = dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1482         btf2 = base.bind_time_features_syntax(features2)
1483
1484         zero_syntax = misc.ndr_syntax_id()
1485         ndr64 = base.transfer_syntax_ndr64()
1486
1487         tsf1_list = [btf1, btf2, zero_syntax]
1488         ctx1 = dcerpc.ctx_list()
1489         ctx1.context_id = 1
1490         ctx1.num_transfer_syntaxes = len(tsf1_list)
1491         ctx1.abstract_syntax = ndr64
1492         ctx1.transfer_syntaxes = tsf1_list
1493
1494         req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1495         self.send_pdu(req)
1496         rep = self.recv_pdu()
1497         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1498                         auth_length=0)
1499         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1500         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1501         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1502         self.assertEquals(rep.u.secondary_address_size, 4)
1503         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1504         self.assertEquals(len(rep.u._pad1), 2)
1505         self.assertEquals(rep.u._pad1, b'\0' * 2)
1506         self.assertEquals(rep.u.num_results, 1)
1507         self.assertEquals(rep.u.ctx_list[0].result,
1508                           dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1509         self.assertEquals(rep.u.ctx_list[0].reason, features1)
1510         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1511         self.assertEquals(rep.u.auth_info, b'\0' * 0)
1512
1513     def _test_auth_type_level_bind_nak(self, auth_type, auth_level, creds=None,
1514                                        reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_AUTH_TYPE):
1515         ndr32 = base.transfer_syntax_ndr()
1516
1517         tsf1_list = [ndr32]
1518         ctx1 = dcerpc.ctx_list()
1519         ctx1.context_id = 1
1520         ctx1.num_transfer_syntaxes = len(tsf1_list)
1521         ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1522         ctx1.transfer_syntaxes = tsf1_list
1523         ctx_list = [ctx1]
1524
1525         auth_context_id = 0
1526
1527         if creds is not None:
1528             # We always start with DCERPC_AUTH_LEVEL_INTEGRITY
1529             auth_context = self.get_auth_context_creds(creds,
1530                                                        auth_type=auth_type,
1531                                                        auth_level=auth_level,
1532                                                        auth_context_id=auth_context_id,
1533                                                        g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
1534             from_server = b""
1535             (finished, to_server) = auth_context["gensec"].update(from_server)
1536             self.assertFalse(finished)
1537
1538             auth_info = self.generate_auth(auth_type=auth_context["auth_type"],
1539                                            auth_level=auth_context["auth_level"],
1540                                            auth_context_id=auth_context["auth_context_id"],
1541                                            auth_blob=to_server)
1542         else:
1543             to_server = b"none"
1544             auth_info = self.generate_auth(auth_type=auth_type,
1545                                            auth_level=auth_level,
1546                                            auth_context_id=auth_context_id,
1547                                            auth_blob=to_server)
1548
1549         req = self.generate_bind(call_id=0,
1550                                  ctx_list=ctx_list,
1551                                  auth_info=auth_info)
1552         self.send_pdu(req)
1553         rep = self.recv_pdu()
1554         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
1555                         auth_length=0)
1556         self.assertEquals(rep.u.reject_reason, reason)
1557         self.assertEquals(rep.u.num_versions, 1)
1558         self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
1559         self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
1560         self.assertEquals(len(rep.u._pad), 3)
1561         self.assertEquals(rep.u._pad, b'\0' * 3)
1562
1563         # wait for a disconnect
1564         rep = self.recv_pdu()
1565         self.assertIsNone(rep)
1566         self.assertNotConnected()
1567
1568     def _test_auth_none_level_bind(self, auth_level,
1569                                    reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_AUTH_TYPE):
1570         return self._test_auth_type_level_bind_nak(auth_type=dcerpc.DCERPC_AUTH_LEVEL_NONE,
1571                                                    auth_level=auth_level, reason=reason)
1572
1573     def test_auth_none_none_bind(self):
1574         return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_NONE,
1575                                                reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1576
1577     def test_auth_none_connect_bind(self):
1578         return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_CONNECT)
1579
1580     def test_auth_none_call_bind(self):
1581         return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_CALL)
1582
1583     def test_auth_none_packet_bind(self):
1584         return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_PACKET)
1585
1586     def test_auth_none_integrity_bind(self):
1587         return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
1588
1589     def test_auth_none_privacy_bind(self):
1590         return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_PRIVACY)
1591
1592     def test_auth_none_0_bind(self):
1593         return self._test_auth_none_level_bind(0,
1594                                                reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1595
1596     def test_auth_none_7_bind(self):
1597         return self._test_auth_none_level_bind(7,
1598                                                reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1599
1600     def test_auth_none_255_bind(self):
1601         return self._test_auth_none_level_bind(255,
1602                                                reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1603
1604     def _test_auth_none_level_request(self, auth_level):
1605         ndr32 = base.transfer_syntax_ndr()
1606
1607         tsf1_list = [ndr32]
1608         ctx1 = dcerpc.ctx_list()
1609         ctx1.context_id = 1
1610         ctx1.num_transfer_syntaxes = len(tsf1_list)
1611         ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1612         ctx1.transfer_syntaxes = tsf1_list
1613         ctx_list = [ctx1]
1614
1615         auth_type = dcerpc.DCERPC_AUTH_TYPE_NONE
1616         auth_context_id = 0
1617
1618         req = self.generate_bind(call_id=0,
1619                                  ctx_list=ctx_list)
1620
1621         self.send_pdu(req)
1622         rep = self.recv_pdu()
1623         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
1624         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1625         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1626         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1627         self.assertEquals(rep.u.secondary_address_size, 4)
1628         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1629         self.assertEquals(len(rep.u._pad1), 2)
1630         self.assertEquals(rep.u._pad1, b'\0' * 2)
1631         self.assertEquals(rep.u.num_results, 1)
1632         self.assertEquals(rep.u.ctx_list[0].result,
1633                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1634         self.assertEquals(rep.u.ctx_list[0].reason,
1635                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1636         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1637         self.assertEquals(len(rep.u.auth_info), 0)
1638
1639         # And now try a request without auth_info
1640         req = self.generate_request(call_id=2,
1641                                     context_id=ctx1.context_id,
1642                                     opnum=0,
1643                                     stub=b"")
1644         self.send_pdu(req)
1645         rep = self.recv_pdu()
1646         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1647                         auth_length=0)
1648         self.assertNotEquals(rep.u.alloc_hint, 0)
1649         self.assertEquals(rep.u.context_id, req.u.context_id)
1650         self.assertEquals(rep.u.cancel_count, 0)
1651         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1652
1653         auth_info = self.generate_auth(auth_type=auth_type,
1654                                        auth_level=auth_level,
1655                                        auth_context_id=auth_context_id,
1656                                        auth_blob=b"none")
1657
1658         req = self.generate_request(call_id=3,
1659                                     context_id=ctx1.context_id,
1660                                     opnum=0,
1661                                     stub=b"",
1662                                     auth_info=auth_info)
1663         self.send_pdu(req)
1664         rep = self.recv_pdu()
1665         # We get a fault back
1666         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
1667                         auth_length=0)
1668         self.assertNotEquals(rep.u.alloc_hint, 0)
1669         self.assertEquals(rep.u.context_id, req.u.context_id)
1670         self.assertEquals(rep.u.cancel_count, 0)
1671         self.assertEquals(rep.u.flags, 0)
1672         self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
1673         self.assertEquals(rep.u.reserved, 0)
1674         self.assertEquals(len(rep.u.error_and_verifier), 0)
1675
1676         # wait for a disconnect
1677         rep = self.recv_pdu()
1678         self.assertIsNone(rep)
1679         self.assertNotConnected()
1680
1681     def test_auth_none_none_request(self):
1682         return self._test_auth_none_level_request(dcerpc.DCERPC_AUTH_LEVEL_NONE)
1683
1684     def test_auth_none_connect_request(self):
1685         return self._test_auth_none_level_request(dcerpc.DCERPC_AUTH_LEVEL_CONNECT)
1686
1687     def test_auth_none_call_request(self):
1688         return self._test_auth_none_level_request(dcerpc.DCERPC_AUTH_LEVEL_CALL)
1689
1690     def _test_neg_xmit_check_values(self,
1691                                     req_xmit=None,
1692                                     req_recv=None,
1693                                     rep_both=None,
1694                                     alter_xmit=None,
1695                                     alter_recv=None):
1696         ndr32 = base.transfer_syntax_ndr()
1697
1698         tsf1_list = [ndr32]
1699         ctx1 = dcerpc.ctx_list()
1700         ctx1.context_id = 1
1701         ctx1.num_transfer_syntaxes = len(tsf1_list)
1702         ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1703         ctx1.transfer_syntaxes = tsf1_list
1704
1705         req = self.generate_bind(call_id=0,
1706                                  max_xmit_frag=req_xmit,
1707                                  max_recv_frag=req_recv,
1708                                  ctx_list=[ctx1])
1709         self.send_pdu(req)
1710         rep = self.recv_pdu()
1711         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1712                         auth_length=0)
1713         self.assertEquals(rep.u.max_xmit_frag, rep_both)
1714         self.assertEquals(rep.u.max_recv_frag, rep_both)
1715         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1716         self.assertEquals(rep.u.secondary_address_size, 4)
1717         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1718         self.assertEquals(len(rep.u._pad1), 2)
1719         self.assertEquals(rep.u._pad1, b'\0' * 2)
1720         self.assertEquals(rep.u.num_results, 1)
1721         self.assertEquals(rep.u.ctx_list[0].result,
1722                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1723         self.assertEquals(rep.u.ctx_list[0].reason,
1724                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1725         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1726         self.assertEquals(rep.u.auth_info, b'\0' * 0)
1727
1728         assoc_group_id = rep.u.assoc_group_id
1729         if alter_xmit is None:
1730             alter_xmit = rep_both - 8
1731         if alter_recv is None:
1732             alter_recv = rep_both - 8
1733
1734         # max_{xmit,recv}_frag and assoc_group_id are completely
1735         # ignored in alter_context requests
1736         req = self.generate_alter(call_id=1,
1737                                   max_xmit_frag=alter_xmit,
1738                                   max_recv_frag=alter_recv,
1739                                   assoc_group_id=0xffffffff - rep.u.assoc_group_id,
1740                                   ctx_list=[ctx1])
1741         self.send_pdu(req)
1742         rep = self.recv_pdu()
1743         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1744                         auth_length=0)
1745         self.assertEquals(rep.u.max_xmit_frag, rep_both)
1746         self.assertEquals(rep.u.max_recv_frag, rep_both)
1747         self.assertEquals(rep.u.assoc_group_id, rep.u.assoc_group_id)
1748         self.assertEquals(rep.u.secondary_address_size, 0)
1749         self.assertEquals(len(rep.u._pad1), 2)
1750         #self.assertEquals(rep.u._pad1, '\0' * 2)
1751         self.assertEquals(rep.u.num_results, 1)
1752         self.assertEquals(rep.u.ctx_list[0].result,
1753                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1754         self.assertEquals(rep.u.ctx_list[0].reason,
1755                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1756         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1757         self.assertEquals(rep.u.auth_info, b'\0' * 0)
1758
1759         chunk_size = rep_both - dcerpc.DCERPC_REQUEST_LENGTH
1760         req = self.generate_request(call_id=2,
1761                                     context_id=ctx1.context_id,
1762                                     opnum=0,
1763                                     alloc_hint=0xffffffff,
1764                                     stub=b"\00" * chunk_size)
1765         self.send_pdu(req, ndr_print=True, hexdump=True)
1766         rep = self.recv_pdu(ndr_print=True, hexdump=True)
1767         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1768                         auth_length=0)
1769         self.assertNotEquals(rep.u.alloc_hint, 0)
1770         self.assertEquals(rep.u.context_id, req.u.context_id)
1771         self.assertEquals(rep.u.cancel_count, 0)
1772         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1773
1774         chunk_size = 5840 - dcerpc.DCERPC_REQUEST_LENGTH
1775         req = self.generate_request(call_id=2,
1776                                     context_id=ctx1.context_id,
1777                                     opnum=0,
1778                                     alloc_hint=0xffffffff,
1779                                     stub=b"\00" * chunk_size)
1780         self.send_pdu(req)
1781         rep = self.recv_pdu()
1782         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1783                         auth_length=0)
1784         self.assertNotEquals(rep.u.alloc_hint, 0)
1785         self.assertEquals(rep.u.context_id, req.u.context_id)
1786         self.assertEquals(rep.u.cancel_count, 0)
1787         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1788
1789         chunk_size += 1
1790         req = self.generate_request(call_id=3,
1791                                     context_id=ctx1.context_id,
1792                                     opnum=0,
1793                                     alloc_hint=0xffffffff,
1794                                     stub=b"\00" * chunk_size)
1795         self.send_pdu(req)
1796         rep = self.recv_pdu()
1797         # We get a fault
1798         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
1799                         auth_length=0)
1800         self.assertNotEquals(rep.u.alloc_hint, 0)
1801         self.assertEquals(rep.u.context_id, 0)
1802         self.assertEquals(rep.u.cancel_count, 0)
1803         self.assertEquals(rep.u.flags, 0)
1804         self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
1805         self.assertEquals(rep.u.reserved, 0)
1806         self.assertEquals(len(rep.u.error_and_verifier), 0)
1807
1808         # wait for a disconnect
1809         rep = self.recv_pdu()
1810         self.assertIsNone(rep)
1811         self.assertNotConnected()
1812
1813     def test_neg_xmit_ffff_ffff(self):
1814         return self._test_neg_xmit_check_values(req_xmit=0xffff,
1815                                                 req_recv=0xffff,
1816                                                 rep_both=5840)
1817
1818     def test_neg_xmit_0_ffff(self):
1819         return self._test_neg_xmit_check_values(req_xmit=0,
1820                                                 req_recv=0xffff,
1821                                                 rep_both=2048,
1822                                                 alter_xmit=0xffff,
1823                                                 alter_recv=0xffff)
1824
1825     def test_neg_xmit_ffff_0(self):
1826         return self._test_neg_xmit_check_values(req_xmit=0xffff,
1827                                                 req_recv=0,
1828                                                 rep_both=2048)
1829
1830     def test_neg_xmit_0_0(self):
1831         return self._test_neg_xmit_check_values(req_xmit=0,
1832                                                 req_recv=0,
1833                                                 rep_both=2048,
1834                                                 alter_xmit=0xffff,
1835                                                 alter_recv=0xffff)
1836
1837     def test_neg_xmit_3199_0(self):
1838         return self._test_neg_xmit_check_values(req_xmit=3199,
1839                                                 req_recv=0,
1840                                                 rep_both=2048)
1841
1842     def test_neg_xmit_0_3199(self):
1843         return self._test_neg_xmit_check_values(req_xmit=0,
1844                                                 req_recv=3199,
1845                                                 rep_both=2048)
1846
1847     def test_neg_xmit_3199_ffff(self):
1848         return self._test_neg_xmit_check_values(req_xmit=3199,
1849                                                 req_recv=0xffff,
1850                                                 rep_both=3192)
1851
1852     def test_neg_xmit_ffff_3199(self):
1853         return self._test_neg_xmit_check_values(req_xmit=0xffff,
1854                                                 req_recv=3199,
1855                                                 rep_both=3192)
1856
1857     def test_alloc_hint(self):
1858         ndr32 = base.transfer_syntax_ndr()
1859
1860         tsf1_list = [ndr32]
1861         ctx = dcerpc.ctx_list()
1862         ctx.context_id = 0
1863         ctx.num_transfer_syntaxes = len(tsf1_list)
1864         ctx.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1865         ctx.transfer_syntaxes = tsf1_list
1866
1867         req = self.generate_bind(call_id=0,
1868                                  ctx_list=[ctx])
1869         self.send_pdu(req)
1870         rep = self.recv_pdu()
1871         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1872                         auth_length=0)
1873         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1874         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1875         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1876         self.assertEquals(rep.u.secondary_address_size, 4)
1877         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1878         self.assertEquals(len(rep.u._pad1), 2)
1879         self.assertEquals(rep.u._pad1, b'\0' * 2)
1880         self.assertEquals(rep.u.num_results, 1)
1881         self.assertEquals(rep.u.ctx_list[0].result,
1882                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1883         self.assertEquals(rep.u.ctx_list[0].reason,
1884                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1885         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1886         self.assertEquals(rep.u.auth_info, b'\0' * 0)
1887
1888         # And now try a request without auth_info
1889         req = self.generate_request(call_id=2,
1890                                     context_id=ctx.context_id,
1891                                     opnum=0,
1892                                     alloc_hint=0xffffffff,
1893                                     stub=b"")
1894         self.send_pdu(req)
1895         rep = self.recv_pdu()
1896         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1897                         auth_length=0)
1898         self.assertNotEquals(rep.u.alloc_hint, 0)
1899         self.assertEquals(rep.u.context_id, req.u.context_id)
1900         self.assertEquals(rep.u.cancel_count, 0)
1901         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1902
1903         req = self.generate_request(call_id=3,
1904                                     context_id=ctx.context_id,
1905                                     opnum=1,
1906                                     alloc_hint=0xffffffff,
1907                                     stub=b"\04\00\00\00\00\00\00\00")
1908         self.send_pdu(req)
1909         rep = self.recv_pdu()
1910         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1911                         auth_length=0)
1912         self.assertNotEquals(rep.u.alloc_hint, 0)
1913         self.assertEquals(rep.u.context_id, req.u.context_id)
1914         self.assertEquals(rep.u.cancel_count, 0)
1915         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1916
1917         req = self.generate_request(call_id=4,
1918                                     context_id=ctx.context_id,
1919                                     opnum=1,
1920                                     alloc_hint=1,
1921                                     stub=b"\04\00\00\00\00\00\00\00")
1922         self.send_pdu(req)
1923         rep = self.recv_pdu()
1924         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1925                         auth_length=0)
1926         self.assertNotEquals(rep.u.alloc_hint, 0)
1927         self.assertEquals(rep.u.context_id, req.u.context_id)
1928         self.assertEquals(rep.u.cancel_count, 0)
1929         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1930
1931     def _get_netlogon_ctx(self):
1932         abstract = samba.dcerpc.netlogon.abstract_syntax()
1933         ndr32 = base.transfer_syntax_ndr()
1934
1935         (ctx, ack) = self.prepare_presentation(abstract, ndr32, context_id=0,
1936                                                epmap=True, return_ack=True)
1937
1938         server = '\\\\' + self.target_hostname
1939         if isinstance(server, binary_type):
1940             server_utf16 = server.decode('utf-8').encode('utf-16-le')
1941         else:
1942             server_utf16 = server.encode('utf-16-le')
1943         computer = 'UNKNOWNCOMPUTER'
1944         if isinstance(server, binary_type):
1945             computer_utf16 = computer.decode('utf-8').encode('utf-16-le')
1946         else:
1947             computer_utf16 = computer.encode('utf-16-le')
1948
1949         real_stub = struct.pack('<IIII', 0x00200000,
1950                                 len(server) + 1, 0, len(server) + 1)
1951         real_stub += server_utf16 + b'\x00\x00'
1952         mod_len = len(real_stub) % 4
1953         if mod_len != 0:
1954             real_stub += b'\x00' * (4 - mod_len)
1955         real_stub += struct.pack('<III',
1956                                  len(computer) + 1, 0, len(computer) + 1)
1957         real_stub += computer_utf16 + b'\x00\x00'
1958         real_stub += b'\x11\x22\x33\x44\x55\x66\x77\x88'
1959
1960         return (ctx, ack, real_stub)
1961
1962     def _test_fragmented_requests(self, remaining=None, alloc_hint=None,
1963                                   fault_first=None, fault_last=None):
1964         (ctx, rep, real_stub) = self._get_netlogon_ctx()
1965
1966         chunk = rep.u.max_recv_frag - dcerpc.DCERPC_REQUEST_LENGTH
1967
1968         total = 0
1969         first = True
1970         while remaining > 0:
1971             thistime = min(remaining, chunk)
1972             remaining -= thistime
1973             total += thistime
1974
1975             pfc_flags = 0
1976             if first:
1977                 pfc_flags |= dcerpc.DCERPC_PFC_FLAG_FIRST
1978                 first = False
1979                 stub = real_stub + b'\x00' * (thistime - len(real_stub))
1980             else:
1981                 stub = b"\x00" * thistime
1982
1983             if remaining == 0:
1984                 pfc_flags |= dcerpc.DCERPC_PFC_FLAG_LAST
1985
1986             # And now try a request without auth_info
1987             # netr_ServerReqChallenge()
1988             req = self.generate_request(call_id=0x21234,
1989                                         pfc_flags=pfc_flags,
1990                                         context_id=ctx.context_id,
1991                                         opnum=4,
1992                                         alloc_hint=alloc_hint,
1993                                         stub=stub)
1994             if alloc_hint >= thistime:
1995                 alloc_hint -= thistime
1996             else:
1997                 alloc_hint = 0
1998             self.send_pdu(req, hexdump=False)
1999             if fault_first is not None:
2000                 rep = self.recv_pdu()
2001                 # We get a fault back
2002                 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2003                                 auth_length=0)
2004                 self.assertNotEquals(rep.u.alloc_hint, 0)
2005                 self.assertEquals(rep.u.context_id, req.u.context_id)
2006                 self.assertEquals(rep.u.cancel_count, 0)
2007                 self.assertEquals(rep.u.flags, 0)
2008                 self.assertEquals(rep.u.status, fault_first)
2009                 self.assertEquals(rep.u.reserved, 0)
2010                 self.assertEquals(len(rep.u.error_and_verifier), 0)
2011
2012                 # wait for a disconnect
2013                 rep = self.recv_pdu()
2014                 self.assertIsNone(rep)
2015                 self.assertNotConnected()
2016                 return
2017             if remaining == 0:
2018                 break
2019             if total >= 0x400000 and fault_last is not None:
2020                 rep = self.recv_pdu()
2021                 # We get a fault back
2022                 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2023                                 auth_length=0)
2024                 self.assertNotEquals(rep.u.alloc_hint, 0)
2025                 self.assertEquals(rep.u.context_id, req.u.context_id)
2026                 self.assertEquals(rep.u.cancel_count, 0)
2027                 self.assertEquals(rep.u.flags, 0)
2028                 self.assertEquals(rep.u.status, fault_last)
2029                 self.assertEquals(rep.u.reserved, 0)
2030                 self.assertEquals(len(rep.u.error_and_verifier), 0)
2031
2032                 # wait for a disconnect
2033                 rep = self.recv_pdu()
2034                 self.assertIsNone(rep)
2035                 self.assertNotConnected()
2036                 return
2037             rep = self.recv_pdu(timeout=0.01)
2038             self.assertIsNone(rep)
2039             self.assertIsConnected()
2040
2041         if total >= 0x400000 and fault_last is not None:
2042             rep = self.recv_pdu()
2043             # We get a fault back
2044             self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2045                             auth_length=0)
2046             self.assertNotEquals(rep.u.alloc_hint, 0)
2047             self.assertEquals(rep.u.context_id, req.u.context_id)
2048             self.assertEquals(rep.u.cancel_count, 0)
2049             self.assertEquals(rep.u.flags, 0)
2050             self.assertEquals(rep.u.status, fault_last)
2051             self.assertEquals(rep.u.reserved, 0)
2052             self.assertEquals(len(rep.u.error_and_verifier), 0)
2053
2054             # wait for a disconnect
2055             rep = self.recv_pdu()
2056             self.assertIsNone(rep)
2057             self.assertNotConnected()
2058             return
2059         rep = self.recv_pdu()
2060         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2061                         auth_length=0)
2062         self.assertNotEquals(rep.u.alloc_hint, 0)
2063         self.assertEquals(rep.u.context_id, req.u.context_id)
2064         self.assertEquals(rep.u.cancel_count, 0)
2065         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2066
2067         self.assertEquals(len(rep.u.stub_and_verifier), 12)
2068         status = struct.unpack_from("<I", rep.u.stub_and_verifier, len(rep.u.stub_and_verifier) - 4)
2069         self.assertEquals(status[0], 0)
2070
2071     def test_fragmented_requests01(self):
2072         return self._test_fragmented_requests(remaining=0x400000,
2073                                               alloc_hint=0x400000)
2074
2075     def test_fragmented_requests02(self):
2076         return self._test_fragmented_requests(remaining=0x400000,
2077                                               alloc_hint=0x100000)
2078
2079     def test_fragmented_requests03(self):
2080         return self._test_fragmented_requests(remaining=0x400000,
2081                                               alloc_hint=0)
2082
2083     def test_fragmented_requests04(self):
2084         return self._test_fragmented_requests(remaining=0x400000,
2085                                               alloc_hint=0x400001,
2086                                               fault_first=dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2087
2088     def test_fragmented_requests05(self):
2089         return self._test_fragmented_requests(remaining=0x500001,
2090                                               alloc_hint=0,
2091                                               fault_last=dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2092
2093     def _test_same_requests(self, pfc_flags, fault_1st=False, fault_2nd=False):
2094         (ctx, rep, real_stub) = self._get_netlogon_ctx()
2095
2096         # netr_ServerReqChallenge with given flags
2097         req = self.generate_request(call_id=2,
2098                                     pfc_flags=pfc_flags,
2099                                     context_id=ctx.context_id,
2100                                     opnum=4,
2101                                     stub=real_stub)
2102         self.send_pdu(req)
2103         if fault_1st:
2104             rep = self.recv_pdu()
2105             # We get a fault back
2106             self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2107                             auth_length=0)
2108             self.assertNotEquals(rep.u.alloc_hint, 0)
2109             self.assertEquals(rep.u.context_id, 0)
2110             self.assertEquals(rep.u.cancel_count, 0)
2111             self.assertEquals(rep.u.flags, 0)
2112             self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2113             self.assertEquals(rep.u.reserved, 0)
2114             self.assertEquals(len(rep.u.error_and_verifier), 0)
2115
2116             # wait for a disconnect
2117             rep = self.recv_pdu()
2118             self.assertIsNone(rep)
2119             self.assertNotConnected()
2120             return
2121         rep = self.recv_pdu(timeout=0.1)
2122         self.assertIsNone(rep)
2123         self.assertIsConnected()
2124
2125         # netr_ServerReqChallenge without DCERPC_PFC_FLAG_LAST
2126         # with the same call_id
2127         req = self.generate_request(call_id=2,
2128                                     pfc_flags=pfc_flags,
2129                                     context_id=ctx.context_id,
2130                                     opnum=4,
2131                                     stub=real_stub)
2132         self.send_pdu(req)
2133         if fault_2nd:
2134             rep = self.recv_pdu()
2135             # We get a fault back
2136             self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2137                             auth_length=0)
2138             self.assertNotEquals(rep.u.alloc_hint, 0)
2139             self.assertEquals(rep.u.context_id, req.u.context_id)
2140             self.assertEquals(rep.u.cancel_count, 0)
2141             self.assertEquals(rep.u.flags, 0)
2142             self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2143             self.assertEquals(rep.u.reserved, 0)
2144             self.assertEquals(len(rep.u.error_and_verifier), 0)
2145
2146             # wait for a disconnect
2147             rep = self.recv_pdu()
2148             self.assertIsNone(rep)
2149             self.assertNotConnected()
2150             return
2151
2152         rep = self.recv_pdu(timeout=0.1)
2153         self.assertIsNone(rep)
2154         self.assertIsConnected()
2155
2156     def test_first_only_requests(self):
2157         return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2158                                         fault_2nd=True)
2159
2160     def test_none_only_requests(self):
2161         return self._test_same_requests(pfc_flags=0, fault_1st=True)
2162
2163     def test_last_only_requests(self):
2164         return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2165                                         fault_1st=True)
2166
2167     def test_first_maybe_requests(self):
2168         return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2169                                         dcerpc.DCERPC_PFC_FLAG_MAYBE,
2170                                         fault_2nd=True)
2171
2172     def test_first_didnot_requests(self):
2173         return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2174                                         dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
2175                                         fault_2nd=True)
2176
2177     def test_first_cmpx_requests(self):
2178         return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2179                                         dcerpc.DCERPC_PFC_FLAG_CONC_MPX,
2180                                         fault_2nd=True)
2181
2182     def test_first_08_requests(self):
2183         return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2184                                         0x08,
2185                                         fault_2nd=True)
2186
2187     def test_first_cancel_requests(self):
2188         (ctx, rep, real_stub) = self._get_netlogon_ctx()
2189
2190         # netr_ServerReqChallenge with given flags
2191         req = self.generate_request(call_id=2,
2192                                     pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2193                                     dcerpc.DCERPC_PFC_FLAG_PENDING_CANCEL,
2194                                     context_id=ctx.context_id,
2195                                     opnum=4,
2196                                     stub=real_stub)
2197         self.send_pdu(req)
2198         rep = self.recv_pdu()
2199         # We get a fault back
2200         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2201                         pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2202                         dcerpc.DCERPC_PFC_FLAG_LAST |
2203                         dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
2204                         auth_length=0)
2205         self.assertNotEquals(rep.u.alloc_hint, 0)
2206         self.assertEquals(rep.u.context_id, 0)
2207         self.assertEquals(rep.u.cancel_count, 0)
2208         self.assertEquals(rep.u.flags, 0)
2209         self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_NO_CALL_ACTIVE)
2210         self.assertEquals(rep.u.reserved, 0)
2211         self.assertEquals(len(rep.u.error_and_verifier), 0)
2212
2213         # wait for a disconnect
2214         rep = self.recv_pdu()
2215         self.assertIsNone(rep)
2216         self.assertNotConnected()
2217
2218     def test_2nd_cancel_requests(self):
2219         (ctx, rep, real_stub) = self._get_netlogon_ctx()
2220
2221         # netr_ServerReqChallenge with given flags
2222         req = self.generate_request(call_id=2,
2223                                     pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2224                                     context_id=ctx.context_id,
2225                                     opnum=4,
2226                                     stub=real_stub)
2227         self.send_pdu(req)
2228         rep = self.recv_pdu(timeout=0.1)
2229         self.assertIsNone(rep)
2230         self.assertIsConnected()
2231
2232         # netr_ServerReqChallenge with given flags
2233         req = self.generate_request(call_id=2,
2234                                     pfc_flags=dcerpc.DCERPC_PFC_FLAG_PENDING_CANCEL,
2235                                     context_id=ctx.context_id,
2236                                     opnum=4,
2237                                     stub=real_stub)
2238         self.send_pdu(req)
2239         rep = self.recv_pdu(timeout=0.1)
2240         self.assertIsNone(rep)
2241         self.assertIsConnected()
2242
2243         # netr_ServerReqChallenge with given flags
2244         req = self.generate_request(call_id=2,
2245                                     pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2246                                     context_id=ctx.context_id,
2247                                     opnum=4,
2248                                     stub=real_stub)
2249         self.send_pdu(req)
2250         rep = self.recv_pdu()
2251         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2252                         auth_length=0)
2253         self.assertNotEquals(rep.u.alloc_hint, 0)
2254         self.assertEquals(rep.u.context_id, req.u.context_id)
2255         self.assertEquals(rep.u.cancel_count, 0)
2256         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2257
2258         self.assertEquals(len(rep.u.stub_and_verifier), 12)
2259         status = struct.unpack_from("<I", rep.u.stub_and_verifier, len(rep.u.stub_and_verifier) - 4)
2260         self.assertEquals(status[0], 0)
2261
2262     def test_last_cancel_requests(self):
2263         (ctx, rep, real_stub) = self._get_netlogon_ctx()
2264
2265         # netr_ServerReqChallenge with given flags
2266         req = self.generate_request(call_id=2,
2267                                     pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2268                                     context_id=ctx.context_id,
2269                                     opnum=4,
2270                                     stub=real_stub[:4])
2271         self.send_pdu(req)
2272         rep = self.recv_pdu(timeout=0.1)
2273         self.assertIsNone(rep)
2274         self.assertIsConnected()
2275
2276         # netr_ServerReqChallenge with given flags
2277         req = self.generate_request(call_id=2,
2278                                     pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST |
2279                                     dcerpc.DCERPC_PFC_FLAG_PENDING_CANCEL,
2280                                     context_id=ctx.context_id,
2281                                     opnum=4,
2282                                     stub=real_stub[4:])
2283         self.send_pdu(req)
2284         rep = self.recv_pdu()
2285         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2286                         auth_length=0)
2287         self.assertNotEquals(rep.u.alloc_hint, 0)
2288         self.assertEquals(rep.u.context_id, req.u.context_id)
2289         self.assertEquals(rep.u.cancel_count, 0)
2290         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2291
2292         self.assertEquals(len(rep.u.stub_and_verifier), 12)
2293         status = struct.unpack_from("<I", rep.u.stub_and_verifier, len(rep.u.stub_and_verifier) - 4)
2294         self.assertEquals(status[0], 0)
2295
2296     def test_mix_requests(self):
2297         (ctx, rep, real_stub) = self._get_netlogon_ctx()
2298
2299         # netr_ServerReqChallenge with given flags
2300         req = self.generate_request(call_id=50,
2301                                     pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2302                                     context_id=ctx.context_id,
2303                                     opnum=4,
2304                                     stub=real_stub)
2305         self.send_pdu(req)
2306         rep = self.recv_pdu(timeout=0.1)
2307         self.assertIsNone(rep)
2308         self.assertIsConnected()
2309
2310         # netr_ServerReqChallenge with given flags
2311         req = self.generate_request(call_id=51,
2312                                     pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2313                                     context_id=ctx.context_id,
2314                                     opnum=4,
2315                                     stub=real_stub)
2316         self.send_pdu(req)
2317         rep = self.recv_pdu()
2318         # We get a fault back
2319         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, 50,
2320                         pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2321                         dcerpc.DCERPC_PFC_FLAG_LAST,
2322                         auth_length=0)
2323         self.assertNotEquals(rep.u.alloc_hint, 0)
2324         self.assertEquals(rep.u.context_id, req.u.context_id)
2325         self.assertEquals(rep.u.cancel_count, 0)
2326         self.assertEquals(rep.u.flags, 0)
2327         self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2328         self.assertEquals(rep.u.reserved, 0)
2329         self.assertEquals(len(rep.u.error_and_verifier), 0)
2330
2331     def test_co_cancel_no_request(self):
2332         ndr32 = base.transfer_syntax_ndr()
2333         abstract = samba.dcerpc.mgmt.abstract_syntax()
2334         ctx = self.prepare_presentation(abstract, ndr32, context_id=0xff)
2335
2336         req = self.generate_co_cancel(call_id=3)
2337         self.send_pdu(req)
2338         rep = self.recv_pdu(timeout=0.01)
2339         self.assertIsNone(rep)
2340         self.assertIsConnected()
2341
2342         # And now try a request
2343         req = self.generate_request(call_id=1,
2344                                     context_id=ctx.context_id,
2345                                     opnum=0,
2346                                     stub=b"")
2347         self.send_pdu(req)
2348         rep = self.recv_pdu()
2349         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2350                         auth_length=0)
2351         self.assertNotEquals(rep.u.alloc_hint, 0)
2352         self.assertEquals(rep.u.context_id, req.u.context_id)
2353         self.assertEquals(rep.u.cancel_count, 0)
2354         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2355
2356     def test_co_cancel_request_after_first(self):
2357         ndr32 = base.transfer_syntax_ndr()
2358         abstract = samba.dcerpc.mgmt.abstract_syntax()
2359         ctx = self.prepare_presentation(abstract, ndr32, context_id=0xff)
2360
2361         req = self.generate_request(call_id=1,
2362                                     pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2363                                     context_id=ctx.context_id,
2364                                     opnum=0,
2365                                     stub=b"")
2366         self.send_pdu(req)
2367         rep = self.recv_pdu(timeout=0.01)
2368         self.assertIsNone(rep)
2369         self.assertIsConnected()
2370
2371         req = self.generate_co_cancel(call_id=1)
2372         self.send_pdu(req)
2373         rep = self.recv_pdu(timeout=0.01)
2374         self.assertIsNone(rep)
2375         self.assertIsConnected()
2376
2377         req = self.generate_request(call_id=1,
2378                                     pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2379                                     context_id=ctx.context_id,
2380                                     opnum=0,
2381                                     stub=b"")
2382         self.send_pdu(req)
2383         rep = self.recv_pdu()
2384         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2385                         auth_length=0)
2386         self.assertNotEquals(rep.u.alloc_hint, 0)
2387         self.assertEquals(rep.u.context_id, req.u.context_id)
2388         self.assertEquals(rep.u.cancel_count, 0)
2389         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2390
2391         # And now try a request
2392         req = self.generate_request(call_id=2,
2393                                     context_id=ctx.context_id,
2394                                     opnum=0,
2395                                     stub=b"")
2396         self.send_pdu(req)
2397         rep = self.recv_pdu()
2398         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2399                         auth_length=0)
2400         self.assertNotEquals(rep.u.alloc_hint, 0)
2401         self.assertEquals(rep.u.context_id, req.u.context_id)
2402         self.assertEquals(rep.u.cancel_count, 0)
2403         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2404
2405     def test_orphaned_no_request(self):
2406         ndr32 = base.transfer_syntax_ndr()
2407         abstract = samba.dcerpc.mgmt.abstract_syntax()
2408         ctx = self.prepare_presentation(abstract, ndr32)
2409
2410         req = self.generate_orphaned(call_id=3)
2411         self.send_pdu(req)
2412         rep = self.recv_pdu(timeout=0.01)
2413         self.assertIsNone(rep)
2414         self.assertIsConnected()
2415
2416         # And now try a request
2417         req = self.generate_request(call_id=1,
2418                                     context_id=ctx.context_id,
2419                                     opnum=0,
2420                                     stub=b"")
2421         self.send_pdu(req)
2422         rep = self.recv_pdu()
2423         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2424                         auth_length=0)
2425         self.assertNotEquals(rep.u.alloc_hint, 0)
2426         self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2427         self.assertEquals(rep.u.cancel_count, 0)
2428         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2429
2430     def test_orphaned_request_after_first_last(self):
2431         ndr32 = base.transfer_syntax_ndr()
2432         abstract = samba.dcerpc.mgmt.abstract_syntax()
2433         ctx = self.prepare_presentation(abstract, ndr32)
2434
2435         req = self.generate_request(call_id=1,
2436                                     pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2437                                     context_id=ctx.context_id,
2438                                     opnum=0,
2439                                     stub=b"")
2440         self.send_pdu(req)
2441         rep = self.recv_pdu(timeout=0.1)
2442         self.assertIsNone(rep)
2443         self.assertIsConnected()
2444
2445         req = self.generate_orphaned(call_id=1)
2446         self.send_pdu(req)
2447         rep = self.recv_pdu(timeout=0.1)
2448         self.assertIsNone(rep)
2449         self.assertIsConnected()
2450
2451         req = self.generate_request(call_id=1,
2452                                     pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2453                                     context_id=ctx.context_id,
2454                                     opnum=0,
2455                                     stub=b"")
2456         self.send_pdu(req)
2457         rep = self.recv_pdu()
2458         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2459                         auth_length=0)
2460         self.assertNotEquals(rep.u.alloc_hint, 0)
2461         self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2462         self.assertEquals(rep.u.cancel_count, 0)
2463         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2464
2465         # And now try a request
2466         req = self.generate_request(call_id=2,
2467                                     context_id=ctx.context_id,
2468                                     opnum=0,
2469                                     stub=b"")
2470         self.send_pdu(req)
2471         rep = self.recv_pdu()
2472         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2473                         auth_length=0)
2474         self.assertNotEquals(rep.u.alloc_hint, 0)
2475         self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2476         self.assertEquals(rep.u.cancel_count, 0)
2477         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2478
2479     def test_orphaned_request_after_first_mpx_last(self):
2480         ndr32 = base.transfer_syntax_ndr()
2481         abstract = samba.dcerpc.mgmt.abstract_syntax()
2482
2483         pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST
2484         pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST
2485         pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_CONC_MPX
2486         ctx = self.prepare_presentation(abstract, ndr32, pfc_flags=pfc_flags)
2487
2488         req = self.generate_request(call_id=1,
2489                                     pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2490                                     context_id=ctx.context_id,
2491                                     opnum=0,
2492                                     stub=b"")
2493         self.send_pdu(req)
2494         rep = self.recv_pdu(timeout=0.1)
2495         self.assertIsNone(rep)
2496         self.assertIsConnected()
2497
2498         req = self.generate_orphaned(call_id=1)
2499         self.send_pdu(req)
2500         rep = self.recv_pdu(timeout=0.1)
2501         self.assertIsNone(rep)
2502         self.assertIsConnected()
2503
2504         req = self.generate_request(call_id=1,
2505                                     pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2506                                     context_id=ctx.context_id,
2507                                     opnum=0,
2508                                     stub=b"")
2509         self.send_pdu(req)
2510         rep = self.recv_pdu()
2511         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2512                         auth_length=0)
2513         self.assertNotEquals(rep.u.alloc_hint, 0)
2514         self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2515         self.assertEquals(rep.u.cancel_count, 0)
2516         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2517
2518         # And now try a request
2519         req = self.generate_request(call_id=2,
2520                                     context_id=ctx.context_id,
2521                                     opnum=0,
2522                                     stub=b"")
2523         self.send_pdu(req)
2524         rep = self.recv_pdu()
2525         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2526                         auth_length=0)
2527         self.assertNotEquals(rep.u.alloc_hint, 0)
2528         self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2529         self.assertEquals(rep.u.cancel_count, 0)
2530         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2531
2532     def test_orphaned_request_after_first_no_last(self):
2533         ndr32 = base.transfer_syntax_ndr()
2534         abstract = samba.dcerpc.mgmt.abstract_syntax()
2535         ctx = self.prepare_presentation(abstract, ndr32)
2536
2537         req1 = self.generate_request(call_id=1,
2538                                      pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2539                                      context_id=ctx.context_id,
2540                                      opnum=0,
2541                                      stub=b"")
2542         self.send_pdu(req1)
2543         rep = self.recv_pdu(timeout=0.1)
2544         self.assertIsNone(rep)
2545         self.assertIsConnected()
2546
2547         req = self.generate_orphaned(call_id=1)
2548         self.send_pdu(req)
2549         rep = self.recv_pdu(timeout=0.1)
2550         self.assertIsNone(rep)
2551         self.assertIsConnected()
2552
2553         # And now try a new request
2554         req2 = self.generate_request(call_id=2,
2555                                      context_id=ctx.context_id,
2556                                      opnum=0,
2557                                      stub=b"")
2558         self.send_pdu(req2)
2559         rep = self.recv_pdu()
2560         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req1.call_id,
2561                         auth_length=0)
2562         self.assertNotEquals(rep.u.alloc_hint, 0)
2563         self.assertEquals(rep.u.context_id, req1.u.context_id)
2564         self.assertEquals(rep.u.cancel_count, 0)
2565         self.assertEquals(rep.u.flags, 0)
2566         self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2567         self.assertEquals(rep.u.reserved, 0)
2568         self.assertEquals(len(rep.u.error_and_verifier), 0)
2569
2570         # wait for a disconnect
2571         rep = self.recv_pdu()
2572         self.assertIsNone(rep)
2573         self.assertNotConnected()
2574
2575     def test_orphaned_request_after_first_mpx_no_last(self):
2576         ndr32 = base.transfer_syntax_ndr()
2577         abstract = samba.dcerpc.mgmt.abstract_syntax()
2578
2579         pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST
2580         pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST
2581         pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_CONC_MPX
2582         ctx = self.prepare_presentation(abstract, ndr32,
2583                                         pfc_flags=pfc_flags)
2584
2585         req1 = self.generate_request(call_id=1,
2586                                      pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2587                                      context_id=ctx.context_id,
2588                                      opnum=0,
2589                                      stub=b"")
2590         self.send_pdu(req1)
2591         rep = self.recv_pdu(timeout=0.1)
2592         self.assertIsNone(rep)
2593         self.assertIsConnected()
2594
2595         req = self.generate_orphaned(call_id=1)
2596         self.send_pdu(req)
2597         rep = self.recv_pdu(timeout=0.1)
2598         self.assertIsNone(rep)
2599         self.assertIsConnected()
2600
2601         # And now try a new request
2602         req2 = self.generate_request(call_id=2,
2603                                      context_id=ctx.context_id - 1,
2604                                      opnum=0,
2605                                      stub=b"")
2606         self.send_pdu(req2)
2607         rep = self.recv_pdu()
2608         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req2.call_id,
2609                         auth_length=0)
2610         self.assertNotEquals(rep.u.alloc_hint, 0)
2611         self.assertEquals(rep.u.context_id, 0)
2612         self.assertEquals(rep.u.cancel_count, 0)
2613         self.assertEquals(rep.u.flags, 0)
2614         self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2615         self.assertEquals(rep.u.reserved, 0)
2616         self.assertEquals(len(rep.u.error_and_verifier), 0)
2617
2618         # wait for a disconnect
2619         rep = self.recv_pdu()
2620         self.assertIsNone(rep)
2621         self.assertNotConnected()
2622
2623     def test_spnego_connect_request(self):
2624         ndr32 = base.transfer_syntax_ndr()
2625
2626         tsf1_list = [ndr32]
2627         ctx1 = dcerpc.ctx_list()
2628         ctx1.context_id = 1
2629         ctx1.num_transfer_syntaxes = len(tsf1_list)
2630         ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2631         ctx1.transfer_syntaxes = tsf1_list
2632         ctx_list = [ctx1]
2633
2634         c = self.get_anon_creds()
2635         g = gensec.Security.start_client(self.settings)
2636         g.set_credentials(c)
2637         g.want_feature(gensec.FEATURE_DCE_STYLE)
2638         auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2639         auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
2640         auth_context_id = 2
2641         g.start_mech_by_authtype(auth_type, auth_level)
2642         from_server = b""
2643         (finished, to_server) = g.update(from_server)
2644         self.assertFalse(finished)
2645
2646         auth_info = self.generate_auth(auth_type=auth_type,
2647                                        auth_level=auth_level,
2648                                        auth_context_id=auth_context_id,
2649                                        auth_blob=to_server)
2650
2651         req = self.generate_bind(call_id=0,
2652                                  ctx_list=ctx_list,
2653                                  auth_info=auth_info)
2654
2655         self.send_pdu(req)
2656         rep = self.recv_pdu()
2657         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2658         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2659         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2660         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2661         self.assertEquals(rep.u.secondary_address_size, 4)
2662         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
2663         self.assertEquals(len(rep.u._pad1), 2)
2664         self.assertEquals(rep.u._pad1, b'\0' * 2)
2665         self.assertEquals(rep.u.num_results, 1)
2666         self.assertEquals(rep.u.ctx_list[0].result,
2667                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2668         self.assertEquals(rep.u.ctx_list[0].reason,
2669                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2670         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2671         self.assertNotEquals(len(rep.u.auth_info), 0)
2672         a = self.parse_auth(rep.u.auth_info)
2673
2674         from_server = a.credentials
2675         (finished, to_server) = g.update(from_server)
2676         self.assertFalse(finished)
2677
2678         auth_info = self.generate_auth(auth_type=auth_type,
2679                                        auth_level=auth_level,
2680                                        auth_context_id=auth_context_id,
2681                                        auth_blob=to_server)
2682
2683         req = self.generate_alter(call_id=0,
2684                                   ctx_list=ctx_list,
2685                                   assoc_group_id=rep.u.assoc_group_id,
2686                                   auth_info=auth_info)
2687
2688         self.send_pdu(req)
2689         rep = self.recv_pdu()
2690         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
2691         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2692         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2693         self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2694         self.assertEquals(rep.u.secondary_address_size, 0)
2695         self.assertEquals(len(rep.u._pad1), 2)
2696         # Windows sends garbage
2697         #self.assertEquals(rep.u._pad1, '\0' * 2)
2698         self.assertEquals(rep.u.num_results, 1)
2699         self.assertEquals(rep.u.ctx_list[0].result,
2700                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2701         self.assertEquals(rep.u.ctx_list[0].reason,
2702                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2703         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2704         self.assertNotEquals(len(rep.u.auth_info), 0)
2705         a = self.parse_auth(rep.u.auth_info)
2706
2707         from_server = a.credentials
2708         (finished, to_server) = g.update(from_server)
2709         self.assertTrue(finished)
2710
2711         # And now try a request without auth_info
2712         req = self.generate_request(call_id=2,
2713                                     context_id=ctx1.context_id,
2714                                     opnum=0,
2715                                     stub=b"")
2716         self.send_pdu(req)
2717         rep = self.recv_pdu()
2718         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2719                         auth_length=0)
2720         self.assertNotEquals(rep.u.alloc_hint, 0)
2721         self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2722         self.assertEquals(rep.u.cancel_count, 0)
2723         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2724
2725         # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
2726         auth_info = self.generate_auth(auth_type=auth_type,
2727                                        auth_level=auth_level,
2728                                        auth_context_id=auth_context_id,
2729                                        auth_blob=b"\x01" +b"\x00" *15)
2730         req = self.generate_request(call_id=3,
2731                                     context_id=ctx1.context_id,
2732                                     opnum=0,
2733                                     stub=b"",
2734                                     auth_info=auth_info)
2735         self.send_pdu(req)
2736         rep = self.recv_pdu()
2737         # We don't get an auth_info back
2738         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2739                         auth_length=0)
2740         self.assertNotEquals(rep.u.alloc_hint, 0)
2741         self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2742         self.assertEquals(rep.u.cancel_count, 0)
2743         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2744
2745         # Now a request with auth_info DCERPC_AUTH_LEVEL_INTEGRITY
2746         auth_info = self.generate_auth(auth_type=auth_type,
2747                                        auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
2748                                        auth_context_id=auth_context_id,
2749                                        auth_blob=b"\x01" + b"\x00" * 15)
2750         req = self.generate_request(call_id=4,
2751                                     context_id=ctx1.context_id,
2752                                     opnum=0,
2753                                     stub=b"",
2754                                     auth_info=auth_info)
2755         self.send_pdu(req)
2756         rep = self.recv_pdu()
2757         # We get a fault back
2758         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2759                         auth_length=0)
2760         self.assertNotEquals(rep.u.alloc_hint, 0)
2761         self.assertEquals(rep.u.context_id, req.u.context_id)
2762         self.assertEquals(rep.u.cancel_count, 0)
2763         self.assertEquals(rep.u.flags, 0)
2764         self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2765         self.assertEquals(rep.u.reserved, 0)
2766         self.assertEquals(len(rep.u.error_and_verifier), 0)
2767
2768         # wait for a disconnect
2769         rep = self.recv_pdu()
2770         self.assertIsNone(rep)
2771         self.assertNotConnected()
2772
2773     def test_spnego_integrity_request(self):
2774         ndr32 = base.transfer_syntax_ndr()
2775
2776         tsf1_list = [ndr32]
2777         ctx1 = dcerpc.ctx_list()
2778         ctx1.context_id = 1
2779         ctx1.num_transfer_syntaxes = len(tsf1_list)
2780         ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2781         ctx1.transfer_syntaxes = tsf1_list
2782         ctx_list = [ctx1]
2783
2784         c = self.get_anon_creds()
2785         g = gensec.Security.start_client(self.settings)
2786         g.set_credentials(c)
2787         g.want_feature(gensec.FEATURE_DCE_STYLE)
2788         auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2789         auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
2790         auth_context_id = 2
2791         g.start_mech_by_authtype(auth_type, auth_level)
2792         from_server = b""
2793         (finished, to_server) = g.update(from_server)
2794         self.assertFalse(finished)
2795
2796         auth_info = self.generate_auth(auth_type=auth_type,
2797                                        auth_level=auth_level,
2798                                        auth_context_id=auth_context_id,
2799                                        auth_blob=to_server)
2800
2801         req = self.generate_bind(call_id=0,
2802                                  ctx_list=ctx_list,
2803                                  auth_info=auth_info)
2804
2805         self.send_pdu(req)
2806         rep = self.recv_pdu()
2807         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2808         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2809         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2810         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2811         self.assertEquals(rep.u.secondary_address_size, 4)
2812         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
2813         self.assertEquals(len(rep.u._pad1), 2)
2814         self.assertEquals(rep.u._pad1, b'\0' * 2)
2815         self.assertEquals(rep.u.num_results, 1)
2816         self.assertEquals(rep.u.ctx_list[0].result,
2817                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2818         self.assertEquals(rep.u.ctx_list[0].reason,
2819                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2820         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2821         self.assertNotEquals(len(rep.u.auth_info), 0)
2822         a = self.parse_auth(rep.u.auth_info)
2823
2824         from_server = a.credentials
2825         (finished, to_server) = g.update(from_server)
2826         self.assertFalse(finished)
2827
2828         auth_info = self.generate_auth(auth_type=auth_type,
2829                                        auth_level=auth_level,
2830                                        auth_context_id=auth_context_id,
2831                                        auth_blob=to_server)
2832
2833         req = self.generate_alter(call_id=0,
2834                                   ctx_list=ctx_list,
2835                                   assoc_group_id=rep.u.assoc_group_id,
2836                                   auth_info=auth_info)
2837
2838         self.send_pdu(req)
2839         rep = self.recv_pdu()
2840         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
2841         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2842         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2843         self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2844         self.assertEquals(rep.u.secondary_address_size, 0)
2845         self.assertEquals(len(rep.u._pad1), 2)
2846         # Windows sends garbage
2847         #self.assertEquals(rep.u._pad1, '\0' * 2)
2848         self.assertEquals(rep.u.num_results, 1)
2849         self.assertEquals(rep.u.ctx_list[0].result,
2850                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2851         self.assertEquals(rep.u.ctx_list[0].reason,
2852                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2853         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2854         self.assertNotEquals(len(rep.u.auth_info), 0)
2855         a = self.parse_auth(rep.u.auth_info)
2856
2857         from_server = a.credentials
2858         (finished, to_server) = g.update(from_server)
2859         self.assertTrue(finished)
2860
2861         # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
2862         auth_info = self.generate_auth(auth_type=auth_type,
2863                                        auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
2864                                        auth_context_id=auth_context_id,
2865                                        auth_blob=b"\x01" + b"\x00" * 15)
2866         req = self.generate_request(call_id=3,
2867                                     context_id=ctx1.context_id,
2868                                     opnum=0,
2869                                     stub=b"",
2870                                     auth_info=auth_info)
2871         self.send_pdu(req)
2872         rep = self.recv_pdu()
2873         # We get a fault back
2874         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2875                         auth_length=0)
2876         self.assertNotEquals(rep.u.alloc_hint, 0)
2877         self.assertEquals(rep.u.context_id, req.u.context_id)
2878         self.assertEquals(rep.u.cancel_count, 0)
2879         self.assertEquals(rep.u.flags, 0)
2880         self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2881         self.assertEquals(rep.u.reserved, 0)
2882         self.assertEquals(len(rep.u.error_and_verifier), 0)
2883
2884         # wait for a disconnect
2885         rep = self.recv_pdu()
2886         self.assertIsNone(rep)
2887         self.assertNotConnected()
2888
2889     def test_spnego_unfinished_request(self):
2890         ndr32 = base.transfer_syntax_ndr()
2891
2892         tsf1_list = [ndr32]
2893         ctx1 = dcerpc.ctx_list()
2894         ctx1.context_id = 1
2895         ctx1.num_transfer_syntaxes = len(tsf1_list)
2896         ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2897         ctx1.transfer_syntaxes = tsf1_list
2898         ctx_list = [ctx1]
2899
2900         c = self.get_anon_creds()
2901         g = gensec.Security.start_client(self.settings)
2902         g.set_credentials(c)
2903         g.want_feature(gensec.FEATURE_DCE_STYLE)
2904         auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2905         auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
2906         auth_context_id = 2
2907         g.start_mech_by_authtype(auth_type, auth_level)
2908         from_server = b""
2909         (finished, to_server) = g.update(from_server)
2910         self.assertFalse(finished)
2911
2912         auth_info = self.generate_auth(auth_type=auth_type,
2913                                        auth_level=auth_level,
2914                                        auth_context_id=auth_context_id,
2915                                        auth_blob=to_server)
2916
2917         req = self.generate_bind(call_id=0,
2918                                  ctx_list=ctx_list,
2919                                  auth_info=auth_info)
2920
2921         self.send_pdu(req)
2922         rep = self.recv_pdu()
2923         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2924         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2925         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2926         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2927         assoc_group_id = rep.u.assoc_group_id
2928         self.assertEquals(rep.u.secondary_address_size, 4)
2929         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
2930         self.assertEquals(len(rep.u._pad1), 2)
2931         self.assertEquals(rep.u._pad1, b'\0' * 2)
2932         self.assertEquals(rep.u.num_results, 1)
2933         self.assertEquals(rep.u.ctx_list[0].result,
2934                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2935         self.assertEquals(rep.u.ctx_list[0].reason,
2936                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2937         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2938         self.assertNotEquals(len(rep.u.auth_info), 0)
2939         a = self.parse_auth(rep.u.auth_info)
2940
2941         from_server = a.credentials
2942         (finished, to_server) = g.update(from_server)
2943         self.assertFalse(finished)
2944
2945         # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
2946         auth_info = self.generate_auth(auth_type=auth_type,
2947                                        auth_level=auth_level,
2948                                        auth_context_id=auth_context_id,
2949                                        auth_blob=b"\x01" + b"\x00" * 15)
2950         req = self.generate_request(call_id=1,
2951                                     context_id=ctx1.context_id,
2952                                     opnum=0,
2953                                     stub=b"",
2954                                     auth_info=auth_info)
2955         self.send_pdu(req)
2956         rep = self.recv_pdu()
2957         # We get a fault
2958         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2959                         pfc_flags=req.pfc_flags |
2960                         dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
2961                         auth_length=0)
2962         self.assertNotEquals(rep.u.alloc_hint, 0)
2963         self.assertEquals(rep.u.context_id, 0)
2964         self.assertEquals(rep.u.cancel_count, 0)
2965         self.assertEquals(rep.u.flags, 0)
2966         self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2967         self.assertEquals(rep.u.reserved, 0)
2968         self.assertEquals(len(rep.u.error_and_verifier), 0)
2969
2970         # wait for a disconnect
2971         rep = self.recv_pdu()
2972         self.assertIsNone(rep)
2973         self.assertNotConnected()
2974
2975     def test_spnego_auth3(self):
2976         ndr32 = base.transfer_syntax_ndr()
2977
2978         tsf1_list = [ndr32]
2979         ctx1 = dcerpc.ctx_list()
2980         ctx1.context_id = 1
2981         ctx1.num_transfer_syntaxes = len(tsf1_list)
2982         ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2983         ctx1.transfer_syntaxes = tsf1_list
2984         ctx_list = [ctx1]
2985
2986         c = self.get_anon_creds()
2987         g = gensec.Security.start_client(self.settings)
2988         g.set_credentials(c)
2989         g.want_feature(gensec.FEATURE_DCE_STYLE)
2990         auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2991         auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
2992         auth_context_id = 2
2993         g.start_mech_by_authtype(auth_type, auth_level)
2994         from_server = b""
2995         (finished, to_server) = g.update(from_server)
2996         self.assertFalse(finished)
2997
2998         auth_info = self.generate_auth(auth_type=auth_type,
2999                                        auth_level=auth_level,
3000                                        auth_context_id=auth_context_id,
3001                                        auth_blob=to_server)
3002         req = self.generate_bind(call_id=0,
3003                                  ctx_list=ctx_list,
3004                                  auth_info=auth_info)
3005         self.send_pdu(req)
3006         rep = self.recv_pdu()
3007         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3008         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3009         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3010         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3011         self.assertEquals(rep.u.secondary_address_size, 4)
3012         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3013         self.assertEquals(len(rep.u._pad1), 2)
3014         #self.assertEquals(rep.u._pad1, '\0' * 2)
3015         self.assertEquals(rep.u.num_results, 1)
3016         self.assertEquals(rep.u.ctx_list[0].result,
3017                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3018         self.assertEquals(rep.u.ctx_list[0].reason,
3019                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3020         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3021         self.assertNotEquals(len(rep.u.auth_info), 0)
3022         a = self.parse_auth(rep.u.auth_info)
3023
3024         from_server = a.credentials
3025         (finished, to_server) = g.update(from_server)
3026         self.assertFalse(finished)
3027
3028         auth_info = self.generate_auth(auth_type=auth_type,
3029                                        auth_level=auth_level,
3030                                        auth_context_id=auth_context_id,
3031                                        auth_blob=to_server)
3032         req = self.generate_auth3(call_id=0,
3033                                   auth_info=auth_info)
3034         self.send_pdu(req)
3035         rep = self.recv_pdu()
3036         self.assertIsNone(rep)
3037         self.assertIsConnected()
3038
3039         # And now try a request without auth_info
3040         req = self.generate_request(call_id=2,
3041                                     context_id=ctx1.context_id,
3042                                     opnum=0,
3043                                     stub=b"")
3044         self.send_pdu(req)
3045         rep = self.recv_pdu()
3046         # We get a fault back
3047         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3048                         auth_length=0)
3049         self.assertNotEquals(rep.u.alloc_hint, 0)
3050         self.assertEquals(rep.u.context_id, req.u.context_id)
3051         self.assertEquals(rep.u.cancel_count, 0)
3052         self.assertEquals(rep.u.flags, 0)
3053         self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
3054         self.assertEquals(rep.u.reserved, 0)
3055         self.assertEquals(len(rep.u.error_and_verifier), 0)
3056
3057         # wait for a disconnect
3058         rep = self.recv_pdu()
3059         self.assertIsNone(rep)
3060         self.assertNotConnected()
3061
3062     def test_spnego_connect_reauth_alter(self):
3063         ndr32 = base.transfer_syntax_ndr()
3064         ndr64 = base.transfer_syntax_ndr64()
3065
3066         tsf1_list = [ndr32]
3067         ctx1 = dcerpc.ctx_list()
3068         ctx1.context_id = 1
3069         ctx1.num_transfer_syntaxes = len(tsf1_list)
3070         ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3071         ctx1.transfer_syntaxes = tsf1_list
3072         ctx_list = [ctx1]
3073
3074         c = self.get_anon_creds()
3075         g = gensec.Security.start_client(self.settings)
3076         g.set_credentials(c)
3077         g.want_feature(gensec.FEATURE_DCE_STYLE)
3078         auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3079         auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3080         auth_context_id = 2
3081         g.start_mech_by_authtype(auth_type, auth_level)
3082         from_server = b""
3083         (finished, to_server) = g.update(from_server)
3084         self.assertFalse(finished)
3085
3086         auth_info = self.generate_auth(auth_type=auth_type,
3087                                        auth_level=auth_level,
3088                                        auth_context_id=auth_context_id,
3089                                        auth_blob=to_server)
3090
3091         req = self.generate_bind(call_id=0,
3092                                  ctx_list=ctx_list,
3093                                  auth_info=auth_info)
3094
3095         self.send_pdu(req)
3096         rep = self.recv_pdu()
3097         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3098         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3099         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3100         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3101         self.assertEquals(rep.u.secondary_address_size, 4)
3102         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3103         self.assertEquals(len(rep.u._pad1), 2)
3104         self.assertEquals(rep.u._pad1, b'\0' * 2)
3105         self.assertEquals(rep.u.num_results, 1)
3106         self.assertEquals(rep.u.ctx_list[0].result,
3107                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3108         self.assertEquals(rep.u.ctx_list[0].reason,
3109                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3110         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3111         self.assertNotEquals(len(rep.u.auth_info), 0)
3112         a = self.parse_auth(rep.u.auth_info)
3113
3114         from_server = a.credentials
3115         (finished, to_server) = g.update(from_server)
3116         self.assertFalse(finished)
3117
3118         auth_info = self.generate_auth(auth_type=auth_type,
3119                                        auth_level=auth_level,
3120                                        auth_context_id=auth_context_id,
3121                                        auth_blob=to_server)
3122         req = self.generate_alter(call_id=0,
3123                                   ctx_list=[ctx1],
3124                                   assoc_group_id=rep.u.assoc_group_id,
3125                                   auth_info=auth_info)
3126         self.send_pdu(req)
3127         rep = self.recv_pdu()
3128         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
3129         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3130         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3131         self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3132         self.assertEquals(rep.u.secondary_address_size, 0)
3133         self.assertEquals(len(rep.u._pad1), 2)
3134         # Windows sends garbage
3135         #self.assertEquals(rep.u._pad1, '\0' * 2)
3136         self.assertEquals(rep.u.num_results, 1)
3137         self.assertEquals(rep.u.ctx_list[0].result,
3138                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3139         self.assertEquals(rep.u.ctx_list[0].reason,
3140                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3141         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3142         self.assertNotEquals(len(rep.u.auth_info), 0)
3143         a = self.parse_auth(rep.u.auth_info)
3144
3145         from_server = a.credentials
3146         (finished, to_server) = g.update(from_server)
3147         self.assertTrue(finished)
3148
3149         # And now try a request without auth_info
3150         req = self.generate_request(call_id=2,
3151                                     context_id=ctx1.context_id,
3152                                     opnum=0,
3153                                     stub=b"")
3154         self.send_pdu(req)
3155         rep = self.recv_pdu()
3156         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3157                         auth_length=0)
3158         self.assertNotEquals(rep.u.alloc_hint, 0)
3159         self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
3160         self.assertEquals(rep.u.cancel_count, 0)
3161         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3162
3163         # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
3164         auth_info = self.generate_auth(auth_type=auth_type,
3165                                        auth_level=auth_level,
3166                                        auth_context_id=auth_context_id,
3167                                        auth_blob=b"\x01" + b"\x00" * 15)
3168         req = self.generate_request(call_id=3,
3169                                     context_id=ctx1.context_id,
3170                                     opnum=0,
3171                                     stub=b"",
3172                                     auth_info=auth_info)
3173         self.send_pdu(req)
3174         rep = self.recv_pdu()
3175         # We don't get an auth_info back
3176         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3177                         auth_length=0)
3178         self.assertNotEquals(rep.u.alloc_hint, 0)
3179         self.assertEquals(rep.u.context_id, req.u.context_id)
3180         self.assertEquals(rep.u.cancel_count, 0)
3181         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3182
3183         # Now a reauth
3184
3185         g = gensec.Security.start_client(self.settings)
3186         g.set_credentials(c)
3187         g.want_feature(gensec.FEATURE_DCE_STYLE)
3188         auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3189         auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3190         auth_context_id = 2
3191         g.start_mech_by_authtype(auth_type, auth_level)
3192         from_server = b""
3193         (finished, to_server) = g.update(from_server)
3194         self.assertFalse(finished)
3195
3196         auth_info = self.generate_auth(auth_type=auth_type,
3197                                        auth_level=auth_level,
3198                                        auth_context_id=auth_context_id,
3199                                        auth_blob=to_server)
3200         req = self.generate_alter(call_id=0,
3201                                   ctx_list=ctx_list,
3202                                   auth_info=auth_info)
3203         self.send_pdu(req)
3204         rep = self.recv_pdu()
3205         # We get a fault
3206         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3207                         pfc_flags=req.pfc_flags |
3208                         dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3209                         auth_length=0)
3210         self.assertNotEquals(rep.u.alloc_hint, 0)
3211         self.assertEquals(rep.u.context_id, 0)
3212         self.assertEquals(rep.u.cancel_count, 0)
3213         self.assertEquals(rep.u.flags, 0)
3214         self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
3215         self.assertEquals(rep.u.reserved, 0)
3216         self.assertEquals(len(rep.u.error_and_verifier), 0)
3217
3218         # wait for a disconnect
3219         rep = self.recv_pdu()
3220         self.assertIsNone(rep)
3221         self.assertNotConnected()
3222
3223     def test_spnego_connect_reauth_auth3(self):
3224         ndr32 = base.transfer_syntax_ndr()
3225         ndr64 = base.transfer_syntax_ndr64()
3226
3227         tsf1_list = [ndr32]
3228         ctx1 = dcerpc.ctx_list()
3229         ctx1.context_id = 1
3230         ctx1.num_transfer_syntaxes = len(tsf1_list)
3231         ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3232         ctx1.transfer_syntaxes = tsf1_list
3233         ctx_list = [ctx1]
3234
3235         c = self.get_anon_creds()
3236         g = gensec.Security.start_client(self.settings)
3237         g.set_credentials(c)
3238         g.want_feature(gensec.FEATURE_DCE_STYLE)
3239         auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3240         auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3241         auth_context_id = 2
3242         g.start_mech_by_authtype(auth_type, auth_level)
3243         from_server = b""
3244         (finished, to_server) = g.update(from_server)
3245         self.assertFalse(finished)
3246
3247         auth_info = self.generate_auth(auth_type=auth_type,
3248                                        auth_level=auth_level,
3249                                        auth_context_id=auth_context_id,
3250                                        auth_blob=to_server)
3251
3252         req = self.generate_bind(call_id=0,
3253                                  ctx_list=ctx_list,
3254                                  auth_info=auth_info)
3255
3256         self.send_pdu(req)
3257         rep = self.recv_pdu()
3258         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3259         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3260         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3261         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3262         self.assertEquals(rep.u.secondary_address_size, 4)
3263         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3264         self.assertEquals(len(rep.u._pad1), 2)
3265         self.assertEquals(rep.u._pad1, b'\0' * 2)
3266         self.assertEquals(rep.u.num_results, 1)
3267         self.assertEquals(rep.u.ctx_list[0].result,
3268                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3269         self.assertEquals(rep.u.ctx_list[0].reason,
3270                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3271         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3272         self.assertNotEquals(len(rep.u.auth_info), 0)
3273         a = self.parse_auth(rep.u.auth_info)
3274
3275         from_server = a.credentials
3276         (finished, to_server) = g.update(from_server)
3277         self.assertFalse(finished)
3278
3279         auth_info = self.generate_auth(auth_type=auth_type,
3280                                        auth_level=auth_level,
3281                                        auth_context_id=auth_context_id,
3282                                        auth_blob=to_server)
3283         req = self.generate_alter(call_id=0,
3284                                   ctx_list=[ctx1],
3285                                   assoc_group_id=rep.u.assoc_group_id,
3286                                   auth_info=auth_info)
3287         self.send_pdu(req)
3288         rep = self.recv_pdu()
3289         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
3290         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3291         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3292         self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3293         self.assertEquals(rep.u.secondary_address_size, 0)
3294         self.assertEquals(len(rep.u._pad1), 2)
3295         # Windows sends garbage
3296         #self.assertEquals(rep.u._pad1, '\0' * 2)
3297         self.assertEquals(rep.u.num_results, 1)
3298         self.assertEquals(rep.u.ctx_list[0].result,
3299                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3300         self.assertEquals(rep.u.ctx_list[0].reason,
3301                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3302         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3303         self.assertNotEquals(len(rep.u.auth_info), 0)
3304         a = self.parse_auth(rep.u.auth_info)
3305
3306         from_server = a.credentials
3307         (finished, to_server) = g.update(from_server)
3308         self.assertTrue(finished)
3309
3310         # And now try a request without auth_info
3311         req = self.generate_request(call_id=2,
3312                                     context_id=ctx1.context_id,
3313                                     opnum=0,
3314                                     stub=b"")
3315         self.send_pdu(req)
3316         rep = self.recv_pdu()
3317         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3318                         auth_length=0)
3319         self.assertNotEquals(rep.u.alloc_hint, 0)
3320         self.assertEquals(rep.u.context_id, req.u.context_id)
3321         self.assertEquals(rep.u.cancel_count, 0)
3322         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3323
3324         # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
3325         auth_info = self.generate_auth(auth_type=auth_type,
3326                                        auth_level=auth_level,
3327                                        auth_context_id=auth_context_id,
3328                                        auth_blob=b"\x01" + b"\x00" * 15)
3329         req = self.generate_request(call_id=3,
3330                                     context_id=ctx1.context_id,
3331                                     opnum=0,
3332                                     stub=b"",
3333                                     auth_info=auth_info)
3334         self.send_pdu(req)
3335         rep = self.recv_pdu()
3336         # We don't get an auth_info back
3337         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3338                         auth_length=0)
3339         self.assertNotEquals(rep.u.alloc_hint, 0)
3340         self.assertEquals(rep.u.context_id, req.u.context_id)
3341         self.assertEquals(rep.u.cancel_count, 0)
3342         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3343
3344         # Now a reauth
3345
3346         g = gensec.Security.start_client(self.settings)
3347         g.set_credentials(c)
3348         g.want_feature(gensec.FEATURE_DCE_STYLE)
3349         auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3350         auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3351         auth_context_id = 2
3352         g.start_mech_by_authtype(auth_type, auth_level)
3353         from_server = b""
3354         (finished, to_server) = g.update(from_server)
3355         self.assertFalse(finished)
3356
3357         auth_info = self.generate_auth(auth_type=auth_type,
3358                                        auth_level=auth_level,
3359                                        auth_context_id=auth_context_id,
3360                                        auth_blob=to_server)
3361         req = self.generate_auth3(call_id=0,
3362                                   auth_info=auth_info)
3363         self.send_pdu(req)
3364         rep = self.recv_pdu()
3365         # We get a fault
3366         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3367                         pfc_flags=req.pfc_flags |
3368                         dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3369                         auth_length=0)
3370         self.assertNotEquals(rep.u.alloc_hint, 0)
3371         self.assertEquals(rep.u.context_id, 0)
3372         self.assertEquals(rep.u.cancel_count, 0)
3373         self.assertEquals(rep.u.flags, 0)
3374         self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
3375         self.assertEquals(rep.u.reserved, 0)
3376         self.assertEquals(len(rep.u.error_and_verifier), 0)
3377
3378         # wait for a disconnect
3379         rep = self.recv_pdu()
3380         self.assertIsNone(rep)
3381         self.assertNotConnected()
3382
3383     def test_spnego_change_auth_level(self):
3384         ndr32 = base.transfer_syntax_ndr()
3385
3386         tsf1_list = [ndr32]
3387         ctx1 = dcerpc.ctx_list()
3388         ctx1.context_id = 1
3389         ctx1.num_transfer_syntaxes = len(tsf1_list)
3390         ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3391         ctx1.transfer_syntaxes = tsf1_list
3392
3393         c = self.get_anon_creds()
3394         g = gensec.Security.start_client(self.settings)
3395         g.set_credentials(c)
3396         g.want_feature(gensec.FEATURE_DCE_STYLE)
3397         auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3398         auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3399         auth_context_id = 2
3400         g.start_mech_by_authtype(auth_type, auth_level)
3401         from_server = b""
3402         (finished, to_server) = g.update(from_server)
3403         self.assertFalse(finished)
3404
3405         auth_info = self.generate_auth(auth_type=auth_type,
3406                                        auth_level=auth_level,
3407                                        auth_context_id=auth_context_id,
3408                                        auth_blob=to_server)
3409         req = self.generate_bind(call_id=0,
3410                                  ctx_list=[ctx1],
3411                                  auth_info=auth_info)
3412         self.send_pdu(req)
3413         rep = self.recv_pdu()
3414         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3415         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3416         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3417         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3418         self.assertEquals(rep.u.secondary_address_size, 4)
3419         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3420         self.assertEquals(len(rep.u._pad1), 2)
3421         self.assertEquals(rep.u._pad1, b'\0' * 2)
3422         self.assertEquals(rep.u.num_results, 1)
3423         self.assertEquals(rep.u.ctx_list[0].result,
3424                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3425         self.assertEquals(rep.u.ctx_list[0].reason,
3426                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3427         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3428         self.assertNotEquals(len(rep.u.auth_info), 0)
3429         a = self.parse_auth(rep.u.auth_info)
3430
3431         from_server = a.credentials
3432         (finished, to_server) = g.update(from_server)
3433         self.assertFalse(finished)
3434
3435         auth_info = self.generate_auth(auth_type=auth_type,
3436                                        auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
3437                                        auth_context_id=auth_context_id,
3438                                        auth_blob=to_server)
3439         req = self.generate_alter(call_id=0,
3440                                   ctx_list=[ctx1],
3441                                   assoc_group_id=rep.u.assoc_group_id,
3442                                   auth_info=auth_info)
3443         self.send_pdu(req)
3444         rep = self.recv_pdu()
3445         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3446                         pfc_flags=req.pfc_flags |
3447                         dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3448                         auth_length=0)
3449         self.assertNotEquals(rep.u.alloc_hint, 0)
3450         self.assertEquals(rep.u.context_id, 0)
3451         self.assertEquals(rep.u.cancel_count, 0)
3452         self.assertEquals(rep.u.flags, 0)
3453         self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
3454         self.assertEquals(rep.u.reserved, 0)
3455         self.assertEquals(len(rep.u.error_and_verifier), 0)
3456
3457         # wait for a disconnect
3458         rep = self.recv_pdu()
3459         self.assertIsNone(rep)
3460         self.assertNotConnected()
3461
3462     def test_spnego_change_abstract(self):
3463         ndr32 = base.transfer_syntax_ndr()
3464
3465         tsf1_list = [ndr32]
3466         ctx1 = dcerpc.ctx_list()
3467         ctx1.context_id = 1
3468         ctx1.num_transfer_syntaxes = len(tsf1_list)
3469         ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3470         ctx1.transfer_syntaxes = tsf1_list
3471
3472         ctx1b = dcerpc.ctx_list()
3473         ctx1b.context_id = 1
3474         ctx1b.num_transfer_syntaxes = len(tsf1_list)
3475         ctx1b.abstract_syntax = samba.dcerpc.epmapper.abstract_syntax()
3476         ctx1b.transfer_syntaxes = tsf1_list
3477
3478         c = self.get_anon_creds()
3479         g = gensec.Security.start_client(self.settings)
3480         g.set_credentials(c)
3481         g.want_feature(gensec.FEATURE_DCE_STYLE)
3482         auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3483         auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3484         auth_context_id = 2
3485         g.start_mech_by_authtype(auth_type, auth_level)
3486         from_server = b""
3487         (finished, to_server) = g.update(from_server)
3488         self.assertFalse(finished)
3489
3490         auth_info = self.generate_auth(auth_type=auth_type,
3491                                        auth_level=auth_level,
3492                                        auth_context_id=auth_context_id,
3493                                        auth_blob=to_server)
3494         req = self.generate_bind(call_id=0,
3495                                  ctx_list=[ctx1],
3496                                  auth_info=auth_info)
3497         self.send_pdu(req)
3498         rep = self.recv_pdu()
3499         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3500         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3501         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3502         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3503         self.assertEquals(rep.u.secondary_address_size, 4)
3504         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3505         self.assertEquals(len(rep.u._pad1), 2)
3506         #self.assertEquals(rep.u._pad1, '\0' * 2)
3507         self.assertEquals(rep.u.num_results, 1)
3508         self.assertEquals(rep.u.ctx_list[0].result,
3509                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3510         self.assertEquals(rep.u.ctx_list[0].reason,
3511                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3512         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3513         self.assertNotEquals(len(rep.u.auth_info), 0)
3514         a