2 # Unix SMB/CIFS implementation.
3 # Copyright (C) Stefan Metzmacher 2014,2015
5 # This program is free software; you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 3 of the License, or
8 # (at your option) any later version.
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
15 # You should have received a copy of the GNU General Public License
16 # along with this program. If not, see <http://www.gnu.org/licenses/>.
22 sys.path.insert(0, "bin/python")
23 os.environ["PYTHONUNBUFFERED"] = "1"
25 import samba.dcerpc.dcerpc as dcerpc
26 import samba.dcerpc.base as base
27 import samba.dcerpc.misc as misc
28 import samba.dcerpc.epmapper
29 import samba.dcerpc.mgmt
30 import samba.dcerpc.netlogon
32 from samba import gensec
33 from samba.tests import RawDCERPCTest
35 global_ndr_print = False
36 global_hexdump = False
38 class TestDCERPC_BIND(RawDCERPCTest):
41 super(TestDCERPC_BIND, self).setUp()
42 self.do_ndr_print = global_ndr_print
43 self.do_hexdump = global_hexdump
45 def _test_no_auth_request_bind_pfc_flags(self, req_pfc_flags, rep_pfc_flags):
46 ndr32 = base.transfer_syntax_ndr()
49 ctx1 = dcerpc.ctx_list()
51 ctx1.num_transfer_syntaxes = len(tsf1_list)
52 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
53 ctx1.transfer_syntaxes = tsf1_list
55 req = self.generate_bind(call_id=0, pfc_flags=req_pfc_flags, ctx_list=[ctx1])
58 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
59 pfc_flags=rep_pfc_flags, auth_length=0)
60 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
61 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
62 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
63 self.assertEquals(rep.u.secondary_address_size, 4)
64 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
65 self.assertEquals(len(rep.u._pad1), 2)
66 # sometimes windows sends random bytes
67 # self.assertEquals(rep.u._pad1, '\0' * 2)
68 self.assertEquals(rep.u.num_results, 1)
69 self.assertEquals(rep.u.ctx_list[0].result,
70 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
71 self.assertEquals(rep.u.ctx_list[0].reason,
72 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
73 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
74 self.assertEquals(rep.u.auth_info, '\0' * 0)
76 # And now try a request
77 req = self.generate_request(call_id = 1,
78 context_id=ctx1.context_id,
83 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
85 self.assertNotEquals(rep.u.alloc_hint, 0)
86 self.assertEquals(rep.u.context_id, req.u.context_id)
87 self.assertEquals(rep.u.cancel_count, 0)
88 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
90 def _test_no_auth_request_alter_pfc_flags(self, req_pfc_flags, rep_pfc_flags):
91 ndr32 = base.transfer_syntax_ndr()
94 ctx1 = dcerpc.ctx_list()
96 ctx1.num_transfer_syntaxes = len(tsf1_list)
97 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
98 ctx1.transfer_syntaxes = tsf1_list
100 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
102 rep = self.recv_pdu()
103 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
105 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
106 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
107 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
108 self.assertEquals(rep.u.secondary_address_size, 4)
109 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
110 self.assertEquals(len(rep.u._pad1), 2)
111 # sometimes windows sends random bytes
112 # self.assertEquals(rep.u._pad1, '\0' * 2)
113 self.assertEquals(rep.u.num_results, 1)
114 self.assertEquals(rep.u.ctx_list[0].result,
115 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
116 self.assertEquals(rep.u.ctx_list[0].reason,
117 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
118 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
119 self.assertEquals(rep.u.auth_info, '\0' * 0)
121 # And now try a alter context
122 req = self.generate_alter(call_id=0, pfc_flags=req_pfc_flags, ctx_list=[ctx1])
124 rep = self.recv_pdu()
125 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
126 pfc_flags=rep_pfc_flags, auth_length=0)
127 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
128 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
129 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
130 self.assertEquals(rep.u.secondary_address_size, 0)
131 self.assertEquals(rep.u.secondary_address, "")
132 self.assertEquals(len(rep.u._pad1), 2)
133 # sometimes windows sends random bytes
134 # self.assertEquals(rep.u._pad1, '\0' * 2)
135 self.assertEquals(rep.u.num_results, 1)
136 self.assertEquals(rep.u.ctx_list[0].result,
137 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
138 self.assertEquals(rep.u.ctx_list[0].reason,
139 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
140 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
141 self.assertEquals(rep.u.auth_info, '\0' * 0)
143 # And now try a request
144 req = self.generate_request(call_id = 1,
145 context_id=ctx1.context_id,
149 rep = self.recv_pdu()
150 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
152 self.assertNotEquals(rep.u.alloc_hint, 0)
153 self.assertEquals(rep.u.context_id, req.u.context_id)
154 self.assertEquals(rep.u.cancel_count, 0)
155 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
157 def test_no_auth_request(self):
158 return self._test_no_auth_request_bind_pfc_flags(
160 dcerpc.DCERPC_PFC_FLAG_FIRST |
161 dcerpc.DCERPC_PFC_FLAG_LAST,
163 dcerpc.DCERPC_PFC_FLAG_FIRST |
164 dcerpc.DCERPC_PFC_FLAG_LAST)
166 def test_no_auth_request_bind_pfc_00(self):
167 return self._test_no_auth_request_bind_pfc_flags(
171 dcerpc.DCERPC_PFC_FLAG_FIRST |
172 dcerpc.DCERPC_PFC_FLAG_LAST)
174 def test_no_auth_request_bind_pfc_FIRST(self):
175 return self._test_no_auth_request_bind_pfc_flags(
177 dcerpc.DCERPC_PFC_FLAG_FIRST |
180 dcerpc.DCERPC_PFC_FLAG_FIRST |
181 dcerpc.DCERPC_PFC_FLAG_LAST)
183 def test_no_auth_request_bind_pfc_LAST(self):
184 return self._test_no_auth_request_bind_pfc_flags(
186 dcerpc.DCERPC_PFC_FLAG_LAST |
189 dcerpc.DCERPC_PFC_FLAG_FIRST |
190 dcerpc.DCERPC_PFC_FLAG_LAST)
192 # TODO: doesn't announce DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
193 # without authentication
194 def _test_no_auth_request_bind_pfc_HDR_SIGNING(self):
195 return self._test_no_auth_request_bind_pfc_flags(
197 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN |
200 dcerpc.DCERPC_PFC_FLAG_FIRST |
201 dcerpc.DCERPC_PFC_FLAG_LAST |
202 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)
204 def test_no_auth_request_bind_pfc_08(self):
205 return self._test_no_auth_request_bind_pfc_flags(
210 dcerpc.DCERPC_PFC_FLAG_FIRST |
211 dcerpc.DCERPC_PFC_FLAG_LAST)
213 def test_no_auth_request_bind_pfc_CONC_MPX(self):
214 return self._test_no_auth_request_bind_pfc_flags(
216 dcerpc.DCERPC_PFC_FLAG_CONC_MPX |
219 dcerpc.DCERPC_PFC_FLAG_FIRST |
220 dcerpc.DCERPC_PFC_FLAG_LAST |
221 dcerpc.DCERPC_PFC_FLAG_CONC_MPX)
223 def test_no_auth_request_bind_pfc_DID_NOT_EXECUTE(self):
224 return self._test_no_auth_request_bind_pfc_flags(
226 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE |
229 dcerpc.DCERPC_PFC_FLAG_FIRST |
230 dcerpc.DCERPC_PFC_FLAG_LAST)
232 def test_no_auth_request_bind_pfc_MAYBE(self):
233 return self._test_no_auth_request_bind_pfc_flags(
235 dcerpc.DCERPC_PFC_FLAG_MAYBE |
238 dcerpc.DCERPC_PFC_FLAG_FIRST |
239 dcerpc.DCERPC_PFC_FLAG_LAST)
241 def test_no_auth_request_bind_pfc_OBJECT_UUID(self):
242 return self._test_no_auth_request_bind_pfc_flags(
244 dcerpc.DCERPC_PFC_FLAG_OBJECT_UUID |
247 dcerpc.DCERPC_PFC_FLAG_FIRST |
248 dcerpc.DCERPC_PFC_FLAG_LAST)
250 # TODO: doesn't announce DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
251 # without authentication
252 # TODO: doesn't announce DCERPC_PFC_FLAG_CONC_MPX
254 def _test_no_auth_request_bind_pfc_ff(self):
255 return self._test_no_auth_request_bind_pfc_flags(
260 dcerpc.DCERPC_PFC_FLAG_FIRST |
261 dcerpc.DCERPC_PFC_FLAG_LAST |
262 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN |
263 dcerpc.DCERPC_PFC_FLAG_CONC_MPX)
265 def test_no_auth_request_alter_pfc_00(self):
266 return self._test_no_auth_request_alter_pfc_flags(
270 dcerpc.DCERPC_PFC_FLAG_FIRST |
271 dcerpc.DCERPC_PFC_FLAG_LAST)
273 def test_no_auth_request_alter_pfc_FIRST(self):
274 return self._test_no_auth_request_alter_pfc_flags(
276 dcerpc.DCERPC_PFC_FLAG_FIRST |
279 dcerpc.DCERPC_PFC_FLAG_FIRST |
280 dcerpc.DCERPC_PFC_FLAG_LAST)
282 def test_no_auth_request_alter_pfc_LAST(self):
283 return self._test_no_auth_request_alter_pfc_flags(
285 dcerpc.DCERPC_PFC_FLAG_LAST |
288 dcerpc.DCERPC_PFC_FLAG_FIRST |
289 dcerpc.DCERPC_PFC_FLAG_LAST)
291 # TODO: doesn't announce DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
292 # without authentication
293 def _test_no_auth_request_alter_pfc_HDR_SIGNING(self):
294 return self._test_no_auth_request_alter_pfc_flags(
296 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN |
299 dcerpc.DCERPC_PFC_FLAG_FIRST |
300 dcerpc.DCERPC_PFC_FLAG_LAST |
301 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)
303 def test_no_auth_request_alter_pfc_08(self):
304 return self._test_no_auth_request_alter_pfc_flags(
309 dcerpc.DCERPC_PFC_FLAG_FIRST |
310 dcerpc.DCERPC_PFC_FLAG_LAST)
312 def test_no_auth_request_alter_pfc_CONC_MPX(self):
313 return self._test_no_auth_request_alter_pfc_flags(
315 dcerpc.DCERPC_PFC_FLAG_CONC_MPX |
318 dcerpc.DCERPC_PFC_FLAG_FIRST |
319 dcerpc.DCERPC_PFC_FLAG_LAST)
321 def test_no_auth_request_alter_pfc_DID_NOT_EXECUTE(self):
322 return self._test_no_auth_request_alter_pfc_flags(
324 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE |
327 dcerpc.DCERPC_PFC_FLAG_FIRST |
328 dcerpc.DCERPC_PFC_FLAG_LAST)
330 def test_no_auth_request_alter_pfc_MAYBE(self):
331 return self._test_no_auth_request_alter_pfc_flags(
333 dcerpc.DCERPC_PFC_FLAG_MAYBE |
336 dcerpc.DCERPC_PFC_FLAG_FIRST |
337 dcerpc.DCERPC_PFC_FLAG_LAST)
339 def test_no_auth_request_alter_pfc_OBJECT_UUID(self):
340 return self._test_no_auth_request_alter_pfc_flags(
342 dcerpc.DCERPC_PFC_FLAG_OBJECT_UUID |
345 dcerpc.DCERPC_PFC_FLAG_FIRST |
346 dcerpc.DCERPC_PFC_FLAG_LAST)
348 # TODO: doesn't announce DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
349 # without authentication
350 def _test_no_auth_request_alter_pfc_ff(self):
351 return self._test_no_auth_request_alter_pfc_flags(
356 dcerpc.DCERPC_PFC_FLAG_FIRST |
357 dcerpc.DCERPC_PFC_FLAG_LAST |
358 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)
360 def test_no_auth_no_ctx(self):
361 # send an useless bind
362 req = self.generate_bind(call_id=0)
364 rep = self.recv_pdu()
365 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
367 self.assertEquals(rep.u.reject_reason,
368 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
369 self.assertEquals(rep.u.num_versions, 1)
370 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
371 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
372 self.assertEquals(len(rep.u._pad), 3)
373 self.assertEquals(rep.u._pad, '\0' * 3)
375 def test_invalid_auth_noctx(self):
376 req = self.generate_bind(call_id=0)
377 req.auth_length = dcerpc.DCERPC_AUTH_TRAILER_LENGTH
379 rep = self.recv_pdu()
380 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
382 self.assertEquals(rep.u.reject_reason,
383 dcerpc.DCERPC_BIND_NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED)
384 self.assertEquals(rep.u.num_versions, 1)
385 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
386 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
387 self.assertEquals(len(rep.u._pad), 3)
388 self.assertEquals(rep.u._pad, '\0' * 3)
390 def test_no_auth_valid_valid_request(self):
391 ndr32 = base.transfer_syntax_ndr()
394 ctx1 = dcerpc.ctx_list()
396 ctx1.num_transfer_syntaxes = len(tsf1_list)
397 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
398 ctx1.transfer_syntaxes = tsf1_list
400 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
402 rep = self.recv_pdu()
403 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
405 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
406 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
407 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
408 self.assertEquals(rep.u.secondary_address_size, 4)
409 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
410 self.assertEquals(len(rep.u._pad1), 2)
411 self.assertEquals(rep.u._pad1, '\0' * 2)
412 self.assertEquals(rep.u.num_results, 1)
413 self.assertEquals(rep.u.ctx_list[0].result,
414 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
415 self.assertEquals(rep.u.ctx_list[0].reason,
416 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
417 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
418 self.assertEquals(rep.u.auth_info, '\0' * 0)
422 ctx2 = dcerpc.ctx_list()
424 ctx2.num_transfer_syntaxes = len(tsf2_list)
425 ctx2.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
426 ctx2.transfer_syntaxes = tsf2_list
428 req = self.generate_bind(call_id=1, ctx_list=[ctx2])
430 rep = self.recv_pdu()
431 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
433 self.assertEquals(rep.u.reject_reason,
434 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
435 self.assertEquals(rep.u.num_versions, 1)
436 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
437 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
438 self.assertEquals(len(rep.u._pad), 3)
439 self.assertEquals(rep.u._pad, '\0' * 3)
441 # wait for a disconnect
442 rep = self.recv_pdu()
443 self.assertIsNone(rep)
444 self.assertNotConnected()
446 def test_no_auth_invalid_valid_request(self):
447 # send an useless bind
448 req = self.generate_bind(call_id=0)
450 rep = self.recv_pdu()
451 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
453 self.assertEquals(rep.u.reject_reason,
454 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
455 self.assertEquals(rep.u.num_versions, 1)
456 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
457 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
458 self.assertEquals(len(rep.u._pad), 3)
459 self.assertEquals(rep.u._pad, '\0' * 3)
461 # wait for a disconnect
462 rep = self.recv_pdu()
463 self.assertIsNone(rep)
464 self.assertNotConnected()
466 def test_alter_no_auth_no_ctx(self):
467 ndr32 = base.transfer_syntax_ndr()
470 ctx1 = dcerpc.ctx_list()
472 ctx1.num_transfer_syntaxes = len(tsf1_list)
473 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
474 ctx1.transfer_syntaxes = tsf1_list
476 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
478 rep = self.recv_pdu()
479 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
481 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
482 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
483 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
484 self.assertEquals(rep.u.secondary_address_size, 4)
485 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
486 self.assertEquals(len(rep.u._pad1), 2)
487 self.assertEquals(rep.u._pad1, '\0' * 2)
488 self.assertEquals(rep.u.num_results, 1)
489 self.assertEquals(rep.u.ctx_list[0].result,
490 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
491 self.assertEquals(rep.u.ctx_list[0].reason,
492 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
493 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
494 self.assertEquals(rep.u.auth_info, '\0' * 0)
497 req = self.generate_alter(call_id=1, ctx_list=[])
499 rep = self.recv_pdu()
500 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
501 pfc_flags=req.pfc_flags |
502 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
504 self.assertNotEquals(rep.u.alloc_hint, 0)
505 self.assertEquals(rep.u.context_id, 0)
506 self.assertEquals(rep.u.cancel_count, 0)
507 self.assertEquals(rep.u.flags, 0)
508 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
509 self.assertEquals(rep.u.reserved, 0)
510 self.assertEquals(len(rep.u.error_and_verifier), 0)
512 # wait for a disconnect
513 rep = self.recv_pdu()
514 self.assertIsNone(rep)
515 self.assertNotConnected()
517 def test_no_auth_presentation_ctx_valid1(self):
518 ndr32 = base.transfer_syntax_ndr()
520 zero_syntax = misc.ndr_syntax_id()
522 tsf1_list = [zero_syntax, ndr32]
523 ctx1 = dcerpc.ctx_list()
525 ctx1.num_transfer_syntaxes = len(tsf1_list)
526 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
527 ctx1.transfer_syntaxes = tsf1_list
529 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
531 rep = self.recv_pdu()
532 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
534 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
535 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
536 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
537 self.assertEquals(rep.u.secondary_address_size, 4)
538 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
539 self.assertEquals(len(rep.u._pad1), 2)
540 self.assertEquals(rep.u._pad1, '\0' * 2)
541 self.assertEquals(rep.u.num_results, 1)
542 self.assertEquals(rep.u.ctx_list[0].result,
543 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
544 self.assertEquals(rep.u.ctx_list[0].reason,
545 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
546 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
547 self.assertEquals(rep.u.auth_info, '\0' * 0)
550 req = self.generate_alter(call_id=1, ctx_list=[ctx1])
552 rep = self.recv_pdu()
553 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
555 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
556 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
557 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
558 self.assertEquals(rep.u.secondary_address_size, 0)
559 self.assertEquals(len(rep.u._pad1), 2)
560 #self.assertEquals(rep.u._pad1, '\0' * 2)
561 self.assertEquals(rep.u.num_results, 1)
562 self.assertEquals(rep.u.ctx_list[0].result,
563 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
564 self.assertEquals(rep.u.ctx_list[0].reason,
565 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
566 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
567 self.assertEquals(rep.u.auth_info, '\0' * 0)
569 req = self.generate_request(call_id = 2,
570 context_id=ctx1.context_id,
574 rep = self.recv_pdu()
575 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
576 pfc_flags=req.pfc_flags |
577 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
579 self.assertNotEquals(rep.u.alloc_hint, 0)
580 self.assertEquals(rep.u.context_id, ctx1.context_id)
581 self.assertEquals(rep.u.cancel_count, 0)
582 self.assertEquals(rep.u.flags, 0)
583 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_OP_RNG_ERROR)
584 self.assertEquals(rep.u.reserved, 0)
585 self.assertEquals(len(rep.u.error_and_verifier), 0)
587 def test_no_auth_presentation_ctx_invalid1(self):
588 ndr32 = base.transfer_syntax_ndr()
590 zero_syntax = misc.ndr_syntax_id()
593 ctx1 = dcerpc.ctx_list()
595 ctx1.num_transfer_syntaxes = len(tsf1_list)
596 ctx1.abstract_syntax = ndr32
597 ctx1.transfer_syntaxes = tsf1_list
599 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
601 rep = self.recv_pdu()
602 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
604 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
605 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
606 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
607 self.assertEquals(rep.u.secondary_address_size, 4)
608 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
609 self.assertEquals(len(rep.u._pad1), 2)
610 self.assertEquals(rep.u._pad1, '\0' * 2)
611 self.assertEquals(rep.u.num_results, 1)
612 self.assertEquals(rep.u.ctx_list[0].result,
613 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
614 self.assertEquals(rep.u.ctx_list[0].reason,
615 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
616 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
617 self.assertEquals(rep.u.auth_info, '\0' * 0)
620 req = self.generate_alter(call_id=1, ctx_list=[ctx1])
622 rep = self.recv_pdu()
623 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
625 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
626 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
627 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
628 self.assertEquals(rep.u.secondary_address_size, 0)
629 self.assertEquals(len(rep.u._pad1), 2)
630 #self.assertEquals(rep.u._pad1, '\0' * 2)
631 self.assertEquals(rep.u.num_results, 1)
632 self.assertEquals(rep.u.ctx_list[0].result,
633 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
634 self.assertEquals(rep.u.ctx_list[0].reason,
635 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
636 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
637 self.assertEquals(rep.u.auth_info, '\0' * 0)
639 req = self.generate_request(call_id = 2,
644 rep = self.recv_pdu()
645 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
646 pfc_flags=req.pfc_flags |
647 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
649 self.assertNotEquals(rep.u.alloc_hint, 0)
650 self.assertEquals(rep.u.context_id, 0)
651 self.assertEquals(rep.u.cancel_count, 0)
652 self.assertEquals(rep.u.flags, 0)
653 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_UNKNOWN_IF)
654 self.assertEquals(rep.u.reserved, 0)
655 self.assertEquals(len(rep.u.error_and_verifier), 0)
657 # Send a alter again to prove the connection is still alive
658 req = self.generate_alter(call_id=3, ctx_list=[ctx1])
660 rep = self.recv_pdu()
661 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
663 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
664 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
665 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
666 self.assertEquals(rep.u.secondary_address_size, 0)
667 self.assertEquals(len(rep.u._pad1), 2)
668 #self.assertEquals(rep.u._pad1, '\0' * 2)
669 self.assertEquals(rep.u.num_results, 1)
670 self.assertEquals(rep.u.ctx_list[0].result,
671 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
672 self.assertEquals(rep.u.ctx_list[0].reason,
673 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
674 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
675 self.assertEquals(rep.u.auth_info, '\0' * 0)
677 def test_no_auth_presentation_ctx_invalid2(self):
678 ndr32 = base.transfer_syntax_ndr()
680 zero_syntax = misc.ndr_syntax_id()
683 ctx1a = dcerpc.ctx_list()
685 ctx1a.num_transfer_syntaxes = len(tsf1a_list)
686 ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
687 ctx1a.transfer_syntaxes = tsf1a_list
689 req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
691 rep = self.recv_pdu()
692 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
694 self.assertEquals(rep.u.reject_reason,
695 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
696 self.assertEquals(rep.u.num_versions, 1)
697 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
698 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
699 self.assertEquals(len(rep.u._pad), 3)
700 self.assertEquals(rep.u._pad, '\0' * 3)
702 # wait for a disconnect
703 rep = self.recv_pdu()
704 self.assertIsNone(rep)
705 self.assertNotConnected()
707 def test_no_auth_presentation_ctx_invalid3(self):
708 ndr32 = base.transfer_syntax_ndr()
710 zero_syntax = misc.ndr_syntax_id()
712 tsf1a_list = [zero_syntax, ndr32, ndr32, ndr32]
713 ctx1a = dcerpc.ctx_list()
715 ctx1a.num_transfer_syntaxes = len(tsf1a_list)
716 ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
717 ctx1a.transfer_syntaxes = tsf1a_list
719 req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
721 rep = self.recv_pdu()
722 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
724 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
725 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
726 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
727 self.assertEquals(rep.u.secondary_address_size, 4)
728 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
729 self.assertEquals(len(rep.u._pad1), 2)
730 self.assertEquals(rep.u._pad1, '\0' * 2)
731 self.assertEquals(rep.u.num_results, 1)
732 self.assertEquals(rep.u.ctx_list[0].result,
733 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
734 self.assertEquals(rep.u.ctx_list[0].reason,
735 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
736 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
737 self.assertEquals(rep.u.auth_info, '\0' * 0)
740 ctx1b = dcerpc.ctx_list()
742 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
743 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
744 ctx1b.transfer_syntaxes = tsf1b_list
747 req = self.generate_alter(call_id=1, ctx_list=[ctx1b])
749 rep = self.recv_pdu()
750 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
751 pfc_flags=req.pfc_flags |
752 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
754 self.assertNotEquals(rep.u.alloc_hint, 0)
755 self.assertEquals(rep.u.context_id, 0)
756 self.assertEquals(rep.u.cancel_count, 0)
757 self.assertEquals(rep.u.flags, 0)
758 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
759 self.assertEquals(rep.u.reserved, 0)
760 self.assertEquals(len(rep.u.error_and_verifier), 0)
762 # wait for a disconnect
763 rep = self.recv_pdu()
764 self.assertIsNone(rep)
765 self.assertNotConnected()
767 def test_no_auth_presentation_ctx_invalid4(self):
768 ndr32 = base.transfer_syntax_ndr()
769 ndr64 = base.transfer_syntax_ndr64()
771 zero_syntax = misc.ndr_syntax_id()
773 tsf1a_list = [zero_syntax, ndr32, ndr32, ndr32]
774 ctx1a = dcerpc.ctx_list()
776 ctx1a.num_transfer_syntaxes = len(tsf1a_list)
777 ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
778 ctx1a.transfer_syntaxes = tsf1a_list
780 req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
782 rep = self.recv_pdu()
783 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
785 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
786 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
787 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
788 self.assertEquals(rep.u.secondary_address_size, 4)
789 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
790 self.assertEquals(len(rep.u._pad1), 2)
791 self.assertEquals(rep.u._pad1, '\0' * 2)
792 self.assertEquals(rep.u.num_results, 1)
793 self.assertEquals(rep.u.ctx_list[0].result,
794 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
795 self.assertEquals(rep.u.ctx_list[0].reason,
796 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
797 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
798 self.assertEquals(rep.u.auth_info, '\0' * 0)
800 # With a known but wrong syntax we get a protocol error
801 # see test_no_auth_presentation_ctx_valid2
802 tsf1b_list = [zero_syntax,samba.dcerpc.epmapper.abstract_syntax(),ndr64]
803 ctx1b = dcerpc.ctx_list()
805 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
806 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
807 ctx1b.transfer_syntaxes = tsf1b_list
810 req = self.generate_alter(call_id=1, ctx_list=[ctx1b])
812 rep = self.recv_pdu()
813 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
814 pfc_flags=req.pfc_flags |
815 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
817 self.assertNotEquals(rep.u.alloc_hint, 0)
818 self.assertEquals(rep.u.context_id, 0)
819 self.assertEquals(rep.u.cancel_count, 0)
820 self.assertEquals(rep.u.flags, 0)
821 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
822 self.assertEquals(rep.u.reserved, 0)
823 self.assertEquals(len(rep.u.error_and_verifier), 0)
825 # wait for a disconnect
826 rep = self.recv_pdu()
827 self.assertIsNone(rep)
828 self.assertNotConnected()
830 def test_no_auth_presentation_ctx_valid2(self):
831 ndr32 = base.transfer_syntax_ndr()
833 zero_syntax = misc.ndr_syntax_id()
835 tsf1a_list = [zero_syntax, ndr32, ndr32, ndr32]
836 ctx1a = dcerpc.ctx_list()
838 ctx1a.num_transfer_syntaxes = len(tsf1a_list)
839 ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
840 ctx1a.transfer_syntaxes = tsf1a_list
842 req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
844 rep = self.recv_pdu()
845 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
847 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
848 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
849 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
850 self.assertEquals(rep.u.secondary_address_size, 4)
851 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
852 self.assertEquals(len(rep.u._pad1), 2)
853 self.assertEquals(rep.u._pad1, '\0' * 2)
854 self.assertEquals(rep.u.num_results, 1)
855 self.assertEquals(rep.u.ctx_list[0].result,
856 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
857 self.assertEquals(rep.u.ctx_list[0].reason,
858 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
859 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
860 self.assertEquals(rep.u.auth_info, '\0' * 0)
862 # With a unknown but wrong syntaxes we get NO protocol error
863 # see test_no_auth_presentation_ctx_invalid4
864 tsf1b_list = [zero_syntax,samba.dcerpc.epmapper.abstract_syntax()]
865 ctx1b = dcerpc.ctx_list()
867 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
868 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
869 ctx1b.transfer_syntaxes = tsf1b_list
872 req = self.generate_alter(call_id=1, ctx_list=[ctx1b])
874 rep = self.recv_pdu()
875 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
877 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
878 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
879 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
880 self.assertEquals(rep.u.secondary_address_size, 0)
881 self.assertEquals(len(rep.u._pad1), 2)
882 #self.assertEquals(rep.u._pad1, '\0' * 2)
883 self.assertEquals(rep.u.num_results, 1)
884 self.assertEquals(rep.u.ctx_list[0].result,
885 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
886 self.assertEquals(rep.u.ctx_list[0].reason,
887 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
888 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
889 self.assertEquals(rep.u.auth_info, '\0' * 0)
891 req = self.generate_request(call_id = 2,
892 context_id=ctx1a.context_id,
896 rep = self.recv_pdu()
897 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
898 pfc_flags=req.pfc_flags |
899 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
901 self.assertNotEquals(rep.u.alloc_hint, 0)
902 self.assertEquals(rep.u.context_id, ctx1a.context_id)
903 self.assertEquals(rep.u.cancel_count, 0)
904 self.assertEquals(rep.u.flags, 0)
905 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_OP_RNG_ERROR)
906 self.assertEquals(rep.u.reserved, 0)
907 self.assertEquals(len(rep.u.error_and_verifier), 0)
909 def test_no_auth_presentation_ctx_no_ndr64(self):
910 ndr32 = base.transfer_syntax_ndr()
911 zero_syntax = misc.ndr_syntax_id()
913 tsfZ_list = [zero_syntax]
914 ctxZ = dcerpc.ctx_list()
915 ctxZ.context_id = 54321
916 ctxZ.num_transfer_syntaxes = len(tsfZ_list)
917 ctxZ.abstract_syntax = zero_syntax
918 ctxZ.transfer_syntaxes = tsfZ_list
920 req = self.generate_bind(call_id=0, ctx_list=[ctxZ])
922 rep = self.recv_pdu()
923 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
925 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
926 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
927 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
928 self.assertEquals(rep.u.secondary_address_size, 4)
929 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
930 self.assertEquals(len(rep.u._pad1), 2)
931 self.assertEquals(rep.u._pad1, '\0' * 2)
932 self.assertEquals(rep.u.num_results, 1)
933 self.assertEquals(rep.u.ctx_list[0].result,
934 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
935 self.assertEquals(rep.u.ctx_list[0].reason,
936 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
937 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
938 self.assertEquals(rep.u.auth_info, '\0' * 0)
941 ctx0 = dcerpc.ctx_list()
943 ctx0.num_transfer_syntaxes = len(tsf0_list)
944 ctx0.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
945 ctx0.transfer_syntaxes = tsf0_list
947 req = self.generate_alter(call_id=0, ctx_list=[ctx0])
949 rep = self.recv_pdu()
950 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
952 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
953 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
954 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
955 self.assertEquals(rep.u.secondary_address_size, 0)
956 self.assertEquals(len(rep.u._pad1), 2)
957 #self.assertEquals(rep.u._pad1, '\0' * 2)
958 self.assertEquals(rep.u.num_results, 1)
959 self.assertEquals(rep.u.ctx_list[0].result,
960 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
961 self.assertEquals(rep.u.ctx_list[0].reason,
962 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
963 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
964 self.assertEquals(rep.u.auth_info, '\0' * 0)
966 req = self.generate_request(call_id = 1,
967 context_id=ctx0.context_id,
971 rep = self.recv_pdu()
972 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
974 self.assertNotEquals(rep.u.alloc_hint, 0)
975 self.assertEquals(rep.u.context_id, req.u.context_id)
976 self.assertEquals(rep.u.cancel_count, 0)
977 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
979 tsf1_list = [zero_syntax,ndr32]
980 ctx1 = dcerpc.ctx_list()
982 ctx1.num_transfer_syntaxes = len(tsf1_list)
983 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
984 ctx1.transfer_syntaxes = tsf1_list
986 req = self.generate_alter(call_id=1, ctx_list=[ctx1])
988 rep = self.recv_pdu()
989 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
991 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
992 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
993 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
994 self.assertEquals(rep.u.secondary_address_size, 0)
995 self.assertEquals(len(rep.u._pad1), 2)
996 #self.assertEquals(rep.u._pad1, '\0' * 2)
997 self.assertEquals(rep.u.num_results, 1)
998 self.assertEquals(rep.u.ctx_list[0].result,
999 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1000 self.assertEquals(rep.u.ctx_list[0].reason,
1001 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1002 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1003 self.assertEquals(rep.u.auth_info, '\0' * 0)
1005 req = self.generate_request(call_id = 1,
1006 context_id=ctx1.context_id,
1010 rep = self.recv_pdu()
1011 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1013 self.assertNotEquals(rep.u.alloc_hint, 0)
1014 self.assertEquals(rep.u.context_id, req.u.context_id)
1015 self.assertEquals(rep.u.cancel_count, 0)
1016 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1018 tsf2_list = [ndr32,ndr32]
1019 ctx2 = dcerpc.ctx_list()
1021 ctx2.num_transfer_syntaxes = len(tsf2_list)
1022 ctx2.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1023 ctx2.transfer_syntaxes = tsf2_list
1025 req = self.generate_alter(call_id=2, ctx_list=[ctx2])
1027 rep = self.recv_pdu()
1028 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1030 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1031 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1032 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1033 self.assertEquals(rep.u.secondary_address_size, 0)
1034 self.assertEquals(len(rep.u._pad1), 2)
1035 #self.assertEquals(rep.u._pad1, '\0' * 2)
1036 self.assertEquals(rep.u.num_results, 1)
1037 self.assertEquals(rep.u.ctx_list[0].result,
1038 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1039 self.assertEquals(rep.u.ctx_list[0].reason,
1040 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1041 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1042 self.assertEquals(rep.u.auth_info, '\0' * 0)
1044 req = self.generate_request(call_id = 1,
1045 context_id=ctx2.context_id,
1049 rep = self.recv_pdu()
1050 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1052 self.assertNotEquals(rep.u.alloc_hint, 0)
1053 self.assertEquals(rep.u.context_id, req.u.context_id)
1054 self.assertEquals(rep.u.cancel_count, 0)
1055 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1058 ctx3 = dcerpc.ctx_list()
1060 ctx3.num_transfer_syntaxes = len(tsf3_list)
1061 ctx3.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1062 ctx3.transfer_syntaxes = tsf3_list
1065 ctx4 = dcerpc.ctx_list()
1067 ctx4.num_transfer_syntaxes = len(tsf4_list)
1068 ctx4.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1069 ctx4.transfer_syntaxes = tsf4_list
1071 req = self.generate_alter(call_id=34, ctx_list=[ctx3,ctx4])
1073 rep = self.recv_pdu()
1074 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1076 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1077 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1078 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1079 self.assertEquals(rep.u.secondary_address_size, 0)
1080 self.assertEquals(len(rep.u._pad1), 2)
1081 #self.assertEquals(rep.u._pad1, '\0' * 2)
1082 self.assertEquals(rep.u.num_results, 2)
1083 self.assertEquals(rep.u.ctx_list[0].result,
1084 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1085 self.assertEquals(rep.u.ctx_list[0].reason,
1086 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1087 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1088 self.assertEquals(rep.u.ctx_list[1].result,
1089 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1090 self.assertEquals(rep.u.ctx_list[1].reason,
1091 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1092 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1093 self.assertEquals(rep.u.auth_info, '\0' * 0)
1095 req = self.generate_request(call_id = 1,
1096 context_id=ctx3.context_id,
1100 rep = self.recv_pdu()
1101 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1103 self.assertNotEquals(rep.u.alloc_hint, 0)
1104 self.assertEquals(rep.u.context_id, req.u.context_id)
1105 self.assertEquals(rep.u.cancel_count, 0)
1106 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1108 req = self.generate_alter(call_id=43, ctx_list=[ctx4,ctx3])
1110 rep = self.recv_pdu()
1111 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1113 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1114 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1115 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1116 self.assertEquals(rep.u.secondary_address_size, 0)
1117 self.assertEquals(len(rep.u._pad1), 2)
1118 #self.assertEquals(rep.u._pad1, '\0' * 2)
1119 self.assertEquals(rep.u.num_results, 2)
1120 self.assertEquals(rep.u.ctx_list[0].result,
1121 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1122 self.assertEquals(rep.u.ctx_list[0].reason,
1123 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1124 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1125 self.assertEquals(rep.u.ctx_list[1].result,
1126 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1127 self.assertEquals(rep.u.ctx_list[1].reason,
1128 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1129 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1130 self.assertEquals(rep.u.auth_info, '\0' * 0)
1132 req = self.generate_request(call_id = 1,
1133 context_id=ctx4.context_id,
1137 rep = self.recv_pdu()
1138 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1140 self.assertNotEquals(rep.u.alloc_hint, 0)
1141 self.assertEquals(rep.u.context_id, req.u.context_id)
1142 self.assertEquals(rep.u.cancel_count, 0)
1143 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1145 req = self.generate_request(call_id = 1,
1146 context_id=ctx3.context_id,
1150 rep = self.recv_pdu()
1151 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1153 self.assertNotEquals(rep.u.alloc_hint, 0)
1154 self.assertEquals(rep.u.context_id, req.u.context_id)
1155 self.assertEquals(rep.u.cancel_count, 0)
1156 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1158 req = self.generate_alter(call_id=44, ctx_list=[ctx4,ctx4])
1160 rep = self.recv_pdu()
1161 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1163 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1164 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1165 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1166 self.assertEquals(rep.u.secondary_address_size, 0)
1167 self.assertEquals(len(rep.u._pad1), 2)
1168 #self.assertEquals(rep.u._pad1, '\0' * 2)
1169 self.assertEquals(rep.u.num_results, 2)
1170 self.assertEquals(rep.u.ctx_list[0].result,
1171 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1172 self.assertEquals(rep.u.ctx_list[0].reason,
1173 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1174 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1175 self.assertEquals(rep.u.ctx_list[1].result,
1176 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1177 self.assertEquals(rep.u.ctx_list[1].reason,
1178 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1179 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1180 self.assertEquals(rep.u.auth_info, '\0' * 0)
1182 req = self.generate_request(call_id = 1,
1183 context_id=ctx4.context_id,
1187 rep = self.recv_pdu()
1188 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1190 self.assertNotEquals(rep.u.alloc_hint, 0)
1191 self.assertEquals(rep.u.context_id, req.u.context_id)
1192 self.assertEquals(rep.u.cancel_count, 0)
1193 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1195 req = self.generate_request(call_id = 1,
1196 context_id=ctx3.context_id,
1200 rep = self.recv_pdu()
1201 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1203 self.assertNotEquals(rep.u.alloc_hint, 0)
1204 self.assertEquals(rep.u.context_id, req.u.context_id)
1205 self.assertEquals(rep.u.cancel_count, 0)
1206 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1208 tsf5mgmt_list = [ndr32]
1209 ctx5mgmt = dcerpc.ctx_list()
1210 ctx5mgmt.context_id = 5
1211 ctx5mgmt.num_transfer_syntaxes = len(tsf5mgmt_list)
1212 ctx5mgmt.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1213 ctx5mgmt.transfer_syntaxes = tsf5mgmt_list
1215 tsf5epm_list = [ndr32]
1216 ctx5epm = dcerpc.ctx_list()
1217 ctx5epm.context_id = 5
1218 ctx5epm.num_transfer_syntaxes = len(tsf5epm_list)
1219 ctx5epm.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1220 ctx5epm.transfer_syntaxes = tsf5epm_list
1222 req = self.generate_alter(call_id=55, ctx_list=[ctx5mgmt,ctx5epm])
1224 rep = self.recv_pdu()
1225 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1227 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1228 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1229 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1230 self.assertEquals(rep.u.secondary_address_size, 0)
1231 self.assertEquals(len(rep.u._pad1), 2)
1232 #self.assertEquals(rep.u._pad1, '\0' * 2)
1233 self.assertEquals(rep.u.num_results, 2)
1234 self.assertEquals(rep.u.ctx_list[0].result,
1235 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1236 self.assertEquals(rep.u.ctx_list[0].reason,
1237 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1238 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1239 self.assertEquals(rep.u.ctx_list[1].result,
1240 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1241 self.assertEquals(rep.u.ctx_list[1].reason,
1242 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1243 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1244 self.assertEquals(rep.u.auth_info, '\0' * 0)
1246 req = self.generate_request(call_id = 1,
1247 context_id=ctx5mgmt.context_id,
1251 rep = self.recv_pdu()
1252 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1254 self.assertNotEquals(rep.u.alloc_hint, 0)
1255 self.assertEquals(rep.u.context_id, req.u.context_id)
1256 self.assertEquals(rep.u.cancel_count, 0)
1257 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1259 req = self.generate_alter(call_id=55, ctx_list=[ctx5mgmt,ctx5epm])
1261 rep = self.recv_pdu()
1262 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1264 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1265 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1266 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1267 self.assertEquals(rep.u.secondary_address_size, 0)
1268 self.assertEquals(len(rep.u._pad1), 2)
1269 #self.assertEquals(rep.u._pad1, '\0' * 2)
1270 self.assertEquals(rep.u.num_results, 2)
1271 self.assertEquals(rep.u.ctx_list[0].result,
1272 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1273 self.assertEquals(rep.u.ctx_list[0].reason,
1274 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1275 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1276 self.assertEquals(rep.u.ctx_list[1].result,
1277 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1278 self.assertEquals(rep.u.ctx_list[1].reason,
1279 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1280 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1281 self.assertEquals(rep.u.auth_info, '\0' * 0)
1283 req = self.generate_request(call_id = 1,
1284 context_id=ctx5mgmt.context_id,
1288 rep = self.recv_pdu()
1289 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1291 self.assertNotEquals(rep.u.alloc_hint, 0)
1292 self.assertEquals(rep.u.context_id, req.u.context_id)
1293 self.assertEquals(rep.u.cancel_count, 0)
1294 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1296 def test_no_auth_bind_time_none_simple(self):
1298 btf = base.bind_time_features_syntax(features)
1300 zero_syntax = misc.ndr_syntax_id()
1303 ctx1 = dcerpc.ctx_list()
1305 ctx1.num_transfer_syntaxes = len(tsf1_list)
1306 ctx1.abstract_syntax = zero_syntax
1307 ctx1.transfer_syntaxes = tsf1_list
1309 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1311 rep = self.recv_pdu()
1312 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1314 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1315 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1316 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1317 self.assertEquals(rep.u.secondary_address_size, 4)
1318 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1319 self.assertEquals(len(rep.u._pad1), 2)
1320 self.assertEquals(rep.u._pad1, '\0' * 2)
1321 self.assertEquals(rep.u.num_results, 1)
1322 self.assertEquals(rep.u.ctx_list[0].result,
1323 dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1324 self.assertEquals(rep.u.ctx_list[0].reason, features)
1325 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1326 self.assertEquals(rep.u.auth_info, '\0' * 0)
1328 def test_no_auth_bind_time_none_ignore_additional(self):
1330 btf1 = base.bind_time_features_syntax(features1)
1332 features2 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1333 features2 |= dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1334 btf2 = base.bind_time_features_syntax(features2)
1336 zero_syntax = misc.ndr_syntax_id()
1337 ndr64 = base.transfer_syntax_ndr64()
1339 tsf1_list = [btf1,btf2,zero_syntax]
1340 ctx1 = dcerpc.ctx_list()
1342 ctx1.num_transfer_syntaxes = len(tsf1_list)
1343 ctx1.abstract_syntax = ndr64
1344 ctx1.transfer_syntaxes = tsf1_list
1346 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1348 rep = self.recv_pdu()
1349 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1351 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1352 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1353 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1354 self.assertEquals(rep.u.secondary_address_size, 4)
1355 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1356 self.assertEquals(len(rep.u._pad1), 2)
1357 self.assertEquals(rep.u._pad1, '\0' * 2)
1358 self.assertEquals(rep.u.num_results, 1)
1359 self.assertEquals(rep.u.ctx_list[0].result,
1360 dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1361 self.assertEquals(rep.u.ctx_list[0].reason, features1)
1362 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1363 self.assertEquals(rep.u.auth_info, '\0' * 0)
1365 def test_no_auth_bind_time_only_first(self):
1366 features1 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1367 btf1 = base.bind_time_features_syntax(features1)
1369 features2 = dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1370 btf2 = base.bind_time_features_syntax(features2)
1372 zero_syntax = misc.ndr_syntax_id()
1374 tsf1_list = [zero_syntax,btf1,btf2,zero_syntax]
1375 ctx1 = dcerpc.ctx_list()
1377 ctx1.num_transfer_syntaxes = len(tsf1_list)
1378 ctx1.abstract_syntax = zero_syntax
1379 ctx1.transfer_syntaxes = tsf1_list
1381 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1383 rep = self.recv_pdu()
1384 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1386 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1387 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1388 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1389 self.assertEquals(rep.u.secondary_address_size, 4)
1390 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1391 self.assertEquals(len(rep.u._pad1), 2)
1392 self.assertEquals(rep.u._pad1, '\0' * 2)
1393 self.assertEquals(rep.u.num_results, 1)
1394 self.assertEquals(rep.u.ctx_list[0].result,
1395 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1396 self.assertEquals(rep.u.ctx_list[0].reason,
1397 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
1398 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1399 self.assertEquals(rep.u.auth_info, '\0' * 0)
1401 def test_no_auth_bind_time_twice(self):
1402 features1 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1403 btf1 = base.bind_time_features_syntax(features1)
1405 features2 = dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1406 btf2 = base.bind_time_features_syntax(features2)
1408 zero_syntax = misc.ndr_syntax_id()
1411 ctx1 = dcerpc.ctx_list()
1413 ctx1.num_transfer_syntaxes = len(tsf1_list)
1414 ctx1.abstract_syntax = zero_syntax
1415 ctx1.transfer_syntaxes = tsf1_list
1418 ctx2 = dcerpc.ctx_list()
1420 ctx2.num_transfer_syntaxes = len(tsf2_list)
1421 ctx2.abstract_syntax = zero_syntax
1422 ctx2.transfer_syntaxes = tsf2_list
1424 req = self.generate_bind(call_id=0, ctx_list=[ctx1,ctx2])
1426 rep = self.recv_pdu()
1427 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
1429 self.assertEquals(rep.u.reject_reason,
1430 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1431 self.assertEquals(rep.u.num_versions, 1)
1432 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
1433 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
1434 self.assertEquals(len(rep.u._pad), 3)
1435 self.assertEquals(rep.u._pad, '\0' * 3)
1437 # wait for a disconnect
1438 rep = self.recv_pdu()
1439 self.assertIsNone(rep)
1440 self.assertNotConnected()
1442 def test_no_auth_bind_time_keep_on_orphan_simple(self):
1443 features = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1444 btf = base.bind_time_features_syntax(features)
1446 zero_syntax = misc.ndr_syntax_id()
1449 ctx1 = dcerpc.ctx_list()
1451 ctx1.num_transfer_syntaxes = len(tsf1_list)
1452 ctx1.abstract_syntax = zero_syntax
1453 ctx1.transfer_syntaxes = tsf1_list
1455 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1457 rep = self.recv_pdu()
1458 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1460 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1461 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1462 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1463 self.assertEquals(rep.u.secondary_address_size, 4)
1464 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1465 self.assertEquals(len(rep.u._pad1), 2)
1466 self.assertEquals(rep.u._pad1, '\0' * 2)
1467 self.assertEquals(rep.u.num_results, 1)
1468 self.assertEquals(rep.u.ctx_list[0].result,
1469 dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1470 self.assertEquals(rep.u.ctx_list[0].reason, features)
1471 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1472 self.assertEquals(rep.u.auth_info, '\0' * 0)
1474 def test_no_auth_bind_time_keep_on_orphan_ignore_additional(self):
1475 features1 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1476 btf1 = base.bind_time_features_syntax(features1)
1478 features2 = dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1479 btf2 = base.bind_time_features_syntax(features2)
1481 zero_syntax = misc.ndr_syntax_id()
1482 ndr64 = base.transfer_syntax_ndr64()
1484 tsf1_list = [btf1,btf2,zero_syntax]
1485 ctx1 = dcerpc.ctx_list()
1487 ctx1.num_transfer_syntaxes = len(tsf1_list)
1488 ctx1.abstract_syntax = ndr64
1489 ctx1.transfer_syntaxes = tsf1_list
1491 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1493 rep = self.recv_pdu()
1494 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1496 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1497 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1498 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1499 self.assertEquals(rep.u.secondary_address_size, 4)
1500 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1501 self.assertEquals(len(rep.u._pad1), 2)
1502 self.assertEquals(rep.u._pad1, '\0' * 2)
1503 self.assertEquals(rep.u.num_results, 1)
1504 self.assertEquals(rep.u.ctx_list[0].result,
1505 dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1506 self.assertEquals(rep.u.ctx_list[0].reason, features1)
1507 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1508 self.assertEquals(rep.u.auth_info, '\0' * 0)
1510 def _test_auth_type_level_bind_nak(self, auth_type, auth_level, creds=None,
1511 reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_AUTH_TYPE):
1512 ndr32 = base.transfer_syntax_ndr()
1515 ctx1 = dcerpc.ctx_list()
1517 ctx1.num_transfer_syntaxes = len(tsf1_list)
1518 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1519 ctx1.transfer_syntaxes = tsf1_list
1524 if creds is not None:
1525 # We always start with DCERPC_AUTH_LEVEL_INTEGRITY
1526 auth_context = self.get_auth_context_creds(creds,
1527 auth_type=auth_type,
1528 auth_level=auth_level,
1529 auth_context_id=auth_context_id,
1530 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
1532 (finished, to_server) = auth_context["gensec"].update(from_server)
1533 self.assertFalse(finished)
1535 auth_info = self.generate_auth(auth_type=auth_context["auth_type"],
1536 auth_level=auth_context["auth_level"],
1537 auth_context_id=auth_context["auth_context_id"],
1538 auth_blob=to_server)
1541 auth_info = self.generate_auth(auth_type=auth_type,
1542 auth_level=auth_level,
1543 auth_context_id=auth_context_id,
1544 auth_blob=to_server)
1546 req = self.generate_bind(call_id=0,
1548 auth_info=auth_info)
1550 rep = self.recv_pdu()
1551 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
1553 self.assertEquals(rep.u.reject_reason, reason)
1554 self.assertEquals(rep.u.num_versions, 1)
1555 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
1556 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
1557 self.assertEquals(len(rep.u._pad), 3)
1558 self.assertEquals(rep.u._pad, '\0' * 3)
1560 # wait for a disconnect
1561 rep = self.recv_pdu()
1562 self.assertIsNone(rep)
1563 self.assertNotConnected()
1565 def _test_auth_none_level_bind(self, auth_level,
1566 reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_AUTH_TYPE):
1567 return self._test_auth_type_level_bind_nak(auth_type=dcerpc.DCERPC_AUTH_LEVEL_NONE,
1568 auth_level=auth_level, reason=reason)
1570 def test_auth_none_none_bind(self):
1571 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_NONE,
1572 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1574 def test_auth_none_connect_bind(self):
1575 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_CONNECT)
1577 def test_auth_none_call_bind(self):
1578 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_CALL)
1580 def test_auth_none_packet_bind(self):
1581 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_PACKET)
1583 def test_auth_none_integrity_bind(self):
1584 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
1586 def test_auth_none_privacy_bind(self):
1587 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_PRIVACY)
1589 def test_auth_none_0_bind(self):
1590 return self._test_auth_none_level_bind(0,
1591 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1593 def test_auth_none_7_bind(self):
1594 return self._test_auth_none_level_bind(7,
1595 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1597 def test_auth_none_255_bind(self):
1598 return self._test_auth_none_level_bind(255,
1599 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1601 def _test_auth_none_level_request(self, auth_level):
1602 ndr32 = base.transfer_syntax_ndr()
1605 ctx1 = dcerpc.ctx_list()
1607 ctx1.num_transfer_syntaxes = len(tsf1_list)
1608 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1609 ctx1.transfer_syntaxes = tsf1_list
1612 auth_type = dcerpc.DCERPC_AUTH_TYPE_NONE
1615 req = self.generate_bind(call_id=0,
1619 rep = self.recv_pdu()
1620 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
1621 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1622 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1623 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1624 self.assertEquals(rep.u.secondary_address_size, 4)
1625 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1626 self.assertEquals(len(rep.u._pad1), 2)
1627 self.assertEquals(rep.u._pad1, '\0' * 2)
1628 self.assertEquals(rep.u.num_results, 1)
1629 self.assertEquals(rep.u.ctx_list[0].result,
1630 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1631 self.assertEquals(rep.u.ctx_list[0].reason,
1632 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1633 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1634 self.assertEquals(len(rep.u.auth_info), 0)
1636 # And now try a request without auth_info
1637 req = self.generate_request(call_id = 2,
1638 context_id=ctx1.context_id,
1642 rep = self.recv_pdu()
1643 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1645 self.assertNotEquals(rep.u.alloc_hint, 0)
1646 self.assertEquals(rep.u.context_id, req.u.context_id)
1647 self.assertEquals(rep.u.cancel_count, 0)
1648 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1650 auth_info = self.generate_auth(auth_type=auth_type,
1651 auth_level=auth_level,
1652 auth_context_id=auth_context_id,
1655 req = self.generate_request(call_id = 3,
1656 context_id=ctx1.context_id,
1659 auth_info=auth_info)
1661 rep = self.recv_pdu()
1662 # We get a fault back
1663 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
1665 self.assertNotEquals(rep.u.alloc_hint, 0)
1666 self.assertEquals(rep.u.context_id, req.u.context_id)
1667 self.assertEquals(rep.u.cancel_count, 0)
1668 self.assertEquals(rep.u.flags, 0)
1669 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
1670 self.assertEquals(rep.u.reserved, 0)
1671 self.assertEquals(len(rep.u.error_and_verifier), 0)
1673 # wait for a disconnect
1674 rep = self.recv_pdu()
1675 self.assertIsNone(rep)
1676 self.assertNotConnected()
1678 def test_auth_none_none_request(self):
1679 return self._test_auth_none_level_request(dcerpc.DCERPC_AUTH_LEVEL_NONE)
1681 def test_auth_none_connect_request(self):
1682 return self._test_auth_none_level_request(dcerpc.DCERPC_AUTH_LEVEL_CONNECT)
1684 def test_auth_none_call_request(self):
1685 return self._test_auth_none_level_request(dcerpc.DCERPC_AUTH_LEVEL_CALL)
1687 def _test_neg_xmit_check_values(self,
1693 ndr32 = base.transfer_syntax_ndr()
1696 ctx1 = dcerpc.ctx_list()
1698 ctx1.num_transfer_syntaxes = len(tsf1_list)
1699 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1700 ctx1.transfer_syntaxes = tsf1_list
1702 req = self.generate_bind(call_id=0,
1703 max_xmit_frag=req_xmit,
1704 max_recv_frag=req_recv,
1707 rep = self.recv_pdu()
1708 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1710 self.assertEquals(rep.u.max_xmit_frag, rep_both)
1711 self.assertEquals(rep.u.max_recv_frag, rep_both)
1712 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1713 self.assertEquals(rep.u.secondary_address_size, 4)
1714 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1715 self.assertEquals(len(rep.u._pad1), 2)
1716 self.assertEquals(rep.u._pad1, '\0' * 2)
1717 self.assertEquals(rep.u.num_results, 1)
1718 self.assertEquals(rep.u.ctx_list[0].result,
1719 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1720 self.assertEquals(rep.u.ctx_list[0].reason,
1721 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1722 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1723 self.assertEquals(rep.u.auth_info, '\0' * 0)
1725 assoc_group_id = rep.u.assoc_group_id
1726 if alter_xmit is None:
1727 alter_xmit = rep_both - 8
1728 if alter_recv is None:
1729 alter_recv = rep_both - 8
1731 # max_{xmit,recv}_frag and assoc_group_id are completely
1732 # ignored in alter_context requests
1733 req = self.generate_alter(call_id=1,
1734 max_xmit_frag=alter_xmit,
1735 max_recv_frag=alter_recv,
1736 assoc_group_id=0xffffffff-rep.u.assoc_group_id,
1739 rep = self.recv_pdu()
1740 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1742 self.assertEquals(rep.u.max_xmit_frag, rep_both)
1743 self.assertEquals(rep.u.max_recv_frag, rep_both)
1744 self.assertEquals(rep.u.assoc_group_id, rep.u.assoc_group_id)
1745 self.assertEquals(rep.u.secondary_address_size, 0)
1746 self.assertEquals(len(rep.u._pad1), 2)
1747 #self.assertEquals(rep.u._pad1, '\0' * 2)
1748 self.assertEquals(rep.u.num_results, 1)
1749 self.assertEquals(rep.u.ctx_list[0].result,
1750 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1751 self.assertEquals(rep.u.ctx_list[0].reason,
1752 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1753 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1754 self.assertEquals(rep.u.auth_info, '\0' * 0)
1756 chunk_size = rep_both - dcerpc.DCERPC_REQUEST_LENGTH
1757 req = self.generate_request(call_id = 2,
1758 context_id=ctx1.context_id,
1760 alloc_hint=0xffffffff,
1761 stub="\00" * chunk_size)
1762 self.send_pdu(req,ndr_print=True,hexdump=True)
1763 rep = self.recv_pdu(ndr_print=True,hexdump=True)
1764 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1766 self.assertNotEquals(rep.u.alloc_hint, 0)
1767 self.assertEquals(rep.u.context_id, req.u.context_id)
1768 self.assertEquals(rep.u.cancel_count, 0)
1769 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1771 chunk_size = 5840 - dcerpc.DCERPC_REQUEST_LENGTH
1772 req = self.generate_request(call_id = 2,
1773 context_id=ctx1.context_id,
1775 alloc_hint=0xffffffff,
1776 stub="\00" * chunk_size)
1778 rep = self.recv_pdu()
1779 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1781 self.assertNotEquals(rep.u.alloc_hint, 0)
1782 self.assertEquals(rep.u.context_id, req.u.context_id)
1783 self.assertEquals(rep.u.cancel_count, 0)
1784 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1787 req = self.generate_request(call_id = 3,
1788 context_id=ctx1.context_id,
1790 alloc_hint=0xffffffff,
1791 stub="\00" * chunk_size)
1793 rep = self.recv_pdu()
1795 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
1797 self.assertNotEquals(rep.u.alloc_hint, 0)
1798 self.assertEquals(rep.u.context_id, 0)
1799 self.assertEquals(rep.u.cancel_count, 0)
1800 self.assertEquals(rep.u.flags, 0)
1801 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
1802 self.assertEquals(rep.u.reserved, 0)
1803 self.assertEquals(len(rep.u.error_and_verifier), 0)
1805 # wait for a disconnect
1806 rep = self.recv_pdu()
1807 self.assertIsNone(rep)
1808 self.assertNotConnected()
1810 def test_neg_xmit_ffff_ffff(self):
1811 return self._test_neg_xmit_check_values(req_xmit=0xffff,
1815 def test_neg_xmit_0_ffff(self):
1816 return self._test_neg_xmit_check_values(req_xmit=0,
1822 def test_neg_xmit_ffff_0(self):
1823 return self._test_neg_xmit_check_values(req_xmit=0xffff,
1827 def test_neg_xmit_0_0(self):
1828 return self._test_neg_xmit_check_values(req_xmit=0,
1834 def test_neg_xmit_3199_0(self):
1835 return self._test_neg_xmit_check_values(req_xmit=3199,
1838 def test_neg_xmit_0_3199(self):
1839 return self._test_neg_xmit_check_values(req_xmit=0,
1843 def test_neg_xmit_3199_ffff(self):
1844 return self._test_neg_xmit_check_values(req_xmit=3199,
1847 def test_neg_xmit_ffff_3199(self):
1848 return self._test_neg_xmit_check_values(req_xmit=0xffff,
1852 def test_alloc_hint(self):
1853 ndr32 = base.transfer_syntax_ndr()
1856 ctx = dcerpc.ctx_list()
1858 ctx.num_transfer_syntaxes = len(tsf1_list)
1859 ctx.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1860 ctx.transfer_syntaxes = tsf1_list
1862 req = self.generate_bind(call_id=0,
1865 rep = self.recv_pdu()
1866 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1868 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1869 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1870 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1871 self.assertEquals(rep.u.secondary_address_size, 4)
1872 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1873 self.assertEquals(len(rep.u._pad1), 2)
1874 self.assertEquals(rep.u._pad1, '\0' * 2)
1875 self.assertEquals(rep.u.num_results, 1)
1876 self.assertEquals(rep.u.ctx_list[0].result,
1877 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1878 self.assertEquals(rep.u.ctx_list[0].reason,
1879 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1880 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1881 self.assertEquals(rep.u.auth_info, '\0' * 0)
1883 # And now try a request without auth_info
1884 req = self.generate_request(call_id = 2,
1885 context_id=ctx.context_id,
1887 alloc_hint=0xffffffff,
1890 rep = self.recv_pdu()
1891 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1893 self.assertNotEquals(rep.u.alloc_hint, 0)
1894 self.assertEquals(rep.u.context_id, req.u.context_id)
1895 self.assertEquals(rep.u.cancel_count, 0)
1896 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1898 req = self.generate_request(call_id = 3,
1899 context_id=ctx.context_id,
1901 alloc_hint=0xffffffff,
1902 stub="\04\00\00\00\00\00\00\00")
1904 rep = self.recv_pdu()
1905 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1907 self.assertNotEquals(rep.u.alloc_hint, 0)
1908 self.assertEquals(rep.u.context_id, req.u.context_id)
1909 self.assertEquals(rep.u.cancel_count, 0)
1910 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1912 req = self.generate_request(call_id = 4,
1913 context_id=ctx.context_id,
1916 stub="\04\00\00\00\00\00\00\00")
1918 rep = self.recv_pdu()
1919 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1921 self.assertNotEquals(rep.u.alloc_hint, 0)
1922 self.assertEquals(rep.u.context_id, req.u.context_id)
1923 self.assertEquals(rep.u.cancel_count, 0)
1924 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1926 def _get_netlogon_ctx(self):
1927 abstract = samba.dcerpc.netlogon.abstract_syntax()
1928 ndr32 = base.transfer_syntax_ndr()
1930 (ctx, ack) = self.prepare_presentation(abstract, ndr32, context_id=0,
1931 epmap=True, return_ack=True)
1933 server = '\\\\' + self.target_hostname
1934 server_utf16 = unicode(server, 'utf-8').encode('utf-16-le')
1935 computer = 'UNKNOWNCOMPUTER'
1936 computer_utf16 = unicode(computer, 'utf-8').encode('utf-16-le')
1938 real_stub = struct.pack('<IIII', 0x00200000,
1939 len(server)+1, 0, len(server)+1)
1940 real_stub += server_utf16 + '\x00\x00'
1941 mod_len = len(real_stub) % 4
1943 real_stub += '\x00' * (4 - mod_len)
1944 real_stub += struct.pack('<III',
1945 len(computer)+1, 0, len(computer)+1)
1946 real_stub += computer_utf16 + '\x00\x00'
1947 real_stub += '\x11\x22\x33\x44\x55\x66\x77\x88'
1949 return (ctx, ack, real_stub)
1951 def _test_fragmented_requests(self, remaining=None, alloc_hint=None,
1952 fault_first=None, fault_last=None):
1953 (ctx, rep, real_stub) = self._get_netlogon_ctx()
1955 chunk = rep.u.max_recv_frag - dcerpc.DCERPC_REQUEST_LENGTH
1959 while remaining > 0:
1960 thistime = min(remaining, chunk)
1961 remaining -= thistime
1966 pfc_flags |= dcerpc.DCERPC_PFC_FLAG_FIRST
1968 stub = real_stub + '\x00' * (thistime - len(real_stub))
1970 stub = "\x00" * thistime
1973 pfc_flags |= dcerpc.DCERPC_PFC_FLAG_LAST
1975 # And now try a request without auth_info
1976 # netr_ServerReqChallenge()
1977 req = self.generate_request(call_id = 2,
1978 pfc_flags=pfc_flags,
1979 context_id=ctx.context_id,
1981 alloc_hint=alloc_hint,
1983 if alloc_hint >= thistime:
1984 alloc_hint -= thistime
1987 self.send_pdu(req,hexdump=False)
1988 if fault_first is not None:
1989 rep = self.recv_pdu()
1990 # We get a fault back
1991 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
1993 self.assertNotEquals(rep.u.alloc_hint, 0)
1994 self.assertEquals(rep.u.context_id, req.u.context_id)
1995 self.assertEquals(rep.u.cancel_count, 0)
1996 self.assertEquals(rep.u.flags, 0)
1997 self.assertEquals(rep.u.status, fault_first)
1998 self.assertEquals(rep.u.reserved, 0)
1999 self.assertEquals(len(rep.u.error_and_verifier), 0)
2001 # wait for a disconnect
2002 rep = self.recv_pdu()
2003 self.assertIsNone(rep)
2004 self.assertNotConnected()
2008 if total >= 0x400000 and fault_last is not None:
2009 rep = self.recv_pdu()
2010 # We get a fault back
2011 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2013 self.assertNotEquals(rep.u.alloc_hint, 0)
2014 self.assertEquals(rep.u.context_id, req.u.context_id)
2015 self.assertEquals(rep.u.cancel_count, 0)
2016 self.assertEquals(rep.u.flags, 0)
2017 self.assertEquals(rep.u.status, fault_last)
2018 self.assertEquals(rep.u.reserved, 0)
2019 self.assertEquals(len(rep.u.error_and_verifier), 0)
2021 # wait for a disconnect
2022 rep = self.recv_pdu()
2023 self.assertIsNone(rep)
2024 self.assertNotConnected()
2026 rep = self.recv_pdu(timeout=0.01)
2027 self.assertIsNone(rep)
2028 self.assertIsConnected()
2030 if total >= 0x400000 and fault_last is not None:
2031 rep = self.recv_pdu()
2032 # We get a fault back
2033 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2035 self.assertNotEquals(rep.u.alloc_hint, 0)
2036 self.assertEquals(rep.u.context_id, req.u.context_id)
2037 self.assertEquals(rep.u.cancel_count, 0)
2038 self.assertEquals(rep.u.flags, 0)
2039 self.assertEquals(rep.u.status, fault_last)
2040 self.assertEquals(rep.u.reserved, 0)
2041 self.assertEquals(len(rep.u.error_and_verifier), 0)
2043 # wait for a disconnect
2044 rep = self.recv_pdu()
2045 self.assertIsNone(rep)
2046 self.assertNotConnected()
2048 rep = self.recv_pdu()
2049 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2051 self.assertNotEquals(rep.u.alloc_hint, 0)
2052 self.assertEquals(rep.u.context_id, req.u.context_id)
2053 self.assertEquals(rep.u.cancel_count, 0)
2054 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2056 self.assertEquals(len(rep.u.stub_and_verifier), 12)
2057 status = struct.unpack_from("<I", rep.u.stub_and_verifier, len(rep.u.stub_and_verifier) - 4)
2058 self.assertEquals(status[0], 0)
2060 def test_fragmented_requests01(self):
2061 return self._test_fragmented_requests(remaining=0x400000,
2062 alloc_hint=0x400000)
2064 def test_fragmented_requests02(self):
2065 return self._test_fragmented_requests(remaining=0x400000,
2066 alloc_hint=0x100000)
2068 def test_fragmented_requests03(self):
2069 return self._test_fragmented_requests(remaining=0x400000,
2072 def test_fragmented_requests04(self):
2073 return self._test_fragmented_requests(remaining=0x400000,
2074 alloc_hint=0x400001,
2075 fault_first=dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2077 def test_fragmented_requests05(self):
2078 return self._test_fragmented_requests(remaining=0x500001,
2080 fault_last=dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2082 def _test_same_requests(self, pfc_flags, fault_1st=False, fault_2nd=False):
2083 (ctx, rep, real_stub) = self._get_netlogon_ctx()
2085 # netr_ServerReqChallenge with given flags
2086 req = self.generate_request(call_id = 2,
2087 pfc_flags=pfc_flags,
2088 context_id=ctx.context_id,
2093 rep = self.recv_pdu()
2094 # We get a fault back
2095 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2097 self.assertNotEquals(rep.u.alloc_hint, 0)
2098 self.assertEquals(rep.u.context_id, 0)
2099 self.assertEquals(rep.u.cancel_count, 0)
2100 self.assertEquals(rep.u.flags, 0)
2101 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2102 self.assertEquals(rep.u.reserved, 0)
2103 self.assertEquals(len(rep.u.error_and_verifier), 0)
2105 # wait for a disconnect
2106 rep = self.recv_pdu()
2107 self.assertIsNone(rep)
2108 self.assertNotConnected()
2110 rep = self.recv_pdu(timeout=0.1)
2111 self.assertIsNone(rep)
2112 self.assertIsConnected()
2114 # netr_ServerReqChallenge without DCERPC_PFC_FLAG_LAST
2115 # with the same call_id
2116 req = self.generate_request(call_id = 2,
2117 pfc_flags=pfc_flags,
2118 context_id=ctx.context_id,
2123 rep = self.recv_pdu()
2124 # We get a fault back
2125 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2127 self.assertNotEquals(rep.u.alloc_hint, 0)
2128 self.assertEquals(rep.u.context_id, req.u.context_id)
2129 self.assertEquals(rep.u.cancel_count, 0)
2130 self.assertEquals(rep.u.flags, 0)
2131 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2132 self.assertEquals(rep.u.reserved, 0)
2133 self.assertEquals(len(rep.u.error_and_verifier), 0)
2135 # wait for a disconnect
2136 rep = self.recv_pdu()
2137 self.assertIsNone(rep)
2138 self.assertNotConnected()
2141 rep = self.recv_pdu(timeout=0.1)
2142 self.assertIsNone(rep)
2143 self.assertIsConnected()
2145 def test_first_only_requests(self):
2146 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2149 def test_none_only_requests(self):
2150 return self._test_same_requests(pfc_flags=0, fault_1st=True)
2152 def test_last_only_requests(self):
2153 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2156 def test_first_maybe_requests(self):
2157 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2158 dcerpc.DCERPC_PFC_FLAG_MAYBE,
2161 def test_first_didnot_requests(self):
2162 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2163 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
2166 def test_first_cmpx_requests(self):
2167 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2168 dcerpc.DCERPC_PFC_FLAG_CONC_MPX,
2171 def test_first_08_requests(self):
2172 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2176 def test_first_cancel_requests(self):
2177 (ctx, rep, real_stub) = self._get_netlogon_ctx()
2179 # netr_ServerReqChallenge with given flags
2180 req = self.generate_request(call_id = 2,
2181 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2182 dcerpc.DCERPC_PFC_FLAG_PENDING_CANCEL,
2183 context_id=ctx.context_id,
2187 rep = self.recv_pdu()
2188 # We get a fault back
2189 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2190 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2191 dcerpc.DCERPC_PFC_FLAG_LAST |
2192 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
2194 self.assertNotEquals(rep.u.alloc_hint, 0)
2195 self.assertEquals(rep.u.context_id, 0)
2196 self.assertEquals(rep.u.cancel_count, 0)
2197 self.assertEquals(rep.u.flags, 0)
2198 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_NO_CALL_ACTIVE)
2199 self.assertEquals(rep.u.reserved, 0)
2200 self.assertEquals(len(rep.u.error_and_verifier), 0)
2202 # wait for a disconnect
2203 rep = self.recv_pdu()
2204 self.assertIsNone(rep)
2205 self.assertNotConnected()
2207 def test_2nd_cancel_requests(self):
2208 (ctx, rep, real_stub) = self._get_netlogon_ctx()
2210 # netr_ServerReqChallenge with given flags
2211 req = self.generate_request(call_id = 2,
2212 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2213 context_id=ctx.context_id,
2217 rep = self.recv_pdu(timeout=0.1)
2218 self.assertIsNone(rep)
2219 self.assertIsConnected()
2221 # netr_ServerReqChallenge with given flags
2222 req = self.generate_request(call_id = 2,
2223 pfc_flags=dcerpc.DCERPC_PFC_FLAG_PENDING_CANCEL,
2224 context_id=ctx.context_id,
2228 rep = self.recv_pdu(timeout=0.1)
2229 self.assertIsNone(rep)
2230 self.assertIsConnected()
2232 # netr_ServerReqChallenge with given flags
2233 req = self.generate_request(call_id = 2,
2234 pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2235 context_id=ctx.context_id,
2239 rep = self.recv_pdu()
2240 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2242 self.assertNotEquals(rep.u.alloc_hint, 0)
2243 self.assertEquals(rep.u.context_id, req.u.context_id)
2244 self.assertEquals(rep.u.cancel_count, 0)
2245 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2247 self.assertEquals(len(rep.u.stub_and_verifier), 12)
2248 status = struct.unpack_from("<I", rep.u.stub_and_verifier, len(rep.u.stub_and_verifier) - 4)
2249 self.assertEquals(status[0], 0)
2251 def test_last_cancel_requests(self):
2252 (ctx, rep, real_stub) = self._get_netlogon_ctx()
2254 # netr_ServerReqChallenge with given flags
2255 req = self.generate_request(call_id = 2,
2256 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2257 context_id=ctx.context_id,
2261 rep = self.recv_pdu(timeout=0.1)
2262 self.assertIsNone(rep)
2263 self.assertIsConnected()
2265 # netr_ServerReqChallenge with given flags
2266 req = self.generate_request(call_id = 2,
2267 pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST |
2268 dcerpc.DCERPC_PFC_FLAG_PENDING_CANCEL,
2269 context_id=ctx.context_id,
2273 rep = self.recv_pdu()
2274 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2276 self.assertNotEquals(rep.u.alloc_hint, 0)
2277 self.assertEquals(rep.u.context_id, req.u.context_id)
2278 self.assertEquals(rep.u.cancel_count, 0)
2279 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2281 self.assertEquals(len(rep.u.stub_and_verifier), 12)
2282 status = struct.unpack_from("<I", rep.u.stub_and_verifier, len(rep.u.stub_and_verifier) - 4)
2283 self.assertEquals(status[0], 0)
2285 def test_mix_requests(self):
2286 (ctx, rep, real_stub) = self._get_netlogon_ctx()
2288 # netr_ServerReqChallenge with given flags
2289 req = self.generate_request(call_id = 50,
2290 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2291 context_id=ctx.context_id,
2295 rep = self.recv_pdu(timeout=0.1)
2296 self.assertIsNone(rep)
2297 self.assertIsConnected()
2299 # netr_ServerReqChallenge with given flags
2300 req = self.generate_request(call_id = 51,
2301 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2302 context_id=ctx.context_id,
2306 rep = self.recv_pdu()
2307 # We get a fault back
2308 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, 50,
2309 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2310 dcerpc.DCERPC_PFC_FLAG_LAST,
2312 self.assertNotEquals(rep.u.alloc_hint, 0)
2313 self.assertEquals(rep.u.context_id, req.u.context_id)
2314 self.assertEquals(rep.u.cancel_count, 0)
2315 self.assertEquals(rep.u.flags, 0)
2316 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2317 self.assertEquals(rep.u.reserved, 0)
2318 self.assertEquals(len(rep.u.error_and_verifier), 0)
2320 def test_co_cancel_no_request(self):
2321 ndr32 = base.transfer_syntax_ndr()
2322 abstract = samba.dcerpc.mgmt.abstract_syntax()
2323 ctx = self.prepare_presentation(abstract, ndr32, context_id=0xff)
2325 req = self.generate_co_cancel(call_id = 3)
2327 rep = self.recv_pdu(timeout=0.01)
2328 self.assertIsNone(rep)
2329 self.assertIsConnected()
2331 # And now try a request
2332 req = self.generate_request(call_id = 1,
2333 context_id=ctx.context_id,
2337 rep = self.recv_pdu()
2338 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2340 self.assertNotEquals(rep.u.alloc_hint, 0)
2341 self.assertEquals(rep.u.context_id, req.u.context_id)
2342 self.assertEquals(rep.u.cancel_count, 0)
2343 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2345 def test_co_cancel_request_after_first(self):
2346 ndr32 = base.transfer_syntax_ndr()
2347 abstract = samba.dcerpc.mgmt.abstract_syntax()
2348 ctx = self.prepare_presentation(abstract, ndr32, context_id=0xff)
2350 req = self.generate_request(call_id = 1,
2351 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2352 context_id=ctx.context_id,
2356 rep = self.recv_pdu(timeout=0.01)
2357 self.assertIsNone(rep)
2358 self.assertIsConnected()
2360 req = self.generate_co_cancel(call_id = 1)
2362 rep = self.recv_pdu(timeout=0.01)
2363 self.assertIsNone(rep)
2364 self.assertIsConnected()
2366 req = self.generate_request(call_id = 1,
2367 pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2368 context_id=ctx.context_id,
2372 rep = self.recv_pdu()
2373 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2375 self.assertNotEquals(rep.u.alloc_hint, 0)
2376 self.assertEquals(rep.u.context_id, req.u.context_id)
2377 self.assertEquals(rep.u.cancel_count, 0)
2378 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2380 # And now try a request
2381 req = self.generate_request(call_id = 2,
2382 context_id=ctx.context_id,
2386 rep = self.recv_pdu()
2387 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2389 self.assertNotEquals(rep.u.alloc_hint, 0)
2390 self.assertEquals(rep.u.context_id, req.u.context_id)
2391 self.assertEquals(rep.u.cancel_count, 0)
2392 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2394 def test_orphaned_no_request(self):
2395 ndr32 = base.transfer_syntax_ndr()
2396 abstract = samba.dcerpc.mgmt.abstract_syntax()
2397 ctx = self.prepare_presentation(abstract, ndr32)
2399 req = self.generate_orphaned(call_id = 3)
2401 rep = self.recv_pdu(timeout=0.01)
2402 self.assertIsNone(rep)
2403 self.assertIsConnected()
2405 # And now try a request
2406 req = self.generate_request(call_id = 1,
2407 context_id=ctx.context_id,
2411 rep = self.recv_pdu()
2412 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2414 self.assertNotEquals(rep.u.alloc_hint, 0)
2415 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2416 self.assertEquals(rep.u.cancel_count, 0)
2417 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2419 def test_orphaned_request_after_first_last(self):
2420 ndr32 = base.transfer_syntax_ndr()
2421 abstract = samba.dcerpc.mgmt.abstract_syntax()
2422 ctx = self.prepare_presentation(abstract, ndr32)
2424 req = self.generate_request(call_id = 1,
2425 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2426 context_id=ctx.context_id,
2430 rep = self.recv_pdu(timeout=0.1)
2431 self.assertIsNone(rep)
2432 self.assertIsConnected()
2434 req = self.generate_orphaned(call_id = 1)
2436 rep = self.recv_pdu(timeout=0.1)
2437 self.assertIsNone(rep)
2438 self.assertIsConnected()
2440 req = self.generate_request(call_id = 1,
2441 pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2442 context_id=ctx.context_id,
2446 rep = self.recv_pdu()
2447 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2449 self.assertNotEquals(rep.u.alloc_hint, 0)
2450 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2451 self.assertEquals(rep.u.cancel_count, 0)
2452 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2454 # And now try a request
2455 req = self.generate_request(call_id = 2,
2456 context_id=ctx.context_id,
2460 rep = self.recv_pdu()
2461 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2463 self.assertNotEquals(rep.u.alloc_hint, 0)
2464 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2465 self.assertEquals(rep.u.cancel_count, 0)
2466 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2468 def test_orphaned_request_after_first_mpx_last(self):
2469 ndr32 = base.transfer_syntax_ndr()
2470 abstract = samba.dcerpc.mgmt.abstract_syntax()
2472 pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST
2473 pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST
2474 pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_CONC_MPX
2475 ctx = self.prepare_presentation(abstract, ndr32, pfc_flags=pfc_flags)
2477 req = self.generate_request(call_id = 1,
2478 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2479 context_id=ctx.context_id,
2483 rep = self.recv_pdu(timeout=0.1)
2484 self.assertIsNone(rep)
2485 self.assertIsConnected()
2487 req = self.generate_orphaned(call_id = 1)
2489 rep = self.recv_pdu(timeout=0.1)
2490 self.assertIsNone(rep)
2491 self.assertIsConnected()
2493 req = self.generate_request(call_id = 1,
2494 pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2495 context_id=ctx.context_id,
2499 rep = self.recv_pdu()
2500 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2502 self.assertNotEquals(rep.u.alloc_hint, 0)
2503 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2504 self.assertEquals(rep.u.cancel_count, 0)
2505 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2507 # And now try a request
2508 req = self.generate_request(call_id = 2,
2509 context_id=ctx.context_id,
2513 rep = self.recv_pdu()
2514 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2516 self.assertNotEquals(rep.u.alloc_hint, 0)
2517 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2518 self.assertEquals(rep.u.cancel_count, 0)
2519 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2521 def test_orphaned_request_after_first_no_last(self):
2522 ndr32 = base.transfer_syntax_ndr()
2523 abstract = samba.dcerpc.mgmt.abstract_syntax()
2524 ctx = self.prepare_presentation(abstract, ndr32)
2526 req1 = self.generate_request(call_id = 1,
2527 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2528 context_id=ctx.context_id,
2532 rep = self.recv_pdu(timeout=0.1)
2533 self.assertIsNone(rep)
2534 self.assertIsConnected()
2536 req = self.generate_orphaned(call_id = 1)
2538 rep = self.recv_pdu(timeout=0.1)
2539 self.assertIsNone(rep)
2540 self.assertIsConnected()
2542 # And now try a new request
2543 req2 = self.generate_request(call_id = 2,
2544 context_id=ctx.context_id,
2548 rep = self.recv_pdu()
2549 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req1.call_id,
2551 self.assertNotEquals(rep.u.alloc_hint, 0)
2552 self.assertEquals(rep.u.context_id, req1.u.context_id)
2553 self.assertEquals(rep.u.cancel_count, 0)
2554 self.assertEquals(rep.u.flags, 0)
2555 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2556 self.assertEquals(rep.u.reserved, 0)
2557 self.assertEquals(len(rep.u.error_and_verifier), 0)
2559 # wait for a disconnect
2560 rep = self.recv_pdu()
2561 self.assertIsNone(rep)
2562 self.assertNotConnected()
2564 def test_orphaned_request_after_first_mpx_no_last(self):
2565 ndr32 = base.transfer_syntax_ndr()
2566 abstract = samba.dcerpc.mgmt.abstract_syntax()
2568 pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST
2569 pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST
2570 pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_CONC_MPX
2571 ctx = self.prepare_presentation(abstract, ndr32,
2572 pfc_flags=pfc_flags)
2574 req1 = self.generate_request(call_id = 1,
2575 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2576 context_id=ctx.context_id,
2580 rep = self.recv_pdu(timeout=0.1)
2581 self.assertIsNone(rep)
2582 self.assertIsConnected()
2584 req = self.generate_orphaned(call_id = 1)
2586 rep = self.recv_pdu(timeout=0.1)
2587 self.assertIsNone(rep)
2588 self.assertIsConnected()
2590 # And now try a new request
2591 req2 = self.generate_request(call_id = 2,
2592 context_id=ctx.context_id-1,
2596 rep = self.recv_pdu()
2597 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req2.call_id,
2599 self.assertNotEquals(rep.u.alloc_hint, 0)
2600 self.assertEquals(rep.u.context_id, 0)
2601 self.assertEquals(rep.u.cancel_count, 0)
2602 self.assertEquals(rep.u.flags, 0)
2603 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2604 self.assertEquals(rep.u.reserved, 0)
2605 self.assertEquals(len(rep.u.error_and_verifier), 0)
2607 # wait for a disconnect
2608 rep = self.recv_pdu()
2609 self.assertIsNone(rep)
2610 self.assertNotConnected()
2612 def test_spnego_connect_request(self):
2613 ndr32 = base.transfer_syntax_ndr()
2616 ctx1 = dcerpc.ctx_list()
2618 ctx1.num_transfer_syntaxes = len(tsf1_list)
2619 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2620 ctx1.transfer_syntaxes = tsf1_list
2623 c = self.get_anon_creds()
2624 g = gensec.Security.start_client(self.settings)
2625 g.set_credentials(c)
2626 g.want_feature(gensec.FEATURE_DCE_STYLE)
2627 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2628 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
2630 g.start_mech_by_authtype(auth_type, auth_level)
2632 (finished, to_server) = g.update(from_server)
2633 self.assertFalse(finished)
2635 auth_info = self.generate_auth(auth_type=auth_type,
2636 auth_level=auth_level,
2637 auth_context_id=auth_context_id,
2638 auth_blob=to_server)
2640 req = self.generate_bind(call_id=0,
2642 auth_info=auth_info)
2645 rep = self.recv_pdu()
2646 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2647 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2648 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2649 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2650 self.assertEquals(rep.u.secondary_address_size, 4)
2651 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
2652 self.assertEquals(len(rep.u._pad1), 2)
2653 self.assertEquals(rep.u._pad1, '\0' * 2)
2654 self.assertEquals(rep.u.num_results, 1)
2655 self.assertEquals(rep.u.ctx_list[0].result,
2656 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2657 self.assertEquals(rep.u.ctx_list[0].reason,
2658 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2659 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2660 self.assertNotEquals(len(rep.u.auth_info), 0)
2661 a = self.parse_auth(rep.u.auth_info)
2663 from_server = a.credentials
2664 (finished, to_server) = g.update(from_server)
2665 self.assertFalse(finished)
2667 auth_info = self.generate_auth(auth_type=auth_type,
2668 auth_level=auth_level,
2669 auth_context_id=auth_context_id,
2670 auth_blob=to_server)
2672 req = self.generate_alter(call_id=0,
2674 assoc_group_id=rep.u.assoc_group_id,
2675 auth_info=auth_info)
2678 rep = self.recv_pdu()
2679 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
2680 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2681 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2682 self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2683 self.assertEquals(rep.u.secondary_address_size, 0)
2684 self.assertEquals(len(rep.u._pad1), 2)
2685 # Windows sends garbage
2686 #self.assertEquals(rep.u._pad1, '\0' * 2)
2687 self.assertEquals(rep.u.num_results, 1)
2688 self.assertEquals(rep.u.ctx_list[0].result,
2689 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2690 self.assertEquals(rep.u.ctx_list[0].reason,
2691 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2692 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2693 self.assertNotEquals(len(rep.u.auth_info), 0)
2694 a = self.parse_auth(rep.u.auth_info)
2696 from_server = a.credentials
2697 (finished, to_server) = g.update(from_server)
2698 self.assertTrue(finished)
2700 # And now try a request without auth_info
2701 req = self.generate_request(call_id = 2,
2702 context_id=ctx1.context_id,
2706 rep = self.recv_pdu()
2707 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2709 self.assertNotEquals(rep.u.alloc_hint, 0)
2710 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2711 self.assertEquals(rep.u.cancel_count, 0)
2712 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2714 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
2715 auth_info = self.generate_auth(auth_type=auth_type,
2716 auth_level=auth_level,
2717 auth_context_id=auth_context_id,
2718 auth_blob="\x01"+"\x00"*15)
2719 req = self.generate_request(call_id = 3,
2720 context_id=ctx1.context_id,
2723 auth_info=auth_info)
2725 rep = self.recv_pdu()
2726 # We don't get an auth_info back
2727 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2729 self.assertNotEquals(rep.u.alloc_hint, 0)
2730 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2731 self.assertEquals(rep.u.cancel_count, 0)
2732 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2734 # Now a request with auth_info DCERPC_AUTH_LEVEL_INTEGRITY
2735 auth_info = self.generate_auth(auth_type=auth_type,
2736 auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
2737 auth_context_id=auth_context_id,
2738 auth_blob="\x01"+"\x00"*15)
2739 req = self.generate_request(call_id = 4,
2740 context_id=ctx1.context_id,
2743 auth_info=auth_info)
2745 rep = self.recv_pdu()
2746 # We get a fault back
2747 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2749 self.assertNotEquals(rep.u.alloc_hint, 0)
2750 self.assertEquals(rep.u.context_id, req.u.context_id)
2751 self.assertEquals(rep.u.cancel_count, 0)
2752 self.assertEquals(rep.u.flags, 0)
2753 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2754 self.assertEquals(rep.u.reserved, 0)
2755 self.assertEquals(len(rep.u.error_and_verifier), 0)
2757 # wait for a disconnect
2758 rep = self.recv_pdu()
2759 self.assertIsNone(rep)
2760 self.assertNotConnected()
2762 def test_spnego_integrity_request(self):
2763 ndr32 = base.transfer_syntax_ndr()
2766 ctx1 = dcerpc.ctx_list()
2768 ctx1.num_transfer_syntaxes = len(tsf1_list)
2769 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2770 ctx1.transfer_syntaxes = tsf1_list
2773 c = self.get_anon_creds()
2774 g = gensec.Security.start_client(self.settings)
2775 g.set_credentials(c)
2776 g.want_feature(gensec.FEATURE_DCE_STYLE)
2777 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2778 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
2780 g.start_mech_by_authtype(auth_type, auth_level)
2782 (finished, to_server) = g.update(from_server)
2783 self.assertFalse(finished)
2785 auth_info = self.generate_auth(auth_type=auth_type,
2786 auth_level=auth_level,
2787 auth_context_id=auth_context_id,
2788 auth_blob=to_server)
2790 req = self.generate_bind(call_id=0,
2792 auth_info=auth_info)
2795 rep = self.recv_pdu()
2796 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2797 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2798 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2799 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2800 self.assertEquals(rep.u.secondary_address_size, 4)
2801 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
2802 self.assertEquals(len(rep.u._pad1), 2)
2803 self.assertEquals(rep.u._pad1, '\0' * 2)
2804 self.assertEquals(rep.u.num_results, 1)
2805 self.assertEquals(rep.u.ctx_list[0].result,
2806 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2807 self.assertEquals(rep.u.ctx_list[0].reason,
2808 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2809 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2810 self.assertNotEquals(len(rep.u.auth_info), 0)
2811 a = self.parse_auth(rep.u.auth_info)
2813 from_server = a.credentials
2814 (finished, to_server) = g.update(from_server)
2815 self.assertFalse(finished)
2817 auth_info = self.generate_auth(auth_type=auth_type,
2818 auth_level=auth_level,
2819 auth_context_id=auth_context_id,
2820 auth_blob=to_server)
2822 req = self.generate_alter(call_id=0,
2824 assoc_group_id=rep.u.assoc_group_id,
2825 auth_info=auth_info)
2828 rep = self.recv_pdu()
2829 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
2830 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2831 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2832 self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2833 self.assertEquals(rep.u.secondary_address_size, 0)
2834 self.assertEquals(len(rep.u._pad1), 2)
2835 # Windows sends garbage
2836 #self.assertEquals(rep.u._pad1, '\0' * 2)
2837 self.assertEquals(rep.u.num_results, 1)
2838 self.assertEquals(rep.u.ctx_list[0].result,
2839 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2840 self.assertEquals(rep.u.ctx_list[0].reason,
2841 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2842 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2843 self.assertNotEquals(len(rep.u.auth_info), 0)
2844 a = self.parse_auth(rep.u.auth_info)
2846 from_server = a.credentials
2847 (finished, to_server) = g.update(from_server)
2848 self.assertTrue(finished)
2850 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
2851 auth_info = self.generate_auth(auth_type=auth_type,
2852 auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
2853 auth_context_id=auth_context_id,
2854 auth_blob="\x01"+"\x00"*15)
2855 req = self.generate_request(call_id = 3,
2856 context_id=ctx1.context_id,
2859 auth_info=auth_info)
2861 rep = self.recv_pdu()
2862 # We get a fault back
2863 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2865 self.assertNotEquals(rep.u.alloc_hint, 0)
2866 self.assertEquals(rep.u.context_id, req.u.context_id)
2867 self.assertEquals(rep.u.cancel_count, 0)
2868 self.assertEquals(rep.u.flags, 0)
2869 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2870 self.assertEquals(rep.u.reserved, 0)
2871 self.assertEquals(len(rep.u.error_and_verifier), 0)
2873 # wait for a disconnect
2874 rep = self.recv_pdu()
2875 self.assertIsNone(rep)
2876 self.assertNotConnected()
2878 def test_spnego_unfinished_request(self):
2879 ndr32 = base.transfer_syntax_ndr()
2882 ctx1 = dcerpc.ctx_list()
2884 ctx1.num_transfer_syntaxes = len(tsf1_list)
2885 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2886 ctx1.transfer_syntaxes = tsf1_list
2889 c = self.get_anon_creds()
2890 g = gensec.Security.start_client(self.settings)
2891 g.set_credentials(c)
2892 g.want_feature(gensec.FEATURE_DCE_STYLE)
2893 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2894 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
2896 g.start_mech_by_authtype(auth_type, auth_level)
2898 (finished, to_server) = g.update(from_server)
2899 self.assertFalse(finished)
2901 auth_info = self.generate_auth(auth_type=auth_type,
2902 auth_level=auth_level,
2903 auth_context_id=auth_context_id,
2904 auth_blob=to_server)
2906 req = self.generate_bind(call_id=0,
2908 auth_info=auth_info)
2911 rep = self.recv_pdu()
2912 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2913 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2914 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2915 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2916 assoc_group_id = rep.u.assoc_group_id
2917 self.assertEquals(rep.u.secondary_address_size, 4)
2918 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
2919 self.assertEquals(len(rep.u._pad1), 2)
2920 self.assertEquals(rep.u._pad1, '\0' * 2)
2921 self.assertEquals(rep.u.num_results, 1)
2922 self.assertEquals(rep.u.ctx_list[0].result,
2923 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2924 self.assertEquals(rep.u.ctx_list[0].reason,
2925 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2926 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2927 self.assertNotEquals(len(rep.u.auth_info), 0)
2928 a = self.parse_auth(rep.u.auth_info)
2930 from_server = a.credentials
2931 (finished, to_server) = g.update(from_server)
2932 self.assertFalse(finished)
2934 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
2935 auth_info = self.generate_auth(auth_type=auth_type,
2936 auth_level=auth_level,
2937 auth_context_id=auth_context_id,
2938 auth_blob="\x01"+"\x00"*15)
2939 req = self.generate_request(call_id = 1,
2940 context_id=ctx1.context_id,
2943 auth_info=auth_info)
2945 rep = self.recv_pdu()
2947 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2948 pfc_flags=req.pfc_flags |
2949 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
2951 self.assertNotEquals(rep.u.alloc_hint, 0)
2952 self.assertEquals(rep.u.context_id, 0)
2953 self.assertEquals(rep.u.cancel_count, 0)
2954 self.assertEquals(rep.u.flags, 0)
2955 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2956 self.assertEquals(rep.u.reserved, 0)
2957 self.assertEquals(len(rep.u.error_and_verifier), 0)
2959 # wait for a disconnect
2960 rep = self.recv_pdu()
2961 self.assertIsNone(rep)
2962 self.assertNotConnected()
2964 def test_spnego_auth3(self):
2965 ndr32 = base.transfer_syntax_ndr()
2968 ctx1 = dcerpc.ctx_list()
2970 ctx1.num_transfer_syntaxes = len(tsf1_list)
2971 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2972 ctx1.transfer_syntaxes = tsf1_list
2975 c = self.get_anon_creds()
2976 g = gensec.Security.start_client(self.settings)
2977 g.set_credentials(c)
2978 g.want_feature(gensec.FEATURE_DCE_STYLE)
2979 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2980 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
2982 g.start_mech_by_authtype(auth_type, auth_level)
2984 (finished, to_server) = g.update(from_server)
2985 self.assertFalse(finished)
2987 auth_info = self.generate_auth(auth_type=auth_type,
2988 auth_level=auth_level,
2989 auth_context_id=auth_context_id,
2990 auth_blob=to_server)
2991 req = self.generate_bind(call_id=0,
2993 auth_info=auth_info)
2995 rep = self.recv_pdu()
2996 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2997 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2998 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2999 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3000 self.assertEquals(rep.u.secondary_address_size, 4)
3001 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3002 self.assertEquals(len(rep.u._pad1), 2)
3003 #self.assertEquals(rep.u._pad1, '\0' * 2)
3004 self.assertEquals(rep.u.num_results, 1)
3005 self.assertEquals(rep.u.ctx_list[0].result,
3006 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3007 self.assertEquals(rep.u.ctx_list[0].reason,
3008 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3009 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3010 self.assertNotEquals(len(rep.u.auth_info), 0)
3011 a = self.parse_auth(rep.u.auth_info)
3013 from_server = a.credentials
3014 (finished, to_server) = g.update(from_server)
3015 self.assertFalse(finished)
3017 auth_info = self.generate_auth(auth_type=auth_type,
3018 auth_level=auth_level,
3019 auth_context_id=auth_context_id,
3020 auth_blob=to_server)
3021 req = self.generate_auth3(call_id=0,
3022 auth_info=auth_info)
3024 rep = self.recv_pdu()
3025 self.assertIsNone(rep)
3026 self.assertIsConnected()
3028 # And now try a request without auth_info
3029 req = self.generate_request(call_id = 2,
3030 context_id=ctx1.context_id,
3034 rep = self.recv_pdu()
3035 # We get a fault back
3036 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3038 self.assertNotEquals(rep.u.alloc_hint, 0)
3039 self.assertEquals(rep.u.context_id, req.u.context_id)
3040 self.assertEquals(rep.u.cancel_count, 0)
3041 self.assertEquals(rep.u.flags, 0)
3042 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
3043 self.assertEquals(rep.u.reserved, 0)
3044 self.assertEquals(len(rep.u.error_and_verifier), 0)
3046 # wait for a disconnect
3047 rep = self.recv_pdu()
3048 self.assertIsNone(rep)
3049 self.assertNotConnected()
3051 def test_spnego_connect_reauth_alter(self):
3052 ndr32 = base.transfer_syntax_ndr()
3053 ndr64 = base.transfer_syntax_ndr64()
3056 ctx1 = dcerpc.ctx_list()
3058 ctx1.num_transfer_syntaxes = len(tsf1_list)
3059 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3060 ctx1.transfer_syntaxes = tsf1_list
3063 c = self.get_anon_creds()
3064 g = gensec.Security.start_client(self.settings)
3065 g.set_credentials(c)
3066 g.want_feature(gensec.FEATURE_DCE_STYLE)
3067 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3068 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3070 g.start_mech_by_authtype(auth_type, auth_level)
3072 (finished, to_server) = g.update(from_server)
3073 self.assertFalse(finished)
3075 auth_info = self.generate_auth(auth_type=auth_type,
3076 auth_level=auth_level,
3077 auth_context_id=auth_context_id,
3078 auth_blob=to_server)
3080 req = self.generate_bind(call_id=0,
3082 auth_info=auth_info)
3085 rep = self.recv_pdu()
3086 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3087 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3088 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3089 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3090 self.assertEquals(rep.u.secondary_address_size, 4)
3091 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3092 self.assertEquals(len(rep.u._pad1), 2)
3093 self.assertEquals(rep.u._pad1, '\0' * 2)
3094 self.assertEquals(rep.u.num_results, 1)
3095 self.assertEquals(rep.u.ctx_list[0].result,
3096 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3097 self.assertEquals(rep.u.ctx_list[0].reason,
3098 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3099 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3100 self.assertNotEquals(len(rep.u.auth_info), 0)
3101 a = self.parse_auth(rep.u.auth_info)
3103 from_server = a.credentials
3104 (finished, to_server) = g.update(from_server)
3105 self.assertFalse(finished)
3107 auth_info = self.generate_auth(auth_type=auth_type,
3108 auth_level=auth_level,
3109 auth_context_id=auth_context_id,
3110 auth_blob=to_server)
3111 req = self.generate_alter(call_id=0,
3113 assoc_group_id=rep.u.assoc_group_id,
3114 auth_info=auth_info)
3116 rep = self.recv_pdu()
3117 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
3118 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3119 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3120 self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3121 self.assertEquals(rep.u.secondary_address_size, 0)
3122 self.assertEquals(len(rep.u._pad1), 2)
3123 # Windows sends garbage
3124 #self.assertEquals(rep.u._pad1, '\0' * 2)
3125 self.assertEquals(rep.u.num_results, 1)
3126 self.assertEquals(rep.u.ctx_list[0].result,
3127 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3128 self.assertEquals(rep.u.ctx_list[0].reason,
3129 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3130 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3131 self.assertNotEquals(len(rep.u.auth_info), 0)
3132 a = self.parse_auth(rep.u.auth_info)
3134 from_server = a.credentials
3135 (finished, to_server) = g.update(from_server)
3136 self.assertTrue(finished)
3138 # And now try a request without auth_info
3139 req = self.generate_request(call_id = 2,
3140 context_id=ctx1.context_id,
3144 rep = self.recv_pdu()
3145 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3147 self.assertNotEquals(rep.u.alloc_hint, 0)
3148 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
3149 self.assertEquals(rep.u.cancel_count, 0)
3150 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3152 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
3153 auth_info = self.generate_auth(auth_type=auth_type,
3154 auth_level=auth_level,
3155 auth_context_id=auth_context_id,
3156 auth_blob="\x01"+"\x00"*15)
3157 req = self.generate_request(call_id = 3,
3158 context_id=ctx1.context_id,
3161 auth_info=auth_info)
3163 rep = self.recv_pdu()
3164 # We don't get an auth_info back
3165 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3167 self.assertNotEquals(rep.u.alloc_hint, 0)
3168 self.assertEquals(rep.u.context_id, req.u.context_id)
3169 self.assertEquals(rep.u.cancel_count, 0)
3170 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3174 g = gensec.Security.start_client(self.settings)
3175 g.set_credentials(c)
3176 g.want_feature(gensec.FEATURE_DCE_STYLE)
3177 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3178 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3180 g.start_mech_by_authtype(auth_type, auth_level)
3182 (finished, to_server) = g.update(from_server)
3183 self.assertFalse(finished)
3185 auth_info = self.generate_auth(auth_type=auth_type,
3186 auth_level=auth_level,
3187 auth_context_id=auth_context_id,
3188 auth_blob=to_server)
3189 req = self.generate_alter(call_id=0,
3191 auth_info=auth_info)
3193 rep = self.recv_pdu()
3195 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3196 pfc_flags=req.pfc_flags |
3197 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3199 self.assertNotEquals(rep.u.alloc_hint, 0)
3200 self.assertEquals(rep.u.context_id, 0)
3201 self.assertEquals(rep.u.cancel_count, 0)
3202 self.assertEquals(rep.u.flags, 0)
3203 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
3204 self.assertEquals(rep.u.reserved, 0)
3205 self.assertEquals(len(rep.u.error_and_verifier), 0)
3207 # wait for a disconnect
3208 rep = self.recv_pdu()
3209 self.assertIsNone(rep)
3210 self.assertNotConnected()
3212 def test_spnego_connect_reauth_auth3(self):
3213 ndr32 = base.transfer_syntax_ndr()
3214 ndr64 = base.transfer_syntax_ndr64()
3217 ctx1 = dcerpc.ctx_list()
3219 ctx1.num_transfer_syntaxes = len(tsf1_list)
3220 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3221 ctx1.transfer_syntaxes = tsf1_list
3224 c = self.get_anon_creds()
3225 g = gensec.Security.start_client(self.settings)
3226 g.set_credentials(c)
3227 g.want_feature(gensec.FEATURE_DCE_STYLE)
3228 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3229 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3231 g.start_mech_by_authtype(auth_type, auth_level)
3233 (finished, to_server) = g.update(from_server)
3234 self.assertFalse(finished)
3236 auth_info = self.generate_auth(auth_type=auth_type,
3237 auth_level=auth_level,
3238 auth_context_id=auth_context_id,
3239 auth_blob=to_server)
3241 req = self.generate_bind(call_id=0,
3243 auth_info=auth_info)
3246 rep = self.recv_pdu()
3247 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3248 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3249 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3250 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3251 self.assertEquals(rep.u.secondary_address_size, 4)
3252 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3253 self.assertEquals(len(rep.u._pad1), 2)
3254 self.assertEquals(rep.u._pad1, '\0' * 2)
3255 self.assertEquals(rep.u.num_results, 1)
3256 self.assertEquals(rep.u.ctx_list[0].result,
3257 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3258 self.assertEquals(rep.u.ctx_list[0].reason,
3259 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3260 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3261 self.assertNotEquals(len(rep.u.auth_info), 0)
3262 a = self.parse_auth(rep.u.auth_info)
3264 from_server = a.credentials
3265 (finished, to_server) = g.update(from_server)
3266 self.assertFalse(finished)
3268 auth_info = self.generate_auth(auth_type=auth_type,
3269 auth_level=auth_level,
3270 auth_context_id=auth_context_id,
3271 auth_blob=to_server)
3272 req = self.generate_alter(call_id=0,
3274 assoc_group_id=rep.u.assoc_group_id,
3275 auth_info=auth_info)
3277 rep = self.recv_pdu()
3278 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
3279 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3280 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3281 self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3282 self.assertEquals(rep.u.secondary_address_size, 0)
3283 self.assertEquals(len(rep.u._pad1), 2)
3284 # Windows sends garbage
3285 #self.assertEquals(rep.u._pad1, '\0' * 2)
3286 self.assertEquals(rep.u.num_results, 1)
3287 self.assertEquals(rep.u.ctx_list[0].result,
3288 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3289 self.assertEquals(rep.u.ctx_list[0].reason,
3290 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3291 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3292 self.assertNotEquals(len(rep.u.auth_info), 0)
3293 a = self.parse_auth(rep.u.auth_info)
3295 from_server = a.credentials
3296 (finished, to_server) = g.update(from_server)
3297 self.assertTrue(finished)
3299 # And now try a request without auth_info
3300 req = self.generate_request(call_id = 2,
3301 context_id=ctx1.context_id,
3305 rep = self.recv_pdu()
3306 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3308 self.assertNotEquals(rep.u.alloc_hint, 0)
3309 self.assertEquals(rep.u.context_id, req.u.context_id)
3310 self.assertEquals(rep.u.cancel_count, 0)
3311 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3313 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
3314 auth_info = self.generate_auth(auth_type=auth_type,
3315 auth_level=auth_level,
3316 auth_context_id=auth_context_id,
3317 auth_blob="\x01"+"\x00"*15)
3318 req = self.generate_request(call_id = 3,
3319 context_id=ctx1.context_id,
3322 auth_info=auth_info)
3324 rep = self.recv_pdu()
3325 # We don't get an auth_info back
3326 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3328 self.assertNotEquals(rep.u.alloc_hint, 0)
3329 self.assertEquals(rep.u.context_id, req.u.context_id)
3330 self.assertEquals(rep.u.cancel_count, 0)
3331 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3335 g = gensec.Security.start_client(self.settings)
3336 g.set_credentials(c)
3337 g.want_feature(gensec.FEATURE_DCE_STYLE)
3338 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3339 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3341 g.start_mech_by_authtype(auth_type, auth_level)
3343 (finished, to_server) = g.update(from_server)
3344 self.assertFalse(finished)
3346 auth_info = self.generate_auth(auth_type=auth_type,
3347 auth_level=auth_level,
3348 auth_context_id=auth_context_id,
3349 auth_blob=to_server)
3350 req = self.generate_auth3(call_id=0,
3351 auth_info=auth_info)
3353 rep = self.recv_pdu()
3355 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3356 pfc_flags=req.pfc_flags |
3357 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3359 self.assertNotEquals(rep.u.alloc_hint, 0)
3360 self.assertEquals(rep.u.context_id, 0)
3361 self.assertEquals(rep.u.cancel_count, 0)
3362 self.assertEquals(rep.u.flags, 0)
3363 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
3364 self.assertEquals(rep.u.reserved, 0)
3365 self.assertEquals(len(rep.u.error_and_verifier), 0)
3367 # wait for a disconnect
3368 rep = self.recv_pdu()
3369 self.assertIsNone(rep)
3370 self.assertNotConnected()
3372 def test_spnego_change_auth_level(self):
3373 ndr32 = base.transfer_syntax_ndr()
3376 ctx1 = dcerpc.ctx_list()
3378 ctx1.num_transfer_syntaxes = len(tsf1_list)
3379 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3380 ctx1.transfer_syntaxes = tsf1_list
3382 c = self.get_anon_creds()
3383 g = gensec.Security.start_client(self.settings)
3384 g.set_credentials(c)
3385 g.want_feature(gensec.FEATURE_DCE_STYLE)
3386 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3387 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3389 g.start_mech_by_authtype(auth_type, auth_level)
3391 (finished, to_server) = g.update(from_server)
3392 self.assertFalse(finished)
3394 auth_info = self.generate_auth(auth_type=auth_type,
3395 auth_level=auth_level,
3396 auth_context_id=auth_context_id,
3397 auth_blob=to_server)
3398 req = self.generate_bind(call_id=0,
3400 auth_info=auth_info)
3402 rep = self.recv_pdu()
3403 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3404 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3405 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3406 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3407 self.assertEquals(rep.u.secondary_address_size, 4)
3408 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3409 self.assertEquals(len(rep.u._pad1), 2)
3410 self.assertEquals(rep.u._pad1, '\0' * 2)
3411 self.assertEquals(rep.u.num_results, 1)
3412 self.assertEquals(rep.u.ctx_list[0].result,
3413 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3414 self.assertEquals(rep.u.ctx_list[0].reason,
3415 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3416 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3417 self.assertNotEquals(len(rep.u.auth_info), 0)
3418 a = self.parse_auth(rep.u.auth_info)
3420 from_server = a.credentials
3421 (finished, to_server) = g.update(from_server)
3422 self.assertFalse(finished)
3424 auth_info = self.generate_auth(auth_type=auth_type,
3425 auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
3426 auth_context_id=auth_context_id,
3427 auth_blob=to_server)
3428 req = self.generate_alter(call_id=0,
3430 assoc_group_id=rep.u.assoc_group_id,
3431 auth_info=auth_info)
3433 rep = self.recv_pdu()
3434 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3435 pfc_flags=req.pfc_flags |
3436 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3438 self.assertNotEquals(rep.u.alloc_hint, 0)
3439 self.assertEquals(rep.u.context_id, 0)
3440 self.assertEquals(rep.u.cancel_count, 0)
3441 self.assertEquals(rep.u.flags, 0)
3442 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
3443 self.assertEquals(rep.u.reserved, 0)
3444 self.assertEquals(len(rep.u.error_and_verifier), 0)
3446 # wait for a disconnect
3447 rep = self.recv_pdu()
3448 self.assertIsNone(rep)
3449 self.assertNotConnected()
3451 def test_spnego_change_abstract(self):
3452 ndr32 = base.transfer_syntax_ndr()
3455 ctx1 = dcerpc.ctx_list()
3457 ctx1.num_transfer_syntaxes = len(tsf1_list)
3458 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3459 ctx1.transfer_syntaxes = tsf1_list
3461 ctx1b = dcerpc.ctx_list()
3462 ctx1b.context_id = 1
3463 ctx1b.num_transfer_syntaxes = len(tsf1_list)
3464 ctx1b.abstract_syntax = samba.dcerpc.epmapper.abstract_syntax()
3465 ctx1b.transfer_syntaxes = tsf1_list
3467 c = self.get_anon_creds()
3468 g = gensec.Security.start_client(self.settings)
3469 g.set_credentials(c)
3470 g.want_feature(gensec.FEATURE_DCE_STYLE)
3471 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3472 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3474 g.start_mech_by_authtype(auth_type, auth_level)
3476 (finished, to_server) = g.update(from_server)
3477 self.assertFalse(finished)
3479 auth_info = self.generate_auth(auth_type=auth_type,
3480 auth_level=auth_level,
3481 auth_context_id=auth_context_id,
3482 auth_blob=to_server)
3483 req = self.generate_bind(call_id=0,
3485 auth_info=auth_info)
3487 rep = self.recv_pdu()
3488 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3489 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3490 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3491 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3492 self.assertEquals(rep.u.secondary_address_size, 4)
3493 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3494 self.assertEquals(len(rep.u._pad1), 2)
3495 #self.assertEquals(rep.u._pad1, '\0' * 2)
3496 self.assertEquals(rep.u.num_results, 1)
3497 self.assertEquals(rep.u.ctx_list[0].result,
3498 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3499 self.assertEquals(rep.u.ctx_list[0].reason,
3500 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3501 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3502 self.assertNotEquals(len(rep.u.auth_info), 0)
3503 a = self.parse_auth(rep.u.auth_info)
3505 from_server = a.credentials
3506 (finished, to_server) = g.update(from_server)
3507 self.assertFalse(finished)
3509 auth_info = self.generate_auth(auth_type=auth_type,
3510 auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
3511 auth_context_id=auth_context_id,
3512 auth_blob=to_server)
3513 req = self.generate_alter(call_id=0,
3515 assoc_group_id=rep.u.assoc_group_id,
3516 auth_info=auth_info)
3518 rep = self.recv_pdu()
3519 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3520 pfc_flags=req.pfc_flags |
3521 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3523 self.assertNotEquals(rep.u.alloc_hint, 0)
3524 self.assertEquals(rep.u.context_id, 0)
3525 self.assertEquals(rep.u.cancel_count, 0)
3526 self.assertEquals(rep.u.flags, 0)
3527 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
3528 self.assertEquals(rep.u.reserved, 0)
3529 self.assertEquals(len(rep.u.error_and_verifier), 0)
3531 # wait for a disconnect
3532 rep = self.recv_pdu()
3533 self.assertIsNone(rep)
3534 self.assertNotConnected()
3536 def test_spnego_change_transfer(self):
3537 ndr32 = base.transfer_syntax_ndr()
3538 ndr64 = base.transfer_syntax_ndr64()
3541 ctx1 = dcerpc.ctx_list()
3543 ctx1.num_transfer_syntaxes = len(tsf1_list)
3544 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3545 ctx1.transfer_syntaxes = tsf1_list
3547 tsf1b_list = [ndr32,ndr64]
3548 ctx1b = dcerpc.ctx_list()
3549 ctx1b.context_id = 1
3550 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
3551 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3552 ctx1b.transfer_syntaxes = tsf1b_list
3554 c = self.get_anon_creds()
3555 g = gensec.Security.start_client(self.settings)
3556 g.set_credentials(c)
3557 g.want_feature(gensec.FEATURE_DCE_STYLE)
3558 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3559 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3561 g.start_mech_by_authtype(auth_type, auth_level)
3563 (finished, to_server) = g.update(from_server)
3564 self.assertFalse(finished)
3566 auth_info = self.generate_auth(auth_type=auth_type,
3567 auth_level=auth_level,
3568 auth_context_id=auth_context_id,
3569 auth_blob=to_server)
3570 req = self.generate_bind(call_id=0,
3572 auth_info=auth_info)
3574 rep = self.recv_pdu()
3575 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3576 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3577 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3578 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3579 self.assertEquals(rep.u.secondary_address_size, 4)
3580 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3581 self.assertEquals(len(rep.u._pad1), 2)
3582 #self.assertEquals(rep.u._pad1, '\0' * 2)
3583 self.assertEquals(rep.u.num_results, 1)
3584 self.assertEquals(rep.u.ctx_list[0].result,
3585 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3586 self.assertEquals(rep.u.ctx_list[0].reason,
3587 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3588 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3589 self.assertNotEquals(len(rep.u.auth_info), 0)
3590 a = self.parse_auth(rep.u.auth_info)
3592 from_server = a.credentials
3593 (finished, to_server) = g.update(from_server)
3594 self.assertFalse(finished)
3596 # We change ctx_list and auth_level
3597 auth_info = self.generate_auth(auth_type=auth_type,
3598 auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
3599 auth_context_id=auth_context_id,
3600 auth_blob=to_server)
3601 req = self.generate_alter(call_id=0,
3603 assoc_group_id=rep.u.assoc_group_id,
3604 auth_info=auth_info)
3606 rep = self.recv_pdu()
3607 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3608 pfc_flags=req.pfc_flags |
3609 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3611 self.assertNotEquals(rep.u.alloc_hint, 0)
3612 self.assertEquals(rep.u.context_id, 0)
3613 self.assertEquals(rep.u.cancel_count, 0)
3614 self.assertEquals(rep.u.flags, 0)
3615 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
3616 self.assertEquals(rep.u.reserved, 0)
3617 self.assertEquals(len(rep.u.error_and_verifier), 0)
3619 # wait for a disconnect
3620 rep = self.recv_pdu()
3621 self.assertIsNone(rep)
3622 self.assertNotConnected()
3624 def test_spnego_change_auth_type1(self):
3625 ndr32 = base.transfer_syntax_ndr()
3626 ndr64 = base.transfer_syntax_ndr64()
3629 ctx1 = dcerpc.ctx_list()
3631 ctx1.num_transfer_syntaxes = len(tsf1_list)
3632 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3633 ctx1.transfer_syntaxes = tsf1_list
3635 c = self.get_anon_creds()
3636 g = gensec.Security.start_client(self.settings)
3637 g.set_credentials(c)
3638 g.want_feature(gensec.FEATURE_DCE_STYLE)
3639 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3640 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3642 g.start_mech_by_authtype(auth_type, auth_level)
3644 (finished, to_server) = g.update(from_server)
3645 self.assertFalse(finished)
3647 auth_info = self.generate_auth(auth_type=auth_type,
3648 auth_level=auth_level,
3649 auth_context_id=auth_context_id,
3650 auth_blob=to_server)
3651 req = self.generate_bind(call_id=0,
3653 auth_info=auth_info)
3655 rep = self.recv_pdu()
3656 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3657 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3658 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3659 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3660 self.assertEquals(rep.u.secondary_address_size, 4)
3661 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3662 self.assertEquals(len(rep.u._pad1), 2)
3663 #self.assertEquals(rep.u._pad1, '\0' * 2)
3664 self.assertEquals(rep.u.num_results, 1)
3665 self.assertEquals(rep.u.ctx_list[0].result,
3666 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3667 self.assertEquals(rep.u.ctx_list[0].reason,
3668 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3669 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3670 self.assertNotEquals(len(rep.u.auth_info), 0)
3671 a = self.parse_auth(rep.u.auth_info)
3673 from_server = a.credentials
3674 (finished, to_server) = g.update(from_server)
3675 self.assertFalse(finished)
3677 # We change ctx_list and auth_level
3678 auth_info = self.generate_auth(auth_type=dcerpc.DCERPC_AUTH_TYPE_KRB5,
3679 auth_level=auth_level,
3680 auth_context_id=auth_context_id,
3681 auth_blob=to_server)
3682 req = self.generate_alter(call_id=0,
3684 assoc_group_id=rep.u.assoc_group_id,
3685 auth_info=auth_info)
3687 rep = self.recv_pdu()
3688 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3689 pfc_flags=req.pfc_flags |
3690 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3692 self.assertNotEquals(rep.u.alloc_hint, 0)
3693 self.assertEquals(rep.u.context_id, 0)
3694 self.assertEquals(rep.u.cancel_count, 0)
3695 self.assertEquals(rep.u.flags, 0)
3696 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
3697 self.assertEquals(rep.u.reserved, 0)
3698 self.assertEquals(len(rep.u.error_and_verifier), 0)
3700 # wait for a disconnect
3701 rep = self.recv_pdu()
3702 self.assertIsNone(rep)
3703 self.assertNotConnected()
3705 def test_spnego_change_auth_type2(self):
3706 ndr32 = base.transfer_syntax_ndr()
3707 ndr64 = base.transfer_syntax_ndr64()
3710 ctx1 = dcerpc.ctx_list()
3712 ctx1.num_transfer_syntaxes = len(tsf1_list)
3713 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3714 ctx1.transfer_syntaxes = tsf1_list
3716 tsf1b_list = [ndr32,ndr64]
3717 ctx1b = dcerpc.ctx_list()
3718 ctx1b.context_id = 1
3719 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
3720 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3721 ctx1b.transfer_syntaxes = tsf1b_list
3723 c = self.get_anon_creds()
3724 g = gensec.Security.start_client(self.settings)
3725 g.set_credentials(c)
3726 g.want_feature(gensec.FEATURE_DCE_STYLE)
3727 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3728 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3730 g.start_mech_by_authtype(auth_type, auth_level)
3732 (finished, to_server) = g.update(from_server)
3733 self.assertFalse(finished)
3735 auth_info = self.generate_auth(auth_type=auth_type,
3736 auth_level=auth_level,
3737 auth_context_id=auth_context_id,
3738 auth_blob=to_server)
3739 req = self.generate_bind(call_id=0,
3741 auth_info=auth_info)
3743 rep = self.recv_pdu()
3744 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3745 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3746 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3747 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3748 self.assertEquals(rep.u.secondary_address_size, 4)
3749 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3750 self.assertEquals(len(rep.u._pad1), 2)
3751 #self.assertEquals(rep.u._pad1, '\0' * 2)
3752 self.assertEquals(rep.u.num_results, 1)
3753 self.assertEquals(rep.u.ctx_list[0].result,
3754 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3755 self.assertEquals(rep.u.ctx_list[0].reason,
3756 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3757 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3758 self.assertNotEquals(len(rep.u.auth_info), 0)
3759 a = self.parse_auth(rep.u.auth_info)
3761 from_server = a.credentials
3762 (finished, to_server) = g.update(from_server)
3763 self.assertFalse(finished)
3765 # We change ctx_list and auth_level
3766 auth_info = self.generate_auth(auth_type=dcerpc.DCERPC_AUTH_TYPE_KRB5,
3767 auth_level=auth_level,
3768 auth_context_id=auth_context_id,
3769 auth_blob=to_server)
3770 req = self.generate_alter(call_id=0,
3772 assoc_group_id=rep.u.assoc_group_id,
3773 auth_info=auth_info)
3775 rep = self.recv_pdu()
3776 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3777 pfc_flags=req.pfc_flags |
3778 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3780 self.assertNotEquals(rep.u.alloc_hint, 0)
3781 self.assertEquals(rep.u.context_id, 0)
3782 self.assertEquals(rep.u.cancel_count, 0)
3783 self.assertEquals(rep.u.flags, 0)
3784 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
3785 self.assertEquals(rep.u.reserved, 0)
3786 self.assertEquals(len(rep.u.error_and_verifier), 0)
3788 # wait for a disconnect
3789 rep = self.recv_pdu()
3790 self.assertIsNone(rep)
3791 self.assertNotConnected()
3793 def test_spnego_change_auth_type3(self):
3794 ndr32 = base.transfer_syntax_ndr()
3795 ndr64 = base.transfer_syntax_ndr64()
3798 ctx1 = dcerpc.ctx_list()
3800 ctx1.num_transfer_syntaxes = len(tsf1_list)
3801 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3802 ctx1.transfer_syntaxes = tsf1_list
3804 tsf1b_list = [ndr32,ndr64]
3805 ctx1b = dcerpc.ctx_list()
3806 ctx1b.context_id = 1
3807 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
3808 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3809 ctx1b.transfer_syntaxes = tsf1b_list
3811 c = self.get_anon_creds()
3812 g = gensec.Security.start_client(self.settings)
3813 g.set_credentials(c)
3814 g.want_feature(gensec.FEATURE_DCE_STYLE)
3815 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3816 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3818 g.start_mech_by_authtype(auth_type, auth_level)
3820 (finished, to_server) = g.update(from_server)
3821 self.assertFalse(finished)
3823 auth_info = self.generate_auth(auth_type=auth_type,
3824 auth_level=auth_level,
3825 auth_context_id=auth_context_id,
3826 auth_blob=to_server)
3827 req = self.generate_bind(call_id=0,
3829 auth_info=auth_info)
3831 rep = self.recv_pdu()
3832 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3833 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3834 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3835 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3836 self.assertEquals(rep.u.secondary_address_size, 4)
3837 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3838 self.assertEquals(len(rep.u._pad1), 2)
3839 #self.assertEquals(rep.u._pad1, '\0' * 2)
3840 self.assertEquals(rep.u.num_results, 1)
3841 self.assertEquals(rep.u.ctx_list[0].result,
3842 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3843 self.assertEquals(rep.u.ctx_list[0].reason,
3844 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3845 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3846 self.assertNotEquals(len(rep.u.auth_info), 0)
3847 a = self.parse_auth(rep.u.auth_info)
3849 from_server = a.credentials
3850 (finished, to_server) = g.update(from_server)
3851 self.assertFalse(finished)
3853 # We change ctx_list and auth_level
3854 auth_info = self.generate_auth(auth_type=dcerpc.DCERPC_AUTH_TYPE_NONE,
3855 auth_level=auth_level,
3856 auth_context_id=auth_context_id,
3857 auth_blob=to_server)
3858 req = self.generate_alter(call_id=0,
3860 assoc_group_id=rep.u.assoc_group_id,
3861 auth_info=auth_info)
3863 rep = self.recv_pdu()
3864 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3865 pfc_flags=req.pfc_flags |
3866 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3868 self.assertNotEquals(rep.u.alloc_hint, 0)
3869 self.assertEquals(rep.u.context_id, 0)
3870 self.assertEquals(rep.u.cancel_count, 0)
3871 self.assertEquals(rep.u.flags, 0)
3872 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
3873 self.assertEquals(rep.u.reserved, 0)
3874 self.assertEquals(len(rep.u.error_and_verifier), 0)
3876 # wait for a disconnect
3877 rep = self.recv_pdu()
3878 self.assertIsNone(rep)
3879 self.assertNotConnected()
3881 def test_spnego_auth_pad_ok(self):
3882 ndr32 = base.transfer_syntax_ndr()
3885 ctx1 = dcerpc.ctx_list()
3887 ctx1.num_transfer_syntaxes = len(tsf1_list)
3888 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3889 ctx1.transfer_syntaxes = tsf1_list
3892 c = self.get_anon_creds()
3893 g = gensec.Security.start_client(self.settings)
3894 g.set_credentials(c)
3895 g.want_feature(gensec.FEATURE_DCE_STYLE)
3896 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3897 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3899 g.start_mech_by_authtype(auth_type, auth_level)
3901 (finished, to_server) = g.update(from_server)
3902 self.assertFalse(finished)
3904 auth_info = self.generate_auth(auth_type=auth_type,
3905 auth_level=auth_level,
3906 auth_context_id=auth_context_id,
3907 auth_blob=to_server)
3909 req = self.generate_bind(call_id=0,
3911 auth_info=auth_info)
3912 req_pdu = samba.ndr.ndr_pack(req)
3914 auth_pad_ok = len(req_pdu)
3915 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
3916 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
3917 auth_pad_ok -= len(to_server)
3919 auth_info = self.generate_auth(auth_type=auth_type,
3920 auth_level=auth_level,
3921 auth_context_id=auth_context_id,
3922 auth_pad_length=auth_pad_ok,
3923 auth_blob=to_server)
3925 req = self.generate_bind(call_id=0,
3927 auth_info=auth_info)
3929 rep = self.recv_pdu()
3930 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3931 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3932 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3933 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3934 self.assertEquals(rep.u.secondary_address_size, 4)
3935 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3936 self.assertEquals(len(rep.u._pad1), 2)
3937 #self.assertEquals(rep.u._pad1, '\0' * 2)
3938 self.assertEquals(rep.u.num_results, 1)
3939 self.assertEquals(rep.u.ctx_list[0].result,
3940 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3941 self.assertEquals(rep.u.ctx_list[0].reason,
3942 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3943 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3944 self.assertNotEquals(len(rep.u.auth_info), 0)
3945 a = self.parse_auth(rep.u.auth_info)
3947 from_server = a.credentials
3948 (finished, to_server) = g.update(from_server)
3949 self.assertFalse(finished)
3951 auth_info = self.generate_auth(auth_type=auth_type,
3952 auth_level=auth_level,
3953 auth_context_id=auth_context_id,
3954 auth_blob=to_server)
3955 req = self.generate_alter(call_id=0,
3957 assoc_group_id=rep.u.assoc_group_id,
3958 auth_info=auth_info)
3959 req_pdu = samba.ndr.ndr_pack(req)
3961 auth_pad_ok = len(req_pdu)
3962 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
3963 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
3964 auth_pad_ok -= len(to_server)
3965 auth_info = self.generate_auth(auth_type=auth_type,
3966 auth_level=auth_level,
3967 auth_context_id=auth_context_id,
3968 auth_pad_length=auth_pad_ok,
3969 auth_blob=to_server)
3970 req = self.generate_alter(call_id=0,
3972 assoc_group_id=rep.u.assoc_group_id,
3973 auth_info=auth_info)
3975 rep = self.recv_pdu()
3976 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
3977 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3978 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3979 self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3980 self.assertEquals(rep.u.secondary_address_size, 0)
3981 self.assertEquals(len(rep.u._pad1), 2)
3982 # Windows sends garbage
3983 #self.assertEquals(rep.u._pad1, '\0' * 2)
3984 self.assertEquals(rep.u.num_results, 1)
3985 self.assertEquals(rep.u.ctx_list[0].result,
3986 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3987 self.assertEquals(rep.u.ctx_list[0].reason,
3988 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3989 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3990 self.assertNotEquals(len(rep.u.auth_info), 0)
3991 a = self.parse_auth(rep.u.auth_info)
3993 from_server = a.credentials
3994 (finished, to_server) = g.update(from_server)
3995 self.assertTrue(finished)
3997 # And now try a request without auth_info
3998 req = self.generate_request(call_id = 2,
3999 context_id=ctx1.context_id,
4003 rep = self.recv_pdu()
4004 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4006 self.assertNotEquals(rep.u.alloc_hint, 0)
4007 self.assertEquals(rep.u.context_id, req.u.context_id)
4008 self.assertEquals(rep.u.cancel_count, 0)
4009 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4011 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
4012 auth_info = self.generate_auth(auth_type=auth_type,
4013 auth_level=auth_level,
4014 auth_context_id=auth_context_id,
4015 auth_blob="\x01"+"\x00"*15)
4016 req = self.generate_request(call_id = 3,
4017 context_id=ctx1.context_id,
4020 auth_info=auth_info)
4022 rep = self.recv_pdu()
4023 # We don't get an auth_info back
4024 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4026 self.assertNotEquals(rep.u.alloc_hint, 0)
4027 self.assertEquals(rep.u.context_id, req.u.context_id)
4028 self.assertEquals(rep.u.cancel_count, 0)
4029 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4031 self._disconnect("disconnect")
4032 self.assertNotConnected()
4034 def test_spnego_auth_pad_fail_bind(self):
4035 ndr32 = base.transfer_syntax_ndr()
4038 ctx1 = dcerpc.ctx_list()
4040 ctx1.num_transfer_syntaxes = len(tsf1_list)
4041 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4042 ctx1.transfer_syntaxes = tsf1_list
4045 c = self.get_anon_creds()
4046 g = gensec.Security.start_client(self.settings)
4047 g.set_credentials(c)
4048 g.want_feature(gensec.FEATURE_DCE_STYLE)
4049 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
4050 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
4052 g.start_mech_by_authtype(auth_type, auth_level)
4054 (finished, to_server) = g.update(from_server)
4055 self.assertFalse(finished)
4057 auth_info = self.generate_auth(auth_type=auth_type,
4058 auth_level=auth_level,
4059 auth_context_id=auth_context_id,
4060 auth_blob=to_server)
4062 req = self.generate_bind(call_id=0,
4064 auth_info=auth_info)
4065 req_pdu = samba.ndr.ndr_pack(req)
4067 auth_pad_ok = len(req_pdu)
4068 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
4069 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4070 auth_pad_ok -= len(to_server)
4071 auth_pad_bad = auth_pad_ok + 1
4072 auth_info = self.generate_auth(auth_type=auth_type,
4073 auth_level=auth_level,
4074 auth_context_id=auth_context_id,
4075 auth_pad_length=auth_pad_bad,
4076 auth_blob=to_server)
4078 req = self.generate_bind(call_id=0,
4080 auth_info=auth_info)
4082 rep = self.recv_pdu()
4083 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
4085 self.assertEquals(rep.u.reject_reason,
4086 dcerpc.DCERPC_BIND_NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED)
4087 self.assertEquals(rep.u.num_versions, 1)
4088 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
4089 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
4090 self.assertEquals(len(rep.u._pad), 3)
4091 self.assertEquals(rep.u._pad, '\0' * 3)
4093 # wait for a disconnect
4094 rep = self.recv_pdu()
4095 self.assertIsNone(rep)
4096 self.assertNotConnected()
4098 def test_spnego_auth_pad_fail_alter(self):
4099 ndr32 = base.transfer_syntax_ndr()
4102 ctx1 = dcerpc.ctx_list()
4104 ctx1.num_transfer_syntaxes = len(tsf1_list)
4105 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4106 ctx1.transfer_syntaxes = tsf1_list
4109 c = self.get_anon_creds()
4110 g = gensec.Security.start_client(self.settings)
4111 g.set_credentials(c)
4112 g.want_feature(gensec.FEATURE_DCE_STYLE)
4113 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
4114 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
4116 g.start_mech_by_authtype(auth_type, auth_level)
4118 (finished, to_server) = g.update(from_server)
4119 self.assertFalse(finished)
4121 auth_info = self.generate_auth(auth_type=auth_type,
4122 auth_level=auth_level,
4123 auth_context_id=auth_context_id,
4124 auth_blob=to_server)
4126 req = self.generate_bind(call_id=0,
4128 auth_info=auth_info)
4129 req_pdu = samba.ndr.ndr_pack(req)
4131 auth_pad_ok = len(req_pdu)
4132 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
4133 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4134 auth_pad_ok -= len(to_server)
4136 auth_info = self.generate_auth(auth_type=auth_type,
4137 auth_level=auth_level,
4138 auth_context_id=auth_context_id,
4139 auth_pad_length=auth_pad_ok,
4140 auth_blob=to_server)
4142 req = self.generate_bind(call_id=0,
4144 auth_info=auth_info)
4146 rep = self.recv_pdu()
4147 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
4148 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
4149 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
4150 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
4151 self.assertEquals(rep.u.secondary_address_size, 4)
4152 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
4153 self.assertEquals(len(rep.u._pad1), 2)
4154 #self.assertEquals(rep.u._pad1, '\0' * 2)
4155 self.assertEquals(rep.u.num_results, 1)
4156 self.assertEquals(rep.u.ctx_list[0].result,
4157 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
4158 self.assertEquals(rep.u.ctx_list[0].reason,
4159 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
4160 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
4161 self.assertNotEquals(len(rep.u.auth_info), 0)
4162 a = self.parse_auth(rep.u.auth_info)
4164 from_server = a.credentials
4165 (finished, to_server) = g.update(from_server)
4166 self.assertFalse(finished)
4168 auth_info = self.generate_auth(auth_type=auth_type,
4169 auth_level=auth_level,
4170 auth_context_id=auth_context_id,
4171 auth_blob=to_server)
4172 req = self.generate_alter(call_id=0,
4174 assoc_group_id=rep.u.assoc_group_id,
4175 auth_info=auth_info)
4176 req_pdu = samba.ndr.ndr_pack(req)
4178 auth_pad_ok = len(req_pdu)
4179 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
4180 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4181 auth_pad_ok -= len(to_server)
4182 auth_pad_bad = auth_pad_ok + 1
4183 auth_info = self.generate_auth(auth_type=auth_type,
4184 auth_level=auth_level,
4185 auth_context_id=auth_context_id,
4186 auth_pad_length=auth_pad_bad,
4187 auth_blob=to_server)
4188 req = self.generate_alter(call_id=0,
4190 assoc_group_id=rep.u.assoc_group_id,
4191 auth_info=auth_info)
4193 rep = self.recv_pdu()
4194 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
4195 pfc_flags=req.pfc_flags |
4196 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
4198 self.assertNotEquals(rep.u.alloc_hint, 0)
4199 self.assertEquals(rep.u.context_id, 0)
4200 self.assertEquals(rep.u.cancel_count, 0)
4201 self.assertEquals(rep.u.flags, 0)
4202 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
4203 self.assertEquals(rep.u.reserved, 0)
4204 self.assertEquals(len(rep.u.error_and_verifier), 0)
4206 # wait for a disconnect
4207 rep = self.recv_pdu()
4208 self.assertIsNone(rep)
4209 self.assertNotConnected()
4211 def test_ntlmssp_auth_pad_ok(self):
4212 ndr32 = base.transfer_syntax_ndr()
4215 ctx1 = dcerpc.ctx_list()
4217 ctx1.num_transfer_syntaxes = len(tsf1_list)
4218 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4219 ctx1.transfer_syntaxes = tsf1_list
4222 c = self.get_anon_creds()
4223 g = gensec.Security.start_client(self.settings)
4224 g.set_credentials(c)
4225 g.want_feature(gensec.FEATURE_DCE_STYLE)
4226 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
4227 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
4229 g.start_mech_by_authtype(auth_type, auth_level)
4231 (finished, to_server) = g.update(from_server)
4232 self.assertFalse(finished)
4234 auth_info = self.generate_auth(auth_type=auth_type,
4235 auth_level=auth_level,
4236 auth_context_id=auth_context_id,
4237 auth_blob=to_server)
4239 req = self.generate_bind(call_id=0,
4241 auth_info=auth_info)
4242 req_pdu = samba.ndr.ndr_pack(req)
4244 auth_pad_ok = len(req_pdu)
4245 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
4246 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4247 auth_pad_ok -= len(to_server)
4249 auth_info = self.generate_auth(auth_type=auth_type,
4250 auth_level=auth_level,
4251 auth_context_id=auth_context_id,
4252 auth_pad_length=auth_pad_ok,
4253 auth_blob=to_server)
4255 req = self.generate_bind(call_id=0,
4257 auth_info=auth_info)
4259 rep = self.recv_pdu()
4260 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
4261 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
4262 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
4263 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
4264 self.assertEquals(rep.u.secondary_address_size, 4)
4265 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
4266 self.assertEquals(len(rep.u._pad1), 2)
4267 #self.assertEquals(rep.u._pad1, '\0' * 2)
4268 self.assertEquals(rep.u.num_results, 1)
4269 self.assertEquals(rep.u.ctx_list[0].result,
4270 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
4271 self.assertEquals(rep.u.ctx_list[0].reason,
4272 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
4273 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
4274 self.assertNotEquals(len(rep.u.auth_info), 0)
4275 a = self.parse_auth(rep.u.auth_info)
4277 from_server = a.credentials
4278 (finished, to_server) = g.update(from_server)
4279 self.assertTrue(finished)
4282 auth_info = self.generate_auth(auth_type=auth_type,
4283 auth_level=auth_level,
4284 auth_context_id=auth_context_id,
4285 auth_pad_length=auth_pad_ok,
4286 auth_blob=to_server)
4287 req = self.generate_auth3(call_id=0,
4288 auth_info=auth_info)
4290 self.assertIsConnected()
4292 # And now try a request without auth_info
4293 req = self.generate_request(call_id = 2,
4294 context_id=ctx1.context_id,
4298 rep = self.recv_pdu()
4299 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4301 self.assertNotEquals(rep.u.alloc_hint, 0)
4302 self.assertEquals(rep.u.context_id, req.u.context_id)
4303 self.assertEquals(rep.u.cancel_count, 0)
4304 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4306 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
4307 auth_info = self.generate_auth(auth_type=auth_type,
4308 auth_level=auth_level,
4309 auth_context_id=auth_context_id,
4310 auth_blob="\x01"+"\x00"*15)
4311 req = self.generate_request(call_id = 3,
4312 context_id=ctx1.context_id,
4315 auth_info=auth_info)
4317 rep = self.recv_pdu()
4318 # We don't get an auth_info back
4319 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4321 self.assertNotEquals(rep.u.alloc_hint, 0)
4322 self.assertEquals(rep.u.context_id, req.u.context_id)
4323 self.assertEquals(rep.u.cancel_count, 0)
4324 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4326 self._disconnect("disconnect")
4327 self.assertNotConnected()
4329 def test_ntlmssp_auth_pad_fail_auth3(self):
4330 ndr32 = base.transfer_syntax_ndr()
4333 ctx1 = dcerpc.ctx_list()
4335 ctx1.num_transfer_syntaxes = len(tsf1_list)
4336 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4337 ctx1.transfer_syntaxes = tsf1_list
4340 c = self.get_anon_creds()
4341 g = gensec.Security.start_client(self.settings)
4342 g.set_credentials(c)
4343 g.want_feature(gensec.FEATURE_DCE_STYLE)
4344 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
4345 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
4347 g.start_mech_by_authtype(auth_type, auth_level)
4349 (finished, to_server) = g.update(from_server)
4350 self.assertFalse(finished)
4352 auth_info = self.generate_auth(auth_type=auth_type,
4353 auth_level=auth_level,
4354 auth_context_id=auth_context_id,
4355 auth_blob=to_server)
4357 req = self.generate_bind(call_id=0,
4359 auth_info=auth_info)
4360 req_pdu = samba.ndr.ndr_pack(req)
4362 auth_pad_ok = len(req_pdu)
4363 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
4364 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4365 auth_pad_ok -= len(to_server)
4367 auth_info = self.generate_auth(auth_type=auth_type,
4368 auth_level=auth_level,
4369 auth_context_id=auth_context_id,
4370 auth_pad_length=auth_pad_ok,
4371 auth_blob=to_server)
4373 req = self.generate_bind(call_id=0,
4375 auth_info=auth_info)
4377 rep = self.recv_pdu()
4378 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
4379 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
4380 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
4381 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
4382 self.assertEquals(rep.u.secondary_address_size, 4)
4383 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
4384 self.assertEquals(len(rep.u._pad1), 2)
4385 #self.assertEquals(rep.u._pad1, '\0' * 2)
4386 self.assertEquals(rep.u.num_results, 1)
4387 self.assertEquals(rep.u.ctx_list[0].result,
4388 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
4389 self.assertEquals(rep.u.ctx_list[0].reason,
4390 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
4391 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
4392 self.assertNotEquals(len(rep.u.auth_info), 0)
4393 a = self.parse_auth(rep.u.auth_info)
4395 from_server = a.credentials
4396 (finished, to_server) = g.update(from_server)
4397 self.assertTrue(finished)
4400 auth_info = self.generate_auth(auth_type=auth_type,
4401 auth_level=auth_level,
4402 auth_context_id=auth_context_id,
4403 auth_pad_length=auth_pad_bad,
4404 auth_blob=to_server)
4405 req = self.generate_auth3(call_id=0,
4406 auth_info=auth_info)
4408 rep = self.recv_pdu()
4409 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
4410 pfc_flags=req.pfc_flags |
4411 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
4413 self.assertNotEquals(rep.u.alloc_hint, 0)
4414 self.assertEquals(rep.u.context_id, 0)
4415 self.assertEquals(rep.u.cancel_count, 0)
4416 self.assertEquals(rep.u.flags, 0)
4417 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_FAULT_REMOTE_NO_MEMORY)
4418 self.assertEquals(rep.u.reserved, 0)
4419 self.assertEquals(len(rep.u.error_and_verifier), 0)
4421 # wait for a disconnect
4422 rep = self.recv_pdu()
4423 self.assertIsNone(rep)
4424 self.assertNotConnected()
4426 def _test_spnego_bind_auth_level(self, auth_level, auth_context_id, ctx,
4427 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4429 creds = self.get_user_creds()
4430 auth_context = self.get_auth_context_creds(creds=creds,
4431 auth_type=dcerpc.DCERPC_AUTH_TYPE_SPNEGO,
4432 auth_level=auth_level,
4433 auth_context_id=auth_context_id,
4434 g_auth_level=g_auth_level)
4435 if auth_context is None:
4437 ack = self.do_generic_bind(ctx=ctx,
4438 auth_context=auth_context,
4439 alter_fault=alter_fault)
4442 return auth_context["gensec"]
4444 def _test_spnego_level_bind_nak(self, auth_level,
4445 reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_CHECKSUM):
4446 c = self.get_user_creds()
4447 return self._test_auth_type_level_bind_nak(auth_type=dcerpc.DCERPC_AUTH_TYPE_SPNEGO,
4448 auth_level=auth_level, creds=c, reason=reason)
4450 def _test_spnego_level_bind(self, auth_level,
4451 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4454 response_fault_flags=0):
4455 ndr32 = base.transfer_syntax_ndr()
4458 ctx1 = dcerpc.ctx_list()
4459 ctx1.context_id = 0x1001
4460 ctx1.num_transfer_syntaxes = len(tsf1_list)
4461 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4462 ctx1.transfer_syntaxes = tsf1_list
4464 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
4467 g = self._test_spnego_bind_auth_level(auth_level=auth_level,
4468 auth_context_id=auth_context_id,
4470 g_auth_level=g_auth_level,
4471 alter_fault=alter_fault)
4473 if request_fault is None:
4476 self.assertIsNotNone(g)
4478 stub_bin = '\x00' * 17
4479 mod_len = len(stub_bin) % dcerpc.DCERPC_AUTH_PAD_ALIGNMENT
4482 auth_pad_length = dcerpc.DCERPC_AUTH_PAD_ALIGNMENT - mod_len
4483 stub_bin += '\x00' * auth_pad_length
4485 if g_auth_level >= dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY:
4486 sig_size = g.sig_size(len(stub_bin))
4489 zero_sig = "\x00"*sig_size
4491 auth_info = self.generate_auth(auth_type=auth_type,
4492 auth_level=auth_level,
4493 auth_pad_length=auth_pad_length,
4494 auth_context_id=auth_context_id,
4496 req = self.generate_request(call_id = 4,
4497 context_id=ctx1.context_id,
4500 auth_info=auth_info)
4501 if g_auth_level >= dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY:
4502 req_blob = samba.ndr.ndr_pack(req)
4503 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4504 ofs_sig = len(req_blob) - req.auth_length
4505 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4506 req_data = req_blob[ofs_stub:ofs_trailer]
4507 req_whole = req_blob[0:ofs_sig]
4508 sig = g.sign_packet(req_data, req_whole)
4509 auth_info = self.generate_auth(auth_type=auth_type,
4510 auth_level=auth_level,
4511 auth_pad_length=auth_pad_length,
4512 auth_context_id=auth_context_id,
4514 req = self.generate_request(call_id = 4,
4515 context_id=ctx1.context_id,
4518 auth_info=auth_info)
4520 rep = self.recv_pdu()
4521 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
4522 pfc_flags=req.pfc_flags | response_fault_flags,
4524 self.assertNotEquals(rep.u.alloc_hint, 0)
4525 self.assertEquals(rep.u.context_id, ctx1.context_id)
4526 self.assertEquals(rep.u.cancel_count, 0)
4527 self.assertEquals(rep.u.flags, 0)
4528 self.assertEquals(rep.u.status, request_fault)
4529 self.assertEquals(rep.u.reserved, 0)
4530 self.assertEquals(len(rep.u.error_and_verifier), 0)
4532 if response_fault_flags & dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE:
4535 # wait for a disconnect
4536 rep = self.recv_pdu()
4537 self.assertIsNone(rep)
4538 self.assertNotConnected()
4540 def test_spnego_none_bind(self):
4541 return self._test_spnego_level_bind_nak(dcerpc.DCERPC_AUTH_LEVEL_NONE,
4542 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
4544 def test_spnego_call_bind(self):
4545 return self._test_spnego_level_bind_nak(dcerpc.DCERPC_AUTH_LEVEL_CALL,
4546 reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_CHECKSUM)
4548 def test_spnego_0_bind(self):
4549 return self._test_spnego_level_bind_nak(0,
4550 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
4552 def test_spnego_7_bind(self):
4553 return self._test_spnego_level_bind_nak(7,
4554 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
4556 def test_spnego_255_bind(self):
4557 return self._test_spnego_level_bind_nak(255,
4558 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
4560 def test_spnego_connect_bind_none(self):
4561 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
4562 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT)
4564 def test_spnego_connect_bind_sign(self):
4565 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
4566 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
4568 def test_spnego_connect_bind_seal(self):
4569 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
4570 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY)
4572 def test_spnego_packet_bind_none(self):
4573 # DCERPC_AUTH_LEVEL_PACKET is handled as alias of
4574 # DCERPC_AUTH_LEVEL_INTEGRITY
4575 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PACKET,
4576 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
4577 request_fault=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
4579 def test_spnego_packet_bind_sign(self):
4580 # DCERPC_AUTH_LEVEL_PACKET is handled as alias of
4581 # DCERPC_AUTH_LEVEL_INTEGRITY
4582 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PACKET,
4583 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4584 request_fault=dcerpc.DCERPC_NCA_S_OP_RNG_ERROR,
4585 response_fault_flags=dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE)
4587 def test_spnego_packet_bind_sign(self):
4588 # DCERPC_AUTH_LEVEL_PACKET is handled as alias of
4589 # DCERPC_AUTH_LEVEL_INTEGRITY
4590 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PACKET,
4591 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
4592 request_fault=dcerpc.DCERPC_NCA_S_OP_RNG_ERROR,
4593 response_fault_flags=dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE)
4595 def test_spnego_integrity_bind_none(self):
4596 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4597 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
4598 request_fault=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
4600 def test_spnego_integrity_bind_sign(self):
4601 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4602 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4603 request_fault=dcerpc.DCERPC_NCA_S_OP_RNG_ERROR,
4604 response_fault_flags=dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE)
4606 def test_spnego_integrity_bind_seal(self):
4607 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4608 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
4609 request_fault=dcerpc.DCERPC_NCA_S_OP_RNG_ERROR,
4610 response_fault_flags=dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE)
4612 def test_spnego_privacy_bind_none(self):
4614 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
4615 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
4616 alter_fault=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
4618 def test_spnego_privacy_bind_sign(self):
4620 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
4621 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4622 alter_fault=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
4624 def test_spnego_privacy_bind_seal(self):
4625 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
4626 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY)
4630 def _test_spnego_signing_auth_level_request(self, auth_level):
4631 ndr32 = base.transfer_syntax_ndr()
4634 ctx1 = dcerpc.ctx_list()
4635 ctx1.context_id = 0x1001
4636 ctx1.num_transfer_syntaxes = len(tsf1_list)
4637 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4638 ctx1.transfer_syntaxes = tsf1_list
4641 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
4644 g = self._test_spnego_bind_auth_level(auth_level=auth_level,
4645 auth_context_id=auth_context_id,
4648 stub_bin = '\x00' * 0
4649 mod_len = len(stub_bin) % dcerpc.DCERPC_AUTH_PAD_ALIGNMENT
4652 auth_pad_length = dcerpc.DCERPC_AUTH_PAD_ALIGNMENT - mod_len
4653 stub_bin += '\x00' * auth_pad_length
4655 sig_size = g.sig_size(len(stub_bin))
4656 zero_sig = "\x00"*sig_size
4658 auth_info = self.generate_auth(auth_type=auth_type,
4659 auth_level=auth_level,
4660 auth_pad_length=auth_pad_length,
4661 auth_context_id=auth_context_id,
4663 req = self.generate_request(call_id = 3,
4664 context_id=ctx1.context_id,
4667 auth_info=auth_info)
4668 req_blob = samba.ndr.ndr_pack(req)
4669 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4670 ofs_sig = len(req_blob) - req.auth_length
4671 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4672 req_data = req_blob[ofs_stub:ofs_trailer]
4673 req_whole = req_blob[0:ofs_sig]
4674 sig = g.sign_packet(req_data, req_whole)
4675 auth_info = self.generate_auth(auth_type=auth_type,
4676 auth_level=auth_level,
4677 auth_pad_length=auth_pad_length,
4678 auth_context_id=auth_context_id,
4680 req = self.generate_request(call_id = 3,
4681 context_id=ctx1.context_id,
4684 auth_info=auth_info)
4686 (rep, rep_blob) = self.recv_pdu_raw()
4687 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4688 auth_length=sig_size)
4689 self.assertNotEquals(rep.u.alloc_hint, 0)
4690 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
4691 self.assertEquals(rep.u.cancel_count, 0)
4692 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4693 self.assertEquals(rep.auth_length, sig_size)
4695 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4696 ofs_sig = rep.frag_length - rep.auth_length
4697 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4698 rep_data = rep_blob[ofs_stub:ofs_trailer]
4699 rep_whole = rep_blob[0:ofs_sig]
4700 rep_sig = rep_blob[ofs_sig:]
4701 rep_auth_info_blob = rep_blob[ofs_trailer:]
4703 rep_auth_info = self.parse_auth(rep_auth_info_blob)
4704 self.assertEquals(rep_auth_info.auth_type, auth_type)
4705 self.assertEquals(rep_auth_info.auth_level, auth_level)
4706 # mgmt_inq_if_ids() returns no fixed size results
4707 #self.assertEquals(rep_auth_info.auth_pad_length, 0)
4708 self.assertEquals(rep_auth_info.auth_reserved, 0)
4709 self.assertEquals(rep_auth_info.auth_context_id, auth_context_id)
4710 self.assertEquals(rep_auth_info.credentials, rep_sig)
4712 g.check_packet(rep_data, rep_whole, rep_sig)
4714 stub_bin = '\x00' * 17
4715 mod_len = len(stub_bin) % dcerpc.DCERPC_AUTH_PAD_ALIGNMENT
4718 auth_pad_length = dcerpc.DCERPC_AUTH_PAD_ALIGNMENT - mod_len
4719 stub_bin += '\x00' * auth_pad_length
4721 sig_size = g.sig_size(len(stub_bin))
4722 zero_sig = "\x00"*sig_size
4724 auth_info = self.generate_auth(auth_type=auth_type,
4725 auth_level=auth_level,
4726 auth_pad_length=auth_pad_length,
4727 auth_context_id=auth_context_id,
4729 req = self.generate_request(call_id = 4,
4730 context_id=ctx1.context_id,
4733 auth_info=auth_info)
4734 req_blob = samba.ndr.ndr_pack(req)
4735 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4736 ofs_sig = len(req_blob) - req.auth_length
4737 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4738 req_data = req_blob[ofs_stub:ofs_trailer]
4739 req_whole = req_blob[0:ofs_sig]
4740 sig = g.sign_packet(req_data, req_whole)
4741 auth_info = self.generate_auth(auth_type=auth_type,
4742 auth_level=auth_level,
4743 auth_pad_length=auth_pad_length,
4744 auth_context_id=auth_context_id,
4746 req = self.generate_request(call_id = 4,
4747 context_id=ctx1.context_id,
4750 auth_info=auth_info)
4752 rep = self.recv_pdu()
4753 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
4754 pfc_flags=req.pfc_flags |
4755 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
4757 self.assertNotEquals(rep.u.alloc_hint, 0)
4758 self.assertEquals(rep.u.context_id, ctx1.context_id)
4759 self.assertEquals(rep.u.cancel_count, 0)
4760 self.assertEquals(rep.u.flags, 0)
4761 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_OP_RNG_ERROR)
4762 self.assertEquals(rep.u.reserved, 0)
4763 self.assertEquals(len(rep.u.error_and_verifier), 0)
4765 stub_bin = '\x00' * 8
4766 mod_len = len(stub_bin) % dcerpc.DCERPC_AUTH_PAD_ALIGNMENT
4769 auth_pad_length = dcerpc.DCERPC_AUTH_PAD_ALIGNMENT - mod_len
4770 stub_bin += '\x00' * auth_pad_length
4772 sig_size = g.sig_size(len(stub_bin))
4773 zero_sig = "\x00"*sig_size
4775 auth_info = self.generate_auth(auth_type=auth_type,
4776 auth_level=auth_level,
4777 auth_pad_length=auth_pad_length,
4778 auth_context_id=auth_context_id,
4780 req = self.generate_request(call_id = 5,
4781 context_id=ctx1.context_id,
4784 auth_info=auth_info)
4785 req_blob = samba.ndr.ndr_pack(req)
4786 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4787 ofs_sig = len(req_blob) - req.auth_length
4788 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4789 req_data = req_blob[ofs_stub:ofs_trailer]
4790 req_whole = req_blob[0:ofs_sig]
4791 sig = g.sign_packet(req_data, req_whole)
4792 auth_info = self.generate_auth(auth_type=auth_type,
4793 auth_level=auth_level,
4794 auth_pad_length=auth_pad_length,
4795 auth_context_id=auth_context_id,
4797 req = self.generate_request(call_id = 5,
4798 context_id=ctx1.context_id,
4801 auth_info=auth_info)
4803 (rep, rep_blob) = self.recv_pdu_raw()
4804 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4805 auth_length=sig_size)
4806 self.assertNotEquals(rep.u.alloc_hint, 0)
4807 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
4808 self.assertEquals(rep.u.cancel_count, 0)
4809 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4810 self.assertEquals(rep.auth_length, sig_size)
4812 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4813 ofs_sig = rep.frag_length - rep.auth_length
4814 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4815 rep_data = rep_blob[ofs_stub:ofs_trailer]
4816 rep_whole = rep_blob[0:ofs_sig]
4817 rep_sig = rep_blob[ofs_sig:]
4818 rep_auth_info_blob = rep_blob[ofs_trailer:]
4820 rep_auth_info = self.parse_auth(rep_auth_info_blob)
4821 self.assertEquals(rep_auth_info.auth_type, auth_type)
4822 self.assertEquals(rep_auth_info.auth_level, auth_level)
4823 self.assertEquals(rep_auth_info.auth_pad_length, 4)
4824 self.assertEquals(rep_auth_info.auth_reserved, 0)
4825 self.assertEquals(rep_auth_info.auth_context_id, auth_context_id)
4826 self.assertEquals(rep_auth_info.credentials, rep_sig)
4828 g.check_packet(rep_data, rep_whole, rep_sig)
4830 stub_bin = '\x00' * 8
4831 mod_len = len(stub_bin) % dcerpc.DCERPC_AUTH_PAD_ALIGNMENT
4834 auth_pad_length = dcerpc.DCERPC_AUTH_PAD_ALIGNMENT - mod_len
4835 stub_bin += '\x00' * auth_pad_length
4837 sig_size = g.sig_size(len(stub_bin))
4838 zero_sig = "\x00"*sig_size
4840 auth_info = self.generate_auth(auth_type=auth_type,
4841 auth_level=auth_level,
4842 auth_pad_length=auth_pad_length,
4843 auth_context_id=auth_context_id,
4845 req = self.generate_request(call_id = 6,
4846 context_id=ctx1.context_id,
4849 auth_info=auth_info)
4850 req_blob = samba.ndr.ndr_pack(req)
4851 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4852 ofs_sig = len(req_blob) - req.auth_length
4853 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4854 req_data = req_blob[ofs_stub:ofs_trailer]
4855 req_whole = req_blob[0:ofs_sig]
4856 sig = g.sign_packet(req_data, req_whole)
4857 auth_info = self.generate_auth(auth_type=auth_type,
4858 auth_level=auth_level,
4859 auth_pad_length=auth_pad_length,
4860 auth_context_id=auth_context_id,
4862 req = self.generate_request(call_id = 6,
4863 context_id=ctx1.context_id,
4866 auth_info=auth_info)
4868 (rep, rep_blob) = self.recv_pdu_raw()
4869 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4870 auth_length=sig_size)
4871 self.assertNotEquals(rep.u.alloc_hint, 0)
4872 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
4873 self.assertEquals(rep.u.cancel_count, 0)
4874 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4875 self.assertEquals(rep.auth_length, sig_size)
4877 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4878 ofs_sig = rep.frag_length - rep.auth_length
4879 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4880 rep_data = rep_blob[ofs_stub:ofs_trailer]
4881 rep_whole = rep_blob[0:ofs_sig]
4882 rep_sig = rep_blob[ofs_sig:]
4883 rep_auth_info_blob = rep_blob[ofs_trailer:]
4885 rep_auth_info = self.parse_auth(rep_auth_info_blob)
4886 self.assertEquals(rep_auth_info.auth_type, auth_type)
4887 self.assertEquals(rep_auth_info.auth_level, auth_level)
4888 self.assertEquals(rep_auth_info.auth_pad_length, 12)
4889 self.assertEquals(rep_auth_info.auth_reserved, 0)
4890 self.assertEquals(rep_auth_info.auth_context_id, auth_context_id)
4891 self.assertEquals(rep_auth_info.credentials, rep_sig)
4893 g.check_packet(rep_data, rep_whole, rep_sig)
4895 def test_spnego_signing_packet(self):
4896 # DCERPC_AUTH_LEVEL_PACKET is handled as alias of
4897 # DCERPC_AUTH_LEVEL_INTEGRITY
4898 return self._test_spnego_signing_auth_level_request(dcerpc.DCERPC_AUTH_LEVEL_PACKET)
4900 def test_spnego_signing_integrity(self):
4901 return self._test_spnego_signing_auth_level_request(dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
4904 def test_assoc_group_fail1(self):
4905 abstract = samba.dcerpc.mgmt.abstract_syntax()
4906 transfer = base.transfer_syntax_ndr()
4908 tsf1_list = [transfer]
4909 ctx = samba.dcerpc.dcerpc.ctx_list()
4911 ctx.num_transfer_syntaxes = len(tsf1_list)
4912 ctx.abstract_syntax = abstract
4913 ctx.transfer_syntaxes = tsf1_list
4915 ack = self.do_generic_bind(ctx=ctx, assoc_group_id=1,
4916 nak_reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
4919 def test_assoc_group_fail2(self):
4920 abstract = samba.dcerpc.mgmt.abstract_syntax()
4921 transfer = base.transfer_syntax_ndr()
4923 tsf1_list = [transfer]
4924 ctx = samba.dcerpc.dcerpc.ctx_list()
4926 ctx.num_transfer_syntaxes = len(tsf1_list)
4927 ctx.abstract_syntax = abstract
4928 ctx.transfer_syntaxes = tsf1_list
4930 ack = self.do_generic_bind(ctx=ctx)
4932 self._disconnect("test_assoc_group_fail2")
4935 ack2 = self.do_generic_bind(ctx=ctx,assoc_group_id=ack.u.assoc_group_id,
4936 nak_reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
4939 def test_assoc_group_diff1(self):
4940 abstract = samba.dcerpc.mgmt.abstract_syntax()
4941 transfer = base.transfer_syntax_ndr()
4943 (ctx1, ack1) = self.prepare_presentation(abstract, transfer,
4944 context_id=1, return_ack=True)
4946 conn2 = self.second_connection()
4947 (ctx2, ack2) = conn2.prepare_presentation(abstract, transfer,
4948 context_id=2, return_ack=True)
4949 self.assertNotEqual(ack2.u.assoc_group_id, ack1.u.assoc_group_id)
4953 def test_assoc_group_ok1(self):
4954 abstract = samba.dcerpc.mgmt.abstract_syntax()
4955 transfer = base.transfer_syntax_ndr()
4957 (ctx1, ack1) = self.prepare_presentation(abstract, transfer,
4958 context_id=1, return_ack=True)
4960 conn2 = self.second_connection()
4961 (ctx2, ack2) = conn2.prepare_presentation(abstract, transfer,
4962 assoc_group_id=ack1.u.assoc_group_id,
4963 context_id=2, return_ack=True)
4965 inq_if_ids = samba.dcerpc.mgmt.inq_if_ids()
4966 self.do_single_request(call_id = 1, ctx=ctx1, io=inq_if_ids)
4967 conn2.do_single_request(call_id = 1, ctx=ctx2, io=inq_if_ids)
4969 conn2.do_single_request(call_id = 1, ctx=ctx1, io=inq_if_ids,
4970 fault_pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST |
4971 samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST |
4972 samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
4973 fault_status=dcerpc.DCERPC_NCA_S_UNKNOWN_IF,
4976 self.do_single_request(call_id = 1, ctx=ctx1, io=inq_if_ids)
4977 conn2.do_single_request(call_id = 1, ctx=ctx2, io=inq_if_ids)
4980 if __name__ == "__main__":
4981 global_ndr_print = True
4982 global_hexdump = True
git.samba.org / samba.git / blob