py:dcerpc/raw_protocol: demonstrate that \\pipe\lsarpc returns \\pipe\lsass as second...
[samba.git] / python / samba / tests / dcerpc / raw_protocol.py
1 #!/usr/bin/env python3
2 # Unix SMB/CIFS implementation.
3 # Copyright (C) Stefan Metzmacher 2014,2015
4 #
5 # This program is free software; you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 3 of the License, or
8 # (at your option) any later version.
9 #
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13 # GNU General Public License for more details.
14 #
15 # You should have received a copy of the GNU General Public License
16 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
17 #
18
19 import sys
20 import os
21 import time
22
23 sys.path.insert(0, "bin/python")
24 os.environ["PYTHONUNBUFFERED"] = "1"
25
26 import samba.dcerpc.dcerpc as dcerpc
27 import samba.dcerpc.base as base
28 import samba.dcerpc.misc as misc
29 import samba.dcerpc.epmapper
30 import samba.dcerpc.mgmt
31 import samba.dcerpc.netlogon
32 import struct
33 from samba import gensec
34 from samba.tests.dcerpc.raw_testcase import RawDCERPCTest
35 from samba.compat import binary_type
36
37 global_ndr_print = False
38 global_hexdump = False
39
40
41 class TestDCERPC_BIND(RawDCERPCTest):
42
43     def setUp(self):
44         super(TestDCERPC_BIND, self).setUp()
45         self.do_ndr_print = global_ndr_print
46         self.do_hexdump = global_hexdump
47
48     def _test_no_auth_request_bind_pfc_flags(self, req_pfc_flags, rep_pfc_flags):
49         ndr32 = base.transfer_syntax_ndr()
50
51         tsf1_list = [ndr32]
52         ctx1 = dcerpc.ctx_list()
53         ctx1.context_id = 1
54         ctx1.num_transfer_syntaxes = len(tsf1_list)
55         ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
56         ctx1.transfer_syntaxes = tsf1_list
57
58         req = self.generate_bind(call_id=0, pfc_flags=req_pfc_flags, ctx_list=[ctx1])
59         self.send_pdu(req)
60         rep = self.recv_pdu()
61         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
62                         pfc_flags=rep_pfc_flags, auth_length=0)
63         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
64         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
65         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
66         self.assertEquals(rep.u.secondary_address_size, 4)
67         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
68         self.assertPadding(rep.u._pad1, 2)
69         self.assertEquals(rep.u.num_results, 1)
70         self.assertEquals(rep.u.ctx_list[0].result,
71                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
72         self.assertEquals(rep.u.ctx_list[0].reason,
73                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
74         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
75         self.assertEquals(rep.u.auth_info, b'\0' * 0)
76
77         # And now try a request
78         req = self.generate_request(call_id=1,
79                                     context_id=ctx1.context_id,
80                                     opnum=0,
81                                     stub=b"")
82         self.send_pdu(req)
83         rep = self.recv_pdu()
84         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
85                         auth_length=0)
86         self.assertNotEquals(rep.u.alloc_hint, 0)
87         self.assertEquals(rep.u.context_id, req.u.context_id)
88         self.assertEquals(rep.u.cancel_count, 0)
89         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
90
91     def _test_no_auth_request_alter_pfc_flags(self, req_pfc_flags, rep_pfc_flags):
92         ndr32 = base.transfer_syntax_ndr()
93
94         tsf1_list = [ndr32]
95         ctx1 = dcerpc.ctx_list()
96         ctx1.context_id = 1
97         ctx1.num_transfer_syntaxes = len(tsf1_list)
98         ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
99         ctx1.transfer_syntaxes = tsf1_list
100
101         req = self.generate_bind(call_id=0, ctx_list=[ctx1])
102         self.send_pdu(req)
103         rep = self.recv_pdu()
104         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
105                         auth_length=0)
106         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
107         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
108         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
109         self.assertEquals(rep.u.secondary_address_size, 4)
110         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
111         self.assertPadding(rep.u._pad1, 2)
112         self.assertEquals(rep.u.num_results, 1)
113         self.assertEquals(rep.u.ctx_list[0].result,
114                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
115         self.assertEquals(rep.u.ctx_list[0].reason,
116                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
117         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
118         self.assertEquals(rep.u.auth_info, b'\0' * 0)
119
120         # And now try a alter context
121         req = self.generate_alter(call_id=0, pfc_flags=req_pfc_flags, ctx_list=[ctx1])
122         self.send_pdu(req)
123         rep = self.recv_pdu()
124         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
125                         pfc_flags=rep_pfc_flags, auth_length=0)
126         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
127         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
128         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
129         self.assertEquals(rep.u.secondary_address_size, 0)
130         self.assertEquals(rep.u.secondary_address, "")
131         self.assertPadding(rep.u._pad1, 2)
132         self.assertEquals(rep.u.num_results, 1)
133         self.assertEquals(rep.u.ctx_list[0].result,
134                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
135         self.assertEquals(rep.u.ctx_list[0].reason,
136                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
137         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
138         self.assertEquals(rep.u.auth_info, b'\0' * 0)
139
140         # And now try a request
141         req = self.generate_request(call_id=1,
142                                     context_id=ctx1.context_id,
143                                     opnum=0,
144                                     stub=b"")
145         self.send_pdu(req)
146         rep = self.recv_pdu()
147         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
148                         auth_length=0)
149         self.assertNotEquals(rep.u.alloc_hint, 0)
150         self.assertEquals(rep.u.context_id, req.u.context_id)
151         self.assertEquals(rep.u.cancel_count, 0)
152         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
153
154     def test_no_auth_request(self):
155         return self._test_no_auth_request_bind_pfc_flags(
156                                         req_pfc_flags=0 |
157                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
158                                         dcerpc.DCERPC_PFC_FLAG_LAST,
159                                         rep_pfc_flags=0 |
160                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
161                                         dcerpc.DCERPC_PFC_FLAG_LAST)
162
163     def test_no_auth_request_bind_pfc_00(self):
164         return self._test_no_auth_request_bind_pfc_flags(
165                                         req_pfc_flags=0 |
166                                         0,
167                                         rep_pfc_flags=0 |
168                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
169                                         dcerpc.DCERPC_PFC_FLAG_LAST)
170
171     def test_no_auth_request_bind_pfc_FIRST(self):
172         return self._test_no_auth_request_bind_pfc_flags(
173                                         req_pfc_flags=0 |
174                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
175                                         0,
176                                         rep_pfc_flags=0 |
177                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
178                                         dcerpc.DCERPC_PFC_FLAG_LAST)
179
180     def test_no_auth_request_bind_pfc_LAST(self):
181         return self._test_no_auth_request_bind_pfc_flags(
182                                         req_pfc_flags=0 |
183                                         dcerpc.DCERPC_PFC_FLAG_LAST |
184                                         0,
185                                         rep_pfc_flags=0 |
186                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
187                                         dcerpc.DCERPC_PFC_FLAG_LAST)
188
189     def test_no_auth_request_bind_pfc_HDR_SIGNING(self):
190         return self._test_no_auth_request_bind_pfc_flags(
191                                         req_pfc_flags=0 |
192                                         dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN |
193                                         0,
194                                         rep_pfc_flags=0 |
195                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
196                                         dcerpc.DCERPC_PFC_FLAG_LAST |
197                                         dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)
198
199     def test_no_auth_request_bind_pfc_08(self):
200         return self._test_no_auth_request_bind_pfc_flags(
201                                         req_pfc_flags=0 |
202                                         8 |
203                                         0,
204                                         rep_pfc_flags=0 |
205                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
206                                         dcerpc.DCERPC_PFC_FLAG_LAST)
207
208     def test_no_auth_request_bind_pfc_CONC_MPX(self):
209         return self._test_no_auth_request_bind_pfc_flags(
210                                         req_pfc_flags=0 |
211                                         dcerpc.DCERPC_PFC_FLAG_CONC_MPX |
212                                         0,
213                                         rep_pfc_flags=0 |
214                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
215                                         dcerpc.DCERPC_PFC_FLAG_LAST |
216                                         dcerpc.DCERPC_PFC_FLAG_CONC_MPX)
217
218     def test_no_auth_request_bind_pfc_DID_NOT_EXECUTE(self):
219         return self._test_no_auth_request_bind_pfc_flags(
220                                         req_pfc_flags=0 |
221                                         dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE |
222                                         0,
223                                         rep_pfc_flags=0 |
224                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
225                                         dcerpc.DCERPC_PFC_FLAG_LAST)
226
227     def test_no_auth_request_bind_pfc_MAYBE(self):
228         return self._test_no_auth_request_bind_pfc_flags(
229                                         req_pfc_flags=0 |
230                                         dcerpc.DCERPC_PFC_FLAG_MAYBE |
231                                         0,
232                                         rep_pfc_flags=0 |
233                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
234                                         dcerpc.DCERPC_PFC_FLAG_LAST)
235
236     def test_no_auth_request_bind_pfc_OBJECT_UUID(self):
237         return self._test_no_auth_request_bind_pfc_flags(
238                                         req_pfc_flags=0 |
239                                         dcerpc.DCERPC_PFC_FLAG_OBJECT_UUID |
240                                         0,
241                                         rep_pfc_flags=0 |
242                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
243                                         dcerpc.DCERPC_PFC_FLAG_LAST)
244
245     # TODO: doesn't announce DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
246     # without authentication
247     # TODO: doesn't announce DCERPC_PFC_FLAG_CONC_MPX
248     # by default
249     def _test_no_auth_request_bind_pfc_ff(self):
250         return self._test_no_auth_request_bind_pfc_flags(
251                                         req_pfc_flags=0 |
252                                         0xff |
253                                         0,
254                                         rep_pfc_flags=0 |
255                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
256                                         dcerpc.DCERPC_PFC_FLAG_LAST |
257                                         dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN |
258                                         dcerpc.DCERPC_PFC_FLAG_CONC_MPX)
259
260     def test_no_auth_request_alter_pfc_00(self):
261         return self._test_no_auth_request_alter_pfc_flags(
262                                         req_pfc_flags=0 |
263                                         0,
264                                         rep_pfc_flags=0 |
265                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
266                                         dcerpc.DCERPC_PFC_FLAG_LAST)
267
268     def test_no_auth_request_alter_pfc_FIRST(self):
269         return self._test_no_auth_request_alter_pfc_flags(
270                                         req_pfc_flags=0 |
271                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
272                                         0,
273                                         rep_pfc_flags=0 |
274                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
275                                         dcerpc.DCERPC_PFC_FLAG_LAST)
276
277     def test_no_auth_request_alter_pfc_LAST(self):
278         return self._test_no_auth_request_alter_pfc_flags(
279                                         req_pfc_flags=0 |
280                                         dcerpc.DCERPC_PFC_FLAG_LAST |
281                                         0,
282                                         rep_pfc_flags=0 |
283                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
284                                         dcerpc.DCERPC_PFC_FLAG_LAST)
285
286     def test_no_auth_request_alter_pfc_HDR_SIGNING(self):
287         return self._test_no_auth_request_alter_pfc_flags(
288                                         req_pfc_flags=0 |
289                                         dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN |
290                                         0,
291                                         rep_pfc_flags=0 |
292                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
293                                         dcerpc.DCERPC_PFC_FLAG_LAST |
294                                         dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)
295
296     def test_no_auth_request_alter_pfc_08(self):
297         return self._test_no_auth_request_alter_pfc_flags(
298                                         req_pfc_flags=0 |
299                                         8 |
300                                         0,
301                                         rep_pfc_flags=0 |
302                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
303                                         dcerpc.DCERPC_PFC_FLAG_LAST)
304
305     def test_no_auth_request_alter_pfc_CONC_MPX(self):
306         return self._test_no_auth_request_alter_pfc_flags(
307                                         req_pfc_flags=0 |
308                                         dcerpc.DCERPC_PFC_FLAG_CONC_MPX |
309                                         0,
310                                         rep_pfc_flags=0 |
311                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
312                                         dcerpc.DCERPC_PFC_FLAG_LAST)
313
314     def test_no_auth_request_alter_pfc_DID_NOT_EXECUTE(self):
315         return self._test_no_auth_request_alter_pfc_flags(
316                                         req_pfc_flags=0 |
317                                         dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE |
318                                         0,
319                                         rep_pfc_flags=0 |
320                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
321                                         dcerpc.DCERPC_PFC_FLAG_LAST)
322
323     def test_no_auth_request_alter_pfc_MAYBE(self):
324         return self._test_no_auth_request_alter_pfc_flags(
325                                         req_pfc_flags=0 |
326                                         dcerpc.DCERPC_PFC_FLAG_MAYBE |
327                                         0,
328                                         rep_pfc_flags=0 |
329                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
330                                         dcerpc.DCERPC_PFC_FLAG_LAST)
331
332     def test_no_auth_request_alter_pfc_OBJECT_UUID(self):
333         return self._test_no_auth_request_alter_pfc_flags(
334                                         req_pfc_flags=0 |
335                                         dcerpc.DCERPC_PFC_FLAG_OBJECT_UUID |
336                                         0,
337                                         rep_pfc_flags=0 |
338                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
339                                         dcerpc.DCERPC_PFC_FLAG_LAST)
340
341     def test_no_auth_request_alter_pfc_ff(self):
342         return self._test_no_auth_request_alter_pfc_flags(
343                                         req_pfc_flags=0 |
344                                         0xff |
345                                         0,
346                                         rep_pfc_flags=0 |
347                                         dcerpc.DCERPC_PFC_FLAG_FIRST |
348                                         dcerpc.DCERPC_PFC_FLAG_LAST |
349                                         dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)
350
351     def test_no_auth_no_ctx(self):
352         # send an useless bind
353         req = self.generate_bind(call_id=0)
354         self.send_pdu(req)
355         rep = self.recv_pdu()
356         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
357                         auth_length=0)
358         self.assertEquals(rep.u.reject_reason,
359                           dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
360         self.assertEquals(rep.u.num_versions, 1)
361         self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
362         self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
363         self.assertPadding(rep.u._pad, 3)
364
365     def test_invalid_auth_noctx(self):
366         req = self.generate_bind(call_id=0)
367         req.auth_length = dcerpc.DCERPC_AUTH_TRAILER_LENGTH
368         self.send_pdu(req)
369         rep = self.recv_pdu()
370         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
371                         auth_length=0)
372         self.assertEquals(rep.u.reject_reason,
373                           dcerpc.DCERPC_BIND_NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED)
374         self.assertEquals(rep.u.num_versions, 1)
375         self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
376         self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
377         self.assertPadding(rep.u._pad, 3)
378
379     def test_no_auth_valid_valid_request(self):
380         ndr32 = base.transfer_syntax_ndr()
381
382         tsf1_list = [ndr32]
383         ctx1 = dcerpc.ctx_list()
384         ctx1.context_id = 1
385         ctx1.num_transfer_syntaxes = len(tsf1_list)
386         ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
387         ctx1.transfer_syntaxes = tsf1_list
388
389         req = self.generate_bind(call_id=0, ctx_list=[ctx1])
390         self.send_pdu(req)
391         rep = self.recv_pdu()
392         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
393                         auth_length=0)
394         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
395         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
396         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
397         self.assertEquals(rep.u.secondary_address_size, 4)
398         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
399         self.assertPadding(rep.u._pad1, 2)
400         self.assertEquals(rep.u.num_results, 1)
401         self.assertEquals(rep.u.ctx_list[0].result,
402                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
403         self.assertEquals(rep.u.ctx_list[0].reason,
404                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
405         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
406         self.assertEquals(rep.u.auth_info, b'\0' * 0)
407
408         # Send a bind again
409         tsf2_list = [ndr32]
410         ctx2 = dcerpc.ctx_list()
411         ctx2.context_id = 2
412         ctx2.num_transfer_syntaxes = len(tsf2_list)
413         ctx2.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
414         ctx2.transfer_syntaxes = tsf2_list
415
416         req = self.generate_bind(call_id=1, ctx_list=[ctx2])
417         self.send_pdu(req)
418         rep = self.recv_pdu()
419         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
420                         auth_length=0)
421         self.assertEquals(rep.u.reject_reason,
422                           dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
423         self.assertEquals(rep.u.num_versions, 1)
424         self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
425         self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
426         self.assertPadding(rep.u._pad, 3)
427
428         # wait for a disconnect
429         rep = self.recv_pdu()
430         self.assertIsNone(rep)
431         self.assertNotConnected()
432
433     def test_no_auth_invalid_valid_request(self):
434         # send an useless bind
435         req = self.generate_bind(call_id=0)
436         self.send_pdu(req)
437         rep = self.recv_pdu()
438         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
439                         auth_length=0)
440         self.assertEquals(rep.u.reject_reason,
441                           dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
442         self.assertEquals(rep.u.num_versions, 1)
443         self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
444         self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
445         self.assertPadding(rep.u._pad, 3)
446
447         # wait for a disconnect
448         rep = self.recv_pdu()
449         self.assertIsNone(rep)
450         self.assertNotConnected()
451
452     def test_alter_no_auth_no_ctx(self):
453         ndr32 = base.transfer_syntax_ndr()
454
455         tsf1_list = [ndr32]
456         ctx1 = dcerpc.ctx_list()
457         ctx1.context_id = 1
458         ctx1.num_transfer_syntaxes = len(tsf1_list)
459         ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
460         ctx1.transfer_syntaxes = tsf1_list
461
462         req = self.generate_bind(call_id=0, ctx_list=[ctx1])
463         self.send_pdu(req)
464         rep = self.recv_pdu()
465         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
466                         auth_length=0)
467         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
468         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
469         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
470         self.assertEquals(rep.u.secondary_address_size, 4)
471         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
472         self.assertPadding(rep.u._pad1, 2)
473         self.assertEquals(rep.u.num_results, 1)
474         self.assertEquals(rep.u.ctx_list[0].result,
475                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
476         self.assertEquals(rep.u.ctx_list[0].reason,
477                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
478         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
479         self.assertEquals(rep.u.auth_info, b'\0' * 0)
480
481         # Send a alter
482         req = self.generate_alter(call_id=1, ctx_list=[])
483         self.send_pdu(req)
484         rep = self.recv_pdu()
485         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
486                         pfc_flags=req.pfc_flags |
487                         dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
488                         auth_length=0)
489         self.assertNotEquals(rep.u.alloc_hint, 0)
490         self.assertEquals(rep.u.context_id, 0)
491         self.assertEquals(rep.u.cancel_count, 0)
492         self.assertEquals(rep.u.flags, 0)
493         self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
494         self.assertEquals(rep.u.reserved, 0)
495         self.assertEquals(len(rep.u.error_and_verifier), 0)
496
497         # wait for a disconnect
498         rep = self.recv_pdu()
499         self.assertIsNone(rep)
500         self.assertNotConnected()
501
502     def test_no_auth_presentation_ctx_valid1(self):
503         ndr32 = base.transfer_syntax_ndr()
504
505         zero_syntax = misc.ndr_syntax_id()
506
507         tsf1_list = [zero_syntax, ndr32]
508         ctx1 = dcerpc.ctx_list()
509         ctx1.context_id = 1
510         ctx1.num_transfer_syntaxes = len(tsf1_list)
511         ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
512         ctx1.transfer_syntaxes = tsf1_list
513
514         req = self.generate_bind(call_id=0, ctx_list=[ctx1])
515         self.send_pdu(req)
516         rep = self.recv_pdu()
517         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
518                         auth_length=0)
519         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
520         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
521         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
522         self.assertEquals(rep.u.secondary_address_size, 4)
523         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
524         self.assertPadding(rep.u._pad1, 2)
525         self.assertEquals(rep.u.num_results, 1)
526         self.assertEquals(rep.u.ctx_list[0].result,
527                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
528         self.assertEquals(rep.u.ctx_list[0].reason,
529                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
530         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
531         self.assertEquals(rep.u.auth_info, b'\0' * 0)
532
533         # Send a alter
534         req = self.generate_alter(call_id=1, ctx_list=[ctx1])
535         self.send_pdu(req)
536         rep = self.recv_pdu()
537         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
538                         auth_length=0)
539         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
540         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
541         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
542         self.assertEquals(rep.u.secondary_address_size, 0)
543         self.assertPadding(rep.u._pad1, 2)
544         self.assertEquals(rep.u.num_results, 1)
545         self.assertEquals(rep.u.ctx_list[0].result,
546                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
547         self.assertEquals(rep.u.ctx_list[0].reason,
548                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
549         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
550         self.assertEquals(rep.u.auth_info, b'\0' * 0)
551
552         req = self.generate_request(call_id=2,
553                                     context_id=ctx1.context_id,
554                                     opnum=0xffff,
555                                     stub=b"")
556         self.send_pdu(req)
557         rep = self.recv_pdu()
558         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
559                         pfc_flags=req.pfc_flags |
560                         dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
561                         auth_length=0)
562         self.assertNotEquals(rep.u.alloc_hint, 0)
563         self.assertEquals(rep.u.context_id, ctx1.context_id)
564         self.assertEquals(rep.u.cancel_count, 0)
565         self.assertEquals(rep.u.flags, 0)
566         self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_OP_RNG_ERROR)
567         self.assertEquals(rep.u.reserved, 0)
568         self.assertEquals(len(rep.u.error_and_verifier), 0)
569
570     def test_no_auth_presentation_ctx_invalid1(self):
571         ndr32 = base.transfer_syntax_ndr()
572
573         zero_syntax = misc.ndr_syntax_id()
574
575         tsf1_list = [ndr32]
576         ctx1 = dcerpc.ctx_list()
577         ctx1.context_id = 1
578         ctx1.num_transfer_syntaxes = len(tsf1_list)
579         ctx1.abstract_syntax = ndr32
580         ctx1.transfer_syntaxes = tsf1_list
581
582         req = self.generate_bind(call_id=0, ctx_list=[ctx1])
583         self.send_pdu(req)
584         rep = self.recv_pdu()
585         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
586                         auth_length=0)
587         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
588         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
589         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
590         self.assertEquals(rep.u.secondary_address_size, 4)
591         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
592         self.assertPadding(rep.u._pad1, 2)
593         self.assertEquals(rep.u.num_results, 1)
594         self.assertEquals(rep.u.ctx_list[0].result,
595                           dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
596         self.assertEquals(rep.u.ctx_list[0].reason,
597                           dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
598         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
599         self.assertEquals(rep.u.auth_info, b'\0' * 0)
600
601         # Send a alter
602         req = self.generate_alter(call_id=1, ctx_list=[ctx1])
603         self.send_pdu(req)
604         rep = self.recv_pdu()
605         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
606                         auth_length=0)
607         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
608         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
609         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
610         self.assertEquals(rep.u.secondary_address_size, 0)
611         self.assertPadding(rep.u._pad1, 2)
612         self.assertEquals(rep.u.num_results, 1)
613         self.assertEquals(rep.u.ctx_list[0].result,
614                           dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
615         self.assertEquals(rep.u.ctx_list[0].reason,
616                           dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
617         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
618         self.assertEquals(rep.u.auth_info, b'\0' * 0)
619
620         req = self.generate_request(call_id=2,
621                                     context_id=12345,
622                                     opnum=0,
623                                     stub=b"")
624         self.send_pdu(req)
625         rep = self.recv_pdu()
626         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
627                         pfc_flags=req.pfc_flags |
628                         dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
629                         auth_length=0)
630         self.assertNotEquals(rep.u.alloc_hint, 0)
631         self.assertEquals(rep.u.context_id, 0)
632         self.assertEquals(rep.u.cancel_count, 0)
633         self.assertEquals(rep.u.flags, 0)
634         self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_UNKNOWN_IF)
635         self.assertEquals(rep.u.reserved, 0)
636         self.assertEquals(len(rep.u.error_and_verifier), 0)
637
638         # Send a alter again to prove the connection is still alive
639         req = self.generate_alter(call_id=3, ctx_list=[ctx1])
640         self.send_pdu(req)
641         rep = self.recv_pdu()
642         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
643                         auth_length=0)
644         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
645         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
646         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
647         self.assertEquals(rep.u.secondary_address_size, 0)
648         self.assertPadding(rep.u._pad1, 2)
649         self.assertEquals(rep.u.num_results, 1)
650         self.assertEquals(rep.u.ctx_list[0].result,
651                           dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
652         self.assertEquals(rep.u.ctx_list[0].reason,
653                           dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
654         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
655         self.assertEquals(rep.u.auth_info, b'\0' * 0)
656
657     def test_no_auth_presentation_ctx_invalid2(self):
658         ndr32 = base.transfer_syntax_ndr()
659
660         zero_syntax = misc.ndr_syntax_id()
661
662         tsf1a_list = []
663         ctx1a = dcerpc.ctx_list()
664         ctx1a.context_id = 1
665         ctx1a.num_transfer_syntaxes = len(tsf1a_list)
666         ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
667         ctx1a.transfer_syntaxes = tsf1a_list
668
669         req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
670         self.send_pdu(req)
671         rep = self.recv_pdu()
672         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
673                         auth_length=0)
674         self.assertEquals(rep.u.reject_reason,
675                           dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
676         self.assertEquals(rep.u.num_versions, 1)
677         self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
678         self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
679         self.assertPadding(rep.u._pad, 3)
680
681         # wait for a disconnect
682         rep = self.recv_pdu()
683         self.assertIsNone(rep)
684         self.assertNotConnected()
685
686     def test_no_auth_presentation_ctx_invalid3(self):
687         ndr32 = base.transfer_syntax_ndr()
688
689         zero_syntax = misc.ndr_syntax_id()
690
691         tsf1a_list = [zero_syntax, ndr32, ndr32, ndr32]
692         ctx1a = dcerpc.ctx_list()
693         ctx1a.context_id = 1
694         ctx1a.num_transfer_syntaxes = len(tsf1a_list)
695         ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
696         ctx1a.transfer_syntaxes = tsf1a_list
697
698         req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
699         self.send_pdu(req)
700         rep = self.recv_pdu()
701         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
702                         auth_length=0)
703         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
704         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
705         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
706         self.assertEquals(rep.u.secondary_address_size, 4)
707         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
708         self.assertPadding(rep.u._pad1, 2)
709         self.assertEquals(rep.u.num_results, 1)
710         self.assertEquals(rep.u.ctx_list[0].result,
711                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
712         self.assertEquals(rep.u.ctx_list[0].reason,
713                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
714         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
715         self.assertEquals(rep.u.auth_info, b'\0' * 0)
716
717         tsf1b_list = []
718         ctx1b = dcerpc.ctx_list()
719         ctx1b.context_id = 1
720         ctx1b.num_transfer_syntaxes = len(tsf1b_list)
721         ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
722         ctx1b.transfer_syntaxes = tsf1b_list
723
724         # Send a alter
725         req = self.generate_alter(call_id=1, ctx_list=[ctx1b])
726         self.send_pdu(req)
727         rep = self.recv_pdu()
728         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
729                         pfc_flags=req.pfc_flags |
730                         dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
731                         auth_length=0)
732         self.assertNotEquals(rep.u.alloc_hint, 0)
733         self.assertEquals(rep.u.context_id, 0)
734         self.assertEquals(rep.u.cancel_count, 0)
735         self.assertEquals(rep.u.flags, 0)
736         self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
737         self.assertEquals(rep.u.reserved, 0)
738         self.assertEquals(len(rep.u.error_and_verifier), 0)
739
740         # wait for a disconnect
741         rep = self.recv_pdu()
742         self.assertIsNone(rep)
743         self.assertNotConnected()
744
745     def test_no_auth_presentation_ctx_invalid4(self):
746         ndr32 = base.transfer_syntax_ndr()
747         ndr64 = base.transfer_syntax_ndr64()
748
749         zero_syntax = misc.ndr_syntax_id()
750
751         tsf1a_list = [zero_syntax, ndr32, ndr32, ndr32]
752         ctx1a = dcerpc.ctx_list()
753         ctx1a.context_id = 1
754         ctx1a.num_transfer_syntaxes = len(tsf1a_list)
755         ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
756         ctx1a.transfer_syntaxes = tsf1a_list
757
758         req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
759         self.send_pdu(req)
760         rep = self.recv_pdu()
761         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
762                         auth_length=0)
763         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
764         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
765         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
766         self.assertEquals(rep.u.secondary_address_size, 4)
767         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
768         self.assertPadding(rep.u._pad1, 2)
769         self.assertEquals(rep.u.num_results, 1)
770         self.assertEquals(rep.u.ctx_list[0].result,
771                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
772         self.assertEquals(rep.u.ctx_list[0].reason,
773                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
774         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
775         self.assertEquals(rep.u.auth_info, b'\0' * 0)
776
777         # With a known but wrong syntax we get a protocol error
778         # see test_no_auth_presentation_ctx_valid2
779         tsf1b_list = [zero_syntax, samba.dcerpc.epmapper.abstract_syntax(), ndr64]
780         ctx1b = dcerpc.ctx_list()
781         ctx1b.context_id = 1
782         ctx1b.num_transfer_syntaxes = len(tsf1b_list)
783         ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
784         ctx1b.transfer_syntaxes = tsf1b_list
785
786         # Send a alter
787         req = self.generate_alter(call_id=1, ctx_list=[ctx1b])
788         self.send_pdu(req)
789         rep = self.recv_pdu()
790         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
791                         pfc_flags=req.pfc_flags |
792                         dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
793                         auth_length=0)
794         self.assertNotEquals(rep.u.alloc_hint, 0)
795         self.assertEquals(rep.u.context_id, 0)
796         self.assertEquals(rep.u.cancel_count, 0)
797         self.assertEquals(rep.u.flags, 0)
798         self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
799         self.assertEquals(rep.u.reserved, 0)
800         self.assertEquals(len(rep.u.error_and_verifier), 0)
801
802         # wait for a disconnect
803         rep = self.recv_pdu()
804         self.assertIsNone(rep)
805         self.assertNotConnected()
806
807     def test_no_auth_presentation_ctx_valid2(self):
808         ndr32 = base.transfer_syntax_ndr()
809
810         zero_syntax = misc.ndr_syntax_id()
811
812         tsf1a_list = [zero_syntax, ndr32, ndr32, ndr32]
813         ctx1a = dcerpc.ctx_list()
814         ctx1a.context_id = 1
815         ctx1a.num_transfer_syntaxes = len(tsf1a_list)
816         ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
817         ctx1a.transfer_syntaxes = tsf1a_list
818
819         req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
820         self.send_pdu(req)
821         rep = self.recv_pdu()
822         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
823                         auth_length=0)
824         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
825         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
826         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
827         self.assertEquals(rep.u.secondary_address_size, 4)
828         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
829         self.assertPadding(rep.u._pad1, 2)
830         self.assertEquals(rep.u.num_results, 1)
831         self.assertEquals(rep.u.ctx_list[0].result,
832                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
833         self.assertEquals(rep.u.ctx_list[0].reason,
834                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
835         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
836         self.assertEquals(rep.u.auth_info, b'\0' * 0)
837
838         # With a unknown but wrong syntaxes we get NO protocol error
839         # see test_no_auth_presentation_ctx_invalid4
840         tsf1b_list = [zero_syntax, samba.dcerpc.epmapper.abstract_syntax()]
841         ctx1b = dcerpc.ctx_list()
842         ctx1b.context_id = 1
843         ctx1b.num_transfer_syntaxes = len(tsf1b_list)
844         ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
845         ctx1b.transfer_syntaxes = tsf1b_list
846
847         # Send a alter
848         req = self.generate_alter(call_id=1, ctx_list=[ctx1b])
849         self.send_pdu(req)
850         rep = self.recv_pdu()
851         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
852                         auth_length=0)
853         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
854         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
855         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
856         self.assertEquals(rep.u.secondary_address_size, 0)
857         self.assertPadding(rep.u._pad1, 2)
858         self.assertEquals(rep.u.num_results, 1)
859         self.assertEquals(rep.u.ctx_list[0].result,
860                           dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
861         self.assertEquals(rep.u.ctx_list[0].reason,
862                           dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
863         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
864         self.assertEquals(rep.u.auth_info, b'\0' * 0)
865
866         req = self.generate_request(call_id=2,
867                                     context_id=ctx1a.context_id,
868                                     opnum=0xffff,
869                                     stub=b"")
870         self.send_pdu(req)
871         rep = self.recv_pdu()
872         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
873                         pfc_flags=req.pfc_flags |
874                         dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
875                         auth_length=0)
876         self.assertNotEquals(rep.u.alloc_hint, 0)
877         self.assertEquals(rep.u.context_id, ctx1a.context_id)
878         self.assertEquals(rep.u.cancel_count, 0)
879         self.assertEquals(rep.u.flags, 0)
880         self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_OP_RNG_ERROR)
881         self.assertEquals(rep.u.reserved, 0)
882         self.assertEquals(len(rep.u.error_and_verifier), 0)
883
884     def test_no_auth_presentation_ctx_no_ndr64(self):
885         ndr32 = base.transfer_syntax_ndr()
886         zero_syntax = misc.ndr_syntax_id()
887
888         tsfZ_list = [zero_syntax]
889         ctxZ = dcerpc.ctx_list()
890         ctxZ.context_id = 54321
891         ctxZ.num_transfer_syntaxes = len(tsfZ_list)
892         ctxZ.abstract_syntax = zero_syntax
893         ctxZ.transfer_syntaxes = tsfZ_list
894
895         req = self.generate_bind(call_id=0, ctx_list=[ctxZ])
896         self.send_pdu(req)
897         rep = self.recv_pdu()
898         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
899                         auth_length=0)
900         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
901         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
902         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
903         self.assertEquals(rep.u.secondary_address_size, 4)
904         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
905         self.assertPadding(rep.u._pad1, 2)
906         self.assertEquals(rep.u.num_results, 1)
907         self.assertEquals(rep.u.ctx_list[0].result,
908                           dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
909         self.assertEquals(rep.u.ctx_list[0].reason,
910                           dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
911         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
912         self.assertEquals(rep.u.auth_info, b'\0' * 0)
913
914         tsf0_list = [ndr32]
915         ctx0 = dcerpc.ctx_list()
916         ctx0.context_id = 0
917         ctx0.num_transfer_syntaxes = len(tsf0_list)
918         ctx0.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
919         ctx0.transfer_syntaxes = tsf0_list
920
921         req = self.generate_alter(call_id=0, ctx_list=[ctx0])
922         self.send_pdu(req)
923         rep = self.recv_pdu()
924         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
925                         auth_length=0)
926         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
927         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
928         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
929         self.assertEquals(rep.u.secondary_address_size, 0)
930         self.assertPadding(rep.u._pad1, 2)
931         self.assertEquals(rep.u.num_results, 1)
932         self.assertEquals(rep.u.ctx_list[0].result,
933                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
934         self.assertEquals(rep.u.ctx_list[0].reason,
935                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
936         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
937         self.assertEquals(rep.u.auth_info, b'\0' * 0)
938
939         req = self.generate_request(call_id=1,
940                                     context_id=ctx0.context_id,
941                                     opnum=0,
942                                     stub=b"")
943         self.send_pdu(req)
944         rep = self.recv_pdu()
945         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
946                         auth_length=0)
947         self.assertNotEquals(rep.u.alloc_hint, 0)
948         self.assertEquals(rep.u.context_id, req.u.context_id)
949         self.assertEquals(rep.u.cancel_count, 0)
950         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
951
952         tsf1_list = [zero_syntax, ndr32]
953         ctx1 = dcerpc.ctx_list()
954         ctx1.context_id = 1
955         ctx1.num_transfer_syntaxes = len(tsf1_list)
956         ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
957         ctx1.transfer_syntaxes = tsf1_list
958
959         req = self.generate_alter(call_id=1, ctx_list=[ctx1])
960         self.send_pdu(req)
961         rep = self.recv_pdu()
962         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
963                         auth_length=0)
964         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
965         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
966         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
967         self.assertEquals(rep.u.secondary_address_size, 0)
968         self.assertPadding(rep.u._pad1, 2)
969         self.assertEquals(rep.u.num_results, 1)
970         self.assertEquals(rep.u.ctx_list[0].result,
971                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
972         self.assertEquals(rep.u.ctx_list[0].reason,
973                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
974         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
975         self.assertEquals(rep.u.auth_info, b'\0' * 0)
976
977         req = self.generate_request(call_id=1,
978                                     context_id=ctx1.context_id,
979                                     opnum=0,
980                                     stub=b"")
981         self.send_pdu(req)
982         rep = self.recv_pdu()
983         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
984                         auth_length=0)
985         self.assertNotEquals(rep.u.alloc_hint, 0)
986         self.assertEquals(rep.u.context_id, req.u.context_id)
987         self.assertEquals(rep.u.cancel_count, 0)
988         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
989
990         tsf2_list = [ndr32, ndr32]
991         ctx2 = dcerpc.ctx_list()
992         ctx2.context_id = 2
993         ctx2.num_transfer_syntaxes = len(tsf2_list)
994         ctx2.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
995         ctx2.transfer_syntaxes = tsf2_list
996
997         req = self.generate_alter(call_id=2, ctx_list=[ctx2])
998         self.send_pdu(req)
999         rep = self.recv_pdu()
1000         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1001                         auth_length=0)
1002         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1003         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1004         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1005         self.assertEquals(rep.u.secondary_address_size, 0)
1006         self.assertPadding(rep.u._pad1, 2)
1007         self.assertEquals(rep.u.num_results, 1)
1008         self.assertEquals(rep.u.ctx_list[0].result,
1009                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1010         self.assertEquals(rep.u.ctx_list[0].reason,
1011                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1012         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1013         self.assertEquals(rep.u.auth_info, b'\0' * 0)
1014
1015         req = self.generate_request(call_id=1,
1016                                     context_id=ctx2.context_id,
1017                                     opnum=0,
1018                                     stub=b"")
1019         self.send_pdu(req)
1020         rep = self.recv_pdu()
1021         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1022                         auth_length=0)
1023         self.assertNotEquals(rep.u.alloc_hint, 0)
1024         self.assertEquals(rep.u.context_id, req.u.context_id)
1025         self.assertEquals(rep.u.cancel_count, 0)
1026         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1027
1028         tsf3_list = [ndr32]
1029         ctx3 = dcerpc.ctx_list()
1030         ctx3.context_id = 3
1031         ctx3.num_transfer_syntaxes = len(tsf3_list)
1032         ctx3.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1033         ctx3.transfer_syntaxes = tsf3_list
1034
1035         tsf4_list = [ndr32]
1036         ctx4 = dcerpc.ctx_list()
1037         ctx4.context_id = 4
1038         ctx4.num_transfer_syntaxes = len(tsf4_list)
1039         ctx4.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1040         ctx4.transfer_syntaxes = tsf4_list
1041
1042         req = self.generate_alter(call_id=34, ctx_list=[ctx3, ctx4])
1043         self.send_pdu(req)
1044         rep = self.recv_pdu()
1045         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1046                         auth_length=0)
1047         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1048         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1049         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1050         self.assertEquals(rep.u.secondary_address_size, 0)
1051         self.assertPadding(rep.u._pad1, 2)
1052         self.assertEquals(rep.u.num_results, 2)
1053         self.assertEquals(rep.u.ctx_list[0].result,
1054                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1055         self.assertEquals(rep.u.ctx_list[0].reason,
1056                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1057         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1058         self.assertEquals(rep.u.ctx_list[1].result,
1059                           dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1060         self.assertEquals(rep.u.ctx_list[1].reason,
1061                           dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1062         self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1063         self.assertEquals(rep.u.auth_info, b'\0' * 0)
1064
1065         req = self.generate_request(call_id=1,
1066                                     context_id=ctx3.context_id,
1067                                     opnum=0,
1068                                     stub=b"")
1069         self.send_pdu(req)
1070         rep = self.recv_pdu()
1071         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1072                         auth_length=0)
1073         self.assertNotEquals(rep.u.alloc_hint, 0)
1074         self.assertEquals(rep.u.context_id, req.u.context_id)
1075         self.assertEquals(rep.u.cancel_count, 0)
1076         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1077
1078         req = self.generate_alter(call_id=43, ctx_list=[ctx4, ctx3])
1079         self.send_pdu(req)
1080         rep = self.recv_pdu()
1081         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1082                         auth_length=0)
1083         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1084         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1085         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1086         self.assertEquals(rep.u.secondary_address_size, 0)
1087         self.assertPadding(rep.u._pad1, 2)
1088         self.assertEquals(rep.u.num_results, 2)
1089         self.assertEquals(rep.u.ctx_list[0].result,
1090                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1091         self.assertEquals(rep.u.ctx_list[0].reason,
1092                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1093         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1094         self.assertEquals(rep.u.ctx_list[1].result,
1095                           dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1096         self.assertEquals(rep.u.ctx_list[1].reason,
1097                           dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1098         self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1099         self.assertEquals(rep.u.auth_info, b'\0' * 0)
1100
1101         req = self.generate_request(call_id=1,
1102                                     context_id=ctx4.context_id,
1103                                     opnum=0,
1104                                     stub=b"")
1105         self.send_pdu(req)
1106         rep = self.recv_pdu()
1107         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1108                         auth_length=0)
1109         self.assertNotEquals(rep.u.alloc_hint, 0)
1110         self.assertEquals(rep.u.context_id, req.u.context_id)
1111         self.assertEquals(rep.u.cancel_count, 0)
1112         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1113
1114         req = self.generate_request(call_id=1,
1115                                     context_id=ctx3.context_id,
1116                                     opnum=0,
1117                                     stub=b"")
1118         self.send_pdu(req)
1119         rep = self.recv_pdu()
1120         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1121                         auth_length=0)
1122         self.assertNotEquals(rep.u.alloc_hint, 0)
1123         self.assertEquals(rep.u.context_id, req.u.context_id)
1124         self.assertEquals(rep.u.cancel_count, 0)
1125         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1126
1127         req = self.generate_alter(call_id=44, ctx_list=[ctx4, ctx4])
1128         self.send_pdu(req)
1129         rep = self.recv_pdu()
1130         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1131                         auth_length=0)
1132         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1133         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1134         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1135         self.assertEquals(rep.u.secondary_address_size, 0)
1136         self.assertPadding(rep.u._pad1, 2)
1137         self.assertEquals(rep.u.num_results, 2)
1138         self.assertEquals(rep.u.ctx_list[0].result,
1139                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1140         self.assertEquals(rep.u.ctx_list[0].reason,
1141                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1142         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1143         self.assertEquals(rep.u.ctx_list[1].result,
1144                           dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1145         self.assertEquals(rep.u.ctx_list[1].reason,
1146                           dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1147         self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1148         self.assertEquals(rep.u.auth_info, b'\0' * 0)
1149
1150         req = self.generate_request(call_id=1,
1151                                     context_id=ctx4.context_id,
1152                                     opnum=0,
1153                                     stub=b"")
1154         self.send_pdu(req)
1155         rep = self.recv_pdu()
1156         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1157                         auth_length=0)
1158         self.assertNotEquals(rep.u.alloc_hint, 0)
1159         self.assertEquals(rep.u.context_id, req.u.context_id)
1160         self.assertEquals(rep.u.cancel_count, 0)
1161         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1162
1163         req = self.generate_request(call_id=1,
1164                                     context_id=ctx3.context_id,
1165                                     opnum=0,
1166                                     stub=b"")
1167         self.send_pdu(req)
1168         rep = self.recv_pdu()
1169         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1170                         auth_length=0)
1171         self.assertNotEquals(rep.u.alloc_hint, 0)
1172         self.assertEquals(rep.u.context_id, req.u.context_id)
1173         self.assertEquals(rep.u.cancel_count, 0)
1174         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1175
1176         tsf5mgmt_list = [ndr32]
1177         ctx5mgmt = dcerpc.ctx_list()
1178         ctx5mgmt.context_id = 5
1179         ctx5mgmt.num_transfer_syntaxes = len(tsf5mgmt_list)
1180         ctx5mgmt.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1181         ctx5mgmt.transfer_syntaxes = tsf5mgmt_list
1182
1183         tsf5epm_list = [ndr32]
1184         ctx5epm = dcerpc.ctx_list()
1185         ctx5epm.context_id = 5
1186         ctx5epm.num_transfer_syntaxes = len(tsf5epm_list)
1187         ctx5epm.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1188         ctx5epm.transfer_syntaxes = tsf5epm_list
1189
1190         req = self.generate_alter(call_id=55, ctx_list=[ctx5mgmt, ctx5epm])
1191         self.send_pdu(req)
1192         rep = self.recv_pdu()
1193         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1194                         auth_length=0)
1195         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1196         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1197         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1198         self.assertEquals(rep.u.secondary_address_size, 0)
1199         self.assertPadding(rep.u._pad1, 2)
1200         self.assertEquals(rep.u.num_results, 2)
1201         self.assertEquals(rep.u.ctx_list[0].result,
1202                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1203         self.assertEquals(rep.u.ctx_list[0].reason,
1204                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1205         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1206         self.assertEquals(rep.u.ctx_list[1].result,
1207                           dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1208         self.assertEquals(rep.u.ctx_list[1].reason,
1209                           dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1210         self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1211         self.assertEquals(rep.u.auth_info, b'\0' * 0)
1212
1213         req = self.generate_request(call_id=1,
1214                                     context_id=ctx5mgmt.context_id,
1215                                     opnum=0,
1216                                     stub=b"")
1217         self.send_pdu(req)
1218         rep = self.recv_pdu()
1219         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1220                         auth_length=0)
1221         self.assertNotEquals(rep.u.alloc_hint, 0)
1222         self.assertEquals(rep.u.context_id, req.u.context_id)
1223         self.assertEquals(rep.u.cancel_count, 0)
1224         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1225
1226         req = self.generate_alter(call_id=55, ctx_list=[ctx5mgmt, ctx5epm])
1227         self.send_pdu(req)
1228         rep = self.recv_pdu()
1229         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1230                         auth_length=0)
1231         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1232         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1233         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1234         self.assertEquals(rep.u.secondary_address_size, 0)
1235         self.assertPadding(rep.u._pad1, 2)
1236         self.assertEquals(rep.u.num_results, 2)
1237         self.assertEquals(rep.u.ctx_list[0].result,
1238                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1239         self.assertEquals(rep.u.ctx_list[0].reason,
1240                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1241         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1242         self.assertEquals(rep.u.ctx_list[1].result,
1243                           dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1244         self.assertEquals(rep.u.ctx_list[1].reason,
1245                           dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1246         self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1247         self.assertEquals(rep.u.auth_info, b'\0' * 0)
1248
1249         req = self.generate_request(call_id=1,
1250                                     context_id=ctx5mgmt.context_id,
1251                                     opnum=0,
1252                                     stub=b"")
1253         self.send_pdu(req)
1254         rep = self.recv_pdu()
1255         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1256                         auth_length=0)
1257         self.assertNotEquals(rep.u.alloc_hint, 0)
1258         self.assertEquals(rep.u.context_id, req.u.context_id)
1259         self.assertEquals(rep.u.cancel_count, 0)
1260         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1261
1262     def test_no_auth_bind_time_none_simple(self):
1263         features = 0
1264         btf = base.bind_time_features_syntax(features)
1265
1266         zero_syntax = misc.ndr_syntax_id()
1267
1268         tsf1_list = [btf]
1269         ctx1 = dcerpc.ctx_list()
1270         ctx1.context_id = 1
1271         ctx1.num_transfer_syntaxes = len(tsf1_list)
1272         ctx1.abstract_syntax = zero_syntax
1273         ctx1.transfer_syntaxes = tsf1_list
1274
1275         req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1276         self.send_pdu(req)
1277         rep = self.recv_pdu()
1278         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1279                         auth_length=0)
1280         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1281         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1282         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1283         self.assertEquals(rep.u.secondary_address_size, 4)
1284         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1285         self.assertPadding(rep.u._pad1, 2)
1286         self.assertEquals(rep.u.num_results, 1)
1287         self.assertEquals(rep.u.ctx_list[0].result,
1288                           dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1289         self.assertEquals(rep.u.ctx_list[0].reason, features)
1290         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1291         self.assertEquals(rep.u.auth_info, b'\0' * 0)
1292
1293     def test_no_auth_bind_time_none_ignore_additional(self):
1294         features1 = 0
1295         btf1 = base.bind_time_features_syntax(features1)
1296
1297         features2 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1298         features2 |= dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1299         btf2 = base.bind_time_features_syntax(features2)
1300
1301         zero_syntax = misc.ndr_syntax_id()
1302         ndr64 = base.transfer_syntax_ndr64()
1303
1304         tsf1_list = [btf1, btf2, zero_syntax]
1305         ctx1 = dcerpc.ctx_list()
1306         ctx1.context_id = 1
1307         ctx1.num_transfer_syntaxes = len(tsf1_list)
1308         ctx1.abstract_syntax = ndr64
1309         ctx1.transfer_syntaxes = tsf1_list
1310
1311         req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1312         self.send_pdu(req)
1313         rep = self.recv_pdu()
1314         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1315                         auth_length=0)
1316         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1317         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1318         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1319         self.assertEquals(rep.u.secondary_address_size, 4)
1320         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1321         self.assertPadding(rep.u._pad1, 2)
1322         self.assertEquals(rep.u.num_results, 1)
1323         self.assertEquals(rep.u.ctx_list[0].result,
1324                           dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1325         self.assertEquals(rep.u.ctx_list[0].reason, features1)
1326         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1327         self.assertEquals(rep.u.auth_info, b'\0' * 0)
1328
1329     def test_no_auth_bind_time_only_first(self):
1330         features1 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1331         btf1 = base.bind_time_features_syntax(features1)
1332
1333         features2 = dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1334         btf2 = base.bind_time_features_syntax(features2)
1335
1336         zero_syntax = misc.ndr_syntax_id()
1337
1338         tsf1_list = [zero_syntax, btf1, btf2, zero_syntax]
1339         ctx1 = dcerpc.ctx_list()
1340         ctx1.context_id = 1
1341         ctx1.num_transfer_syntaxes = len(tsf1_list)
1342         ctx1.abstract_syntax = zero_syntax
1343         ctx1.transfer_syntaxes = tsf1_list
1344
1345         req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1346         self.send_pdu(req)
1347         rep = self.recv_pdu()
1348         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1349                         auth_length=0)
1350         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1351         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1352         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1353         self.assertEquals(rep.u.secondary_address_size, 4)
1354         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1355         self.assertPadding(rep.u._pad1, 2)
1356         self.assertEquals(rep.u.num_results, 1)
1357         self.assertEquals(rep.u.ctx_list[0].result,
1358                           dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1359         self.assertEquals(rep.u.ctx_list[0].reason,
1360                           dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
1361         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1362         self.assertEquals(rep.u.auth_info, b'\0' * 0)
1363
1364     def test_no_auth_bind_time_twice(self):
1365         features1 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1366         btf1 = base.bind_time_features_syntax(features1)
1367
1368         features2 = dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1369         btf2 = base.bind_time_features_syntax(features2)
1370
1371         zero_syntax = misc.ndr_syntax_id()
1372
1373         tsf1_list = [btf1]
1374         ctx1 = dcerpc.ctx_list()
1375         ctx1.context_id = 1
1376         ctx1.num_transfer_syntaxes = len(tsf1_list)
1377         ctx1.abstract_syntax = zero_syntax
1378         ctx1.transfer_syntaxes = tsf1_list
1379
1380         tsf2_list = [btf2]
1381         ctx2 = dcerpc.ctx_list()
1382         ctx2.context_id = 2
1383         ctx2.num_transfer_syntaxes = len(tsf2_list)
1384         ctx2.abstract_syntax = zero_syntax
1385         ctx2.transfer_syntaxes = tsf2_list
1386
1387         req = self.generate_bind(call_id=0, ctx_list=[ctx1, ctx2])
1388         self.send_pdu(req)
1389         rep = self.recv_pdu()
1390         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
1391                         auth_length=0)
1392         self.assertEquals(rep.u.reject_reason,
1393                           dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1394         self.assertEquals(rep.u.num_versions, 1)
1395         self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
1396         self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
1397         self.assertPadding(rep.u._pad, 3)
1398
1399         # wait for a disconnect
1400         rep = self.recv_pdu()
1401         self.assertIsNone(rep)
1402         self.assertNotConnected()
1403
1404     def test_no_auth_bind_time_keep_on_orphan_simple(self):
1405         features = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1406         btf = base.bind_time_features_syntax(features)
1407
1408         zero_syntax = misc.ndr_syntax_id()
1409
1410         tsf1_list = [btf]
1411         ctx1 = dcerpc.ctx_list()
1412         ctx1.context_id = 1
1413         ctx1.num_transfer_syntaxes = len(tsf1_list)
1414         ctx1.abstract_syntax = zero_syntax
1415         ctx1.transfer_syntaxes = tsf1_list
1416
1417         req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1418         self.send_pdu(req)
1419         rep = self.recv_pdu()
1420         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1421                         auth_length=0)
1422         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1423         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1424         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1425         self.assertEquals(rep.u.secondary_address_size, 4)
1426         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1427         self.assertPadding(rep.u._pad1, 2)
1428         self.assertEquals(rep.u.num_results, 1)
1429         self.assertEquals(rep.u.ctx_list[0].result,
1430                           dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1431         self.assertEquals(rep.u.ctx_list[0].reason, features)
1432         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1433         self.assertEquals(rep.u.auth_info, b'\0' * 0)
1434
1435     def test_no_auth_bind_time_keep_on_orphan_ignore_additional(self):
1436         features1 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1437         btf1 = base.bind_time_features_syntax(features1)
1438
1439         features2 = dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1440         btf2 = base.bind_time_features_syntax(features2)
1441
1442         zero_syntax = misc.ndr_syntax_id()
1443         ndr64 = base.transfer_syntax_ndr64()
1444
1445         tsf1_list = [btf1, btf2, zero_syntax]
1446         ctx1 = dcerpc.ctx_list()
1447         ctx1.context_id = 1
1448         ctx1.num_transfer_syntaxes = len(tsf1_list)
1449         ctx1.abstract_syntax = ndr64
1450         ctx1.transfer_syntaxes = tsf1_list
1451
1452         req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1453         self.send_pdu(req)
1454         rep = self.recv_pdu()
1455         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1456                         auth_length=0)
1457         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1458         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1459         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1460         self.assertEquals(rep.u.secondary_address_size, 4)
1461         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1462         self.assertPadding(rep.u._pad1, 2)
1463         self.assertEquals(rep.u.num_results, 1)
1464         self.assertEquals(rep.u.ctx_list[0].result,
1465                           dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1466         self.assertEquals(rep.u.ctx_list[0].reason, features1)
1467         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1468         self.assertEquals(rep.u.auth_info, b'\0' * 0)
1469
1470     def _test_auth_type_level_bind_nak(self, auth_type, auth_level, creds=None,
1471                                        reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_AUTH_TYPE):
1472         ndr32 = base.transfer_syntax_ndr()
1473
1474         tsf1_list = [ndr32]
1475         ctx1 = dcerpc.ctx_list()
1476         ctx1.context_id = 1
1477         ctx1.num_transfer_syntaxes = len(tsf1_list)
1478         ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1479         ctx1.transfer_syntaxes = tsf1_list
1480         ctx_list = [ctx1]
1481
1482         auth_context_id = 0
1483
1484         if creds is not None:
1485             # We always start with DCERPC_AUTH_LEVEL_INTEGRITY
1486             auth_context = self.get_auth_context_creds(creds,
1487                                                        auth_type=auth_type,
1488                                                        auth_level=auth_level,
1489                                                        auth_context_id=auth_context_id,
1490                                                        g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
1491             from_server = b""
1492             (finished, to_server) = auth_context["gensec"].update(from_server)
1493             self.assertFalse(finished)
1494
1495             auth_info = self.generate_auth(auth_type=auth_context["auth_type"],
1496                                            auth_level=auth_context["auth_level"],
1497                                            auth_context_id=auth_context["auth_context_id"],
1498                                            auth_blob=to_server)
1499         else:
1500             to_server = b"none"
1501             auth_info = self.generate_auth(auth_type=auth_type,
1502                                            auth_level=auth_level,
1503                                            auth_context_id=auth_context_id,
1504                                            auth_blob=to_server)
1505
1506         req = self.generate_bind(call_id=0,
1507                                  ctx_list=ctx_list,
1508                                  auth_info=auth_info)
1509         self.send_pdu(req)
1510         rep = self.recv_pdu()
1511         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
1512                         auth_length=0)
1513         self.assertEquals(rep.u.reject_reason, reason)
1514         self.assertEquals(rep.u.num_versions, 1)
1515         self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
1516         self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
1517         self.assertPadding(rep.u._pad, 3)
1518
1519         # wait for a disconnect
1520         rep = self.recv_pdu()
1521         self.assertIsNone(rep)
1522         self.assertNotConnected()
1523
1524     def _test_auth_none_level_bind(self, auth_level,
1525                                    reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_AUTH_TYPE):
1526         return self._test_auth_type_level_bind_nak(auth_type=dcerpc.DCERPC_AUTH_LEVEL_NONE,
1527                                                    auth_level=auth_level, reason=reason)
1528
1529     def test_auth_none_none_bind(self):
1530         return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_NONE,
1531                                                reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1532
1533     def test_auth_none_connect_bind(self):
1534         return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_CONNECT)
1535
1536     def test_auth_none_call_bind(self):
1537         return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_CALL)
1538
1539     def test_auth_none_packet_bind(self):
1540         return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_PACKET)
1541
1542     def test_auth_none_integrity_bind(self):
1543         return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
1544
1545     def test_auth_none_privacy_bind(self):
1546         return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_PRIVACY)
1547
1548     def test_auth_none_0_bind(self):
1549         return self._test_auth_none_level_bind(0,
1550                                                reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1551
1552     def test_auth_none_7_bind(self):
1553         return self._test_auth_none_level_bind(7,
1554                                                reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1555
1556     def test_auth_none_255_bind(self):
1557         return self._test_auth_none_level_bind(255,
1558                                                reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1559
1560     def _test_auth_none_level_request(self, auth_level):
1561         ndr32 = base.transfer_syntax_ndr()
1562
1563         tsf1_list = [ndr32]
1564         ctx1 = dcerpc.ctx_list()
1565         ctx1.context_id = 1
1566         ctx1.num_transfer_syntaxes = len(tsf1_list)
1567         ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1568         ctx1.transfer_syntaxes = tsf1_list
1569         ctx_list = [ctx1]
1570
1571         auth_type = dcerpc.DCERPC_AUTH_TYPE_NONE
1572         auth_context_id = 0
1573
1574         req = self.generate_bind(call_id=0,
1575                                  ctx_list=ctx_list)
1576
1577         self.send_pdu(req)
1578         rep = self.recv_pdu()
1579         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
1580         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1581         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1582         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1583         self.assertEquals(rep.u.secondary_address_size, 4)
1584         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1585         self.assertPadding(rep.u._pad1, 2)
1586         self.assertEquals(rep.u.num_results, 1)
1587         self.assertEquals(rep.u.ctx_list[0].result,
1588                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1589         self.assertEquals(rep.u.ctx_list[0].reason,
1590                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1591         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1592         self.assertEquals(len(rep.u.auth_info), 0)
1593
1594         # And now try a request without auth_info
1595         req = self.generate_request(call_id=2,
1596                                     context_id=ctx1.context_id,
1597                                     opnum=0,
1598                                     stub=b"")
1599         self.send_pdu(req)
1600         rep = self.recv_pdu()
1601         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1602                         auth_length=0)
1603         self.assertNotEquals(rep.u.alloc_hint, 0)
1604         self.assertEquals(rep.u.context_id, req.u.context_id)
1605         self.assertEquals(rep.u.cancel_count, 0)
1606         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1607
1608         auth_info = self.generate_auth(auth_type=auth_type,
1609                                        auth_level=auth_level,
1610                                        auth_context_id=auth_context_id,
1611                                        auth_blob=b"none")
1612
1613         req = self.generate_request(call_id=3,
1614                                     context_id=ctx1.context_id,
1615                                     opnum=0,
1616                                     stub=b"",
1617                                     auth_info=auth_info)
1618         self.send_pdu(req)
1619         rep = self.recv_pdu()
1620         # We get a fault back
1621         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
1622                         auth_length=0)
1623         self.assertNotEquals(rep.u.alloc_hint, 0)
1624         self.assertEquals(rep.u.context_id, req.u.context_id)
1625         self.assertEquals(rep.u.cancel_count, 0)
1626         self.assertEquals(rep.u.flags, 0)
1627         self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
1628         self.assertEquals(rep.u.reserved, 0)
1629         self.assertEquals(len(rep.u.error_and_verifier), 0)
1630
1631         # wait for a disconnect
1632         rep = self.recv_pdu()
1633         self.assertIsNone(rep)
1634         self.assertNotConnected()
1635
1636     def test_auth_none_none_request(self):
1637         return self._test_auth_none_level_request(dcerpc.DCERPC_AUTH_LEVEL_NONE)
1638
1639     def test_auth_none_connect_request(self):
1640         return self._test_auth_none_level_request(dcerpc.DCERPC_AUTH_LEVEL_CONNECT)
1641
1642     def test_auth_none_call_request(self):
1643         return self._test_auth_none_level_request(dcerpc.DCERPC_AUTH_LEVEL_CALL)
1644
1645     def _test_neg_xmit_check_values(self,
1646                                     req_xmit=None,
1647                                     req_recv=None,
1648                                     rep_both=None,
1649                                     alter_xmit=None,
1650                                     alter_recv=None):
1651         ndr32 = base.transfer_syntax_ndr()
1652
1653         tsf1_list = [ndr32]
1654         ctx1 = dcerpc.ctx_list()
1655         ctx1.context_id = 1
1656         ctx1.num_transfer_syntaxes = len(tsf1_list)
1657         ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1658         ctx1.transfer_syntaxes = tsf1_list
1659
1660         req = self.generate_bind(call_id=0,
1661                                  max_xmit_frag=req_xmit,
1662                                  max_recv_frag=req_recv,
1663                                  ctx_list=[ctx1])
1664         self.send_pdu(req)
1665         rep = self.recv_pdu()
1666         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1667                         auth_length=0)
1668         self.assertEquals(rep.u.max_xmit_frag, rep_both)
1669         self.assertEquals(rep.u.max_recv_frag, rep_both)
1670         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1671         self.assertEquals(rep.u.secondary_address_size, 4)
1672         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1673         self.assertPadding(rep.u._pad1, 2)
1674         self.assertEquals(rep.u.num_results, 1)
1675         self.assertEquals(rep.u.ctx_list[0].result,
1676                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1677         self.assertEquals(rep.u.ctx_list[0].reason,
1678                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1679         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1680         self.assertEquals(rep.u.auth_info, b'\0' * 0)
1681
1682         assoc_group_id = rep.u.assoc_group_id
1683         if alter_xmit is None:
1684             alter_xmit = rep_both - 8
1685         if alter_recv is None:
1686             alter_recv = rep_both - 8
1687
1688         # max_{xmit,recv}_frag and assoc_group_id are completely
1689         # ignored in alter_context requests
1690         req = self.generate_alter(call_id=1,
1691                                   max_xmit_frag=alter_xmit,
1692                                   max_recv_frag=alter_recv,
1693                                   assoc_group_id=0xffffffff - rep.u.assoc_group_id,
1694                                   ctx_list=[ctx1])
1695         self.send_pdu(req)
1696         rep = self.recv_pdu()
1697         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1698                         auth_length=0)
1699         self.assertEquals(rep.u.max_xmit_frag, rep_both)
1700         self.assertEquals(rep.u.max_recv_frag, rep_both)
1701         self.assertEquals(rep.u.assoc_group_id, rep.u.assoc_group_id)
1702         self.assertEquals(rep.u.secondary_address_size, 0)
1703         self.assertPadding(rep.u._pad1, 2)
1704         self.assertEquals(rep.u.num_results, 1)
1705         self.assertEquals(rep.u.ctx_list[0].result,
1706                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1707         self.assertEquals(rep.u.ctx_list[0].reason,
1708                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1709         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1710         self.assertEquals(rep.u.auth_info, b'\0' * 0)
1711
1712         chunk_size = rep_both - dcerpc.DCERPC_REQUEST_LENGTH
1713         req = self.generate_request(call_id=2,
1714                                     context_id=ctx1.context_id,
1715                                     opnum=0,
1716                                     alloc_hint=0xffffffff,
1717                                     stub=b"\00" * chunk_size)
1718         self.send_pdu(req, ndr_print=True, hexdump=True)
1719         rep = self.recv_pdu(ndr_print=True, hexdump=True)
1720         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1721                         auth_length=0)
1722         self.assertNotEquals(rep.u.alloc_hint, 0)
1723         self.assertEquals(rep.u.context_id, req.u.context_id)
1724         self.assertEquals(rep.u.cancel_count, 0)
1725         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1726
1727         chunk_size = 5840 - dcerpc.DCERPC_REQUEST_LENGTH
1728         req = self.generate_request(call_id=2,
1729                                     context_id=ctx1.context_id,
1730                                     opnum=0,
1731                                     alloc_hint=0xffffffff,
1732                                     stub=b"\00" * chunk_size)
1733         self.send_pdu(req)
1734         rep = self.recv_pdu()
1735         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1736                         auth_length=0)
1737         self.assertNotEquals(rep.u.alloc_hint, 0)
1738         self.assertEquals(rep.u.context_id, req.u.context_id)
1739         self.assertEquals(rep.u.cancel_count, 0)
1740         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1741
1742         chunk_size += 1
1743         req = self.generate_request(call_id=3,
1744                                     context_id=ctx1.context_id,
1745                                     opnum=0,
1746                                     alloc_hint=0xffffffff,
1747                                     stub=b"\00" * chunk_size)
1748         self.send_pdu(req)
1749         rep = self.recv_pdu()
1750         # We get a fault
1751         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
1752                         auth_length=0)
1753         self.assertNotEquals(rep.u.alloc_hint, 0)
1754         self.assertEquals(rep.u.context_id, 0)
1755         self.assertEquals(rep.u.cancel_count, 0)
1756         self.assertEquals(rep.u.flags, 0)
1757         self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
1758         self.assertEquals(rep.u.reserved, 0)
1759         self.assertEquals(len(rep.u.error_and_verifier), 0)
1760
1761         # wait for a disconnect
1762         rep = self.recv_pdu()
1763         self.assertIsNone(rep)
1764         self.assertNotConnected()
1765
1766     def test_neg_xmit_ffff_ffff(self):
1767         return self._test_neg_xmit_check_values(req_xmit=0xffff,
1768                                                 req_recv=0xffff,
1769                                                 rep_both=5840)
1770
1771     def test_neg_xmit_0_ffff(self):
1772         return self._test_neg_xmit_check_values(req_xmit=0,
1773                                                 req_recv=0xffff,
1774                                                 rep_both=2048,
1775                                                 alter_xmit=0xffff,
1776                                                 alter_recv=0xffff)
1777
1778     def test_neg_xmit_ffff_0(self):
1779         return self._test_neg_xmit_check_values(req_xmit=0xffff,
1780                                                 req_recv=0,
1781                                                 rep_both=2048)
1782
1783     def test_neg_xmit_0_0(self):
1784         return self._test_neg_xmit_check_values(req_xmit=0,
1785                                                 req_recv=0,
1786                                                 rep_both=2048,
1787                                                 alter_xmit=0xffff,
1788                                                 alter_recv=0xffff)
1789
1790     def test_neg_xmit_3199_0(self):
1791         return self._test_neg_xmit_check_values(req_xmit=3199,
1792                                                 req_recv=0,
1793                                                 rep_both=2048)
1794
1795     def test_neg_xmit_0_3199(self):
1796         return self._test_neg_xmit_check_values(req_xmit=0,
1797                                                 req_recv=3199,
1798                                                 rep_both=2048)
1799
1800     def test_neg_xmit_3199_ffff(self):
1801         return self._test_neg_xmit_check_values(req_xmit=3199,
1802                                                 req_recv=0xffff,
1803                                                 rep_both=3192)
1804
1805     def test_neg_xmit_ffff_3199(self):
1806         return self._test_neg_xmit_check_values(req_xmit=0xffff,
1807                                                 req_recv=3199,
1808                                                 rep_both=3192)
1809
1810     def test_alloc_hint(self):
1811         ndr32 = base.transfer_syntax_ndr()
1812
1813         tsf1_list = [ndr32]
1814         ctx = dcerpc.ctx_list()
1815         ctx.context_id = 0
1816         ctx.num_transfer_syntaxes = len(tsf1_list)
1817         ctx.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1818         ctx.transfer_syntaxes = tsf1_list
1819
1820         req = self.generate_bind(call_id=0,
1821                                  ctx_list=[ctx])
1822         self.send_pdu(req)
1823         rep = self.recv_pdu()
1824         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1825                         auth_length=0)
1826         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1827         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1828         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1829         self.assertEquals(rep.u.secondary_address_size, 4)
1830         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1831         self.assertPadding(rep.u._pad1, 2)
1832         self.assertEquals(rep.u.num_results, 1)
1833         self.assertEquals(rep.u.ctx_list[0].result,
1834                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1835         self.assertEquals(rep.u.ctx_list[0].reason,
1836                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1837         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1838         self.assertEquals(rep.u.auth_info, b'\0' * 0)
1839
1840         # And now try a request without auth_info
1841         req = self.generate_request(call_id=2,
1842                                     context_id=ctx.context_id,
1843                                     opnum=0,
1844                                     alloc_hint=0xffffffff,
1845                                     stub=b"")
1846         self.send_pdu(req)
1847         rep = self.recv_pdu()
1848         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1849                         auth_length=0)
1850         self.assertNotEquals(rep.u.alloc_hint, 0)
1851         self.assertEquals(rep.u.context_id, req.u.context_id)
1852         self.assertEquals(rep.u.cancel_count, 0)
1853         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1854
1855         req = self.generate_request(call_id=3,
1856                                     context_id=ctx.context_id,
1857                                     opnum=1,
1858                                     alloc_hint=0xffffffff,
1859                                     stub=b"\04\00\00\00\00\00\00\00")
1860         self.send_pdu(req)
1861         rep = self.recv_pdu()
1862         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1863                         auth_length=0)
1864         self.assertNotEquals(rep.u.alloc_hint, 0)
1865         self.assertEquals(rep.u.context_id, req.u.context_id)
1866         self.assertEquals(rep.u.cancel_count, 0)
1867         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1868
1869         req = self.generate_request(call_id=4,
1870                                     context_id=ctx.context_id,
1871                                     opnum=1,
1872                                     alloc_hint=1,
1873                                     stub=b"\04\00\00\00\00\00\00\00")
1874         self.send_pdu(req)
1875         rep = self.recv_pdu()
1876         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1877                         auth_length=0)
1878         self.assertNotEquals(rep.u.alloc_hint, 0)
1879         self.assertEquals(rep.u.context_id, req.u.context_id)
1880         self.assertEquals(rep.u.cancel_count, 0)
1881         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1882
1883     def _get_netlogon_ctx(self):
1884         abstract = samba.dcerpc.netlogon.abstract_syntax()
1885         ndr32 = base.transfer_syntax_ndr()
1886
1887         (ctx, ack) = self.prepare_presentation(abstract, ndr32, context_id=0,
1888                                                epmap=True, return_ack=True)
1889
1890         server = '\\\\' + self.target_hostname
1891         if isinstance(server, binary_type):
1892             server_utf16 = server.decode('utf-8').encode('utf-16-le')
1893         else:
1894             server_utf16 = server.encode('utf-16-le')
1895         computer = 'UNKNOWNCOMPUTER'
1896         if isinstance(server, binary_type):
1897             computer_utf16 = computer.decode('utf-8').encode('utf-16-le')
1898         else:
1899             computer_utf16 = computer.encode('utf-16-le')
1900
1901         real_stub = struct.pack('<IIII', 0x00200000,
1902                                 len(server) + 1, 0, len(server) + 1)
1903         real_stub += server_utf16 + b'\x00\x00'
1904         mod_len = len(real_stub) % 4
1905         if mod_len != 0:
1906             real_stub += b'\x00' * (4 - mod_len)
1907         real_stub += struct.pack('<III',
1908                                  len(computer) + 1, 0, len(computer) + 1)
1909         real_stub += computer_utf16 + b'\x00\x00'
1910         real_stub += b'\x11\x22\x33\x44\x55\x66\x77\x88'
1911
1912         return (ctx, ack, real_stub)
1913
1914     def _test_fragmented_requests(self, remaining=None, alloc_hint=None,
1915                                   fault_first=None, fault_last=None):
1916         (ctx, rep, real_stub) = self._get_netlogon_ctx()
1917
1918         chunk = rep.u.max_recv_frag - dcerpc.DCERPC_REQUEST_LENGTH
1919
1920         total = 0
1921         first = True
1922         while remaining > 0:
1923             thistime = min(remaining, chunk)
1924             remaining -= thistime
1925             total += thistime
1926
1927             pfc_flags = 0
1928             if first:
1929                 pfc_flags |= dcerpc.DCERPC_PFC_FLAG_FIRST
1930                 first = False
1931                 stub = real_stub + b'\x00' * (thistime - len(real_stub))
1932             else:
1933                 stub = b"\x00" * thistime
1934
1935             if remaining == 0:
1936                 pfc_flags |= dcerpc.DCERPC_PFC_FLAG_LAST
1937
1938             # And now try a request without auth_info
1939             # netr_ServerReqChallenge()
1940             req = self.generate_request(call_id=0x21234,
1941                                         pfc_flags=pfc_flags,
1942                                         context_id=ctx.context_id,
1943                                         opnum=4,
1944                                         alloc_hint=alloc_hint,
1945                                         stub=stub)
1946             if alloc_hint >= thistime:
1947                 alloc_hint -= thistime
1948             else:
1949                 alloc_hint = 0
1950             self.send_pdu(req, hexdump=False)
1951             if fault_first is not None:
1952                 rep = self.recv_pdu()
1953                 # We get a fault back
1954                 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
1955                                 auth_length=0)
1956                 self.assertNotEquals(rep.u.alloc_hint, 0)
1957                 self.assertEquals(rep.u.context_id, req.u.context_id)
1958                 self.assertEquals(rep.u.cancel_count, 0)
1959                 self.assertEquals(rep.u.flags, 0)
1960                 self.assertEquals(rep.u.status, fault_first)
1961                 self.assertEquals(rep.u.reserved, 0)
1962                 self.assertEquals(len(rep.u.error_and_verifier), 0)
1963
1964                 # wait for a disconnect
1965                 rep = self.recv_pdu()
1966                 self.assertIsNone(rep)
1967                 self.assertNotConnected()
1968                 return
1969             if remaining == 0:
1970                 break
1971             if total >= 0x400000 and fault_last is not None:
1972                 rep = self.recv_pdu()
1973                 # We get a fault back
1974                 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
1975                                 auth_length=0)
1976                 self.assertNotEquals(rep.u.alloc_hint, 0)
1977                 self.assertEquals(rep.u.context_id, req.u.context_id)
1978                 self.assertEquals(rep.u.cancel_count, 0)
1979                 self.assertEquals(rep.u.flags, 0)
1980                 self.assertEquals(rep.u.status, fault_last)
1981                 self.assertEquals(rep.u.reserved, 0)
1982                 self.assertEquals(len(rep.u.error_and_verifier), 0)
1983
1984                 # wait for a disconnect
1985                 rep = self.recv_pdu()
1986                 self.assertIsNone(rep)
1987                 self.assertNotConnected()
1988                 return
1989             rep = self.recv_pdu(timeout=0.01)
1990             self.assertIsNone(rep)
1991             self.assertIsConnected()
1992
1993         if total >= 0x400000 and fault_last is not None:
1994             rep = self.recv_pdu()
1995             # We get a fault back
1996             self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
1997                             auth_length=0)
1998             self.assertNotEquals(rep.u.alloc_hint, 0)
1999             self.assertEquals(rep.u.context_id, req.u.context_id)
2000             self.assertEquals(rep.u.cancel_count, 0)
2001             self.assertEquals(rep.u.flags, 0)
2002             self.assertEquals(rep.u.status, fault_last)
2003             self.assertEquals(rep.u.reserved, 0)
2004             self.assertEquals(len(rep.u.error_and_verifier), 0)
2005
2006             # wait for a disconnect
2007             rep = self.recv_pdu()
2008             self.assertIsNone(rep)
2009             self.assertNotConnected()
2010             return
2011         rep = self.recv_pdu()
2012         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2013                         auth_length=0)
2014         self.assertNotEquals(rep.u.alloc_hint, 0)
2015         self.assertEquals(rep.u.context_id, req.u.context_id)
2016         self.assertEquals(rep.u.cancel_count, 0)
2017         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2018
2019         self.assertEquals(len(rep.u.stub_and_verifier), 12)
2020         status = struct.unpack_from("<I", rep.u.stub_and_verifier, len(rep.u.stub_and_verifier) - 4)
2021         self.assertEquals(status[0], 0)
2022
2023     def test_fragmented_requests01(self):
2024         return self._test_fragmented_requests(remaining=0x400000,
2025                                               alloc_hint=0x400000)
2026
2027     def test_fragmented_requests02(self):
2028         return self._test_fragmented_requests(remaining=0x400000,
2029                                               alloc_hint=0x100000)
2030
2031     def test_fragmented_requests03(self):
2032         return self._test_fragmented_requests(remaining=0x400000,
2033                                               alloc_hint=0)
2034
2035     def test_fragmented_requests04(self):
2036         return self._test_fragmented_requests(remaining=0x400000,
2037                                               alloc_hint=0x400001,
2038                                               fault_first=dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2039
2040     def test_fragmented_requests05(self):
2041         return self._test_fragmented_requests(remaining=0x500001,
2042                                               alloc_hint=0,
2043                                               fault_last=dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2044
2045     def _test_same_requests(self, pfc_flags, fault_1st=False, fault_2nd=False):
2046         (ctx, rep, real_stub) = self._get_netlogon_ctx()
2047
2048         # netr_ServerReqChallenge with given flags
2049         req = self.generate_request(call_id=2,
2050                                     pfc_flags=pfc_flags,
2051                                     context_id=ctx.context_id,
2052                                     opnum=4,
2053                                     stub=real_stub)
2054         self.send_pdu(req)
2055         if fault_1st:
2056             rep = self.recv_pdu()
2057             # We get a fault back
2058             self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2059                             auth_length=0)
2060             self.assertNotEquals(rep.u.alloc_hint, 0)
2061             self.assertEquals(rep.u.context_id, 0)
2062             self.assertEquals(rep.u.cancel_count, 0)
2063             self.assertEquals(rep.u.flags, 0)
2064             self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2065             self.assertEquals(rep.u.reserved, 0)
2066             self.assertEquals(len(rep.u.error_and_verifier), 0)
2067
2068             # wait for a disconnect
2069             rep = self.recv_pdu()
2070             self.assertIsNone(rep)
2071             self.assertNotConnected()
2072             return
2073         rep = self.recv_pdu(timeout=0.1)
2074         self.assertIsNone(rep)
2075         self.assertIsConnected()
2076
2077         # netr_ServerReqChallenge without DCERPC_PFC_FLAG_LAST
2078         # with the same call_id
2079         req = self.generate_request(call_id=2,
2080                                     pfc_flags=pfc_flags,
2081                                     context_id=ctx.context_id,
2082                                     opnum=4,
2083                                     stub=real_stub)
2084         self.send_pdu(req)
2085         if fault_2nd:
2086             rep = self.recv_pdu()
2087             # We get a fault back
2088             self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2089                             auth_length=0)
2090             self.assertNotEquals(rep.u.alloc_hint, 0)
2091             self.assertEquals(rep.u.context_id, req.u.context_id)
2092             self.assertEquals(rep.u.cancel_count, 0)
2093             self.assertEquals(rep.u.flags, 0)
2094             self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2095             self.assertEquals(rep.u.reserved, 0)
2096             self.assertEquals(len(rep.u.error_and_verifier), 0)
2097
2098             # wait for a disconnect
2099             rep = self.recv_pdu()
2100             self.assertIsNone(rep)
2101             self.assertNotConnected()
2102             return
2103
2104         rep = self.recv_pdu(timeout=0.1)
2105         self.assertIsNone(rep)
2106         self.assertIsConnected()
2107
2108     def test_first_only_requests(self):
2109         return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2110                                         fault_2nd=True)
2111
2112     def test_none_only_requests(self):
2113         return self._test_same_requests(pfc_flags=0, fault_1st=True)
2114
2115     def test_last_only_requests(self):
2116         return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2117                                         fault_1st=True)
2118
2119     def test_first_maybe_requests(self):
2120         return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2121                                         dcerpc.DCERPC_PFC_FLAG_MAYBE,
2122                                         fault_2nd=True)
2123
2124     def test_first_didnot_requests(self):
2125         return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2126                                         dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
2127                                         fault_2nd=True)
2128
2129     def test_first_cmpx_requests(self):
2130         return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2131                                         dcerpc.DCERPC_PFC_FLAG_CONC_MPX,
2132                                         fault_2nd=True)
2133
2134     def test_first_08_requests(self):
2135         return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2136                                         0x08,
2137                                         fault_2nd=True)
2138
2139     def test_first_cancel_requests(self):
2140         (ctx, rep, real_stub) = self._get_netlogon_ctx()
2141
2142         # netr_ServerReqChallenge with given flags
2143         req = self.generate_request(call_id=2,
2144                                     pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2145                                     dcerpc.DCERPC_PFC_FLAG_PENDING_CANCEL,
2146                                     context_id=ctx.context_id,
2147                                     opnum=4,
2148                                     stub=real_stub)
2149         self.send_pdu(req)
2150         rep = self.recv_pdu()
2151         # We get a fault back
2152         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2153                         pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2154                         dcerpc.DCERPC_PFC_FLAG_LAST |
2155                         dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
2156                         auth_length=0)
2157         self.assertNotEquals(rep.u.alloc_hint, 0)
2158         self.assertEquals(rep.u.context_id, 0)
2159         self.assertEquals(rep.u.cancel_count, 0)
2160         self.assertEquals(rep.u.flags, 0)
2161         self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_NO_CALL_ACTIVE)
2162         self.assertEquals(rep.u.reserved, 0)
2163         self.assertEquals(len(rep.u.error_and_verifier), 0)
2164
2165         # wait for a disconnect
2166         rep = self.recv_pdu()
2167         self.assertIsNone(rep)
2168         self.assertNotConnected()
2169
2170     def test_2nd_cancel_requests(self):
2171         (ctx, rep, real_stub) = self._get_netlogon_ctx()
2172
2173         # netr_ServerReqChallenge with given flags
2174         req = self.generate_request(call_id=2,
2175                                     pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2176                                     context_id=ctx.context_id,
2177                                     opnum=4,
2178                                     stub=real_stub)
2179         self.send_pdu(req)
2180         rep = self.recv_pdu(timeout=0.1)
2181         self.assertIsNone(rep)
2182         self.assertIsConnected()
2183
2184         # netr_ServerReqChallenge with given flags
2185         req = self.generate_request(call_id=2,
2186                                     pfc_flags=dcerpc.DCERPC_PFC_FLAG_PENDING_CANCEL,
2187                                     context_id=ctx.context_id,
2188                                     opnum=4,
2189                                     stub=real_stub)
2190         self.send_pdu(req)
2191         rep = self.recv_pdu(timeout=0.1)
2192         self.assertIsNone(rep)
2193         self.assertIsConnected()
2194
2195         # netr_ServerReqChallenge with given flags
2196         req = self.generate_request(call_id=2,
2197                                     pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2198                                     context_id=ctx.context_id,
2199                                     opnum=4,
2200                                     stub=real_stub)
2201         self.send_pdu(req)
2202         rep = self.recv_pdu()
2203         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2204                         auth_length=0)
2205         self.assertNotEquals(rep.u.alloc_hint, 0)
2206         self.assertEquals(rep.u.context_id, req.u.context_id)
2207         self.assertEquals(rep.u.cancel_count, 0)
2208         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2209
2210         self.assertEquals(len(rep.u.stub_and_verifier), 12)
2211         status = struct.unpack_from("<I", rep.u.stub_and_verifier, len(rep.u.stub_and_verifier) - 4)
2212         self.assertEquals(status[0], 0)
2213
2214     def test_last_cancel_requests(self):
2215         (ctx, rep, real_stub) = self._get_netlogon_ctx()
2216
2217         # netr_ServerReqChallenge with given flags
2218         req = self.generate_request(call_id=2,
2219                                     pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2220                                     context_id=ctx.context_id,
2221                                     opnum=4,
2222                                     stub=real_stub[:4])
2223         self.send_pdu(req)
2224         rep = self.recv_pdu(timeout=0.1)
2225         self.assertIsNone(rep)
2226         self.assertIsConnected()
2227
2228         # netr_ServerReqChallenge with given flags
2229         req = self.generate_request(call_id=2,
2230                                     pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST |
2231                                     dcerpc.DCERPC_PFC_FLAG_PENDING_CANCEL,
2232                                     context_id=ctx.context_id,
2233                                     opnum=4,
2234                                     stub=real_stub[4:])
2235         self.send_pdu(req)
2236         rep = self.recv_pdu()
2237         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2238                         auth_length=0)
2239         self.assertNotEquals(rep.u.alloc_hint, 0)
2240         self.assertEquals(rep.u.context_id, req.u.context_id)
2241         self.assertEquals(rep.u.cancel_count, 0)
2242         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2243
2244         self.assertEquals(len(rep.u.stub_and_verifier), 12)
2245         status = struct.unpack_from("<I", rep.u.stub_and_verifier, len(rep.u.stub_and_verifier) - 4)
2246         self.assertEquals(status[0], 0)
2247
2248     def test_mix_requests(self):
2249         (ctx, rep, real_stub) = self._get_netlogon_ctx()
2250
2251         # netr_ServerReqChallenge with given flags
2252         req = self.generate_request(call_id=50,
2253                                     pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2254                                     context_id=ctx.context_id,
2255                                     opnum=4,
2256                                     stub=real_stub)
2257         self.send_pdu(req)
2258         rep = self.recv_pdu(timeout=0.1)
2259         self.assertIsNone(rep)
2260         self.assertIsConnected()
2261
2262         # netr_ServerReqChallenge with given flags
2263         req = self.generate_request(call_id=51,
2264                                     pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2265                                     context_id=ctx.context_id,
2266                                     opnum=4,
2267                                     stub=real_stub)
2268         self.send_pdu(req)
2269         rep = self.recv_pdu()
2270         # We get a fault back
2271         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, 50,
2272                         pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2273                         dcerpc.DCERPC_PFC_FLAG_LAST,
2274                         auth_length=0)
2275         self.assertNotEquals(rep.u.alloc_hint, 0)
2276         self.assertEquals(rep.u.context_id, req.u.context_id)
2277         self.assertEquals(rep.u.cancel_count, 0)
2278         self.assertEquals(rep.u.flags, 0)
2279         self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2280         self.assertEquals(rep.u.reserved, 0)
2281         self.assertEquals(len(rep.u.error_and_verifier), 0)
2282
2283     def test_co_cancel_no_request(self):
2284         ndr32 = base.transfer_syntax_ndr()
2285         abstract = samba.dcerpc.mgmt.abstract_syntax()
2286         ctx = self.prepare_presentation(abstract, ndr32, context_id=0xff)
2287
2288         req = self.generate_co_cancel(call_id=3)
2289         self.send_pdu(req)
2290         rep = self.recv_pdu(timeout=0.01)
2291         self.assertIsNone(rep)
2292         self.assertIsConnected()
2293
2294         # And now try a request
2295         req = self.generate_request(call_id=1,
2296                                     context_id=ctx.context_id,
2297                                     opnum=0,
2298                                     stub=b"")
2299         self.send_pdu(req)
2300         rep = self.recv_pdu()
2301         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2302                         auth_length=0)
2303         self.assertNotEquals(rep.u.alloc_hint, 0)
2304         self.assertEquals(rep.u.context_id, req.u.context_id)
2305         self.assertEquals(rep.u.cancel_count, 0)
2306         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2307
2308     def test_co_cancel_request_after_first(self):
2309         ndr32 = base.transfer_syntax_ndr()
2310         abstract = samba.dcerpc.mgmt.abstract_syntax()
2311         ctx = self.prepare_presentation(abstract, ndr32, context_id=0xff)
2312
2313         req = self.generate_request(call_id=1,
2314                                     pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2315                                     context_id=ctx.context_id,
2316                                     opnum=0,
2317                                     stub=b"")
2318         self.send_pdu(req)
2319         rep = self.recv_pdu(timeout=0.01)
2320         self.assertIsNone(rep)
2321         self.assertIsConnected()
2322
2323         req = self.generate_co_cancel(call_id=1)
2324         self.send_pdu(req)
2325         rep = self.recv_pdu(timeout=0.01)
2326         self.assertIsNone(rep)
2327         self.assertIsConnected()
2328
2329         req = self.generate_request(call_id=1,
2330                                     pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2331                                     context_id=ctx.context_id,
2332                                     opnum=0,
2333                                     stub=b"")
2334         self.send_pdu(req)
2335         rep = self.recv_pdu()
2336         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2337                         auth_length=0)
2338         self.assertNotEquals(rep.u.alloc_hint, 0)
2339         self.assertEquals(rep.u.context_id, req.u.context_id)
2340         self.assertEquals(rep.u.cancel_count, 0)
2341         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2342
2343         # And now try a request
2344         req = self.generate_request(call_id=2,
2345                                     context_id=ctx.context_id,
2346                                     opnum=0,
2347                                     stub=b"")
2348         self.send_pdu(req)
2349         rep = self.recv_pdu()
2350         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2351                         auth_length=0)
2352         self.assertNotEquals(rep.u.alloc_hint, 0)
2353         self.assertEquals(rep.u.context_id, req.u.context_id)
2354         self.assertEquals(rep.u.cancel_count, 0)
2355         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2356
2357     def test_orphaned_no_request(self):
2358         ndr32 = base.transfer_syntax_ndr()
2359         abstract = samba.dcerpc.mgmt.abstract_syntax()
2360         ctx = self.prepare_presentation(abstract, ndr32)
2361
2362         req = self.generate_orphaned(call_id=3)
2363         self.send_pdu(req)
2364         rep = self.recv_pdu(timeout=0.01)
2365         self.assertIsNone(rep)
2366         self.assertIsConnected()
2367
2368         # And now try a request
2369         req = self.generate_request(call_id=1,
2370                                     context_id=ctx.context_id,
2371                                     opnum=0,
2372                                     stub=b"")
2373         self.send_pdu(req)
2374         rep = self.recv_pdu()
2375         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2376                         auth_length=0)
2377         self.assertNotEquals(rep.u.alloc_hint, 0)
2378         self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2379         self.assertEquals(rep.u.cancel_count, 0)
2380         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2381
2382     def test_orphaned_request_after_first_last(self):
2383         ndr32 = base.transfer_syntax_ndr()
2384         abstract = samba.dcerpc.mgmt.abstract_syntax()
2385         ctx = self.prepare_presentation(abstract, ndr32)
2386
2387         req = self.generate_request(call_id=1,
2388                                     pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2389                                     context_id=ctx.context_id,
2390                                     opnum=0,
2391                                     stub=b"")
2392         self.send_pdu(req)
2393         rep = self.recv_pdu(timeout=0.1)
2394         self.assertIsNone(rep)
2395         self.assertIsConnected()
2396
2397         req = self.generate_orphaned(call_id=1)
2398         self.send_pdu(req)
2399         rep = self.recv_pdu(timeout=0.1)
2400         self.assertIsNone(rep)
2401         self.assertIsConnected()
2402
2403         req = self.generate_request(call_id=1,
2404                                     pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2405                                     context_id=ctx.context_id,
2406                                     opnum=0,
2407                                     stub=b"")
2408         self.send_pdu(req)
2409         rep = self.recv_pdu()
2410         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2411                         auth_length=0)
2412         self.assertNotEquals(rep.u.alloc_hint, 0)
2413         self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2414         self.assertEquals(rep.u.cancel_count, 0)
2415         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2416
2417         # And now try a request
2418         req = self.generate_request(call_id=2,
2419                                     context_id=ctx.context_id,
2420                                     opnum=0,
2421                                     stub=b"")
2422         self.send_pdu(req)
2423         rep = self.recv_pdu()
2424         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2425                         auth_length=0)
2426         self.assertNotEquals(rep.u.alloc_hint, 0)
2427         self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2428         self.assertEquals(rep.u.cancel_count, 0)
2429         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2430
2431     def test_orphaned_request_after_first_mpx_last(self):
2432         ndr32 = base.transfer_syntax_ndr()
2433         abstract = samba.dcerpc.mgmt.abstract_syntax()
2434
2435         pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST
2436         pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST
2437         pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_CONC_MPX
2438         ctx = self.prepare_presentation(abstract, ndr32, pfc_flags=pfc_flags)
2439
2440         req = self.generate_request(call_id=1,
2441                                     pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2442                                     context_id=ctx.context_id,
2443                                     opnum=0,
2444                                     stub=b"")
2445         self.send_pdu(req)
2446         rep = self.recv_pdu(timeout=0.1)
2447         self.assertIsNone(rep)
2448         self.assertIsConnected()
2449
2450         req = self.generate_orphaned(call_id=1)
2451         self.send_pdu(req)
2452         rep = self.recv_pdu(timeout=0.1)
2453         self.assertIsNone(rep)
2454         self.assertIsConnected()
2455
2456         req = self.generate_request(call_id=1,
2457                                     pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2458                                     context_id=ctx.context_id,
2459                                     opnum=0,
2460                                     stub=b"")
2461         self.send_pdu(req)
2462         rep = self.recv_pdu()
2463         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2464                         auth_length=0)
2465         self.assertNotEquals(rep.u.alloc_hint, 0)
2466         self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2467         self.assertEquals(rep.u.cancel_count, 0)
2468         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2469
2470         # And now try a request
2471         req = self.generate_request(call_id=2,
2472                                     context_id=ctx.context_id,
2473                                     opnum=0,
2474                                     stub=b"")
2475         self.send_pdu(req)
2476         rep = self.recv_pdu()
2477         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2478                         auth_length=0)
2479         self.assertNotEquals(rep.u.alloc_hint, 0)
2480         self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2481         self.assertEquals(rep.u.cancel_count, 0)
2482         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2483
2484     def test_orphaned_request_after_first_no_last(self):
2485         ndr32 = base.transfer_syntax_ndr()
2486         abstract = samba.dcerpc.mgmt.abstract_syntax()
2487         ctx = self.prepare_presentation(abstract, ndr32)
2488
2489         req1 = self.generate_request(call_id=1,
2490                                      pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2491                                      context_id=ctx.context_id,
2492                                      opnum=0,
2493                                      stub=b"")
2494         self.send_pdu(req1)
2495         rep = self.recv_pdu(timeout=0.1)
2496         self.assertIsNone(rep)
2497         self.assertIsConnected()
2498
2499         req = self.generate_orphaned(call_id=1)
2500         self.send_pdu(req)
2501         rep = self.recv_pdu(timeout=0.1)
2502         self.assertIsNone(rep)
2503         self.assertIsConnected()
2504
2505         # And now try a new request
2506         req2 = self.generate_request(call_id=2,
2507                                      context_id=ctx.context_id,
2508                                      opnum=0,
2509                                      stub=b"")
2510         self.send_pdu(req2)
2511         rep = self.recv_pdu()
2512         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req1.call_id,
2513                         auth_length=0)
2514         self.assertNotEquals(rep.u.alloc_hint, 0)
2515         self.assertEquals(rep.u.context_id, req1.u.context_id)
2516         self.assertEquals(rep.u.cancel_count, 0)
2517         self.assertEquals(rep.u.flags, 0)
2518         self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2519         self.assertEquals(rep.u.reserved, 0)
2520         self.assertEquals(len(rep.u.error_and_verifier), 0)
2521
2522         # wait for a disconnect
2523         rep = self.recv_pdu()
2524         self.assertIsNone(rep)
2525         self.assertNotConnected()
2526
2527     def test_orphaned_request_after_first_mpx_no_last(self):
2528         ndr32 = base.transfer_syntax_ndr()
2529         abstract = samba.dcerpc.mgmt.abstract_syntax()
2530
2531         pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST
2532         pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST
2533         pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_CONC_MPX
2534         ctx = self.prepare_presentation(abstract, ndr32,
2535                                         pfc_flags=pfc_flags)
2536
2537         req1 = self.generate_request(call_id=1,
2538                                      pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2539                                      context_id=ctx.context_id,
2540                                      opnum=0,
2541                                      stub=b"")
2542         self.send_pdu(req1)
2543         rep = self.recv_pdu(timeout=0.1)
2544         self.assertIsNone(rep)
2545         self.assertIsConnected()
2546
2547         req = self.generate_orphaned(call_id=1)
2548         self.send_pdu(req)
2549         rep = self.recv_pdu(timeout=0.1)
2550         self.assertIsNone(rep)
2551         self.assertIsConnected()
2552
2553         # And now try a new request
2554         req2 = self.generate_request(call_id=2,
2555                                      context_id=ctx.context_id - 1,
2556                                      opnum=0,
2557                                      stub=b"")
2558         self.send_pdu(req2)
2559         rep = self.recv_pdu()
2560         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req2.call_id,
2561                         auth_length=0)
2562         self.assertNotEquals(rep.u.alloc_hint, 0)
2563         self.assertEquals(rep.u.context_id, 0)
2564         self.assertEquals(rep.u.cancel_count, 0)
2565         self.assertEquals(rep.u.flags, 0)
2566         self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2567         self.assertEquals(rep.u.reserved, 0)
2568         self.assertEquals(len(rep.u.error_and_verifier), 0)
2569
2570         # wait for a disconnect
2571         rep = self.recv_pdu()
2572         self.assertIsNone(rep)
2573         self.assertNotConnected()
2574
2575     def test_spnego_connect_request(self):
2576         ndr32 = base.transfer_syntax_ndr()
2577
2578         tsf1_list = [ndr32]
2579         ctx1 = dcerpc.ctx_list()
2580         ctx1.context_id = 1
2581         ctx1.num_transfer_syntaxes = len(tsf1_list)
2582         ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2583         ctx1.transfer_syntaxes = tsf1_list
2584         ctx_list = [ctx1]
2585
2586         c = self.get_anon_creds()
2587         g = gensec.Security.start_client(self.settings)
2588         g.set_credentials(c)
2589         g.want_feature(gensec.FEATURE_DCE_STYLE)
2590         auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2591         auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
2592         auth_context_id = 2
2593         g.start_mech_by_authtype(auth_type, auth_level)
2594         from_server = b""
2595         (finished, to_server) = g.update(from_server)
2596         self.assertFalse(finished)
2597
2598         auth_info = self.generate_auth(auth_type=auth_type,
2599                                        auth_level=auth_level,
2600                                        auth_context_id=auth_context_id,
2601                                        auth_blob=to_server)
2602
2603         req = self.generate_bind(call_id=0,
2604                                  ctx_list=ctx_list,
2605                                  auth_info=auth_info)
2606
2607         self.send_pdu(req)
2608         rep = self.recv_pdu()
2609         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2610         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2611         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2612         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2613         self.assertEquals(rep.u.secondary_address_size, 4)
2614         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
2615         self.assertPadding(rep.u._pad1, 2)
2616         self.assertEquals(rep.u.num_results, 1)
2617         self.assertEquals(rep.u.ctx_list[0].result,
2618                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2619         self.assertEquals(rep.u.ctx_list[0].reason,
2620                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2621         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2622         self.assertNotEquals(len(rep.u.auth_info), 0)
2623         a = self.parse_auth(rep.u.auth_info)
2624
2625         from_server = a.credentials
2626         (finished, to_server) = g.update(from_server)
2627         self.assertFalse(finished)
2628
2629         auth_info = self.generate_auth(auth_type=auth_type,
2630                                        auth_level=auth_level,
2631                                        auth_context_id=auth_context_id,
2632                                        auth_blob=to_server)
2633
2634         req = self.generate_alter(call_id=0,
2635                                   ctx_list=ctx_list,
2636                                   assoc_group_id=rep.u.assoc_group_id,
2637                                   auth_info=auth_info)
2638
2639         self.send_pdu(req)
2640         rep = self.recv_pdu()
2641         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
2642         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2643         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2644         self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2645         self.assertEquals(rep.u.secondary_address_size, 0)
2646         self.assertPadding(rep.u._pad1, 2)
2647         self.assertEquals(rep.u.num_results, 1)
2648         self.assertEquals(rep.u.ctx_list[0].result,
2649                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2650         self.assertEquals(rep.u.ctx_list[0].reason,
2651                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2652         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2653         self.assertNotEquals(len(rep.u.auth_info), 0)
2654         a = self.parse_auth(rep.u.auth_info)
2655
2656         from_server = a.credentials
2657         (finished, to_server) = g.update(from_server)
2658         self.assertTrue(finished)
2659
2660         # And now try a request without auth_info
2661         req = self.generate_request(call_id=2,
2662                                     context_id=ctx1.context_id,
2663                                     opnum=0,
2664                                     stub=b"")
2665         self.send_pdu(req)
2666         rep = self.recv_pdu()
2667         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2668                         auth_length=0)
2669         self.assertNotEquals(rep.u.alloc_hint, 0)
2670         self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2671         self.assertEquals(rep.u.cancel_count, 0)
2672         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2673
2674         # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
2675         auth_info = self.generate_auth(auth_type=auth_type,
2676                                        auth_level=auth_level,
2677                                        auth_context_id=auth_context_id,
2678                                        auth_blob=b"\x01" +b"\x00" *15)
2679         req = self.generate_request(call_id=3,
2680                                     context_id=ctx1.context_id,
2681                                     opnum=0,
2682                                     stub=b"",
2683                                     auth_info=auth_info)
2684         self.send_pdu(req)
2685         rep = self.recv_pdu()
2686         # We don't get an auth_info back
2687         self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2688                         auth_length=0)
2689         self.assertNotEquals(rep.u.alloc_hint, 0)
2690         self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2691         self.assertEquals(rep.u.cancel_count, 0)
2692         self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2693
2694         # Now a request with auth_info DCERPC_AUTH_LEVEL_INTEGRITY
2695         auth_info = self.generate_auth(auth_type=auth_type,
2696                                        auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
2697                                        auth_context_id=auth_context_id,
2698                                        auth_blob=b"\x01" + b"\x00" * 15)
2699         req = self.generate_request(call_id=4,
2700                                     context_id=ctx1.context_id,
2701                                     opnum=0,
2702                                     stub=b"",
2703                                     auth_info=auth_info)
2704         self.send_pdu(req)
2705         rep = self.recv_pdu()
2706         # We get a fault back
2707         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2708                         auth_length=0)
2709         self.assertNotEquals(rep.u.alloc_hint, 0)
2710         self.assertEquals(rep.u.context_id, req.u.context_id)
2711         self.assertEquals(rep.u.cancel_count, 0)
2712         self.assertEquals(rep.u.flags, 0)
2713         self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2714         self.assertEquals(rep.u.reserved, 0)
2715         self.assertEquals(len(rep.u.error_and_verifier), 0)
2716
2717         # wait for a disconnect
2718         rep = self.recv_pdu()
2719         self.assertIsNone(rep)
2720         self.assertNotConnected()
2721
2722     def test_spnego_integrity_request(self):
2723         ndr32 = base.transfer_syntax_ndr()
2724
2725         tsf1_list = [ndr32]
2726         ctx1 = dcerpc.ctx_list()
2727         ctx1.context_id = 1
2728         ctx1.num_transfer_syntaxes = len(tsf1_list)
2729         ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2730         ctx1.transfer_syntaxes = tsf1_list
2731         ctx_list = [ctx1]
2732
2733         c = self.get_anon_creds()
2734         g = gensec.Security.start_client(self.settings)
2735         g.set_credentials(c)
2736         g.want_feature(gensec.FEATURE_DCE_STYLE)
2737         auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2738         auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
2739         auth_context_id = 2
2740         g.start_mech_by_authtype(auth_type, auth_level)
2741         from_server = b""
2742         (finished, to_server) = g.update(from_server)
2743         self.assertFalse(finished)
2744
2745         auth_info = self.generate_auth(auth_type=auth_type,
2746                                        auth_level=auth_level,
2747                                        auth_context_id=auth_context_id,
2748                                        auth_blob=to_server)
2749
2750         req = self.generate_bind(call_id=0,
2751                                  ctx_list=ctx_list,
2752                                  auth_info=auth_info)
2753
2754         self.send_pdu(req)
2755         rep = self.recv_pdu()
2756         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2757         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2758         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2759         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2760         self.assertEquals(rep.u.secondary_address_size, 4)
2761         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
2762         self.assertPadding(rep.u._pad1, 2)
2763         self.assertEquals(rep.u.num_results, 1)
2764         self.assertEquals(rep.u.ctx_list[0].result,
2765                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2766         self.assertEquals(rep.u.ctx_list[0].reason,
2767                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2768         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2769         self.assertNotEquals(len(rep.u.auth_info), 0)
2770         a = self.parse_auth(rep.u.auth_info)
2771
2772         from_server = a.credentials
2773         (finished, to_server) = g.update(from_server)
2774         self.assertFalse(finished)
2775
2776         auth_info = self.generate_auth(auth_type=auth_type,
2777                                        auth_level=auth_level,
2778                                        auth_context_id=auth_context_id,
2779                                        auth_blob=to_server)
2780
2781         req = self.generate_alter(call_id=0,
2782                                   ctx_list=ctx_list,
2783                                   assoc_group_id=rep.u.assoc_group_id,
2784                                   auth_info=auth_info)
2785
2786         self.send_pdu(req)
2787         rep = self.recv_pdu()
2788         self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
2789         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2790         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2791         self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2792         self.assertEquals(rep.u.secondary_address_size, 0)
2793         self.assertPadding(rep.u._pad1, 2)
2794         self.assertEquals(rep.u.num_results, 1)
2795         self.assertEquals(rep.u.ctx_list[0].result,
2796                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2797         self.assertEquals(rep.u.ctx_list[0].reason,
2798                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2799         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2800         self.assertNotEquals(len(rep.u.auth_info), 0)
2801         a = self.parse_auth(rep.u.auth_info)
2802
2803         from_server = a.credentials
2804         (finished, to_server) = g.update(from_server)
2805         self.assertTrue(finished)
2806
2807         # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
2808         auth_info = self.generate_auth(auth_type=auth_type,
2809                                        auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
2810                                        auth_context_id=auth_context_id,
2811                                        auth_blob=b"\x01" + b"\x00" * 15)
2812         req = self.generate_request(call_id=3,
2813                                     context_id=ctx1.context_id,
2814                                     opnum=0,
2815                                     stub=b"",
2816                                     auth_info=auth_info)
2817         self.send_pdu(req)
2818         rep = self.recv_pdu()
2819         # We get a fault back
2820         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2821                         auth_length=0)
2822         self.assertNotEquals(rep.u.alloc_hint, 0)
2823         self.assertEquals(rep.u.context_id, req.u.context_id)
2824         self.assertEquals(rep.u.cancel_count, 0)
2825         self.assertEquals(rep.u.flags, 0)
2826         self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2827         self.assertEquals(rep.u.reserved, 0)
2828         self.assertEquals(len(rep.u.error_and_verifier), 0)
2829
2830         # wait for a disconnect
2831         rep = self.recv_pdu()
2832         self.assertIsNone(rep)
2833         self.assertNotConnected()
2834
2835     def test_spnego_unfinished_request(self):
2836         ndr32 = base.transfer_syntax_ndr()
2837
2838         tsf1_list = [ndr32]
2839         ctx1 = dcerpc.ctx_list()
2840         ctx1.context_id = 1
2841         ctx1.num_transfer_syntaxes = len(tsf1_list)
2842         ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2843         ctx1.transfer_syntaxes = tsf1_list
2844         ctx_list = [ctx1]
2845
2846         c = self.get_anon_creds()
2847         g = gensec.Security.start_client(self.settings)
2848         g.set_credentials(c)
2849         g.want_feature(gensec.FEATURE_DCE_STYLE)
2850         auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2851         auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
2852         auth_context_id = 2
2853         g.start_mech_by_authtype(auth_type, auth_level)
2854         from_server = b""
2855         (finished, to_server) = g.update(from_server)
2856         self.assertFalse(finished)
2857
2858         auth_info = self.generate_auth(auth_type=auth_type,
2859                                        auth_level=auth_level,
2860                                        auth_context_id=auth_context_id,
2861                                        auth_blob=to_server)
2862
2863         req = self.generate_bind(call_id=0,
2864                                  ctx_list=ctx_list,
2865                                  auth_info=auth_info)
2866
2867         self.send_pdu(req)
2868         rep = self.recv_pdu()
2869         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2870         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2871         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2872         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2873         assoc_group_id = rep.u.assoc_group_id
2874         self.assertEquals(rep.u.secondary_address_size, 4)
2875         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
2876         self.assertPadding(rep.u._pad1, 2)
2877         self.assertEquals(rep.u.num_results, 1)
2878         self.assertEquals(rep.u.ctx_list[0].result,
2879                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2880         self.assertEquals(rep.u.ctx_list[0].reason,
2881                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2882         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2883         self.assertNotEquals(len(rep.u.auth_info), 0)
2884         a = self.parse_auth(rep.u.auth_info)
2885
2886         from_server = a.credentials
2887         (finished, to_server) = g.update(from_server)
2888         self.assertFalse(finished)
2889
2890         # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
2891         auth_info = self.generate_auth(auth_type=auth_type,
2892                                        auth_level=auth_level,
2893                                        auth_context_id=auth_context_id,
2894                                        auth_blob=b"\x01" + b"\x00" * 15)
2895         req = self.generate_request(call_id=1,
2896                                     context_id=ctx1.context_id,
2897                                     opnum=0,
2898                                     stub=b"",
2899                                     auth_info=auth_info)
2900         self.send_pdu(req)
2901         rep = self.recv_pdu()
2902         # We get a fault
2903         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2904                         pfc_flags=req.pfc_flags |
2905                         dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
2906                         auth_length=0)
2907         self.assertNotEquals(rep.u.alloc_hint, 0)
2908         self.assertEquals(rep.u.context_id, 0)
2909         self.assertEquals(rep.u.cancel_count, 0)
2910         self.assertEquals(rep.u.flags, 0)
2911         self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2912         self.assertEquals(rep.u.reserved, 0)
2913         self.assertEquals(len(rep.u.error_and_verifier), 0)
2914
2915         # wait for a disconnect
2916         rep = self.recv_pdu()
2917         self.assertIsNone(rep)
2918         self.assertNotConnected()
2919
2920     def test_spnego_auth3(self):
2921         ndr32 = base.transfer_syntax_ndr()
2922
2923         tsf1_list = [ndr32]
2924         ctx1 = dcerpc.ctx_list()
2925         ctx1.context_id = 1
2926         ctx1.num_transfer_syntaxes = len(tsf1_list)
2927         ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2928         ctx1.transfer_syntaxes = tsf1_list
2929         ctx_list = [ctx1]
2930
2931         c = self.get_anon_creds()
2932         g = gensec.Security.start_client(self.settings)
2933         g.set_credentials(c)
2934         g.want_feature(gensec.FEATURE_DCE_STYLE)
2935         auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2936         auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
2937         auth_context_id = 2
2938         g.start_mech_by_authtype(auth_type, auth_level)
2939         from_server = b""
2940         (finished, to_server) = g.update(from_server)
2941         self.assertFalse(finished)
2942
2943         auth_info = self.generate_auth(auth_type=auth_type,
2944                                        auth_level=auth_level,
2945                                        auth_context_id=auth_context_id,
2946                                        auth_blob=to_server)
2947         req = self.generate_bind(call_id=0,
2948                                  ctx_list=ctx_list,
2949                                  auth_info=auth_info)
2950         self.send_pdu(req)
2951         rep = self.recv_pdu()
2952         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2953         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2954         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2955         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2956         self.assertEquals(rep.u.secondary_address_size, 4)
2957         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
2958         self.assertPadding(rep.u._pad1, 2)
2959         self.assertEquals(rep.u.num_results, 1)
2960         self.assertEquals(rep.u.ctx_list[0].result,
2961                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2962         self.assertEquals(rep.u.ctx_list[0].reason,
2963                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2964         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2965         self.assertNotEquals(len(rep.u.auth_info), 0)
2966         a = self.parse_auth(rep.u.auth_info)
2967
2968         from_server = a.credentials
2969         (finished, to_server) = g.update(from_server)
2970         self.assertFalse(finished)
2971
2972         auth_info = self.generate_auth(auth_type=auth_type,
2973                                        auth_level=auth_level,
2974                                        auth_context_id=auth_context_id,
2975                                        auth_blob=to_server)
2976         req = self.generate_auth3(call_id=0,
2977                                   auth_info=auth_info)
2978         self.send_pdu(req)
2979         rep = self.recv_pdu(timeout=0.01)
2980         self.assertIsNone(rep)
2981         self.assertIsConnected()
2982
2983         # And now try a request without auth_info
2984         req = self.generate_request(call_id=2,
2985                                     context_id=ctx1.context_id,
2986                                     opnum=0,
2987                                     stub=b"")
2988         self.send_pdu(req)
2989         rep = self.recv_pdu()
2990         # We get a fault back
2991         self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2992                         auth_length=0)
2993         self.assertNotEquals(rep.u.alloc_hint, 0)
2994         self.assertEquals(rep.u.context_id, req.u.context_id)
2995         self.assertEquals(rep.u.cancel_count, 0)
2996         self.assertEquals(rep.u.flags, 0)
2997         self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2998         self.assertEquals(rep.u.reserved, 0)
2999         self.assertEquals(len(rep.u.error_and_verifier), 0)
3000
3001         # wait for a disconnect
3002         rep = self.recv_pdu()
3003         self.assertIsNone(rep)
3004         self.assertNotConnected()
3005
3006     def test_spnego_connect_reauth_alter(self):
3007         ndr32 = base.transfer_syntax_ndr()
3008         ndr64 = base.transfer_syntax_ndr64()
3009
3010         tsf1_list = [ndr32]
3011         ctx1 = dcerpc.ctx_list()
3012         ctx1.context_id = 1
3013         ctx1.num_transfer_syntaxes = len(tsf1_list)
3014         ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3015         ctx1.transfer_syntaxes = tsf1_list
3016         ctx_list = [ctx1]
3017
3018         c = self.get_anon_creds()
3019         g = gensec.Security.start_client(self.settings)
3020         g.set_credentials(c)
3021         g.want_feature(gensec.FEATURE_DCE_STYLE)
3022         auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3023         auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3024         auth_context_id = 2
3025         g.start_mech_by_authtype(auth_type, auth_level)
3026         from_server = b""
3027         (finished, to_server) = g.update(from_server)
3028         self.assertFalse(finished)
3029
3030         auth_info = self.generate_auth(auth_type=auth_type,
3031                                        auth_level=auth_level,
3032                                        auth_context_id=auth_context_id,
3033                                        auth_blob=to_server)
3034
3035         req = self.generate_bind(call_id=0,
3036                                  ctx_list=ctx_list,
3037                                  auth_info=auth_info)
3038
3039         self.send_pdu(req)
3040         rep = self.recv_pdu()
3041         self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3042         self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3043         self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3044         self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3045         self.assertEquals(rep.u.secondary_address_size, 4)
3046         self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3047         self.assertPadding(rep.u._pad1, 2)
3048         self.assertEquals(rep.u.num_results, 1)
3049         self.assertEquals(rep.u.ctx_list[0].result,
3050                           dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3051         self.assertEquals(rep.u.ctx_list[0].reason,
3052                           dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3053         self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3054         self.assertNotEquals(len(rep.u.auth_info), 0)
3055         a = self.parse_auth(rep.u.auth_info)
3056
3057         from_server = a.credentials