2 # Unix SMB/CIFS implementation.
3 # Copyright (C) Stefan Metzmacher 2014,2015
5 # This program is free software; you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 3 of the License, or
8 # (at your option) any later version.
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
15 # You should have received a copy of the GNU General Public License
16 # along with this program. If not, see <http://www.gnu.org/licenses/>.
23 sys.path.insert(0, "bin/python")
24 os.environ["PYTHONUNBUFFERED"] = "1"
26 import samba.dcerpc.dcerpc as dcerpc
27 import samba.dcerpc.base as base
28 import samba.dcerpc.misc as misc
29 import samba.dcerpc.epmapper
30 import samba.dcerpc.mgmt
31 import samba.dcerpc.netlogon
33 from samba import gensec
34 from samba.tests.dcerpc.raw_testcase import RawDCERPCTest
35 from samba.compat import binary_type
37 global_ndr_print = False
38 global_hexdump = False
41 class TestDCERPC_BIND(RawDCERPCTest):
44 super(TestDCERPC_BIND, self).setUp()
45 self.do_ndr_print = global_ndr_print
46 self.do_hexdump = global_hexdump
48 def _test_no_auth_request_bind_pfc_flags(self, req_pfc_flags, rep_pfc_flags):
49 ndr32 = base.transfer_syntax_ndr()
52 ctx1 = dcerpc.ctx_list()
54 ctx1.num_transfer_syntaxes = len(tsf1_list)
55 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
56 ctx1.transfer_syntaxes = tsf1_list
58 req = self.generate_bind(call_id=0, pfc_flags=req_pfc_flags, ctx_list=[ctx1])
61 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
62 pfc_flags=rep_pfc_flags, auth_length=0)
63 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
64 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
65 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
66 self.assertEquals(rep.u.secondary_address_size, 4)
67 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
68 self.assertPadding(rep.u._pad1, 2)
69 self.assertEquals(rep.u.num_results, 1)
70 self.assertEquals(rep.u.ctx_list[0].result,
71 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
72 self.assertEquals(rep.u.ctx_list[0].reason,
73 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
74 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
75 self.assertEquals(rep.u.auth_info, b'\0' * 0)
77 # And now try a request
78 req = self.generate_request(call_id=1,
79 context_id=ctx1.context_id,
84 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
86 self.assertNotEquals(rep.u.alloc_hint, 0)
87 self.assertEquals(rep.u.context_id, req.u.context_id)
88 self.assertEquals(rep.u.cancel_count, 0)
89 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
91 def _test_no_auth_request_alter_pfc_flags(self, req_pfc_flags, rep_pfc_flags):
92 ndr32 = base.transfer_syntax_ndr()
95 ctx1 = dcerpc.ctx_list()
97 ctx1.num_transfer_syntaxes = len(tsf1_list)
98 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
99 ctx1.transfer_syntaxes = tsf1_list
101 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
103 rep = self.recv_pdu()
104 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
106 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
107 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
108 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
109 self.assertEquals(rep.u.secondary_address_size, 4)
110 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
111 self.assertPadding(rep.u._pad1, 2)
112 self.assertEquals(rep.u.num_results, 1)
113 self.assertEquals(rep.u.ctx_list[0].result,
114 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
115 self.assertEquals(rep.u.ctx_list[0].reason,
116 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
117 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
118 self.assertEquals(rep.u.auth_info, b'\0' * 0)
120 # And now try a alter context
121 req = self.generate_alter(call_id=0, pfc_flags=req_pfc_flags, ctx_list=[ctx1])
123 rep = self.recv_pdu()
124 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
125 pfc_flags=rep_pfc_flags, auth_length=0)
126 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
127 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
128 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
129 self.assertEquals(rep.u.secondary_address_size, 0)
130 self.assertEquals(rep.u.secondary_address, "")
131 self.assertPadding(rep.u._pad1, 2)
132 self.assertEquals(rep.u.num_results, 1)
133 self.assertEquals(rep.u.ctx_list[0].result,
134 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
135 self.assertEquals(rep.u.ctx_list[0].reason,
136 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
137 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
138 self.assertEquals(rep.u.auth_info, b'\0' * 0)
140 # And now try a request
141 req = self.generate_request(call_id=1,
142 context_id=ctx1.context_id,
146 rep = self.recv_pdu()
147 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
149 self.assertNotEquals(rep.u.alloc_hint, 0)
150 self.assertEquals(rep.u.context_id, req.u.context_id)
151 self.assertEquals(rep.u.cancel_count, 0)
152 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
154 def test_no_auth_request(self):
155 return self._test_no_auth_request_bind_pfc_flags(
157 dcerpc.DCERPC_PFC_FLAG_FIRST |
158 dcerpc.DCERPC_PFC_FLAG_LAST,
160 dcerpc.DCERPC_PFC_FLAG_FIRST |
161 dcerpc.DCERPC_PFC_FLAG_LAST)
163 def test_no_auth_request_bind_pfc_00(self):
164 return self._test_no_auth_request_bind_pfc_flags(
168 dcerpc.DCERPC_PFC_FLAG_FIRST |
169 dcerpc.DCERPC_PFC_FLAG_LAST)
171 def test_no_auth_request_bind_pfc_FIRST(self):
172 return self._test_no_auth_request_bind_pfc_flags(
174 dcerpc.DCERPC_PFC_FLAG_FIRST |
177 dcerpc.DCERPC_PFC_FLAG_FIRST |
178 dcerpc.DCERPC_PFC_FLAG_LAST)
180 def test_no_auth_request_bind_pfc_LAST(self):
181 return self._test_no_auth_request_bind_pfc_flags(
183 dcerpc.DCERPC_PFC_FLAG_LAST |
186 dcerpc.DCERPC_PFC_FLAG_FIRST |
187 dcerpc.DCERPC_PFC_FLAG_LAST)
189 # TODO: doesn't announce DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
190 # without authentication
191 def _test_no_auth_request_bind_pfc_HDR_SIGNING(self):
192 return self._test_no_auth_request_bind_pfc_flags(
194 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN |
197 dcerpc.DCERPC_PFC_FLAG_FIRST |
198 dcerpc.DCERPC_PFC_FLAG_LAST |
199 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)
201 def test_no_auth_request_bind_pfc_08(self):
202 return self._test_no_auth_request_bind_pfc_flags(
207 dcerpc.DCERPC_PFC_FLAG_FIRST |
208 dcerpc.DCERPC_PFC_FLAG_LAST)
210 def test_no_auth_request_bind_pfc_CONC_MPX(self):
211 return self._test_no_auth_request_bind_pfc_flags(
213 dcerpc.DCERPC_PFC_FLAG_CONC_MPX |
216 dcerpc.DCERPC_PFC_FLAG_FIRST |
217 dcerpc.DCERPC_PFC_FLAG_LAST |
218 dcerpc.DCERPC_PFC_FLAG_CONC_MPX)
220 def test_no_auth_request_bind_pfc_DID_NOT_EXECUTE(self):
221 return self._test_no_auth_request_bind_pfc_flags(
223 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE |
226 dcerpc.DCERPC_PFC_FLAG_FIRST |
227 dcerpc.DCERPC_PFC_FLAG_LAST)
229 def test_no_auth_request_bind_pfc_MAYBE(self):
230 return self._test_no_auth_request_bind_pfc_flags(
232 dcerpc.DCERPC_PFC_FLAG_MAYBE |
235 dcerpc.DCERPC_PFC_FLAG_FIRST |
236 dcerpc.DCERPC_PFC_FLAG_LAST)
238 def test_no_auth_request_bind_pfc_OBJECT_UUID(self):
239 return self._test_no_auth_request_bind_pfc_flags(
241 dcerpc.DCERPC_PFC_FLAG_OBJECT_UUID |
244 dcerpc.DCERPC_PFC_FLAG_FIRST |
245 dcerpc.DCERPC_PFC_FLAG_LAST)
247 # TODO: doesn't announce DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
248 # without authentication
249 # TODO: doesn't announce DCERPC_PFC_FLAG_CONC_MPX
251 def _test_no_auth_request_bind_pfc_ff(self):
252 return self._test_no_auth_request_bind_pfc_flags(
257 dcerpc.DCERPC_PFC_FLAG_FIRST |
258 dcerpc.DCERPC_PFC_FLAG_LAST |
259 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN |
260 dcerpc.DCERPC_PFC_FLAG_CONC_MPX)
262 def test_no_auth_request_alter_pfc_00(self):
263 return self._test_no_auth_request_alter_pfc_flags(
267 dcerpc.DCERPC_PFC_FLAG_FIRST |
268 dcerpc.DCERPC_PFC_FLAG_LAST)
270 def test_no_auth_request_alter_pfc_FIRST(self):
271 return self._test_no_auth_request_alter_pfc_flags(
273 dcerpc.DCERPC_PFC_FLAG_FIRST |
276 dcerpc.DCERPC_PFC_FLAG_FIRST |
277 dcerpc.DCERPC_PFC_FLAG_LAST)
279 def test_no_auth_request_alter_pfc_LAST(self):
280 return self._test_no_auth_request_alter_pfc_flags(
282 dcerpc.DCERPC_PFC_FLAG_LAST |
285 dcerpc.DCERPC_PFC_FLAG_FIRST |
286 dcerpc.DCERPC_PFC_FLAG_LAST)
288 # TODO: doesn't announce DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
289 # without authentication
290 def _test_no_auth_request_alter_pfc_HDR_SIGNING(self):
291 return self._test_no_auth_request_alter_pfc_flags(
293 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN |
296 dcerpc.DCERPC_PFC_FLAG_FIRST |
297 dcerpc.DCERPC_PFC_FLAG_LAST |
298 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)
300 def test_no_auth_request_alter_pfc_08(self):
301 return self._test_no_auth_request_alter_pfc_flags(
306 dcerpc.DCERPC_PFC_FLAG_FIRST |
307 dcerpc.DCERPC_PFC_FLAG_LAST)
309 def test_no_auth_request_alter_pfc_CONC_MPX(self):
310 return self._test_no_auth_request_alter_pfc_flags(
312 dcerpc.DCERPC_PFC_FLAG_CONC_MPX |
315 dcerpc.DCERPC_PFC_FLAG_FIRST |
316 dcerpc.DCERPC_PFC_FLAG_LAST)
318 def test_no_auth_request_alter_pfc_DID_NOT_EXECUTE(self):
319 return self._test_no_auth_request_alter_pfc_flags(
321 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE |
324 dcerpc.DCERPC_PFC_FLAG_FIRST |
325 dcerpc.DCERPC_PFC_FLAG_LAST)
327 def test_no_auth_request_alter_pfc_MAYBE(self):
328 return self._test_no_auth_request_alter_pfc_flags(
330 dcerpc.DCERPC_PFC_FLAG_MAYBE |
333 dcerpc.DCERPC_PFC_FLAG_FIRST |
334 dcerpc.DCERPC_PFC_FLAG_LAST)
336 def test_no_auth_request_alter_pfc_OBJECT_UUID(self):
337 return self._test_no_auth_request_alter_pfc_flags(
339 dcerpc.DCERPC_PFC_FLAG_OBJECT_UUID |
342 dcerpc.DCERPC_PFC_FLAG_FIRST |
343 dcerpc.DCERPC_PFC_FLAG_LAST)
345 # TODO: doesn't announce DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
346 # without authentication
347 def _test_no_auth_request_alter_pfc_ff(self):
348 return self._test_no_auth_request_alter_pfc_flags(
353 dcerpc.DCERPC_PFC_FLAG_FIRST |
354 dcerpc.DCERPC_PFC_FLAG_LAST |
355 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)
357 def test_no_auth_no_ctx(self):
358 # send an useless bind
359 req = self.generate_bind(call_id=0)
361 rep = self.recv_pdu()
362 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
364 self.assertEquals(rep.u.reject_reason,
365 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
366 self.assertEquals(rep.u.num_versions, 1)
367 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
368 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
369 self.assertPadding(rep.u._pad, 3)
371 def test_invalid_auth_noctx(self):
372 req = self.generate_bind(call_id=0)
373 req.auth_length = dcerpc.DCERPC_AUTH_TRAILER_LENGTH
375 rep = self.recv_pdu()
376 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
378 self.assertEquals(rep.u.reject_reason,
379 dcerpc.DCERPC_BIND_NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED)
380 self.assertEquals(rep.u.num_versions, 1)
381 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
382 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
383 self.assertPadding(rep.u._pad, 3)
385 def test_no_auth_valid_valid_request(self):
386 ndr32 = base.transfer_syntax_ndr()
389 ctx1 = dcerpc.ctx_list()
391 ctx1.num_transfer_syntaxes = len(tsf1_list)
392 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
393 ctx1.transfer_syntaxes = tsf1_list
395 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
397 rep = self.recv_pdu()
398 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
400 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
401 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
402 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
403 self.assertEquals(rep.u.secondary_address_size, 4)
404 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
405 self.assertPadding(rep.u._pad1, 2)
406 self.assertEquals(rep.u.num_results, 1)
407 self.assertEquals(rep.u.ctx_list[0].result,
408 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
409 self.assertEquals(rep.u.ctx_list[0].reason,
410 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
411 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
412 self.assertEquals(rep.u.auth_info, b'\0' * 0)
416 ctx2 = dcerpc.ctx_list()
418 ctx2.num_transfer_syntaxes = len(tsf2_list)
419 ctx2.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
420 ctx2.transfer_syntaxes = tsf2_list
422 req = self.generate_bind(call_id=1, ctx_list=[ctx2])
424 rep = self.recv_pdu()
425 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
427 self.assertEquals(rep.u.reject_reason,
428 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
429 self.assertEquals(rep.u.num_versions, 1)
430 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
431 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
432 self.assertPadding(rep.u._pad, 3)
434 # wait for a disconnect
435 rep = self.recv_pdu()
436 self.assertIsNone(rep)
437 self.assertNotConnected()
439 def test_no_auth_invalid_valid_request(self):
440 # send an useless bind
441 req = self.generate_bind(call_id=0)
443 rep = self.recv_pdu()
444 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
446 self.assertEquals(rep.u.reject_reason,
447 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
448 self.assertEquals(rep.u.num_versions, 1)
449 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
450 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
451 self.assertPadding(rep.u._pad, 3)
453 # wait for a disconnect
454 rep = self.recv_pdu()
455 self.assertIsNone(rep)
456 self.assertNotConnected()
458 def test_alter_no_auth_no_ctx(self):
459 ndr32 = base.transfer_syntax_ndr()
462 ctx1 = dcerpc.ctx_list()
464 ctx1.num_transfer_syntaxes = len(tsf1_list)
465 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
466 ctx1.transfer_syntaxes = tsf1_list
468 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
470 rep = self.recv_pdu()
471 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
473 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
474 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
475 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
476 self.assertEquals(rep.u.secondary_address_size, 4)
477 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
478 self.assertPadding(rep.u._pad1, 2)
479 self.assertEquals(rep.u.num_results, 1)
480 self.assertEquals(rep.u.ctx_list[0].result,
481 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
482 self.assertEquals(rep.u.ctx_list[0].reason,
483 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
484 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
485 self.assertEquals(rep.u.auth_info, b'\0' * 0)
488 req = self.generate_alter(call_id=1, ctx_list=[])
490 rep = self.recv_pdu()
491 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
492 pfc_flags=req.pfc_flags |
493 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
495 self.assertNotEquals(rep.u.alloc_hint, 0)
496 self.assertEquals(rep.u.context_id, 0)
497 self.assertEquals(rep.u.cancel_count, 0)
498 self.assertEquals(rep.u.flags, 0)
499 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
500 self.assertEquals(rep.u.reserved, 0)
501 self.assertEquals(len(rep.u.error_and_verifier), 0)
503 # wait for a disconnect
504 rep = self.recv_pdu()
505 self.assertIsNone(rep)
506 self.assertNotConnected()
508 def test_no_auth_presentation_ctx_valid1(self):
509 ndr32 = base.transfer_syntax_ndr()
511 zero_syntax = misc.ndr_syntax_id()
513 tsf1_list = [zero_syntax, ndr32]
514 ctx1 = dcerpc.ctx_list()
516 ctx1.num_transfer_syntaxes = len(tsf1_list)
517 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
518 ctx1.transfer_syntaxes = tsf1_list
520 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
522 rep = self.recv_pdu()
523 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
525 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
526 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
527 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
528 self.assertEquals(rep.u.secondary_address_size, 4)
529 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
530 self.assertPadding(rep.u._pad1, 2)
531 self.assertEquals(rep.u.num_results, 1)
532 self.assertEquals(rep.u.ctx_list[0].result,
533 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
534 self.assertEquals(rep.u.ctx_list[0].reason,
535 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
536 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
537 self.assertEquals(rep.u.auth_info, b'\0' * 0)
540 req = self.generate_alter(call_id=1, ctx_list=[ctx1])
542 rep = self.recv_pdu()
543 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
545 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
546 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
547 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
548 self.assertEquals(rep.u.secondary_address_size, 0)
549 self.assertPadding(rep.u._pad1, 2)
550 self.assertEquals(rep.u.num_results, 1)
551 self.assertEquals(rep.u.ctx_list[0].result,
552 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
553 self.assertEquals(rep.u.ctx_list[0].reason,
554 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
555 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
556 self.assertEquals(rep.u.auth_info, b'\0' * 0)
558 req = self.generate_request(call_id=2,
559 context_id=ctx1.context_id,
563 rep = self.recv_pdu()
564 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
565 pfc_flags=req.pfc_flags |
566 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
568 self.assertNotEquals(rep.u.alloc_hint, 0)
569 self.assertEquals(rep.u.context_id, ctx1.context_id)
570 self.assertEquals(rep.u.cancel_count, 0)
571 self.assertEquals(rep.u.flags, 0)
572 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_OP_RNG_ERROR)
573 self.assertEquals(rep.u.reserved, 0)
574 self.assertEquals(len(rep.u.error_and_verifier), 0)
576 def test_no_auth_presentation_ctx_invalid1(self):
577 ndr32 = base.transfer_syntax_ndr()
579 zero_syntax = misc.ndr_syntax_id()
582 ctx1 = dcerpc.ctx_list()
584 ctx1.num_transfer_syntaxes = len(tsf1_list)
585 ctx1.abstract_syntax = ndr32
586 ctx1.transfer_syntaxes = tsf1_list
588 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
590 rep = self.recv_pdu()
591 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
593 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
594 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
595 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
596 self.assertEquals(rep.u.secondary_address_size, 4)
597 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
598 self.assertPadding(rep.u._pad1, 2)
599 self.assertEquals(rep.u.num_results, 1)
600 self.assertEquals(rep.u.ctx_list[0].result,
601 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
602 self.assertEquals(rep.u.ctx_list[0].reason,
603 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
604 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
605 self.assertEquals(rep.u.auth_info, b'\0' * 0)
608 req = self.generate_alter(call_id=1, ctx_list=[ctx1])
610 rep = self.recv_pdu()
611 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
613 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
614 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
615 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
616 self.assertEquals(rep.u.secondary_address_size, 0)
617 self.assertPadding(rep.u._pad1, 2)
618 self.assertEquals(rep.u.num_results, 1)
619 self.assertEquals(rep.u.ctx_list[0].result,
620 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
621 self.assertEquals(rep.u.ctx_list[0].reason,
622 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
623 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
624 self.assertEquals(rep.u.auth_info, b'\0' * 0)
626 req = self.generate_request(call_id=2,
631 rep = self.recv_pdu()
632 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
633 pfc_flags=req.pfc_flags |
634 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
636 self.assertNotEquals(rep.u.alloc_hint, 0)
637 self.assertEquals(rep.u.context_id, 0)
638 self.assertEquals(rep.u.cancel_count, 0)
639 self.assertEquals(rep.u.flags, 0)
640 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_UNKNOWN_IF)
641 self.assertEquals(rep.u.reserved, 0)
642 self.assertEquals(len(rep.u.error_and_verifier), 0)
644 # Send a alter again to prove the connection is still alive
645 req = self.generate_alter(call_id=3, ctx_list=[ctx1])
647 rep = self.recv_pdu()
648 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
650 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
651 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
652 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
653 self.assertEquals(rep.u.secondary_address_size, 0)
654 self.assertPadding(rep.u._pad1, 2)
655 self.assertEquals(rep.u.num_results, 1)
656 self.assertEquals(rep.u.ctx_list[0].result,
657 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
658 self.assertEquals(rep.u.ctx_list[0].reason,
659 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
660 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
661 self.assertEquals(rep.u.auth_info, b'\0' * 0)
663 def test_no_auth_presentation_ctx_invalid2(self):
664 ndr32 = base.transfer_syntax_ndr()
666 zero_syntax = misc.ndr_syntax_id()
669 ctx1a = dcerpc.ctx_list()
671 ctx1a.num_transfer_syntaxes = len(tsf1a_list)
672 ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
673 ctx1a.transfer_syntaxes = tsf1a_list
675 req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
677 rep = self.recv_pdu()
678 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
680 self.assertEquals(rep.u.reject_reason,
681 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
682 self.assertEquals(rep.u.num_versions, 1)
683 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
684 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
685 self.assertPadding(rep.u._pad, 3)
687 # wait for a disconnect
688 rep = self.recv_pdu()
689 self.assertIsNone(rep)
690 self.assertNotConnected()
692 def test_no_auth_presentation_ctx_invalid3(self):
693 ndr32 = base.transfer_syntax_ndr()
695 zero_syntax = misc.ndr_syntax_id()
697 tsf1a_list = [zero_syntax, ndr32, ndr32, ndr32]
698 ctx1a = dcerpc.ctx_list()
700 ctx1a.num_transfer_syntaxes = len(tsf1a_list)
701 ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
702 ctx1a.transfer_syntaxes = tsf1a_list
704 req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
706 rep = self.recv_pdu()
707 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
709 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
710 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
711 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
712 self.assertEquals(rep.u.secondary_address_size, 4)
713 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
714 self.assertPadding(rep.u._pad1, 2)
715 self.assertEquals(rep.u.num_results, 1)
716 self.assertEquals(rep.u.ctx_list[0].result,
717 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
718 self.assertEquals(rep.u.ctx_list[0].reason,
719 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
720 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
721 self.assertEquals(rep.u.auth_info, b'\0' * 0)
724 ctx1b = dcerpc.ctx_list()
726 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
727 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
728 ctx1b.transfer_syntaxes = tsf1b_list
731 req = self.generate_alter(call_id=1, ctx_list=[ctx1b])
733 rep = self.recv_pdu()
734 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
735 pfc_flags=req.pfc_flags |
736 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
738 self.assertNotEquals(rep.u.alloc_hint, 0)
739 self.assertEquals(rep.u.context_id, 0)
740 self.assertEquals(rep.u.cancel_count, 0)
741 self.assertEquals(rep.u.flags, 0)
742 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
743 self.assertEquals(rep.u.reserved, 0)
744 self.assertEquals(len(rep.u.error_and_verifier), 0)
746 # wait for a disconnect
747 rep = self.recv_pdu()
748 self.assertIsNone(rep)
749 self.assertNotConnected()
751 def test_no_auth_presentation_ctx_invalid4(self):
752 ndr32 = base.transfer_syntax_ndr()
753 ndr64 = base.transfer_syntax_ndr64()
755 zero_syntax = misc.ndr_syntax_id()
757 tsf1a_list = [zero_syntax, ndr32, ndr32, ndr32]
758 ctx1a = dcerpc.ctx_list()
760 ctx1a.num_transfer_syntaxes = len(tsf1a_list)
761 ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
762 ctx1a.transfer_syntaxes = tsf1a_list
764 req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
766 rep = self.recv_pdu()
767 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
769 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
770 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
771 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
772 self.assertEquals(rep.u.secondary_address_size, 4)
773 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
774 self.assertPadding(rep.u._pad1, 2)
775 self.assertEquals(rep.u.num_results, 1)
776 self.assertEquals(rep.u.ctx_list[0].result,
777 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
778 self.assertEquals(rep.u.ctx_list[0].reason,
779 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
780 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
781 self.assertEquals(rep.u.auth_info, b'\0' * 0)
783 # With a known but wrong syntax we get a protocol error
784 # see test_no_auth_presentation_ctx_valid2
785 tsf1b_list = [zero_syntax, samba.dcerpc.epmapper.abstract_syntax(), ndr64]
786 ctx1b = dcerpc.ctx_list()
788 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
789 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
790 ctx1b.transfer_syntaxes = tsf1b_list
793 req = self.generate_alter(call_id=1, ctx_list=[ctx1b])
795 rep = self.recv_pdu()
796 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
797 pfc_flags=req.pfc_flags |
798 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
800 self.assertNotEquals(rep.u.alloc_hint, 0)
801 self.assertEquals(rep.u.context_id, 0)
802 self.assertEquals(rep.u.cancel_count, 0)
803 self.assertEquals(rep.u.flags, 0)
804 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
805 self.assertEquals(rep.u.reserved, 0)
806 self.assertEquals(len(rep.u.error_and_verifier), 0)
808 # wait for a disconnect
809 rep = self.recv_pdu()
810 self.assertIsNone(rep)
811 self.assertNotConnected()
813 def test_no_auth_presentation_ctx_valid2(self):
814 ndr32 = base.transfer_syntax_ndr()
816 zero_syntax = misc.ndr_syntax_id()
818 tsf1a_list = [zero_syntax, ndr32, ndr32, ndr32]
819 ctx1a = dcerpc.ctx_list()
821 ctx1a.num_transfer_syntaxes = len(tsf1a_list)
822 ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
823 ctx1a.transfer_syntaxes = tsf1a_list
825 req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
827 rep = self.recv_pdu()
828 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
830 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
831 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
832 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
833 self.assertEquals(rep.u.secondary_address_size, 4)
834 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
835 self.assertPadding(rep.u._pad1, 2)
836 self.assertEquals(rep.u.num_results, 1)
837 self.assertEquals(rep.u.ctx_list[0].result,
838 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
839 self.assertEquals(rep.u.ctx_list[0].reason,
840 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
841 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
842 self.assertEquals(rep.u.auth_info, b'\0' * 0)
844 # With a unknown but wrong syntaxes we get NO protocol error
845 # see test_no_auth_presentation_ctx_invalid4
846 tsf1b_list = [zero_syntax, samba.dcerpc.epmapper.abstract_syntax()]
847 ctx1b = dcerpc.ctx_list()
849 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
850 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
851 ctx1b.transfer_syntaxes = tsf1b_list
854 req = self.generate_alter(call_id=1, ctx_list=[ctx1b])
856 rep = self.recv_pdu()
857 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
859 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
860 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
861 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
862 self.assertEquals(rep.u.secondary_address_size, 0)
863 self.assertPadding(rep.u._pad1, 2)
864 self.assertEquals(rep.u.num_results, 1)
865 self.assertEquals(rep.u.ctx_list[0].result,
866 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
867 self.assertEquals(rep.u.ctx_list[0].reason,
868 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
869 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
870 self.assertEquals(rep.u.auth_info, b'\0' * 0)
872 req = self.generate_request(call_id=2,
873 context_id=ctx1a.context_id,
877 rep = self.recv_pdu()
878 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
879 pfc_flags=req.pfc_flags |
880 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
882 self.assertNotEquals(rep.u.alloc_hint, 0)
883 self.assertEquals(rep.u.context_id, ctx1a.context_id)
884 self.assertEquals(rep.u.cancel_count, 0)
885 self.assertEquals(rep.u.flags, 0)
886 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_OP_RNG_ERROR)
887 self.assertEquals(rep.u.reserved, 0)
888 self.assertEquals(len(rep.u.error_and_verifier), 0)
890 def test_no_auth_presentation_ctx_no_ndr64(self):
891 ndr32 = base.transfer_syntax_ndr()
892 zero_syntax = misc.ndr_syntax_id()
894 tsfZ_list = [zero_syntax]
895 ctxZ = dcerpc.ctx_list()
896 ctxZ.context_id = 54321
897 ctxZ.num_transfer_syntaxes = len(tsfZ_list)
898 ctxZ.abstract_syntax = zero_syntax
899 ctxZ.transfer_syntaxes = tsfZ_list
901 req = self.generate_bind(call_id=0, ctx_list=[ctxZ])
903 rep = self.recv_pdu()
904 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
906 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
907 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
908 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
909 self.assertEquals(rep.u.secondary_address_size, 4)
910 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
911 self.assertPadding(rep.u._pad1, 2)
912 self.assertEquals(rep.u.num_results, 1)
913 self.assertEquals(rep.u.ctx_list[0].result,
914 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
915 self.assertEquals(rep.u.ctx_list[0].reason,
916 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
917 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
918 self.assertEquals(rep.u.auth_info, b'\0' * 0)
921 ctx0 = dcerpc.ctx_list()
923 ctx0.num_transfer_syntaxes = len(tsf0_list)
924 ctx0.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
925 ctx0.transfer_syntaxes = tsf0_list
927 req = self.generate_alter(call_id=0, ctx_list=[ctx0])
929 rep = self.recv_pdu()
930 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
932 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
933 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
934 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
935 self.assertEquals(rep.u.secondary_address_size, 0)
936 self.assertPadding(rep.u._pad1, 2)
937 self.assertEquals(rep.u.num_results, 1)
938 self.assertEquals(rep.u.ctx_list[0].result,
939 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
940 self.assertEquals(rep.u.ctx_list[0].reason,
941 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
942 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
943 self.assertEquals(rep.u.auth_info, b'\0' * 0)
945 req = self.generate_request(call_id=1,
946 context_id=ctx0.context_id,
950 rep = self.recv_pdu()
951 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
953 self.assertNotEquals(rep.u.alloc_hint, 0)
954 self.assertEquals(rep.u.context_id, req.u.context_id)
955 self.assertEquals(rep.u.cancel_count, 0)
956 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
958 tsf1_list = [zero_syntax, ndr32]
959 ctx1 = dcerpc.ctx_list()
961 ctx1.num_transfer_syntaxes = len(tsf1_list)
962 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
963 ctx1.transfer_syntaxes = tsf1_list
965 req = self.generate_alter(call_id=1, ctx_list=[ctx1])
967 rep = self.recv_pdu()
968 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
970 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
971 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
972 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
973 self.assertEquals(rep.u.secondary_address_size, 0)
974 self.assertPadding(rep.u._pad1, 2)
975 self.assertEquals(rep.u.num_results, 1)
976 self.assertEquals(rep.u.ctx_list[0].result,
977 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
978 self.assertEquals(rep.u.ctx_list[0].reason,
979 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
980 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
981 self.assertEquals(rep.u.auth_info, b'\0' * 0)
983 req = self.generate_request(call_id=1,
984 context_id=ctx1.context_id,
988 rep = self.recv_pdu()
989 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
991 self.assertNotEquals(rep.u.alloc_hint, 0)
992 self.assertEquals(rep.u.context_id, req.u.context_id)
993 self.assertEquals(rep.u.cancel_count, 0)
994 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
996 tsf2_list = [ndr32, ndr32]
997 ctx2 = dcerpc.ctx_list()
999 ctx2.num_transfer_syntaxes = len(tsf2_list)
1000 ctx2.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1001 ctx2.transfer_syntaxes = tsf2_list
1003 req = self.generate_alter(call_id=2, ctx_list=[ctx2])
1005 rep = self.recv_pdu()
1006 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1008 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1009 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1010 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1011 self.assertEquals(rep.u.secondary_address_size, 0)
1012 self.assertPadding(rep.u._pad1, 2)
1013 self.assertEquals(rep.u.num_results, 1)
1014 self.assertEquals(rep.u.ctx_list[0].result,
1015 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1016 self.assertEquals(rep.u.ctx_list[0].reason,
1017 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1018 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1019 self.assertEquals(rep.u.auth_info, b'\0' * 0)
1021 req = self.generate_request(call_id=1,
1022 context_id=ctx2.context_id,
1026 rep = self.recv_pdu()
1027 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1029 self.assertNotEquals(rep.u.alloc_hint, 0)
1030 self.assertEquals(rep.u.context_id, req.u.context_id)
1031 self.assertEquals(rep.u.cancel_count, 0)
1032 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1035 ctx3 = dcerpc.ctx_list()
1037 ctx3.num_transfer_syntaxes = len(tsf3_list)
1038 ctx3.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1039 ctx3.transfer_syntaxes = tsf3_list
1042 ctx4 = dcerpc.ctx_list()
1044 ctx4.num_transfer_syntaxes = len(tsf4_list)
1045 ctx4.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1046 ctx4.transfer_syntaxes = tsf4_list
1048 req = self.generate_alter(call_id=34, ctx_list=[ctx3, ctx4])
1050 rep = self.recv_pdu()
1051 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1053 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1054 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1055 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1056 self.assertEquals(rep.u.secondary_address_size, 0)
1057 self.assertPadding(rep.u._pad1, 2)
1058 self.assertEquals(rep.u.num_results, 2)
1059 self.assertEquals(rep.u.ctx_list[0].result,
1060 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1061 self.assertEquals(rep.u.ctx_list[0].reason,
1062 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1063 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1064 self.assertEquals(rep.u.ctx_list[1].result,
1065 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1066 self.assertEquals(rep.u.ctx_list[1].reason,
1067 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1068 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1069 self.assertEquals(rep.u.auth_info, b'\0' * 0)
1071 req = self.generate_request(call_id=1,
1072 context_id=ctx3.context_id,
1076 rep = self.recv_pdu()
1077 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1079 self.assertNotEquals(rep.u.alloc_hint, 0)
1080 self.assertEquals(rep.u.context_id, req.u.context_id)
1081 self.assertEquals(rep.u.cancel_count, 0)
1082 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1084 req = self.generate_alter(call_id=43, ctx_list=[ctx4, ctx3])
1086 rep = self.recv_pdu()
1087 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1089 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1090 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1091 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1092 self.assertEquals(rep.u.secondary_address_size, 0)
1093 self.assertPadding(rep.u._pad1, 2)
1094 self.assertEquals(rep.u.num_results, 2)
1095 self.assertEquals(rep.u.ctx_list[0].result,
1096 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1097 self.assertEquals(rep.u.ctx_list[0].reason,
1098 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1099 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1100 self.assertEquals(rep.u.ctx_list[1].result,
1101 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1102 self.assertEquals(rep.u.ctx_list[1].reason,
1103 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1104 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1105 self.assertEquals(rep.u.auth_info, b'\0' * 0)
1107 req = self.generate_request(call_id=1,
1108 context_id=ctx4.context_id,
1112 rep = self.recv_pdu()
1113 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1115 self.assertNotEquals(rep.u.alloc_hint, 0)
1116 self.assertEquals(rep.u.context_id, req.u.context_id)
1117 self.assertEquals(rep.u.cancel_count, 0)
1118 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1120 req = self.generate_request(call_id=1,
1121 context_id=ctx3.context_id,
1125 rep = self.recv_pdu()
1126 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1128 self.assertNotEquals(rep.u.alloc_hint, 0)
1129 self.assertEquals(rep.u.context_id, req.u.context_id)
1130 self.assertEquals(rep.u.cancel_count, 0)
1131 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1133 req = self.generate_alter(call_id=44, ctx_list=[ctx4, ctx4])
1135 rep = self.recv_pdu()
1136 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1138 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1139 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1140 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1141 self.assertEquals(rep.u.secondary_address_size, 0)
1142 self.assertPadding(rep.u._pad1, 2)
1143 self.assertEquals(rep.u.num_results, 2)
1144 self.assertEquals(rep.u.ctx_list[0].result,
1145 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1146 self.assertEquals(rep.u.ctx_list[0].reason,
1147 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1148 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1149 self.assertEquals(rep.u.ctx_list[1].result,
1150 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1151 self.assertEquals(rep.u.ctx_list[1].reason,
1152 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1153 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1154 self.assertEquals(rep.u.auth_info, b'\0' * 0)
1156 req = self.generate_request(call_id=1,
1157 context_id=ctx4.context_id,
1161 rep = self.recv_pdu()
1162 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1164 self.assertNotEquals(rep.u.alloc_hint, 0)
1165 self.assertEquals(rep.u.context_id, req.u.context_id)
1166 self.assertEquals(rep.u.cancel_count, 0)
1167 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1169 req = self.generate_request(call_id=1,
1170 context_id=ctx3.context_id,
1174 rep = self.recv_pdu()
1175 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1177 self.assertNotEquals(rep.u.alloc_hint, 0)
1178 self.assertEquals(rep.u.context_id, req.u.context_id)
1179 self.assertEquals(rep.u.cancel_count, 0)
1180 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1182 tsf5mgmt_list = [ndr32]
1183 ctx5mgmt = dcerpc.ctx_list()
1184 ctx5mgmt.context_id = 5
1185 ctx5mgmt.num_transfer_syntaxes = len(tsf5mgmt_list)
1186 ctx5mgmt.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1187 ctx5mgmt.transfer_syntaxes = tsf5mgmt_list
1189 tsf5epm_list = [ndr32]
1190 ctx5epm = dcerpc.ctx_list()
1191 ctx5epm.context_id = 5
1192 ctx5epm.num_transfer_syntaxes = len(tsf5epm_list)
1193 ctx5epm.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1194 ctx5epm.transfer_syntaxes = tsf5epm_list
1196 req = self.generate_alter(call_id=55, ctx_list=[ctx5mgmt, ctx5epm])
1198 rep = self.recv_pdu()
1199 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1201 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1202 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1203 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1204 self.assertEquals(rep.u.secondary_address_size, 0)
1205 self.assertPadding(rep.u._pad1, 2)
1206 self.assertEquals(rep.u.num_results, 2)
1207 self.assertEquals(rep.u.ctx_list[0].result,
1208 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1209 self.assertEquals(rep.u.ctx_list[0].reason,
1210 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1211 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1212 self.assertEquals(rep.u.ctx_list[1].result,
1213 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1214 self.assertEquals(rep.u.ctx_list[1].reason,
1215 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1216 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1217 self.assertEquals(rep.u.auth_info, b'\0' * 0)
1219 req = self.generate_request(call_id=1,
1220 context_id=ctx5mgmt.context_id,
1224 rep = self.recv_pdu()
1225 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1227 self.assertNotEquals(rep.u.alloc_hint, 0)
1228 self.assertEquals(rep.u.context_id, req.u.context_id)
1229 self.assertEquals(rep.u.cancel_count, 0)
1230 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1232 req = self.generate_alter(call_id=55, ctx_list=[ctx5mgmt, ctx5epm])
1234 rep = self.recv_pdu()
1235 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1237 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1238 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1239 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1240 self.assertEquals(rep.u.secondary_address_size, 0)
1241 self.assertPadding(rep.u._pad1, 2)
1242 self.assertEquals(rep.u.num_results, 2)
1243 self.assertEquals(rep.u.ctx_list[0].result,
1244 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1245 self.assertEquals(rep.u.ctx_list[0].reason,
1246 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1247 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1248 self.assertEquals(rep.u.ctx_list[1].result,
1249 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1250 self.assertEquals(rep.u.ctx_list[1].reason,
1251 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1252 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1253 self.assertEquals(rep.u.auth_info, b'\0' * 0)
1255 req = self.generate_request(call_id=1,
1256 context_id=ctx5mgmt.context_id,
1260 rep = self.recv_pdu()
1261 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1263 self.assertNotEquals(rep.u.alloc_hint, 0)
1264 self.assertEquals(rep.u.context_id, req.u.context_id)
1265 self.assertEquals(rep.u.cancel_count, 0)
1266 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1268 def test_no_auth_bind_time_none_simple(self):
1270 btf = base.bind_time_features_syntax(features)
1272 zero_syntax = misc.ndr_syntax_id()
1275 ctx1 = dcerpc.ctx_list()
1277 ctx1.num_transfer_syntaxes = len(tsf1_list)
1278 ctx1.abstract_syntax = zero_syntax
1279 ctx1.transfer_syntaxes = tsf1_list
1281 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1283 rep = self.recv_pdu()
1284 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1286 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1287 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1288 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1289 self.assertEquals(rep.u.secondary_address_size, 4)
1290 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1291 self.assertPadding(rep.u._pad1, 2)
1292 self.assertEquals(rep.u.num_results, 1)
1293 self.assertEquals(rep.u.ctx_list[0].result,
1294 dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1295 self.assertEquals(rep.u.ctx_list[0].reason, features)
1296 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1297 self.assertEquals(rep.u.auth_info, b'\0' * 0)
1299 def test_no_auth_bind_time_none_ignore_additional(self):
1301 btf1 = base.bind_time_features_syntax(features1)
1303 features2 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1304 features2 |= dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1305 btf2 = base.bind_time_features_syntax(features2)
1307 zero_syntax = misc.ndr_syntax_id()
1308 ndr64 = base.transfer_syntax_ndr64()
1310 tsf1_list = [btf1, btf2, zero_syntax]
1311 ctx1 = dcerpc.ctx_list()
1313 ctx1.num_transfer_syntaxes = len(tsf1_list)
1314 ctx1.abstract_syntax = ndr64
1315 ctx1.transfer_syntaxes = tsf1_list
1317 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1319 rep = self.recv_pdu()
1320 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1322 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1323 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1324 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1325 self.assertEquals(rep.u.secondary_address_size, 4)
1326 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1327 self.assertPadding(rep.u._pad1, 2)
1328 self.assertEquals(rep.u.num_results, 1)
1329 self.assertEquals(rep.u.ctx_list[0].result,
1330 dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1331 self.assertEquals(rep.u.ctx_list[0].reason, features1)
1332 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1333 self.assertEquals(rep.u.auth_info, b'\0' * 0)
1335 def test_no_auth_bind_time_only_first(self):
1336 features1 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1337 btf1 = base.bind_time_features_syntax(features1)
1339 features2 = dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1340 btf2 = base.bind_time_features_syntax(features2)
1342 zero_syntax = misc.ndr_syntax_id()
1344 tsf1_list = [zero_syntax, btf1, btf2, zero_syntax]
1345 ctx1 = dcerpc.ctx_list()
1347 ctx1.num_transfer_syntaxes = len(tsf1_list)
1348 ctx1.abstract_syntax = zero_syntax
1349 ctx1.transfer_syntaxes = tsf1_list
1351 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1353 rep = self.recv_pdu()
1354 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1356 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1357 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1358 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1359 self.assertEquals(rep.u.secondary_address_size, 4)
1360 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1361 self.assertPadding(rep.u._pad1, 2)
1362 self.assertEquals(rep.u.num_results, 1)
1363 self.assertEquals(rep.u.ctx_list[0].result,
1364 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1365 self.assertEquals(rep.u.ctx_list[0].reason,
1366 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
1367 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1368 self.assertEquals(rep.u.auth_info, b'\0' * 0)
1370 def test_no_auth_bind_time_twice(self):
1371 features1 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1372 btf1 = base.bind_time_features_syntax(features1)
1374 features2 = dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1375 btf2 = base.bind_time_features_syntax(features2)
1377 zero_syntax = misc.ndr_syntax_id()
1380 ctx1 = dcerpc.ctx_list()
1382 ctx1.num_transfer_syntaxes = len(tsf1_list)
1383 ctx1.abstract_syntax = zero_syntax
1384 ctx1.transfer_syntaxes = tsf1_list
1387 ctx2 = dcerpc.ctx_list()
1389 ctx2.num_transfer_syntaxes = len(tsf2_list)
1390 ctx2.abstract_syntax = zero_syntax
1391 ctx2.transfer_syntaxes = tsf2_list
1393 req = self.generate_bind(call_id=0, ctx_list=[ctx1, ctx2])
1395 rep = self.recv_pdu()
1396 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
1398 self.assertEquals(rep.u.reject_reason,
1399 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1400 self.assertEquals(rep.u.num_versions, 1)
1401 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
1402 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
1403 self.assertPadding(rep.u._pad, 3)
1405 # wait for a disconnect
1406 rep = self.recv_pdu()
1407 self.assertIsNone(rep)
1408 self.assertNotConnected()
1410 def test_no_auth_bind_time_keep_on_orphan_simple(self):
1411 features = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1412 btf = base.bind_time_features_syntax(features)
1414 zero_syntax = misc.ndr_syntax_id()
1417 ctx1 = dcerpc.ctx_list()
1419 ctx1.num_transfer_syntaxes = len(tsf1_list)
1420 ctx1.abstract_syntax = zero_syntax
1421 ctx1.transfer_syntaxes = tsf1_list
1423 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1425 rep = self.recv_pdu()
1426 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1428 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1429 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1430 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1431 self.assertEquals(rep.u.secondary_address_size, 4)
1432 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1433 self.assertPadding(rep.u._pad1, 2)
1434 self.assertEquals(rep.u.num_results, 1)
1435 self.assertEquals(rep.u.ctx_list[0].result,
1436 dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1437 self.assertEquals(rep.u.ctx_list[0].reason, features)
1438 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1439 self.assertEquals(rep.u.auth_info, b'\0' * 0)
1441 def test_no_auth_bind_time_keep_on_orphan_ignore_additional(self):
1442 features1 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1443 btf1 = base.bind_time_features_syntax(features1)
1445 features2 = dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1446 btf2 = base.bind_time_features_syntax(features2)
1448 zero_syntax = misc.ndr_syntax_id()
1449 ndr64 = base.transfer_syntax_ndr64()
1451 tsf1_list = [btf1, btf2, zero_syntax]
1452 ctx1 = dcerpc.ctx_list()
1454 ctx1.num_transfer_syntaxes = len(tsf1_list)
1455 ctx1.abstract_syntax = ndr64
1456 ctx1.transfer_syntaxes = tsf1_list
1458 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1460 rep = self.recv_pdu()
1461 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1463 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1464 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1465 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1466 self.assertEquals(rep.u.secondary_address_size, 4)
1467 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1468 self.assertPadding(rep.u._pad1, 2)
1469 self.assertEquals(rep.u.num_results, 1)
1470 self.assertEquals(rep.u.ctx_list[0].result,
1471 dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1472 self.assertEquals(rep.u.ctx_list[0].reason, features1)
1473 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1474 self.assertEquals(rep.u.auth_info, b'\0' * 0)
1476 def _test_auth_type_level_bind_nak(self, auth_type, auth_level, creds=None,
1477 reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_AUTH_TYPE):
1478 ndr32 = base.transfer_syntax_ndr()
1481 ctx1 = dcerpc.ctx_list()
1483 ctx1.num_transfer_syntaxes = len(tsf1_list)
1484 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1485 ctx1.transfer_syntaxes = tsf1_list
1490 if creds is not None:
1491 # We always start with DCERPC_AUTH_LEVEL_INTEGRITY
1492 auth_context = self.get_auth_context_creds(creds,
1493 auth_type=auth_type,
1494 auth_level=auth_level,
1495 auth_context_id=auth_context_id,
1496 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
1498 (finished, to_server) = auth_context["gensec"].update(from_server)
1499 self.assertFalse(finished)
1501 auth_info = self.generate_auth(auth_type=auth_context["auth_type"],
1502 auth_level=auth_context["auth_level"],
1503 auth_context_id=auth_context["auth_context_id"],
1504 auth_blob=to_server)
1507 auth_info = self.generate_auth(auth_type=auth_type,
1508 auth_level=auth_level,
1509 auth_context_id=auth_context_id,
1510 auth_blob=to_server)
1512 req = self.generate_bind(call_id=0,
1514 auth_info=auth_info)
1516 rep = self.recv_pdu()
1517 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
1519 self.assertEquals(rep.u.reject_reason, reason)
1520 self.assertEquals(rep.u.num_versions, 1)
1521 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
1522 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
1523 self.assertPadding(rep.u._pad, 3)
1525 # wait for a disconnect
1526 rep = self.recv_pdu()
1527 self.assertIsNone(rep)
1528 self.assertNotConnected()
1530 def _test_auth_none_level_bind(self, auth_level,
1531 reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_AUTH_TYPE):
1532 return self._test_auth_type_level_bind_nak(auth_type=dcerpc.DCERPC_AUTH_LEVEL_NONE,
1533 auth_level=auth_level, reason=reason)
1535 def test_auth_none_none_bind(self):
1536 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_NONE,
1537 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1539 def test_auth_none_connect_bind(self):
1540 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_CONNECT)
1542 def test_auth_none_call_bind(self):
1543 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_CALL)
1545 def test_auth_none_packet_bind(self):
1546 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_PACKET)
1548 def test_auth_none_integrity_bind(self):
1549 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
1551 def test_auth_none_privacy_bind(self):
1552 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_PRIVACY)
1554 def test_auth_none_0_bind(self):
1555 return self._test_auth_none_level_bind(0,
1556 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1558 def test_auth_none_7_bind(self):
1559 return self._test_auth_none_level_bind(7,
1560 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1562 def test_auth_none_255_bind(self):
1563 return self._test_auth_none_level_bind(255,
1564 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1566 def _test_auth_none_level_request(self, auth_level):
1567 ndr32 = base.transfer_syntax_ndr()
1570 ctx1 = dcerpc.ctx_list()
1572 ctx1.num_transfer_syntaxes = len(tsf1_list)
1573 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1574 ctx1.transfer_syntaxes = tsf1_list
1577 auth_type = dcerpc.DCERPC_AUTH_TYPE_NONE
1580 req = self.generate_bind(call_id=0,
1584 rep = self.recv_pdu()
1585 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
1586 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1587 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1588 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1589 self.assertEquals(rep.u.secondary_address_size, 4)
1590 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1591 self.assertPadding(rep.u._pad1, 2)
1592 self.assertEquals(rep.u.num_results, 1)
1593 self.assertEquals(rep.u.ctx_list[0].result,
1594 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1595 self.assertEquals(rep.u.ctx_list[0].reason,
1596 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1597 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1598 self.assertEquals(len(rep.u.auth_info), 0)
1600 # And now try a request without auth_info
1601 req = self.generate_request(call_id=2,
1602 context_id=ctx1.context_id,
1606 rep = self.recv_pdu()
1607 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1609 self.assertNotEquals(rep.u.alloc_hint, 0)
1610 self.assertEquals(rep.u.context_id, req.u.context_id)
1611 self.assertEquals(rep.u.cancel_count, 0)
1612 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1614 auth_info = self.generate_auth(auth_type=auth_type,
1615 auth_level=auth_level,
1616 auth_context_id=auth_context_id,
1619 req = self.generate_request(call_id=3,
1620 context_id=ctx1.context_id,
1623 auth_info=auth_info)
1625 rep = self.recv_pdu()
1626 # We get a fault back
1627 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
1629 self.assertNotEquals(rep.u.alloc_hint, 0)
1630 self.assertEquals(rep.u.context_id, req.u.context_id)
1631 self.assertEquals(rep.u.cancel_count, 0)
1632 self.assertEquals(rep.u.flags, 0)
1633 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
1634 self.assertEquals(rep.u.reserved, 0)
1635 self.assertEquals(len(rep.u.error_and_verifier), 0)
1637 # wait for a disconnect
1638 rep = self.recv_pdu()
1639 self.assertIsNone(rep)
1640 self.assertNotConnected()
1642 def test_auth_none_none_request(self):
1643 return self._test_auth_none_level_request(dcerpc.DCERPC_AUTH_LEVEL_NONE)
1645 def test_auth_none_connect_request(self):
1646 return self._test_auth_none_level_request(dcerpc.DCERPC_AUTH_LEVEL_CONNECT)
1648 def test_auth_none_call_request(self):
1649 return self._test_auth_none_level_request(dcerpc.DCERPC_AUTH_LEVEL_CALL)
1651 def _test_neg_xmit_check_values(self,
1657 ndr32 = base.transfer_syntax_ndr()
1660 ctx1 = dcerpc.ctx_list()
1662 ctx1.num_transfer_syntaxes = len(tsf1_list)
1663 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1664 ctx1.transfer_syntaxes = tsf1_list
1666 req = self.generate_bind(call_id=0,
1667 max_xmit_frag=req_xmit,
1668 max_recv_frag=req_recv,
1671 rep = self.recv_pdu()
1672 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1674 self.assertEquals(rep.u.max_xmit_frag, rep_both)
1675 self.assertEquals(rep.u.max_recv_frag, rep_both)
1676 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1677 self.assertEquals(rep.u.secondary_address_size, 4)
1678 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1679 self.assertPadding(rep.u._pad1, 2)
1680 self.assertEquals(rep.u.num_results, 1)
1681 self.assertEquals(rep.u.ctx_list[0].result,
1682 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1683 self.assertEquals(rep.u.ctx_list[0].reason,
1684 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1685 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1686 self.assertEquals(rep.u.auth_info, b'\0' * 0)
1688 assoc_group_id = rep.u.assoc_group_id
1689 if alter_xmit is None:
1690 alter_xmit = rep_both - 8
1691 if alter_recv is None:
1692 alter_recv = rep_both - 8
1694 # max_{xmit,recv}_frag and assoc_group_id are completely
1695 # ignored in alter_context requests
1696 req = self.generate_alter(call_id=1,
1697 max_xmit_frag=alter_xmit,
1698 max_recv_frag=alter_recv,
1699 assoc_group_id=0xffffffff - rep.u.assoc_group_id,
1702 rep = self.recv_pdu()
1703 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1705 self.assertEquals(rep.u.max_xmit_frag, rep_both)
1706 self.assertEquals(rep.u.max_recv_frag, rep_both)
1707 self.assertEquals(rep.u.assoc_group_id, rep.u.assoc_group_id)
1708 self.assertEquals(rep.u.secondary_address_size, 0)
1709 self.assertPadding(rep.u._pad1, 2)
1710 self.assertEquals(rep.u.num_results, 1)
1711 self.assertEquals(rep.u.ctx_list[0].result,
1712 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1713 self.assertEquals(rep.u.ctx_list[0].reason,
1714 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1715 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1716 self.assertEquals(rep.u.auth_info, b'\0' * 0)
1718 chunk_size = rep_both - dcerpc.DCERPC_REQUEST_LENGTH
1719 req = self.generate_request(call_id=2,
1720 context_id=ctx1.context_id,
1722 alloc_hint=0xffffffff,
1723 stub=b"\00" * chunk_size)
1724 self.send_pdu(req, ndr_print=True, hexdump=True)
1725 rep = self.recv_pdu(ndr_print=True, hexdump=True)
1726 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1728 self.assertNotEquals(rep.u.alloc_hint, 0)
1729 self.assertEquals(rep.u.context_id, req.u.context_id)
1730 self.assertEquals(rep.u.cancel_count, 0)
1731 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1733 chunk_size = 5840 - dcerpc.DCERPC_REQUEST_LENGTH
1734 req = self.generate_request(call_id=2,
1735 context_id=ctx1.context_id,
1737 alloc_hint=0xffffffff,
1738 stub=b"\00" * chunk_size)
1740 rep = self.recv_pdu()
1741 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1743 self.assertNotEquals(rep.u.alloc_hint, 0)
1744 self.assertEquals(rep.u.context_id, req.u.context_id)
1745 self.assertEquals(rep.u.cancel_count, 0)
1746 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1749 req = self.generate_request(call_id=3,
1750 context_id=ctx1.context_id,
1752 alloc_hint=0xffffffff,
1753 stub=b"\00" * chunk_size)
1755 rep = self.recv_pdu()
1757 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
1759 self.assertNotEquals(rep.u.alloc_hint, 0)
1760 self.assertEquals(rep.u.context_id, 0)
1761 self.assertEquals(rep.u.cancel_count, 0)
1762 self.assertEquals(rep.u.flags, 0)
1763 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
1764 self.assertEquals(rep.u.reserved, 0)
1765 self.assertEquals(len(rep.u.error_and_verifier), 0)
1767 # wait for a disconnect
1768 rep = self.recv_pdu()
1769 self.assertIsNone(rep)
1770 self.assertNotConnected()
1772 def test_neg_xmit_ffff_ffff(self):
1773 return self._test_neg_xmit_check_values(req_xmit=0xffff,
1777 def test_neg_xmit_0_ffff(self):
1778 return self._test_neg_xmit_check_values(req_xmit=0,
1784 def test_neg_xmit_ffff_0(self):
1785 return self._test_neg_xmit_check_values(req_xmit=0xffff,
1789 def test_neg_xmit_0_0(self):
1790 return self._test_neg_xmit_check_values(req_xmit=0,
1796 def test_neg_xmit_3199_0(self):
1797 return self._test_neg_xmit_check_values(req_xmit=3199,
1801 def test_neg_xmit_0_3199(self):
1802 return self._test_neg_xmit_check_values(req_xmit=0,
1806 def test_neg_xmit_3199_ffff(self):
1807 return self._test_neg_xmit_check_values(req_xmit=3199,
1811 def test_neg_xmit_ffff_3199(self):
1812 return self._test_neg_xmit_check_values(req_xmit=0xffff,
1816 def test_alloc_hint(self):
1817 ndr32 = base.transfer_syntax_ndr()
1820 ctx = dcerpc.ctx_list()
1822 ctx.num_transfer_syntaxes = len(tsf1_list)
1823 ctx.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1824 ctx.transfer_syntaxes = tsf1_list
1826 req = self.generate_bind(call_id=0,
1829 rep = self.recv_pdu()
1830 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1832 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1833 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1834 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1835 self.assertEquals(rep.u.secondary_address_size, 4)
1836 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1837 self.assertPadding(rep.u._pad1, 2)
1838 self.assertEquals(rep.u.num_results, 1)
1839 self.assertEquals(rep.u.ctx_list[0].result,
1840 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1841 self.assertEquals(rep.u.ctx_list[0].reason,
1842 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1843 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1844 self.assertEquals(rep.u.auth_info, b'\0' * 0)
1846 # And now try a request without auth_info
1847 req = self.generate_request(call_id=2,
1848 context_id=ctx.context_id,
1850 alloc_hint=0xffffffff,
1853 rep = self.recv_pdu()
1854 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1856 self.assertNotEquals(rep.u.alloc_hint, 0)
1857 self.assertEquals(rep.u.context_id, req.u.context_id)
1858 self.assertEquals(rep.u.cancel_count, 0)
1859 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1861 req = self.generate_request(call_id=3,
1862 context_id=ctx.context_id,
1864 alloc_hint=0xffffffff,
1865 stub=b"\04\00\00\00\00\00\00\00")
1867 rep = self.recv_pdu()
1868 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1870 self.assertNotEquals(rep.u.alloc_hint, 0)
1871 self.assertEquals(rep.u.context_id, req.u.context_id)
1872 self.assertEquals(rep.u.cancel_count, 0)
1873 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1875 req = self.generate_request(call_id=4,
1876 context_id=ctx.context_id,
1879 stub=b"\04\00\00\00\00\00\00\00")
1881 rep = self.recv_pdu()
1882 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1884 self.assertNotEquals(rep.u.alloc_hint, 0)
1885 self.assertEquals(rep.u.context_id, req.u.context_id)
1886 self.assertEquals(rep.u.cancel_count, 0)
1887 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1889 def _get_netlogon_ctx(self):
1890 abstract = samba.dcerpc.netlogon.abstract_syntax()
1891 ndr32 = base.transfer_syntax_ndr()
1893 (ctx, ack) = self.prepare_presentation(abstract, ndr32, context_id=0,
1894 epmap=True, return_ack=True)
1896 server = '\\\\' + self.target_hostname
1897 if isinstance(server, binary_type):
1898 server_utf16 = server.decode('utf-8').encode('utf-16-le')
1900 server_utf16 = server.encode('utf-16-le')
1901 computer = 'UNKNOWNCOMPUTER'
1902 if isinstance(server, binary_type):
1903 computer_utf16 = computer.decode('utf-8').encode('utf-16-le')
1905 computer_utf16 = computer.encode('utf-16-le')
1907 real_stub = struct.pack('<IIII', 0x00200000,
1908 len(server) + 1, 0, len(server) + 1)
1909 real_stub += server_utf16 + b'\x00\x00'
1910 mod_len = len(real_stub) % 4
1912 real_stub += b'\x00' * (4 - mod_len)
1913 real_stub += struct.pack('<III',
1914 len(computer) + 1, 0, len(computer) + 1)
1915 real_stub += computer_utf16 + b'\x00\x00'
1916 real_stub += b'\x11\x22\x33\x44\x55\x66\x77\x88'
1918 return (ctx, ack, real_stub)
1920 def _test_fragmented_requests(self, remaining=None, alloc_hint=None,
1921 fault_first=None, fault_last=None):
1922 (ctx, rep, real_stub) = self._get_netlogon_ctx()
1924 chunk = rep.u.max_recv_frag - dcerpc.DCERPC_REQUEST_LENGTH
1928 while remaining > 0:
1929 thistime = min(remaining, chunk)
1930 remaining -= thistime
1935 pfc_flags |= dcerpc.DCERPC_PFC_FLAG_FIRST
1937 stub = real_stub + b'\x00' * (thistime - len(real_stub))
1939 stub = b"\x00" * thistime
1942 pfc_flags |= dcerpc.DCERPC_PFC_FLAG_LAST
1944 # And now try a request without auth_info
1945 # netr_ServerReqChallenge()
1946 req = self.generate_request(call_id=0x21234,
1947 pfc_flags=pfc_flags,
1948 context_id=ctx.context_id,
1950 alloc_hint=alloc_hint,
1952 if alloc_hint >= thistime:
1953 alloc_hint -= thistime
1956 self.send_pdu(req, hexdump=False)
1957 if fault_first is not None:
1958 rep = self.recv_pdu()
1959 # We get a fault back
1960 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
1962 self.assertNotEquals(rep.u.alloc_hint, 0)
1963 self.assertEquals(rep.u.context_id, req.u.context_id)
1964 self.assertEquals(rep.u.cancel_count, 0)
1965 self.assertEquals(rep.u.flags, 0)
1966 self.assertEquals(rep.u.status, fault_first)
1967 self.assertEquals(rep.u.reserved, 0)
1968 self.assertEquals(len(rep.u.error_and_verifier), 0)
1970 # wait for a disconnect
1971 rep = self.recv_pdu()
1972 self.assertIsNone(rep)
1973 self.assertNotConnected()
1977 if total >= 0x400000 and fault_last is not None:
1978 rep = self.recv_pdu()
1979 # We get a fault back
1980 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
1982 self.assertNotEquals(rep.u.alloc_hint, 0)
1983 self.assertEquals(rep.u.context_id, req.u.context_id)
1984 self.assertEquals(rep.u.cancel_count, 0)
1985 self.assertEquals(rep.u.flags, 0)
1986 self.assertEquals(rep.u.status, fault_last)
1987 self.assertEquals(rep.u.reserved, 0)
1988 self.assertEquals(len(rep.u.error_and_verifier), 0)
1990 # wait for a disconnect
1991 rep = self.recv_pdu()
1992 self.assertIsNone(rep)
1993 self.assertNotConnected()
1995 rep = self.recv_pdu(timeout=0.01)
1996 self.assertIsNone(rep)
1997 self.assertIsConnected()
1999 if total >= 0x400000 and fault_last is not None:
2000 rep = self.recv_pdu()
2001 # We get a fault back
2002 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2004 self.assertNotEquals(rep.u.alloc_hint, 0)
2005 self.assertEquals(rep.u.context_id, req.u.context_id)
2006 self.assertEquals(rep.u.cancel_count, 0)
2007 self.assertEquals(rep.u.flags, 0)
2008 self.assertEquals(rep.u.status, fault_last)
2009 self.assertEquals(rep.u.reserved, 0)
2010 self.assertEquals(len(rep.u.error_and_verifier), 0)
2012 # wait for a disconnect
2013 rep = self.recv_pdu()
2014 self.assertIsNone(rep)
2015 self.assertNotConnected()
2017 rep = self.recv_pdu()
2018 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2020 self.assertNotEquals(rep.u.alloc_hint, 0)
2021 self.assertEquals(rep.u.context_id, req.u.context_id)
2022 self.assertEquals(rep.u.cancel_count, 0)
2023 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2025 self.assertEquals(len(rep.u.stub_and_verifier), 12)
2026 status = struct.unpack_from("<I", rep.u.stub_and_verifier, len(rep.u.stub_and_verifier) - 4)
2027 self.assertEquals(status[0], 0)
2029 def test_fragmented_requests01(self):
2030 return self._test_fragmented_requests(remaining=0x400000,
2031 alloc_hint=0x400000)
2033 def test_fragmented_requests02(self):
2034 return self._test_fragmented_requests(remaining=0x400000,
2035 alloc_hint=0x100000)
2037 def test_fragmented_requests03(self):
2038 return self._test_fragmented_requests(remaining=0x400000,
2041 def test_fragmented_requests04(self):
2042 return self._test_fragmented_requests(remaining=0x400000,
2043 alloc_hint=0x400001,
2044 fault_first=dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2046 def test_fragmented_requests05(self):
2047 return self._test_fragmented_requests(remaining=0x500001,
2049 fault_last=dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2051 def _test_same_requests(self, pfc_flags, fault_1st=False, fault_2nd=False):
2052 (ctx, rep, real_stub) = self._get_netlogon_ctx()
2054 # netr_ServerReqChallenge with given flags
2055 req = self.generate_request(call_id=2,
2056 pfc_flags=pfc_flags,
2057 context_id=ctx.context_id,
2062 rep = self.recv_pdu()
2063 # We get a fault back
2064 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2066 self.assertNotEquals(rep.u.alloc_hint, 0)
2067 self.assertEquals(rep.u.context_id, 0)
2068 self.assertEquals(rep.u.cancel_count, 0)
2069 self.assertEquals(rep.u.flags, 0)
2070 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2071 self.assertEquals(rep.u.reserved, 0)
2072 self.assertEquals(len(rep.u.error_and_verifier), 0)
2074 # wait for a disconnect
2075 rep = self.recv_pdu()
2076 self.assertIsNone(rep)
2077 self.assertNotConnected()
2079 rep = self.recv_pdu(timeout=0.1)
2080 self.assertIsNone(rep)
2081 self.assertIsConnected()
2083 # netr_ServerReqChallenge without DCERPC_PFC_FLAG_LAST
2084 # with the same call_id
2085 req = self.generate_request(call_id=2,
2086 pfc_flags=pfc_flags,
2087 context_id=ctx.context_id,
2092 rep = self.recv_pdu()
2093 # We get a fault back
2094 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2096 self.assertNotEquals(rep.u.alloc_hint, 0)
2097 self.assertEquals(rep.u.context_id, req.u.context_id)
2098 self.assertEquals(rep.u.cancel_count, 0)
2099 self.assertEquals(rep.u.flags, 0)
2100 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2101 self.assertEquals(rep.u.reserved, 0)
2102 self.assertEquals(len(rep.u.error_and_verifier), 0)
2104 # wait for a disconnect
2105 rep = self.recv_pdu()
2106 self.assertIsNone(rep)
2107 self.assertNotConnected()
2110 rep = self.recv_pdu(timeout=0.1)
2111 self.assertIsNone(rep)
2112 self.assertIsConnected()
2114 def test_first_only_requests(self):
2115 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2118 def test_none_only_requests(self):
2119 return self._test_same_requests(pfc_flags=0, fault_1st=True)
2121 def test_last_only_requests(self):
2122 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2125 def test_first_maybe_requests(self):
2126 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2127 dcerpc.DCERPC_PFC_FLAG_MAYBE,
2130 def test_first_didnot_requests(self):
2131 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2132 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
2135 def test_first_cmpx_requests(self):
2136 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2137 dcerpc.DCERPC_PFC_FLAG_CONC_MPX,
2140 def test_first_08_requests(self):
2141 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2145 def test_first_cancel_requests(self):
2146 (ctx, rep, real_stub) = self._get_netlogon_ctx()
2148 # netr_ServerReqChallenge with given flags
2149 req = self.generate_request(call_id=2,
2150 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2151 dcerpc.DCERPC_PFC_FLAG_PENDING_CANCEL,
2152 context_id=ctx.context_id,
2156 rep = self.recv_pdu()
2157 # We get a fault back
2158 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2159 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2160 dcerpc.DCERPC_PFC_FLAG_LAST |
2161 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
2163 self.assertNotEquals(rep.u.alloc_hint, 0)
2164 self.assertEquals(rep.u.context_id, 0)
2165 self.assertEquals(rep.u.cancel_count, 0)
2166 self.assertEquals(rep.u.flags, 0)
2167 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_NO_CALL_ACTIVE)
2168 self.assertEquals(rep.u.reserved, 0)
2169 self.assertEquals(len(rep.u.error_and_verifier), 0)
2171 # wait for a disconnect
2172 rep = self.recv_pdu()
2173 self.assertIsNone(rep)
2174 self.assertNotConnected()
2176 def test_2nd_cancel_requests(self):
2177 (ctx, rep, real_stub) = self._get_netlogon_ctx()
2179 # netr_ServerReqChallenge with given flags
2180 req = self.generate_request(call_id=2,
2181 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2182 context_id=ctx.context_id,
2186 rep = self.recv_pdu(timeout=0.1)
2187 self.assertIsNone(rep)
2188 self.assertIsConnected()
2190 # netr_ServerReqChallenge with given flags
2191 req = self.generate_request(call_id=2,
2192 pfc_flags=dcerpc.DCERPC_PFC_FLAG_PENDING_CANCEL,
2193 context_id=ctx.context_id,
2197 rep = self.recv_pdu(timeout=0.1)
2198 self.assertIsNone(rep)
2199 self.assertIsConnected()
2201 # netr_ServerReqChallenge with given flags
2202 req = self.generate_request(call_id=2,
2203 pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2204 context_id=ctx.context_id,
2208 rep = self.recv_pdu()
2209 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2211 self.assertNotEquals(rep.u.alloc_hint, 0)
2212 self.assertEquals(rep.u.context_id, req.u.context_id)
2213 self.assertEquals(rep.u.cancel_count, 0)
2214 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2216 self.assertEquals(len(rep.u.stub_and_verifier), 12)
2217 status = struct.unpack_from("<I", rep.u.stub_and_verifier, len(rep.u.stub_and_verifier) - 4)
2218 self.assertEquals(status[0], 0)
2220 def test_last_cancel_requests(self):
2221 (ctx, rep, real_stub) = self._get_netlogon_ctx()
2223 # netr_ServerReqChallenge with given flags
2224 req = self.generate_request(call_id=2,
2225 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2226 context_id=ctx.context_id,
2230 rep = self.recv_pdu(timeout=0.1)
2231 self.assertIsNone(rep)
2232 self.assertIsConnected()
2234 # netr_ServerReqChallenge with given flags
2235 req = self.generate_request(call_id=2,
2236 pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST |
2237 dcerpc.DCERPC_PFC_FLAG_PENDING_CANCEL,
2238 context_id=ctx.context_id,
2242 rep = self.recv_pdu()
2243 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2245 self.assertNotEquals(rep.u.alloc_hint, 0)
2246 self.assertEquals(rep.u.context_id, req.u.context_id)
2247 self.assertEquals(rep.u.cancel_count, 0)
2248 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2250 self.assertEquals(len(rep.u.stub_and_verifier), 12)
2251 status = struct.unpack_from("<I", rep.u.stub_and_verifier, len(rep.u.stub_and_verifier) - 4)
2252 self.assertEquals(status[0], 0)
2254 def test_mix_requests(self):
2255 (ctx, rep, real_stub) = self._get_netlogon_ctx()
2257 # netr_ServerReqChallenge with given flags
2258 req = self.generate_request(call_id=50,
2259 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2260 context_id=ctx.context_id,
2264 rep = self.recv_pdu(timeout=0.1)
2265 self.assertIsNone(rep)
2266 self.assertIsConnected()
2268 # netr_ServerReqChallenge with given flags
2269 req = self.generate_request(call_id=51,
2270 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2271 context_id=ctx.context_id,
2275 rep = self.recv_pdu()
2276 # We get a fault back
2277 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, 50,
2278 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2279 dcerpc.DCERPC_PFC_FLAG_LAST,
2281 self.assertNotEquals(rep.u.alloc_hint, 0)
2282 self.assertEquals(rep.u.context_id, req.u.context_id)
2283 self.assertEquals(rep.u.cancel_count, 0)
2284 self.assertEquals(rep.u.flags, 0)
2285 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2286 self.assertEquals(rep.u.reserved, 0)
2287 self.assertEquals(len(rep.u.error_and_verifier), 0)
2289 def test_co_cancel_no_request(self):
2290 ndr32 = base.transfer_syntax_ndr()
2291 abstract = samba.dcerpc.mgmt.abstract_syntax()
2292 ctx = self.prepare_presentation(abstract, ndr32, context_id=0xff)
2294 req = self.generate_co_cancel(call_id=3)
2296 rep = self.recv_pdu(timeout=0.01)
2297 self.assertIsNone(rep)
2298 self.assertIsConnected()
2300 # And now try a request
2301 req = self.generate_request(call_id=1,
2302 context_id=ctx.context_id,
2306 rep = self.recv_pdu()
2307 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2309 self.assertNotEquals(rep.u.alloc_hint, 0)
2310 self.assertEquals(rep.u.context_id, req.u.context_id)
2311 self.assertEquals(rep.u.cancel_count, 0)
2312 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2314 def test_co_cancel_request_after_first(self):
2315 ndr32 = base.transfer_syntax_ndr()
2316 abstract = samba.dcerpc.mgmt.abstract_syntax()
2317 ctx = self.prepare_presentation(abstract, ndr32, context_id=0xff)
2319 req = self.generate_request(call_id=1,
2320 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2321 context_id=ctx.context_id,
2325 rep = self.recv_pdu(timeout=0.01)
2326 self.assertIsNone(rep)
2327 self.assertIsConnected()
2329 req = self.generate_co_cancel(call_id=1)
2331 rep = self.recv_pdu(timeout=0.01)
2332 self.assertIsNone(rep)
2333 self.assertIsConnected()
2335 req = self.generate_request(call_id=1,
2336 pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2337 context_id=ctx.context_id,
2341 rep = self.recv_pdu()
2342 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2344 self.assertNotEquals(rep.u.alloc_hint, 0)
2345 self.assertEquals(rep.u.context_id, req.u.context_id)
2346 self.assertEquals(rep.u.cancel_count, 0)
2347 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2349 # And now try a request
2350 req = self.generate_request(call_id=2,
2351 context_id=ctx.context_id,
2355 rep = self.recv_pdu()
2356 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2358 self.assertNotEquals(rep.u.alloc_hint, 0)
2359 self.assertEquals(rep.u.context_id, req.u.context_id)
2360 self.assertEquals(rep.u.cancel_count, 0)
2361 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2363 def test_orphaned_no_request(self):
2364 ndr32 = base.transfer_syntax_ndr()
2365 abstract = samba.dcerpc.mgmt.abstract_syntax()
2366 ctx = self.prepare_presentation(abstract, ndr32)
2368 req = self.generate_orphaned(call_id=3)
2370 rep = self.recv_pdu(timeout=0.01)
2371 self.assertIsNone(rep)
2372 self.assertIsConnected()
2374 # And now try a request
2375 req = self.generate_request(call_id=1,
2376 context_id=ctx.context_id,
2380 rep = self.recv_pdu()
2381 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2383 self.assertNotEquals(rep.u.alloc_hint, 0)
2384 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2385 self.assertEquals(rep.u.cancel_count, 0)
2386 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2388 def test_orphaned_request_after_first_last(self):
2389 ndr32 = base.transfer_syntax_ndr()
2390 abstract = samba.dcerpc.mgmt.abstract_syntax()
2391 ctx = self.prepare_presentation(abstract, ndr32)
2393 req = self.generate_request(call_id=1,
2394 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2395 context_id=ctx.context_id,
2399 rep = self.recv_pdu(timeout=0.1)
2400 self.assertIsNone(rep)
2401 self.assertIsConnected()
2403 req = self.generate_orphaned(call_id=1)
2405 rep = self.recv_pdu(timeout=0.1)
2406 self.assertIsNone(rep)
2407 self.assertIsConnected()
2409 req = self.generate_request(call_id=1,
2410 pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2411 context_id=ctx.context_id,
2415 rep = self.recv_pdu()
2416 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2418 self.assertNotEquals(rep.u.alloc_hint, 0)
2419 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2420 self.assertEquals(rep.u.cancel_count, 0)
2421 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2423 # And now try a request
2424 req = self.generate_request(call_id=2,
2425 context_id=ctx.context_id,
2429 rep = self.recv_pdu()
2430 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2432 self.assertNotEquals(rep.u.alloc_hint, 0)
2433 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2434 self.assertEquals(rep.u.cancel_count, 0)
2435 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2437 def test_orphaned_request_after_first_mpx_last(self):
2438 ndr32 = base.transfer_syntax_ndr()
2439 abstract = samba.dcerpc.mgmt.abstract_syntax()
2441 pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST
2442 pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST
2443 pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_CONC_MPX
2444 ctx = self.prepare_presentation(abstract, ndr32, pfc_flags=pfc_flags)
2446 req = self.generate_request(call_id=1,
2447 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2448 context_id=ctx.context_id,
2452 rep = self.recv_pdu(timeout=0.1)
2453 self.assertIsNone(rep)
2454 self.assertIsConnected()
2456 req = self.generate_orphaned(call_id=1)
2458 rep = self.recv_pdu(timeout=0.1)
2459 self.assertIsNone(rep)
2460 self.assertIsConnected()
2462 req = self.generate_request(call_id=1,
2463 pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2464 context_id=ctx.context_id,
2468 rep = self.recv_pdu()
2469 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2471 self.assertNotEquals(rep.u.alloc_hint, 0)
2472 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2473 self.assertEquals(rep.u.cancel_count, 0)
2474 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2476 # And now try a request
2477 req = self.generate_request(call_id=2,
2478 context_id=ctx.context_id,
2482 rep = self.recv_pdu()
2483 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2485 self.assertNotEquals(rep.u.alloc_hint, 0)
2486 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2487 self.assertEquals(rep.u.cancel_count, 0)
2488 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2490 def test_orphaned_request_after_first_no_last(self):
2491 ndr32 = base.transfer_syntax_ndr()
2492 abstract = samba.dcerpc.mgmt.abstract_syntax()
2493 ctx = self.prepare_presentation(abstract, ndr32)
2495 req1 = self.generate_request(call_id=1,
2496 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2497 context_id=ctx.context_id,
2501 rep = self.recv_pdu(timeout=0.1)
2502 self.assertIsNone(rep)
2503 self.assertIsConnected()
2505 req = self.generate_orphaned(call_id=1)
2507 rep = self.recv_pdu(timeout=0.1)
2508 self.assertIsNone(rep)
2509 self.assertIsConnected()
2511 # And now try a new request
2512 req2 = self.generate_request(call_id=2,
2513 context_id=ctx.context_id,
2517 rep = self.recv_pdu()
2518 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req1.call_id,
2520 self.assertNotEquals(rep.u.alloc_hint, 0)
2521 self.assertEquals(rep.u.context_id, req1.u.context_id)
2522 self.assertEquals(rep.u.cancel_count, 0)
2523 self.assertEquals(rep.u.flags, 0)
2524 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2525 self.assertEquals(rep.u.reserved, 0)
2526 self.assertEquals(len(rep.u.error_and_verifier), 0)
2528 # wait for a disconnect
2529 rep = self.recv_pdu()
2530 self.assertIsNone(rep)
2531 self.assertNotConnected()
2533 def test_orphaned_request_after_first_mpx_no_last(self):
2534 ndr32 = base.transfer_syntax_ndr()
2535 abstract = samba.dcerpc.mgmt.abstract_syntax()
2537 pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST
2538 pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST
2539 pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_CONC_MPX
2540 ctx = self.prepare_presentation(abstract, ndr32,
2541 pfc_flags=pfc_flags)
2543 req1 = self.generate_request(call_id=1,
2544 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2545 context_id=ctx.context_id,
2549 rep = self.recv_pdu(timeout=0.1)
2550 self.assertIsNone(rep)
2551 self.assertIsConnected()
2553 req = self.generate_orphaned(call_id=1)
2555 rep = self.recv_pdu(timeout=0.1)
2556 self.assertIsNone(rep)
2557 self.assertIsConnected()
2559 # And now try a new request
2560 req2 = self.generate_request(call_id=2,
2561 context_id=ctx.context_id - 1,
2565 rep = self.recv_pdu()
2566 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req2.call_id,
2568 self.assertNotEquals(rep.u.alloc_hint, 0)
2569 self.assertEquals(rep.u.context_id, 0)
2570 self.assertEquals(rep.u.cancel_count, 0)
2571 self.assertEquals(rep.u.flags, 0)
2572 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2573 self.assertEquals(rep.u.reserved, 0)
2574 self.assertEquals(len(rep.u.error_and_verifier), 0)
2576 # wait for a disconnect
2577 rep = self.recv_pdu()
2578 self.assertIsNone(rep)
2579 self.assertNotConnected()
2581 def test_spnego_connect_request(self):
2582 ndr32 = base.transfer_syntax_ndr()
2585 ctx1 = dcerpc.ctx_list()
2587 ctx1.num_transfer_syntaxes = len(tsf1_list)
2588 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2589 ctx1.transfer_syntaxes = tsf1_list
2592 c = self.get_anon_creds()
2593 g = gensec.Security.start_client(self.settings)
2594 g.set_credentials(c)
2595 g.want_feature(gensec.FEATURE_DCE_STYLE)
2596 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2597 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
2599 g.start_mech_by_authtype(auth_type, auth_level)
2601 (finished, to_server) = g.update(from_server)
2602 self.assertFalse(finished)
2604 auth_info = self.generate_auth(auth_type=auth_type,
2605 auth_level=auth_level,
2606 auth_context_id=auth_context_id,
2607 auth_blob=to_server)
2609 req = self.generate_bind(call_id=0,
2611 auth_info=auth_info)
2614 rep = self.recv_pdu()
2615 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2616 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2617 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2618 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2619 self.assertEquals(rep.u.secondary_address_size, 4)
2620 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
2621 self.assertPadding(rep.u._pad1, 2)
2622 self.assertEquals(rep.u.num_results, 1)
2623 self.assertEquals(rep.u.ctx_list[0].result,
2624 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2625 self.assertEquals(rep.u.ctx_list[0].reason,
2626 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2627 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2628 self.assertNotEquals(len(rep.u.auth_info), 0)
2629 a = self.parse_auth(rep.u.auth_info)
2631 from_server = a.credentials
2632 (finished, to_server) = g.update(from_server)
2633 self.assertFalse(finished)
2635 auth_info = self.generate_auth(auth_type=auth_type,
2636 auth_level=auth_level,
2637 auth_context_id=auth_context_id,
2638 auth_blob=to_server)
2640 req = self.generate_alter(call_id=0,
2642 assoc_group_id=rep.u.assoc_group_id,
2643 auth_info=auth_info)
2646 rep = self.recv_pdu()
2647 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
2648 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2649 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2650 self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2651 self.assertEquals(rep.u.secondary_address_size, 0)
2652 self.assertPadding(rep.u._pad1, 2)
2653 self.assertEquals(rep.u.num_results, 1)
2654 self.assertEquals(rep.u.ctx_list[0].result,
2655 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2656 self.assertEquals(rep.u.ctx_list[0].reason,
2657 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2658 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2659 self.assertNotEquals(len(rep.u.auth_info), 0)
2660 a = self.parse_auth(rep.u.auth_info)
2662 from_server = a.credentials
2663 (finished, to_server) = g.update(from_server)
2664 self.assertTrue(finished)
2666 # And now try a request without auth_info
2667 req = self.generate_request(call_id=2,
2668 context_id=ctx1.context_id,
2672 rep = self.recv_pdu()
2673 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2675 self.assertNotEquals(rep.u.alloc_hint, 0)
2676 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2677 self.assertEquals(rep.u.cancel_count, 0)
2678 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2680 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
2681 auth_info = self.generate_auth(auth_type=auth_type,
2682 auth_level=auth_level,
2683 auth_context_id=auth_context_id,
2684 auth_blob=b"\x01" +b"\x00" *15)
2685 req = self.generate_request(call_id=3,
2686 context_id=ctx1.context_id,
2689 auth_info=auth_info)
2691 rep = self.recv_pdu()
2692 # We don't get an auth_info back
2693 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2695 self.assertNotEquals(rep.u.alloc_hint, 0)
2696 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2697 self.assertEquals(rep.u.cancel_count, 0)
2698 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2700 # Now a request with auth_info DCERPC_AUTH_LEVEL_INTEGRITY
2701 auth_info = self.generate_auth(auth_type=auth_type,
2702 auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
2703 auth_context_id=auth_context_id,
2704 auth_blob=b"\x01" + b"\x00" * 15)
2705 req = self.generate_request(call_id=4,
2706 context_id=ctx1.context_id,
2709 auth_info=auth_info)
2711 rep = self.recv_pdu()
2712 # We get a fault back
2713 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2715 self.assertNotEquals(rep.u.alloc_hint, 0)
2716 self.assertEquals(rep.u.context_id, req.u.context_id)
2717 self.assertEquals(rep.u.cancel_count, 0)
2718 self.assertEquals(rep.u.flags, 0)
2719 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2720 self.assertEquals(rep.u.reserved, 0)
2721 self.assertEquals(len(rep.u.error_and_verifier), 0)
2723 # wait for a disconnect
2724 rep = self.recv_pdu()
2725 self.assertIsNone(rep)
2726 self.assertNotConnected()
2728 def test_spnego_integrity_request(self):
2729 ndr32 = base.transfer_syntax_ndr()
2732 ctx1 = dcerpc.ctx_list()
2734 ctx1.num_transfer_syntaxes = len(tsf1_list)
2735 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2736 ctx1.transfer_syntaxes = tsf1_list
2739 c = self.get_anon_creds()
2740 g = gensec.Security.start_client(self.settings)
2741 g.set_credentials(c)
2742 g.want_feature(gensec.FEATURE_DCE_STYLE)
2743 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2744 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
2746 g.start_mech_by_authtype(auth_type, auth_level)
2748 (finished, to_server) = g.update(from_server)
2749 self.assertFalse(finished)
2751 auth_info = self.generate_auth(auth_type=auth_type,
2752 auth_level=auth_level,
2753 auth_context_id=auth_context_id,
2754 auth_blob=to_server)
2756 req = self.generate_bind(call_id=0,
2758 auth_info=auth_info)
2761 rep = self.recv_pdu()
2762 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2763 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2764 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2765 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2766 self.assertEquals(rep.u.secondary_address_size, 4)
2767 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
2768 self.assertPadding(rep.u._pad1, 2)
2769 self.assertEquals(rep.u.num_results, 1)
2770 self.assertEquals(rep.u.ctx_list[0].result,
2771 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2772 self.assertEquals(rep.u.ctx_list[0].reason,
2773 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2774 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2775 self.assertNotEquals(len(rep.u.auth_info), 0)
2776 a = self.parse_auth(rep.u.auth_info)
2778 from_server = a.credentials
2779 (finished, to_server) = g.update(from_server)
2780 self.assertFalse(finished)
2782 auth_info = self.generate_auth(auth_type=auth_type,
2783 auth_level=auth_level,
2784 auth_context_id=auth_context_id,
2785 auth_blob=to_server)
2787 req = self.generate_alter(call_id=0,
2789 assoc_group_id=rep.u.assoc_group_id,
2790 auth_info=auth_info)
2793 rep = self.recv_pdu()
2794 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
2795 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2796 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2797 self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2798 self.assertEquals(rep.u.secondary_address_size, 0)
2799 self.assertPadding(rep.u._pad1, 2)
2800 self.assertEquals(rep.u.num_results, 1)
2801 self.assertEquals(rep.u.ctx_list[0].result,
2802 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2803 self.assertEquals(rep.u.ctx_list[0].reason,
2804 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2805 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2806 self.assertNotEquals(len(rep.u.auth_info), 0)
2807 a = self.parse_auth(rep.u.auth_info)
2809 from_server = a.credentials
2810 (finished, to_server) = g.update(from_server)
2811 self.assertTrue(finished)
2813 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
2814 auth_info = self.generate_auth(auth_type=auth_type,
2815 auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
2816 auth_context_id=auth_context_id,
2817 auth_blob=b"\x01" + b"\x00" * 15)
2818 req = self.generate_request(call_id=3,
2819 context_id=ctx1.context_id,
2822 auth_info=auth_info)
2824 rep = self.recv_pdu()
2825 # We get a fault back
2826 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2828 self.assertNotEquals(rep.u.alloc_hint, 0)
2829 self.assertEquals(rep.u.context_id, req.u.context_id)
2830 self.assertEquals(rep.u.cancel_count, 0)
2831 self.assertEquals(rep.u.flags, 0)
2832 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2833 self.assertEquals(rep.u.reserved, 0)
2834 self.assertEquals(len(rep.u.error_and_verifier), 0)
2836 # wait for a disconnect
2837 rep = self.recv_pdu()
2838 self.assertIsNone(rep)
2839 self.assertNotConnected()
2841 def test_spnego_unfinished_request(self):
2842 ndr32 = base.transfer_syntax_ndr()
2845 ctx1 = dcerpc.ctx_list()
2847 ctx1.num_transfer_syntaxes = len(tsf1_list)
2848 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2849 ctx1.transfer_syntaxes = tsf1_list
2852 c = self.get_anon_creds()
2853 g = gensec.Security.start_client(self.settings)
2854 g.set_credentials(c)
2855 g.want_feature(gensec.FEATURE_DCE_STYLE)
2856 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2857 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
2859 g.start_mech_by_authtype(auth_type, auth_level)
2861 (finished, to_server) = g.update(from_server)
2862 self.assertFalse(finished)
2864 auth_info = self.generate_auth(auth_type=auth_type,
2865 auth_level=auth_level,
2866 auth_context_id=auth_context_id,
2867 auth_blob=to_server)
2869 req = self.generate_bind(call_id=0,
2871 auth_info=auth_info)
2874 rep = self.recv_pdu()
2875 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2876 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2877 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2878 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2879 assoc_group_id = rep.u.assoc_group_id
2880 self.assertEquals(rep.u.secondary_address_size, 4)
2881 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
2882 self.assertPadding(rep.u._pad1, 2)
2883 self.assertEquals(rep.u.num_results, 1)
2884 self.assertEquals(rep.u.ctx_list[0].result,
2885 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2886 self.assertEquals(rep.u.ctx_list[0].reason,
2887 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2888 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2889 self.assertNotEquals(len(rep.u.auth_info), 0)
2890 a = self.parse_auth(rep.u.auth_info)
2892 from_server = a.credentials
2893 (finished, to_server) = g.update(from_server)
2894 self.assertFalse(finished)
2896 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
2897 auth_info = self.generate_auth(auth_type=auth_type,
2898 auth_level=auth_level,
2899 auth_context_id=auth_context_id,
2900 auth_blob=b"\x01" + b"\x00" * 15)
2901 req = self.generate_request(call_id=1,
2902 context_id=ctx1.context_id,
2905 auth_info=auth_info)
2907 rep = self.recv_pdu()
2909 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2910 pfc_flags=req.pfc_flags |
2911 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
2913 self.assertNotEquals(rep.u.alloc_hint, 0)
2914 self.assertEquals(rep.u.context_id, 0)
2915 self.assertEquals(rep.u.cancel_count, 0)
2916 self.assertEquals(rep.u.flags, 0)
2917 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2918 self.assertEquals(rep.u.reserved, 0)
2919 self.assertEquals(len(rep.u.error_and_verifier), 0)
2921 # wait for a disconnect
2922 rep = self.recv_pdu()
2923 self.assertIsNone(rep)
2924 self.assertNotConnected()
2926 def test_spnego_auth3(self):
2927 ndr32 = base.transfer_syntax_ndr()
2930 ctx1 = dcerpc.ctx_list()
2932 ctx1.num_transfer_syntaxes = len(tsf1_list)
2933 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2934 ctx1.transfer_syntaxes = tsf1_list
2937 c = self.get_anon_creds()
2938 g = gensec.Security.start_client(self.settings)
2939 g.set_credentials(c)
2940 g.want_feature(gensec.FEATURE_DCE_STYLE)
2941 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2942 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
2944 g.start_mech_by_authtype(auth_type, auth_level)
2946 (finished, to_server) = g.update(from_server)
2947 self.assertFalse(finished)
2949 auth_info = self.generate_auth(auth_type=auth_type,
2950 auth_level=auth_level,
2951 auth_context_id=auth_context_id,
2952 auth_blob=to_server)
2953 req = self.generate_bind(call_id=0,
2955 auth_info=auth_info)
2957 rep = self.recv_pdu()
2958 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2959 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2960 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2961 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2962 self.assertEquals(rep.u.secondary_address_size, 4)
2963 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
2964 self.assertPadding(rep.u._pad1, 2)
2965 self.assertEquals(rep.u.num_results, 1)
2966 self.assertEquals(rep.u.ctx_list[0].result,
2967 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2968 self.assertEquals(rep.u.ctx_list[0].reason,
2969 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2970 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2971 self.assertNotEquals(len(rep.u.auth_info), 0)
2972 a = self.parse_auth(rep.u.auth_info)
2974 from_server = a.credentials
2975 (finished, to_server) = g.update(from_server)
2976 self.assertFalse(finished)
2978 auth_info = self.generate_auth(auth_type=auth_type,
2979 auth_level=auth_level,
2980 auth_context_id=auth_context_id,
2981 auth_blob=to_server)
2982 req = self.generate_auth3(call_id=0,
2983 auth_info=auth_info)
2985 rep = self.recv_pdu()
2986 self.assertIsNone(rep)
2987 self.assertIsConnected()
2989 # And now try a request without auth_info
2990 req = self.generate_request(call_id=2,
2991 context_id=ctx1.context_id,
2995 rep = self.recv_pdu()
2996 # We get a fault back
2997 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2999 self.assertNotEquals(rep.u.alloc_hint, 0)
3000 self.assertEquals(rep.u.context_id, req.u.context_id)
3001 self.assertEquals(rep.u.cancel_count, 0)
3002 self.assertEquals(rep.u.flags, 0)
3003 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
3004 self.assertEquals(rep.u.reserved, 0)
3005 self.assertEquals(len(rep.u.error_and_verifier), 0)
3007 # wait for a disconnect
3008 rep = self.recv_pdu()
3009 self.assertIsNone(rep)
3010 self.assertNotConnected()
3012 def test_spnego_connect_reauth_alter(self):
3013 ndr32 = base.transfer_syntax_ndr()
3014 ndr64 = base.transfer_syntax_ndr64()
3017 ctx1 = dcerpc.ctx_list()
3019 ctx1.num_transfer_syntaxes = len(tsf1_list)
3020 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3021 ctx1.transfer_syntaxes = tsf1_list
3024 c = self.get_anon_creds()
3025 g = gensec.Security.start_client(self.settings)
3026 g.set_credentials(c)
3027 g.want_feature(gensec.FEATURE_DCE_STYLE)
3028 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3029 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3031 g.start_mech_by_authtype(auth_type, auth_level)
3033 (finished, to_server) = g.update(from_server)
3034 self.assertFalse(finished)
3036 auth_info = self.generate_auth(auth_type=auth_type,
3037 auth_level=auth_level,
3038 auth_context_id=auth_context_id,
3039 auth_blob=to_server)
3041 req = self.generate_bind(call_id=0,
3043 auth_info=auth_info)
3046 rep = self.recv_pdu()
3047 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3048 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3049 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3050 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3051 self.assertEquals(rep.u.secondary_address_size, 4)
3052 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3053 self.assertPadding(rep.u._pad1, 2)
3054 self.assertEquals(rep.u.num_results, 1)
3055 self.assertEquals(rep.u.ctx_list[0].result,
3056 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3057 self.assertEquals(rep.u.ctx_list[0].reason,
3058 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3059 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3060 self.assertNotEquals(len(rep.u.auth_info), 0)
3061 a = self.parse_auth(rep.u.auth_info)
3063 from_server = a.credentials
3064 (finished, to_server) = g.update(from_server)
3065 self.assertFalse(finished)
3067 auth_info = self.generate_auth(auth_type=auth_type,
3068 auth_level=auth_level,
3069 auth_context_id=auth_context_id,
3070 auth_blob=to_server)
3071 req = self.generate_alter(call_id=0,
3073 assoc_group_id=rep.u.assoc_group_id,
3074 auth_info=auth_info)
3076 rep = self.recv_pdu()
3077 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
3078 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3079 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3080 self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3081 self.assertEquals(rep.u.secondary_address_size, 0)
3082 self.assertPadding(rep.u._pad1, 2)
3083 self.assertEquals(rep.u.num_results, 1)
3084 self.assertEquals(rep.u.ctx_list[0].result,
3085 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3086 self.assertEquals(rep.u.ctx_list[0].reason,
3087 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3088 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3089 self.assertNotEquals(len(rep.u.auth_info), 0)
3090 a = self.parse_auth(rep.u.auth_info)
3092 from_server = a.credentials
3093 (finished, to_server) = g.update(from_server)
3094 self.assertTrue(finished)
3096 # And now try a request without auth_info
3097 req = self.generate_request(call_id=2,
3098 context_id=ctx1.context_id,
3102 rep = self.recv_pdu()
3103 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3105 self.assertNotEquals(rep.u.alloc_hint, 0)
3106 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
3107 self.assertEquals(rep.u.cancel_count, 0)
3108 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3110 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
3111 auth_info = self.generate_auth(auth_type=auth_type,
3112 auth_level=auth_level,
3113 auth_context_id=auth_context_id,
3114 auth_blob=b"\x01" + b"\x00" * 15)
3115 req = self.generate_request(call_id=3,
3116 context_id=ctx1.context_id,
3119 auth_info=auth_info)
3121 rep = self.recv_pdu()
3122 # We don't get an auth_info back
3123 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3125 self.assertNotEquals(rep.u.alloc_hint, 0)
3126 self.assertEquals(rep.u.context_id, req.u.context_id)
3127 self.assertEquals(rep.u.cancel_count, 0)
3128 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3132 g = gensec.Security.start_client(self.settings)
3133 g.set_credentials(c)
3134 g.want_feature(gensec.FEATURE_DCE_STYLE)
3135 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3136 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3138 g.start_mech_by_authtype(auth_type, auth_level)
3140 (finished, to_server) = g.update(from_server)
3141 self.assertFalse(finished)
3143 auth_info = self.generate_auth(auth_type=auth_type,
3144 auth_level=auth_level,
3145 auth_context_id=auth_context_id,
3146 auth_blob=to_server)
3147 req = self.generate_alter(call_id=0,
3149 auth_info=auth_info)
3151 rep = self.recv_pdu()
3153 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3154 pfc_flags=req.pfc_flags |
3155 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3157 self.assertNotEquals(rep.u.alloc_hint, 0)
3158 self.assertEquals(rep.u.context_id, 0)
3159 self.assertEquals(rep.u.cancel_count, 0)
3160 self.assertEquals(rep.u.flags, 0)
3161 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
3162 self.assertEquals(rep.u.reserved, 0)
3163 self.assertEquals(len(rep.u.error_and_verifier), 0)
3165 # wait for a disconnect
3166 rep = self.recv_pdu()
3167 self.assertIsNone(rep)
3168 self.assertNotConnected()
3170 def test_spnego_connect_reauth_auth3(self):
3171 ndr32 = base.transfer_syntax_ndr()
3172 ndr64 = base.transfer_syntax_ndr64()
3175 ctx1 = dcerpc.ctx_list()
3177 ctx1.num_transfer_syntaxes = len(tsf1_list)
3178 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3179 ctx1.transfer_syntaxes = tsf1_list
3182 c = self.get_anon_creds()
3183 g = gensec.Security.start_client(self.settings)
3184 g.set_credentials(c)
3185 g.want_feature(gensec.FEATURE_DCE_STYLE)
3186 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3187 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3189 g.start_mech_by_authtype(auth_type, auth_level)
3191 (finished, to_server) = g.update(from_server)
3192 self.assertFalse(finished)
3194 auth_info = self.generate_auth(auth_type=auth_type,
3195 auth_level=auth_level,
3196 auth_context_id=auth_context_id,
3197 auth_blob=to_server)
3199 req = self.generate_bind(call_id=0,
3201 auth_info=auth_info)
3204 rep = self.recv_pdu()
3205 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3206 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3207 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3208 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3209 self.assertEquals(rep.u.secondary_address_size, 4)
3210 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3211 self.assertPadding(rep.u._pad1, 2)
3212 self.assertEquals(rep.u.num_results, 1)
3213 self.assertEquals(rep.u.ctx_list[0].result,
3214 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3215 self.assertEquals(rep.u.ctx_list[0].reason,
3216 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3217 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3218 self.assertNotEquals(len(rep.u.auth_info), 0)
3219 a = self.parse_auth(rep.u.auth_info)
3221 from_server = a.credentials
3222 (finished, to_server) = g.update(from_server)
3223 self.assertFalse(finished)
3225 auth_info = self.generate_auth(auth_type=auth_type,
3226 auth_level=auth_level,
3227 auth_context_id=auth_context_id,
3228 auth_blob=to_server)
3229 req = self.generate_alter(call_id=0,
3231 assoc_group_id=rep.u.assoc_group_id,
3232 auth_info=auth_info)
3234 rep = self.recv_pdu()
3235 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
3236 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3237 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3238 self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3239 self.assertEquals(rep.u.secondary_address_size, 0)
3240 self.assertPadding(rep.u._pad1, 2)
3241 self.assertEquals(rep.u.num_results, 1)
3242 self.assertEquals(rep.u.ctx_list[0].result,
3243 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3244 self.assertEquals(rep.u.ctx_list[0].reason,
3245 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3246 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3247 self.assertNotEquals(len(rep.u.auth_info), 0)
3248 a = self.parse_auth(rep.u.auth_info)
3250 from_server = a.credentials
3251 (finished, to_server) = g.update(from_server)
3252 self.assertTrue(finished)
3254 # And now try a request without auth_info
3255 req = self.generate_request(call_id=2,
3256 context_id=ctx1.context_id,
3260 rep = self.recv_pdu()
3261 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3263 self.assertNotEquals(rep.u.alloc_hint, 0)
3264 self.assertEquals(rep.u.context_id, req.u.context_id)
3265 self.assertEquals(rep.u.cancel_count, 0)
3266 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3268 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
3269 auth_info = self.generate_auth(auth_type=auth_type,
3270 auth_level=auth_level,
3271 auth_context_id=auth_context_id,
3272 auth_blob=b"\x01" + b"\x00" * 15)
3273 req = self.generate_request(call_id=3,
3274 context_id=ctx1.context_id,
3277 auth_info=auth_info)
3279 rep = self.recv_pdu()
3280 # We don't get an auth_info back
3281 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3283 self.assertNotEquals(rep.u.alloc_hint, 0)
3284 self.assertEquals(rep.u.context_id, req.u.context_id)
3285 self.assertEquals(rep.u.cancel_count, 0)
3286 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3290 g = gensec.Security.start_client(self.settings)
3291 g.set_credentials(c)
3292 g.want_feature(gensec.FEATURE_DCE_STYLE)
3293 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3294 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3296 g.start_mech_by_authtype(auth_type, auth_level)
3298 (finished, to_server) = g.update(from_server)
3299 self.assertFalse(finished)
3301 auth_info = self.generate_auth(auth_type=auth_type,
3302 auth_level=auth_level,
3303 auth_context_id=auth_context_id,
3304 auth_blob=to_server)
3305 req = self.generate_auth3(call_id=0,
3306 auth_info=auth_info)
3308 rep = self.recv_pdu()
3310 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3311 pfc_flags=req.pfc_flags |
3312 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3314 self.assertNotEquals(rep.u.alloc_hint, 0)
3315 self.assertEquals(rep.u.context_id, 0)
3316 self.assertEquals(rep.u.cancel_count, 0)
3317 self.assertEquals(rep.u.flags, 0)
3318 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
3319 self.assertEquals(rep.u.reserved, 0)
3320 self.assertEquals(len(rep.u.error_and_verifier), 0)
3322 # wait for a disconnect
3323 rep = self.recv_pdu()
3324 self.assertIsNone(rep)
3325 self.assertNotConnected()
3327 def test_spnego_change_auth_level(self):
3328 ndr32 = base.transfer_syntax_ndr()
3331 ctx1 = dcerpc.ctx_list()
3333 ctx1.num_transfer_syntaxes = len(tsf1_list)
3334 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3335 ctx1.transfer_syntaxes = tsf1_list
3337 c = self.get_anon_creds()
3338 g = gensec.Security.start_client(self.settings)
3339 g.set_credentials(c)
3340 g.want_feature(gensec.FEATURE_DCE_STYLE)
3341 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3342 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3344 g.start_mech_by_authtype(auth_type, auth_level)
3346 (finished, to_server) = g.update(from_server)
3347 self.assertFalse(finished)
3349 auth_info = self.generate_auth(auth_type=auth_type,
3350 auth_level=auth_level,
3351 auth_context_id=auth_context_id,
3352 auth_blob=to_server)
3353 req = self.generate_bind(call_id=0,
3355 auth_info=auth_info)
3357 rep = self.recv_pdu()
3358 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3359 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3360 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3361 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3362 self.assertEquals(rep.u.secondary_address_size, 4)
3363 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3364 self.assertPadding(rep.u._pad1, 2)
3365 self.assertEquals(rep.u.num_results, 1)
3366 self.assertEquals(rep.u.ctx_list[0].result,
3367 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3368 self.assertEquals(rep.u.ctx_list[0].reason,
3369 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3370 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3371 self.assertNotEquals(len(rep.u.auth_info), 0)
3372 a = self.parse_auth(rep.u.auth_info)
3374 from_server = a.credentials
3375 (finished, to_server) = g.update(from_server)
3376 self.assertFalse(finished)
3378 auth_info = self.generate_auth(auth_type=auth_type,
3379 auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
3380 auth_context_id=auth_context_id,
3381 auth_blob=to_server)
3382 req = self.generate_alter(call_id=0,
3384 assoc_group_id=rep.u.assoc_group_id,
3385 auth_info=auth_info)
3387 rep = self.recv_pdu()
3388 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3389 pfc_flags=req.pfc_flags |
3390 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3392 self.assertNotEquals(rep.u.alloc_hint, 0)
3393 self.assertEquals(rep.u.context_id, 0)
3394 self.assertEquals(rep.u.cancel_count, 0)
3395 self.assertEquals(rep.u.flags, 0)
3396 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
3397 self.assertEquals(rep.u.reserved, 0)
3398 self.assertEquals(len(rep.u.error_and_verifier), 0)
3400 # wait for a disconnect
3401 rep = self.recv_pdu()
3402 self.assertIsNone(rep)
3403 self.assertNotConnected()
3405 def test_spnego_change_abstract(self):
3406 ndr32 = base.transfer_syntax_ndr()
3409 ctx1 = dcerpc.ctx_list()
3411 ctx1.num_transfer_syntaxes = len(tsf1_list)
3412 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3413 ctx1.transfer_syntaxes = tsf1_list
3415 ctx1b = dcerpc.ctx_list()
3416 ctx1b.context_id = 1
3417 ctx1b.num_transfer_syntaxes = len(tsf1_list)
3418 ctx1b.abstract_syntax = samba.dcerpc.epmapper.abstract_syntax()
3419 ctx1b.transfer_syntaxes = tsf1_list
3421 c = self.get_anon_creds()
3422 g = gensec.Security.start_client(self.settings)
3423 g.set_credentials(c)
3424 g.want_feature(gensec.FEATURE_DCE_STYLE)
3425 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3426 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3428 g.start_mech_by_authtype(auth_type, auth_level)
3430 (finished, to_server) = g.update(from_server)
3431 self.assertFalse(finished)
3433 auth_info = self.generate_auth(auth_type=auth_type,
3434 auth_level=auth_level,
3435 auth_context_id=auth_context_id,
3436 auth_blob=to_server)
3437 req = self.generate_bind(call_id=0,
3439 auth_info=auth_info)
3441 rep = self.recv_pdu()
3442 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3443 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3444 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3445 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3446 self.assertEquals(rep.u.secondary_address_size, 4)
3447 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3448 self.assertPadding(rep.u._pad1, 2)
3449 self.assertEquals(rep.u.num_results, 1)
3450 self.assertEquals(rep.u.ctx_list[0].result,
3451 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3452 self.assertEquals(rep.u.ctx_list[0].reason,
3453 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3454 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3455 self.assertNotEquals(len(rep.u.auth_info), 0)
3456 a = self.parse_auth(rep.u.auth_info)
3458 from_server = a.credentials
3459 (finished, to_server) = g.update(from_server)
3460 self.assertFalse(finished)
3462 auth_info = self.generate_auth(auth_type=auth_type,
3463 auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
3464 auth_context_id=auth_context_id,
3465 auth_blob=to_server)
3466 req = self.generate_alter(call_id=0,
3468 assoc_group_id=rep.u.assoc_group_id,
3469 auth_info=auth_info)
3471 rep = self.recv_pdu()
3472 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3473 pfc_flags=req.pfc_flags |
3474 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3476 self.assertNotEquals(rep.u.alloc_hint, 0)
3477 self.assertEquals(rep.u.context_id, 0)
3478 self.assertEquals(rep.u.cancel_count, 0)
3479 self.assertEquals(rep.u.flags, 0)
3480 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
3481 self.assertEquals(rep.u.reserved, 0)
3482 self.assertEquals(len(rep.u.error_and_verifier), 0)
3484 # wait for a disconnect
3485 rep = self.recv_pdu()
3486 self.assertIsNone(rep)
3487 self.assertNotConnected()
3489 def test_spnego_change_transfer(self):
3490 ndr32 = base.transfer_syntax_ndr()
3491 ndr64 = base.transfer_syntax_ndr64()
3494 ctx1 = dcerpc.ctx_list()
3496 ctx1.num_transfer_syntaxes = len(tsf1_list)
3497 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3498 ctx1.transfer_syntaxes = tsf1_list
3500 tsf1b_list = [ndr32, ndr64]
3501 ctx1b = dcerpc.ctx_list()
3502 ctx1b.context_id = 1
3503 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
3504 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3505 ctx1b.transfer_syntaxes = tsf1b_list
3507 c = self.get_anon_creds()
3508 g = gensec.Security.start_client(self.settings)
3509 g.set_credentials(c)
3510 g.want_feature(gensec.FEATURE_DCE_STYLE)
3511 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3512 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3514 g.start_mech_by_authtype(auth_type, auth_level)
3516 (finished, to_server) = g.update(from_server)
3517 self.assertFalse(finished)
3519 auth_info = self.generate_auth(auth_type=auth_type,
3520 auth_level=auth_level,
3521 auth_context_id=auth_context_id,
3522 auth_blob=to_server)
3523 req = self.generate_bind(call_id=0,
3525 auth_info=auth_info)
3527 rep = self.recv_pdu()
3528 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3529 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3530 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3531 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3532 self.assertEquals(rep.u.secondary_address_size, 4)
3533 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3534 self.assertPadding(rep.u._pad1, 2)
3535 self.assertEquals(rep.u.num_results, 1)
3536 self.assertEquals(rep.u.ctx_list[0].result,
3537 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3538 self.assertEquals(rep.u.ctx_list[0].reason,
3539 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3540 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3541 self.assertNotEquals(len(rep.u.auth_info), 0)
3542 a = self.parse_auth(rep.u.auth_info)
3544 from_server = a.credentials
3545 (finished, to_server) = g.update(from_server)
3546 self.assertFalse(finished)
3548 # We change ctx_list and auth_level
3549 auth_info = self.generate_auth(auth_type=auth_type,
3550 auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
3551 auth_context_id=auth_context_id,
3552 auth_blob=to_server)
3553 req = self.generate_alter(call_id=0,
3555 assoc_group_id=rep.u.assoc_group_id,
3556 auth_info=auth_info)
3558 rep = self.recv_pdu()
3559 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3560 pfc_flags=req.pfc_flags |
3561 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3563 self.assertNotEquals(rep.u.alloc_hint, 0)
3564 self.assertEquals(rep.u.context_id, 0)
3565 self.assertEquals(rep.u.cancel_count, 0)
3566 self.assertEquals(rep.u.flags, 0)
3567 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
3568 self.assertEquals(rep.u.reserved, 0)
3569 self.assertEquals(len(rep.u.error_and_verifier), 0)
3571 # wait for a disconnect
3572 rep = self.recv_pdu()
3573 self.assertIsNone(rep)
3574 self.assertNotConnected()
3576 def test_spnego_change_auth_type1(self):
3577 ndr32 = base.transfer_syntax_ndr()
3578 ndr64 = base.transfer_syntax_ndr64()
3581 ctx1 = dcerpc.ctx_list()
3583 ctx1.num_transfer_syntaxes = len(tsf1_list)
3584 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3585 ctx1.transfer_syntaxes = tsf1_list
3587 c = self.get_anon_creds()
3588 g = gensec.Security.start_client(self.settings)
3589 g.set_credentials(c)
3590 g.want_feature(gensec.FEATURE_DCE_STYLE)
3591 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3592 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3594 g.start_mech_by_authtype(auth_type, auth_level)
3596 (finished, to_server) = g.update(from_server)
3597 self.assertFalse(finished)
3599 auth_info = self.generate_auth(auth_type=auth_type,
3600 auth_level=auth_level,
3601 auth_context_id=auth_context_id,
3602 auth_blob=to_server)
3603 req = self.generate_bind(call_id=0,
3605 auth_info=auth_info)
3607 rep = self.recv_pdu()
3608 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3609 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3610 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3611 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3612 self.assertEquals(rep.u.secondary_address_size, 4)
3613 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3614 self.assertPadding(rep.u._pad1, 2)
3615 self.assertEquals(rep.u.num_results, 1)
3616 self.assertEquals(rep.u.ctx_list[0].result,
3617 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3618 self.assertEquals(rep.u.ctx_list[0].reason,
3619 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3620 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3621 self.assertNotEquals(len(rep.u.auth_info), 0)
3622 a = self.parse_auth(rep.u.auth_info)
3624 from_server = a.credentials
3625 (finished, to_server) = g.update(from_server)
3626 self.assertFalse(finished)
3628 # We change ctx_list and auth_level
3629 auth_info = self.generate_auth(auth_type=dcerpc.DCERPC_AUTH_TYPE_KRB5,
3630 auth_level=auth_level,
3631 auth_context_id=auth_context_id,
3632 auth_blob=to_server)
3633 req = self.generate_alter(call_id=0,
3635 assoc_group_id=rep.u.assoc_group_id,
3636 auth_info=auth_info)
3638 rep = self.recv_pdu()
3639 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3640 pfc_flags=req.pfc_flags |
3641 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3643 self.assertNotEquals(rep.u.alloc_hint, 0)
3644 self.assertEquals(rep.u.context_id, 0)
3645 self.assertEquals(rep.u.cancel_count, 0)
3646 self.assertEquals(rep.u.flags, 0)
3647 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
3648 self.assertEquals(rep.u.reserved, 0)
3649 self.assertEquals(len(rep.u.error_and_verifier), 0)
3651 # wait for a disconnect
3652 rep = self.recv_pdu()
3653 self.assertIsNone(rep)
3654 self.assertNotConnected()
3656 def test_spnego_change_auth_type2(self):
3657 ndr32 = base.transfer_syntax_ndr()
3658 ndr64 = base.transfer_syntax_ndr64()
3661 ctx1 = dcerpc.ctx_list()
3663 ctx1.num_transfer_syntaxes = len(tsf1_list)
3664 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3665 ctx1.transfer_syntaxes = tsf1_list
3667 tsf1b_list = [ndr32, ndr64]
3668 ctx1b = dcerpc.ctx_list()
3669 ctx1b.context_id = 1
3670 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
3671 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3672 ctx1b.transfer_syntaxes = tsf1b_list
3674 c = self.get_anon_creds()
3675 g = gensec.Security.start_client(self.settings)
3676 g.set_credentials(c)
3677 g.want_feature(gensec.FEATURE_DCE_STYLE)
3678 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3679 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3681 g.start_mech_by_authtype(auth_type, auth_level)
3683 (finished, to_server) = g.update(from_server)
3684 self.assertFalse(finished)
3686 auth_info = self.generate_auth(auth_type=auth_type,
3687 auth_level=auth_level,
3688 auth_context_id=auth_context_id,
3689 auth_blob=to_server)
3690 req = self.generate_bind(call_id=0,
3692 auth_info=auth_info)
3694 rep = self.recv_pdu()
3695 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3696 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3697 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3698 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3699 self.assertEquals(rep.u.secondary_address_size, 4)
3700 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3701 self.assertPadding(rep.u._pad1, 2)
3702 self.assertEquals(rep.u.num_results, 1)
3703 self.assertEquals(rep.u.ctx_list[0].result,
3704 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3705 self.assertEquals(rep.u.ctx_list[0].reason,
3706 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3707 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3708 self.assertNotEquals(len(rep.u.auth_info), 0)
3709 a = self.parse_auth(rep.u.auth_info)
3711 from_server = a.credentials
3712 (finished, to_server) = g.update(from_server)
3713 self.assertFalse(finished)
3715 # We change ctx_list and auth_level
3716 auth_info = self.generate_auth(auth_type=dcerpc.DCERPC_AUTH_TYPE_KRB5,
3717 auth_level=auth_level,
3718 auth_context_id=auth_context_id,
3719 auth_blob=to_server)
3720 req = self.generate_alter(call_id=0,
3722 assoc_group_id=rep.u.assoc_group_id,
3723 auth_info=auth_info)
3725 rep = self.recv_pdu()
3726 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3727 pfc_flags=req.pfc_flags |
3728 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3730 self.assertNotEquals(rep.u.alloc_hint, 0)
3731 self.assertEquals(rep.u.context_id, 0)
3732 self.assertEquals(rep.u.cancel_count, 0)
3733 self.assertEquals(rep.u.flags, 0)
3734 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
3735 self.assertEquals(rep.u.reserved, 0)
3736 self.assertEquals(len(rep.u.error_and_verifier), 0)
3738 # wait for a disconnect
3739 rep = self.recv_pdu()
3740 self.assertIsNone(rep)
3741 self.assertNotConnected()
3743 def test_spnego_change_auth_type3(self):
3744 ndr32 = base.transfer_syntax_ndr()
3745 ndr64 = base.transfer_syntax_ndr64()
3748 ctx1 = dcerpc.ctx_list()
3750 ctx1.num_transfer_syntaxes = len(tsf1_list)
3751 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3752 ctx1.transfer_syntaxes = tsf1_list
3754 tsf1b_list = [ndr32, ndr64]
3755 ctx1b = dcerpc.ctx_list()
3756 ctx1b.context_id = 1
3757 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
3758 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3759 ctx1b.transfer_syntaxes = tsf1b_list
3761 c = self.get_anon_creds()
3762 g = gensec.Security.start_client(self.settings)
3763 g.set_credentials(c)
3764 g.want_feature(gensec.FEATURE_DCE_STYLE)
3765 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3766 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3768 g.start_mech_by_authtype(auth_type, auth_level)
3770 (finished, to_server) = g.update(from_server)
3771 self.assertFalse(finished)
3773 auth_info = self.generate_auth(auth_type=auth_type,
3774 auth_level=auth_level,
3775 auth_context_id=auth_context_id,
3776 auth_blob=to_server)
3777 req = self.generate_bind(call_id=0,
3779 auth_info=auth_info)
3781 rep = self.recv_pdu()
3782 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3783 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3784 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3785 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3786 self.assertEquals(rep.u.secondary_address_size, 4)
3787 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3788 self.assertPadding(rep.u._pad1, 2)
3789 self.assertEquals(rep.u.num_results, 1)
3790 self.assertEquals(rep.u.ctx_list[0].result,
3791 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3792 self.assertEquals(rep.u.ctx_list[0].reason,
3793 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3794 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3795 self.assertNotEquals(len(rep.u.auth_info), 0)
3796 a = self.parse_auth(rep.u.auth_info)
3798 from_server = a.credentials
3799 (finished, to_server) = g.update(from_server)
3800 self.assertFalse(finished)
3802 # We change ctx_list and auth_level
3803 auth_info = self.generate_auth(auth_type=dcerpc.DCERPC_AUTH_TYPE_NONE,
3804 auth_level=auth_level,
3805 auth_context_id=auth_context_id,
3806 auth_blob=to_server)
3807 req = self.generate_alter(call_id=0,
3809 assoc_group_id=rep.u.assoc_group_id,
3810 auth_info=auth_info)
3812 rep = self.recv_pdu()
3813 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3814 pfc_flags=req.pfc_flags |
3815 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3817 self.assertNotEquals(rep.u.alloc_hint, 0)
3818 self.assertEquals(rep.u.context_id, 0)
3819 self.assertEquals(rep.u.cancel_count, 0)
3820 self.assertEquals(rep.u.flags, 0)
3821 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
3822 self.assertEquals(rep.u.reserved, 0)
3823 self.assertEquals(len(rep.u.error_and_verifier), 0)
3825 # wait for a disconnect
3826 rep = self.recv_pdu()
3827 self.assertIsNone(rep)
3828 self.assertNotConnected()
3830 def test_spnego_auth_pad_ok(self):
3831 ndr32 = base.transfer_syntax_ndr()
3834 ctx1 = dcerpc.ctx_list()
3836 ctx1.num_transfer_syntaxes = len(tsf1_list)
3837 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3838 ctx1.transfer_syntaxes = tsf1_list
3841 c = self.get_anon_creds()
3842 g = gensec.Security.start_client(self.settings)
3843 g.set_credentials(c)
3844 g.want_feature(gensec.FEATURE_DCE_STYLE)
3845 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3846 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3848 g.start_mech_by_authtype(auth_type, auth_level)
3850 (finished, to_server) = g.update(from_server)
3851 self.assertFalse(finished)
3853 auth_info = self.generate_auth(auth_type=auth_type,
3854 auth_level=auth_level,
3855 auth_context_id=auth_context_id,
3856 auth_blob=to_server)
3858 req = self.generate_bind(call_id=0,
3860 auth_info=auth_info)
3861 req_pdu = samba.ndr.ndr_pack(req)
3863 auth_pad_ok = len(req_pdu)
3864 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
3865 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
3866 auth_pad_ok -= len(to_server)
3868 auth_info = self.generate_auth(auth_type=auth_type,
3869 auth_level=auth_level,
3870 auth_context_id=auth_context_id,
3871 auth_pad_length=auth_pad_ok,
3872 auth_blob=to_server)
3874 req = self.generate_bind(call_id=0,
3876 auth_info=auth_info)
3878 rep = self.recv_pdu()
3879 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3880 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3881 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3882 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3883 self.assertEquals(rep.u.secondary_address_size, 4)
3884 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3885 self.assertPadding(rep.u._pad1, 2)
3886 self.assertEquals(rep.u.num_results, 1)
3887 self.assertEquals(rep.u.ctx_list[0].result,
3888 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3889 self.assertEquals(rep.u.ctx_list[0].reason,
3890 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3891 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3892 self.assertNotEquals(len(rep.u.auth_info), 0)
3893 a = self.parse_auth(rep.u.auth_info)
3895 from_server = a.credentials
3896 (finished, to_server) = g.update(from_server)
3897 self.assertFalse(finished)
3899 auth_info = self.generate_auth(auth_type=auth_type,
3900 auth_level=auth_level,
3901 auth_context_id=auth_context_id,
3902 auth_blob=to_server)
3903 req = self.generate_alter(call_id=0,
3905 assoc_group_id=rep.u.assoc_group_id,
3906 auth_info=auth_info)
3907 req_pdu = samba.ndr.ndr_pack(req)
3909 auth_pad_ok = len(req_pdu)
3910 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
3911 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
3912 auth_pad_ok -= len(to_server)
3913 auth_info = self.generate_auth(auth_type=auth_type,
3914 auth_level=auth_level,
3915 auth_context_id=auth_context_id,
3916 auth_pad_length=auth_pad_ok,
3917 auth_blob=to_server)
3918 req = self.generate_alter(call_id=0,
3920 assoc_group_id=rep.u.assoc_group_id,
3921 auth_info=auth_info)
3923 rep = self.recv_pdu()
3924 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
3925 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3926 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3927 self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3928 self.assertEquals(rep.u.secondary_address_size, 0)
3929 self.assertPadding(rep.u._pad1, 2)
3930 self.assertEquals(rep.u.num_results, 1)
3931 self.assertEquals(rep.u.ctx_list[0].result,
3932 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3933 self.assertEquals(rep.u.ctx_list[0].reason,
3934 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3935 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3936 self.assertNotEquals(len(rep.u.auth_info), 0)
3937 a = self.parse_auth(rep.u.auth_info)
3939 from_server = a.credentials
3940 (finished, to_server) = g.update(from_server)
3941 self.assertTrue(finished)
3943 # And now try a request without auth_info
3944 req = self.generate_request(call_id=2,
3945 context_id=ctx1.context_id,
3949 rep = self.recv_pdu()
3950 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3952 self.assertNotEquals(rep.u.alloc_hint, 0)
3953 self.assertEquals(rep.u.context_id, req.u.context_id)
3954 self.assertEquals(rep.u.cancel_count, 0)
3955 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3957 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
3958 auth_info = self.generate_auth(auth_type=auth_type,
3959 auth_level=auth_level,
3960 auth_context_id=auth_context_id,
3961 auth_blob=b"\x01" + b"\x00" * 15)
3962 req = self.generate_request(call_id=3,
3963 context_id=ctx1.context_id,
3966 auth_info=auth_info)
3968 rep = self.recv_pdu()
3969 # We don't get an auth_info back
3970 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3972 self.assertNotEquals(rep.u.alloc_hint, 0)
3973 self.assertEquals(rep.u.context_id, req.u.context_id)
3974 self.assertEquals(rep.u.cancel_count, 0)
3975 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3977 self._disconnect("disconnect")
3978 self.assertNotConnected()
3980 def test_spnego_auth_pad_fail_bind(self):
3981 ndr32 = base.transfer_syntax_ndr()
3984 ctx1 = dcerpc.ctx_list()
3986 ctx1.num_transfer_syntaxes = len(tsf1_list)
3987 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3988 ctx1.transfer_syntaxes = tsf1_list
3991 c = self.get_anon_creds()
3992 g = gensec.Security.start_client(self.settings)
3993 g.set_credentials(c)
3994 g.want_feature(gensec.FEATURE_DCE_STYLE)
3995 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3996 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3998 g.start_mech_by_authtype(auth_type, auth_level)
4000 (finished, to_server) = g.update(from_server)
4001 self.assertFalse(finished)
4003 auth_info = self.generate_auth(auth_type=auth_type,
4004 auth_level=auth_level,
4005 auth_context_id=auth_context_id,
4006 auth_blob=to_server)
4008 req = self.generate_bind(call_id=0,
4010 auth_info=auth_info)
4011 req_pdu = samba.ndr.ndr_pack(req)
4013 auth_pad_ok = len(req_pdu)
4014 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
4015 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4016 auth_pad_ok -= len(to_server)
4017 auth_pad_bad = auth_pad_ok + 1
4018 auth_info = self.generate_auth(auth_type=auth_type,
4019 auth_level=auth_level,
4020 auth_context_id=auth_context_id,
4021 auth_pad_length=auth_pad_bad,
4022 auth_blob=to_server)
4024 req = self.generate_bind(call_id=0,
4026 auth_info=auth_info)
4028 rep = self.recv_pdu()
4029 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
4031 self.assertEquals(rep.u.reject_reason,
4032 dcerpc.DCERPC_BIND_NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED)
4033 self.assertEquals(rep.u.num_versions, 1)
4034 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
4035 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
4036 self.assertEquals(len(rep.u._pad), 3)
4037 self.assertEquals(rep.u._pad, b'\0' * 3)
4039 # wait for a disconnect
4040 rep = self.recv_pdu()
4041 self.assertIsNone(rep)
4042 self.assertNotConnected()
4044 def test_spnego_auth_pad_fail_alter(self):
4045 ndr32 = base.transfer_syntax_ndr()
4048 ctx1 = dcerpc.ctx_list()
4050 ctx1.num_transfer_syntaxes = len(tsf1_list)
4051 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4052 ctx1.transfer_syntaxes = tsf1_list
4055 c = self.get_anon_creds()
4056 g = gensec.Security.start_client(self.settings)
4057 g.set_credentials(c)
4058 g.want_feature(gensec.FEATURE_DCE_STYLE)
4059 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
4060 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
4062 g.start_mech_by_authtype(auth_type, auth_level)
4064 (finished, to_server) = g.update(from_server)
4065 self.assertFalse(finished)
4067 auth_info = self.generate_auth(auth_type=auth_type,
4068 auth_level=auth_level,
4069 auth_context_id=auth_context_id,
4070 auth_blob=to_server)
4072 req = self.generate_bind(call_id=0,
4074 auth_info=auth_info)
4075 req_pdu = samba.ndr.ndr_pack(req)
4077 auth_pad_ok = len(req_pdu)
4078 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
4079 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4080 auth_pad_ok -= len(to_server)
4082 auth_info = self.generate_auth(auth_type=auth_type,
4083 auth_level=auth_level,
4084 auth_context_id=auth_context_id,
4085 auth_pad_length=auth_pad_ok,
4086 auth_blob=to_server)
4088 req = self.generate_bind(call_id=0,
4090 auth_info=auth_info)
4092 rep = self.recv_pdu()
4093 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
4094 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
4095 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
4096 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
4097 self.assertEquals(rep.u.secondary_address_size, 4)
4098 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
4099 self.assertPadding(rep.u._pad1, 2)
4100 self.assertEquals(rep.u.num_results, 1)
4101 self.assertEquals(rep.u.ctx_list[0].result,
4102 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
4103 self.assertEquals(rep.u.ctx_list[0].reason,
4104 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
4105 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
4106 self.assertNotEquals(len(rep.u.auth_info), 0)
4107 a = self.parse_auth(rep.u.auth_info)
4109 from_server = a.credentials
4110 (finished, to_server) = g.update(from_server)
4111 self.assertFalse(finished)
4113 auth_info = self.generate_auth(auth_type=auth_type,
4114 auth_level=auth_level,
4115 auth_context_id=auth_context_id,
4116 auth_blob=to_server)
4117 req = self.generate_alter(call_id=0,
4119 assoc_group_id=rep.u.assoc_group_id,
4120 auth_info=auth_info)
4121 req_pdu = samba.ndr.ndr_pack(req)
4123 auth_pad_ok = len(req_pdu)
4124 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
4125 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4126 auth_pad_ok -= len(to_server)
4127 auth_pad_bad = auth_pad_ok + 1
4128 auth_info = self.generate_auth(auth_type=auth_type,
4129 auth_level=auth_level,
4130 auth_context_id=auth_context_id,
4131 auth_pad_length=auth_pad_bad,
4132 auth_blob=to_server)
4133 req = self.generate_alter(call_id=0,
4135 assoc_group_id=rep.u.assoc_group_id,
4136 auth_info=auth_info)
4138 rep = self.recv_pdu()
4139 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
4140 pfc_flags=req.pfc_flags |
4141 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
4143 self.assertNotEquals(rep.u.alloc_hint, 0)
4144 self.assertEquals(rep.u.context_id, 0)
4145 self.assertEquals(rep.u.cancel_count, 0)
4146 self.assertEquals(rep.u.flags, 0)
4147 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
4148 self.assertEquals(rep.u.reserved, 0)
4149 self.assertEquals(len(rep.u.error_and_verifier), 0)
4151 # wait for a disconnect
4152 rep = self.recv_pdu()
4153 self.assertIsNone(rep)
4154 self.assertNotConnected()
4156 def test_ntlmssp_auth_pad_ok(self):
4157 ndr32 = base.transfer_syntax_ndr()
4160 ctx1 = dcerpc.ctx_list()
4162 ctx1.num_transfer_syntaxes = len(tsf1_list)
4163 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4164 ctx1.transfer_syntaxes = tsf1_list
4167 c = self.get_anon_creds()
4168 g = gensec.Security.start_client(self.settings)
4169 g.set_credentials(c)
4170 g.want_feature(gensec.FEATURE_DCE_STYLE)
4171 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
4172 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
4174 g.start_mech_by_authtype(auth_type, auth_level)
4176 (finished, to_server) = g.update(from_server)
4177 self.assertFalse(finished)
4179 auth_info = self.generate_auth(auth_type=auth_type,
4180 auth_level=auth_level,
4181 auth_context_id=auth_context_id,
4182 auth_blob=to_server)
4184 req = self.generate_bind(call_id=0,
4186 auth_info=auth_info)
4187 req_pdu = samba.ndr.ndr_pack(req)
4189 auth_pad_ok = len(req_pdu)
4190 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
4191 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4192 auth_pad_ok -= len(to_server)
4194 auth_info = self.generate_auth(auth_type=auth_type,
4195 auth_level=auth_level,
4196 auth_context_id=auth_context_id,
4197 auth_pad_length=auth_pad_ok,
4198 auth_blob=to_server)
4200 req = self.generate_bind(call_id=0,
4202 auth_info=auth_info)
4204 rep = self.recv_pdu()
4205 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
4206 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
4207 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
4208 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
4209 self.assertEquals(rep.u.secondary_address_size, 4)
4210 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
4211 self.assertPadding(rep.u._pad1, 2)
4212 self.assertEquals(rep.u.num_results, 1)
4213 self.assertEquals(rep.u.ctx_list[0].result,
4214 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
4215 self.assertEquals(rep.u.ctx_list[0].reason,
4216 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
4217 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
4218 self.assertNotEquals(len(rep.u.auth_info), 0)
4219 a = self.parse_auth(rep.u.auth_info)
4221 from_server = a.credentials
4222 (finished, to_server) = g.update(from_server)
4223 self.assertTrue(finished)
4226 auth_info = self.generate_auth(auth_type=auth_type,
4227 auth_level=auth_level,
4228 auth_context_id=auth_context_id,
4229 auth_pad_length=auth_pad_ok,
4230 auth_blob=to_server)
4231 req = self.generate_auth3(call_id=0,
4232 auth_info=auth_info)
4234 self.assertIsConnected()
4236 # And now try a request without auth_info
4237 req = self.generate_request(call_id=2,
4238 context_id=ctx1.context_id,
4242 rep = self.recv_pdu()
4243 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4245 self.assertNotEquals(rep.u.alloc_hint, 0)
4246 self.assertEquals(rep.u.context_id, req.u.context_id)
4247 self.assertEquals(rep.u.cancel_count, 0)
4248 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4250 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
4251 auth_info = self.generate_auth(auth_type=auth_type,
4252 auth_level=auth_level,
4253 auth_context_id=auth_context_id,
4254 auth_blob=b"\x01" + b"\x00" * 15)
4255 req = self.generate_request(call_id=3,
4256 context_id=ctx1.context_id,
4259 auth_info=auth_info)
4261 rep = self.recv_pdu()
4262 # We don't get an auth_info back
4263 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4265 self.assertNotEquals(rep.u.alloc_hint, 0)
4266 self.assertEquals(rep.u.context_id, req.u.context_id)
4267 self.assertEquals(rep.u.cancel_count, 0)
4268 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4270 self._disconnect("disconnect")
4271 self.assertNotConnected()
4273 def test_ntlmssp_auth_pad_fail_auth3(self):
4274 ndr32 = base.transfer_syntax_ndr()
4277 ctx1 = dcerpc.ctx_list()
4279 ctx1.num_transfer_syntaxes = len(tsf1_list)
4280 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4281 ctx1.transfer_syntaxes = tsf1_list
4284 c = self.get_anon_creds()
4285 g = gensec.Security.start_client(self.settings)
4286 g.set_credentials(c)
4287 g.want_feature(gensec.FEATURE_DCE_STYLE)
4288 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
4289 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
4291 g.start_mech_by_authtype(auth_type, auth_level)
4293 (finished, to_server) = g.update(from_server)
4294 self.assertFalse(finished)
4296 auth_info = self.generate_auth(auth_type=auth_type,
4297 auth_level=auth_level,
4298 auth_context_id=auth_context_id,
4299 auth_blob=to_server)
4301 req = self.generate_bind(call_id=0,
4303 auth_info=auth_info)
4304 req_pdu = samba.ndr.ndr_pack(req)
4306 auth_pad_ok = len(req_pdu)
4307 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
4308 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4309 auth_pad_ok -= len(to_server)
4311 auth_info = self.generate_auth(auth_type=auth_type,
4312 auth_level=auth_level,
4313 auth_context_id=auth_context_id,
4314 auth_pad_length=auth_pad_ok,
4315 auth_blob=to_server)
4317 req = self.generate_bind(call_id=0,
4319 auth_info=auth_info)
4321 rep = self.recv_pdu()
4322 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
4323 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
4324 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
4325 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
4326 self.assertEquals(rep.u.secondary_address_size, 4)
4327 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
4328 self.assertPadding(rep.u._pad1, 2)
4329 self.assertEquals(rep.u.num_results, 1)
4330 self.assertEquals(rep.u.ctx_list[0].result,
4331 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
4332 self.assertEquals(rep.u.ctx_list[0].reason,
4333 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
4334 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
4335 self.assertNotEquals(len(rep.u.auth_info), 0)
4336 a = self.parse_auth(rep.u.auth_info)
4338 from_server = a.credentials
4339 (finished, to_server) = g.update(from_server)
4340 self.assertTrue(finished)
4343 auth_info = self.generate_auth(auth_type=auth_type,
4344 auth_level=auth_level,
4345 auth_context_id=auth_context_id,
4346 auth_pad_length=auth_pad_bad,
4347 auth_blob=to_server)
4348 req = self.generate_auth3(call_id=0,
4349 auth_info=auth_info)
4351 rep = self.recv_pdu()
4352 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
4353 pfc_flags=req.pfc_flags |
4354 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
4356 self.assertNotEquals(rep.u.alloc_hint, 0)
4357 self.assertEquals(rep.u.context_id, 0)
4358 self.assertEquals(rep.u.cancel_count, 0)
4359 self.assertEquals(rep.u.flags, 0)
4360 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_FAULT_REMOTE_NO_MEMORY)
4361 self.assertEquals(rep.u.reserved, 0)
4362 self.assertEquals(len(rep.u.error_and_verifier), 0)
4364 # wait for a disconnect
4365 rep = self.recv_pdu()
4366 self.assertIsNone(rep)
4367 self.assertNotConnected()
4369 def _test_auth_bind_auth_level(self, auth_type, auth_level, auth_context_id, ctx,
4370 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4372 creds = self.get_user_creds()
4373 auth_context = self.get_auth_context_creds(creds=creds,
4374 auth_type=auth_type,
4375 auth_level=auth_level,
4376 auth_context_id=auth_context_id,
4377 g_auth_level=g_auth_level)
4378 if auth_context is None:
4380 ack = self.do_generic_bind(ctx=ctx,
4381 auth_context=auth_context,
4382 alter_fault=alter_fault)
4387 def _test_spnego_level_bind_nak(self, auth_level,
4388 reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_CHECKSUM):
4389 c = self.get_user_creds()
4390 return self._test_auth_type_level_bind_nak(auth_type=dcerpc.DCERPC_AUTH_TYPE_SPNEGO,
4391 auth_level=auth_level, creds=c, reason=reason)
4393 def _test_spnego_level_bind(self, auth_level,
4394 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4397 response_fault_flags=0):
4398 ndr32 = base.transfer_syntax_ndr()
4401 ctx1 = dcerpc.ctx_list()
4402 ctx1.context_id = 0x1001
4403 ctx1.num_transfer_syntaxes = len(tsf1_list)
4404 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4405 ctx1.transfer_syntaxes = tsf1_list
4407 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
4410 auth_context = self._test_auth_bind_auth_level(auth_type=auth_type,
4411 auth_level=auth_level,
4412 auth_context_id=auth_context_id,
4414 g_auth_level=g_auth_level,
4415 alter_fault=alter_fault)
4416 if request_fault is None:
4419 self.assertIsNotNone(auth_context)
4420 g = auth_context["gensec"]
4421 self.assertIsNotNone(g)
4423 stub_bin = b'\x00' * 17
4424 mod_len = len(stub_bin) % dcerpc.DCERPC_AUTH_PAD_ALIGNMENT
4427 auth_pad_length = dcerpc.DCERPC_AUTH_PAD_ALIGNMENT - mod_len
4428 stub_bin += b'\x00' * auth_pad_length
4430 if g_auth_level >= dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY:
4431 sig_size = g.sig_size(len(stub_bin))
4434 zero_sig = b"\x00" * sig_size
4436 auth_info = self.generate_auth(auth_type=auth_type,
4437 auth_level=auth_level,
4438 auth_pad_length=auth_pad_length,
4439 auth_context_id=auth_context_id,
4441 req = self.generate_request(call_id=4,
4442 context_id=ctx1.context_id,
4445 auth_info=auth_info)
4446 if g_auth_level >= dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY:
4447 req_blob = samba.ndr.ndr_pack(req)
4448 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4449 ofs_sig = len(req_blob) - req.auth_length
4450 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4451 req_data = req_blob[ofs_stub:ofs_trailer]
4452 req_whole = req_blob[0:ofs_sig]
4453 sig = g.sign_packet(req_data, req_whole)
4454 auth_info = self.generate_auth(auth_type=auth_type,
4455 auth_level=auth_level,
4456 auth_pad_length=auth_pad_length,
4457 auth_context_id=auth_context_id,
4459 req = self.generate_request(call_id=4,
4460 context_id=ctx1.context_id,
4463 auth_info=auth_info)
4465 rep = self.recv_pdu()
4466 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
4467 pfc_flags=req.pfc_flags | response_fault_flags,
4469 self.assertNotEquals(rep.u.alloc_hint, 0)
4470 self.assertEquals(rep.u.context_id, ctx1.context_id)
4471 self.assertEquals(rep.u.cancel_count, 0)
4472 self.assertEquals(rep.u.flags, 0)
4473 self.assertEquals(rep.u.status, request_fault)
4474 self.assertEquals(rep.u.reserved, 0)
4475 self.assertEquals(len(rep.u.error_and_verifier), 0)
4477 if response_fault_flags & dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE:
4480 # wait for a disconnect
4481 rep = self.recv_pdu()
4482 self.assertIsNone(rep)
4483 self.assertNotConnected()
4485 def test_spnego_none_bind(self):
4486 return self._test_spnego_level_bind_nak(dcerpc.DCERPC_AUTH_LEVEL_NONE,
4487 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
4489 def test_spnego_call_bind(self):
4490 return self._test_spnego_level_bind_nak(dcerpc.DCERPC_AUTH_LEVEL_CALL,
4491 reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_CHECKSUM)
4493 def test_spnego_0_bind(self):
4494 return self._test_spnego_level_bind_nak(0,
4495 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
4497 def test_spnego_7_bind(self):
4498 return self._test_spnego_level_bind_nak(7,
4499 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
4501 def test_spnego_255_bind(self):
4502 return self._test_spnego_level_bind_nak(255,
4503 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
4505 def test_spnego_connect_bind_none(self):
4506 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
4507 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT)
4509 def test_spnego_connect_bind_sign(self):
4510 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
4511 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
4513 def test_spnego_connect_bind_seal(self):
4514 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
4515 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY)
4517 def test_spnego_packet_bind_none(self):
4518 # DCERPC_AUTH_LEVEL_PACKET is handled as alias of
4519 # DCERPC_AUTH_LEVEL_INTEGRITY
4520 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PACKET,
4521 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
4522 request_fault=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
4524 def test_spnego_packet_bind_sign(self):
4525 # DCERPC_AUTH_LEVEL_PACKET is handled as alias of
4526 # DCERPC_AUTH_LEVEL_INTEGRITY
4527 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PACKET,
4528 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4529 request_fault=dcerpc.DCERPC_NCA_S_OP_RNG_ERROR,
4530 response_fault_flags=dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE)
4532 def test_spnego_packet_bind_seal(self):
4533 # DCERPC_AUTH_LEVEL_PACKET is handled as alias of
4534 # DCERPC_AUTH_LEVEL_INTEGRITY
4535 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PACKET,
4536 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
4537 request_fault=dcerpc.DCERPC_NCA_S_OP_RNG_ERROR,
4538 response_fault_flags=dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE)
4540 def test_spnego_integrity_bind_none(self):
4541 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4542 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
4543 request_fault=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
4545 def test_spnego_integrity_bind_sign(self):
4546 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4547 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4548 request_fault=dcerpc.DCERPC_NCA_S_OP_RNG_ERROR,
4549 response_fault_flags=dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE)
4551 def test_spnego_integrity_bind_seal(self):
4552 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4553 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
4554 request_fault=dcerpc.DCERPC_NCA_S_OP_RNG_ERROR,
4555 response_fault_flags=dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE)
4557 def test_spnego_privacy_bind_none(self):
4559 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
4560 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
4561 alter_fault=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
4563 def test_spnego_privacy_bind_sign(self):
4565 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
4566 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4567 alter_fault=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
4569 def test_spnego_privacy_bind_seal(self):
4570 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
4571 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY)
4573 def _test_auth_signing_auth_level_request(self, auth_type, auth_level, hdr_sign=False):
4574 ndr32 = base.transfer_syntax_ndr()
4577 ctx1 = dcerpc.ctx_list()
4578 ctx1.context_id = 0x1001
4579 ctx1.num_transfer_syntaxes = len(tsf1_list)
4580 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4581 ctx1.transfer_syntaxes = tsf1_list
4586 auth_context = self._test_auth_bind_auth_level(auth_type=auth_type,
4587 auth_level=auth_level,
4588 auth_context_id=auth_context_id,
4590 self.assertIsNotNone(auth_context)
4591 g = auth_context["gensec"]
4592 self.assertIsNotNone(g)
4594 stub_bin = b'\x00' * 0
4595 mod_len = len(stub_bin) % dcerpc.DCERPC_AUTH_PAD_ALIGNMENT
4598 auth_pad_length = dcerpc.DCERPC_AUTH_PAD_ALIGNMENT - mod_len
4599 stub_bin += b'\x00' * auth_pad_length
4601 sig_size = g.sig_size(len(stub_bin))
4602 zero_sig = b"\x00" * sig_size
4604 auth_info = self.generate_auth(auth_type=auth_type,
4605 auth_level=auth_level,
4606 auth_pad_length=auth_pad_length,
4607 auth_context_id=auth_context_id,
4609 req = self.generate_request(call_id=3,
4610 context_id=ctx1.context_id,
4613 auth_info=auth_info)
4614 req_blob = samba.ndr.ndr_pack(req)
4615 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4616 ofs_sig = len(req_blob) - req.auth_length
4617 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4618 req_data = req_blob[ofs_stub:ofs_trailer]
4619 req_whole = req_blob[0:ofs_sig]
4620 sig = g.sign_packet(req_data, req_whole)
4621 auth_info = self.generate_auth(auth_type=auth_type,
4622 auth_level=auth_level,
4623 auth_pad_length=auth_pad_length,
4624 auth_context_id=auth_context_id,
4626 req = self.generate_request(call_id=3,
4627 context_id=ctx1.context_id,
4630 auth_info=auth_info)
4632 (rep, rep_blob) = self.recv_pdu_raw()
4633 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4634 auth_length=sig_size)
4635 self.assertNotEquals(rep.u.alloc_hint, 0)
4636 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
4637 self.assertEquals(rep.u.cancel_count, 0)
4638 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4639 self.assertEquals(rep.auth_length, sig_size)
4641 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4642 ofs_sig = rep.frag_length - rep.auth_length
4643 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4644 rep_data = rep_blob[ofs_stub:ofs_trailer]
4645 rep_whole = rep_blob[0:ofs_sig]
4646 rep_sig = rep_blob[ofs_sig:]
4647 rep_auth_info_blob = rep_blob[ofs_trailer:]
4649 rep_auth_info = self.parse_auth(rep_auth_info_blob)
4650 self.assertEquals(rep_auth_info.auth_type, auth_type)
4651 self.assertEquals(rep_auth_info.auth_level, auth_level)
4652 # mgmt_inq_if_ids() returns no fixed size results
4653 #self.assertEquals(rep_auth_info.auth_pad_length, 0)
4654 self.assertEquals(rep_auth_info.auth_reserved, 0)
4655 self.assertEquals(rep_auth_info.auth_context_id, auth_context_id)
4656 self.assertEquals(rep_auth_info.credentials, rep_sig)
4658 g.check_packet(rep_data, rep_whole, rep_sig)
4660 stub_bin = b'\x00' * 17
4661 mod_len = len(stub_bin) % dcerpc.DCERPC_AUTH_PAD_ALIGNMENT
4664 auth_pad_length = dcerpc.DCERPC_AUTH_PAD_ALIGNMENT - mod_len
4665 stub_bin += b'\x00' * auth_pad_length
4667 sig_size = g.sig_size(len(stub_bin))
4668 zero_sig = b"\x00" * sig_size
4670 auth_info = self.generate_auth(auth_type=auth_type,
4671 auth_level=auth_level,
4672 auth_pad_length=auth_pad_length,
4673 auth_context_id=auth_context_id,
4675 req = self.generate_request(call_id=4,
4676 context_id=ctx1.context_id,
4679 auth_info=auth_info)
4680 req_blob = samba.ndr.ndr_pack(req)
4681 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4682 ofs_sig = len(req_blob) - req.auth_length
4683 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4684 req_data = req_blob[ofs_stub:ofs_trailer]
4685 req_whole = req_blob[0:ofs_sig]
4686 sig = g.sign_packet(req_data, req_whole)
4687 auth_info = self.generate_auth(auth_type=auth_type,
4688 auth_level=auth_level,
4689 auth_pad_length=auth_pad_length,
4690 auth_context_id=auth_context_id,
4692 req = self.generate_request(call_id=4,
4693 context_id=ctx1.context_id,
4696 auth_info=auth_info)
4698 rep = self.recv_pdu()
4699 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
4700 pfc_flags=req.pfc_flags |
4701 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
4703 self.assertNotEquals(rep.u.alloc_hint, 0)
4704 self.assertEquals(rep.u.context_id, ctx1.context_id)
4705 self.assertEquals(rep.u.cancel_count, 0)
4706 self.assertEquals(rep.u.flags, 0)
4707 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_OP_RNG_ERROR)
4708 self.assertEquals(rep.u.reserved, 0)
4709 self.assertEquals(len(rep.u.error_and_verifier), 0)
4711 stub_bin = b'\x00' * 8
4712 mod_len = len(stub_bin) % dcerpc.DCERPC_AUTH_PAD_ALIGNMENT
4715 auth_pad_length = dcerpc.DCERPC_AUTH_PAD_ALIGNMENT - mod_len
4716 stub_bin += b'\x00' * auth_pad_length
4718 sig_size = g.sig_size(len(stub_bin))
4719 zero_sig = b"\x00" * sig_size
4721 auth_info = self.generate_auth(auth_type=auth_type,
4722 auth_level=auth_level,
4723 auth_pad_length=auth_pad_length,
4724 auth_context_id=auth_context_id,
4726 req = self.generate_request(call_id=5,
4727 context_id=ctx1.context_id,
4730 auth_info=auth_info)
4731 req_blob = samba.ndr.ndr_pack(req)
4732 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4733 ofs_sig = len(req_blob) - req.auth_length
4734 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4735 req_data = req_blob[ofs_stub:ofs_trailer]
4736 req_whole = req_blob[0:ofs_sig]
4737 sig = g.sign_packet(req_data, req_whole)
4738 auth_info = self.generate_auth(auth_type=auth_type,
4739 auth_level=auth_level,
4740 auth_pad_length=auth_pad_length,
4741 auth_context_id=auth_context_id,
4743 req = self.generate_request(call_id=5,
4744 context_id=ctx1.context_id,
4747 auth_info=auth_info)
4749 (rep, rep_blob) = self.recv_pdu_raw()
4750 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4751 auth_length=sig_size)
4752 self.assertNotEquals(rep.u.alloc_hint, 0)
4753 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
4754 self.assertEquals(rep.u.cancel_count, 0)
4755 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4756 self.assertEquals(rep.auth_length, sig_size)
4758 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4759 ofs_sig = rep.frag_length - rep.auth_length
4760 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4761 rep_data = rep_blob[ofs_stub:ofs_trailer]
4762 rep_whole = rep_blob[0:ofs_sig]
4763 rep_sig = rep_blob[ofs_sig:]
4764 rep_auth_info_blob = rep_blob[ofs_trailer:]
4766 rep_auth_info = self.parse_auth(rep_auth_info_blob)
4767 self.assertEquals(rep_auth_info.auth_type, auth_type)
4768 self.assertEquals(rep_auth_info.auth_level, auth_level)
4769 self.assertEquals(rep_auth_info.auth_pad_length, 4)
4770 self.assertEquals(rep_auth_info.auth_reserved, 0)
4771 self.assertEquals(rep_auth_info.auth_context_id, auth_context_id)
4772 self.assertEquals(rep_auth_info.credentials, rep_sig)
4774 g.check_packet(rep_data, rep_whole, rep_sig)
4776 stub_bin = b'\x00' * 8
4777 mod_len = len(stub_bin) % dcerpc.DCERPC_AUTH_PAD_ALIGNMENT
4780 auth_pad_length = dcerpc.DCERPC_AUTH_PAD_ALIGNMENT - mod_len
4781 stub_bin += b'\x00' * auth_pad_length
4783 sig_size = g.sig_size(len(stub_bin))
4784 zero_sig = b"\x00" * sig_size
4786 auth_info = self.generate_auth(auth_type=auth_type,
4787 auth_level=auth_level,
4788 auth_pad_length=auth_pad_length,
4789 auth_context_id=auth_context_id,
4791 req = self.generate_request(call_id=6,
4792 context_id=ctx1.context_id,
4795 auth_info=auth_info)
4796 req_blob = samba.ndr.ndr_pack(req)
4797 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4798 ofs_sig = len(req_blob) - req.auth_length
4799 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4800 req_data = req_blob[ofs_stub:ofs_trailer]
4801 req_whole = req_blob[0:ofs_sig]
4802 sig = g.sign_packet(req_data, req_whole)
4803 auth_info = self.generate_auth(auth_type=auth_type,
4804 auth_level=auth_level,
4805 auth_pad_length=auth_pad_length,
4806 auth_context_id=auth_context_id,
4808 req = self.generate_request(call_id=6,
4809 context_id=ctx1.context_id,
4812 auth_info=auth_info)
4814 (rep, rep_blob) = self.recv_pdu_raw()
4815 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4816 auth_length=sig_size)
4817 self.assertNotEquals(rep.u.alloc_hint, 0)
4818 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
4819 self.assertEquals(rep.u.cancel_count, 0)
4820 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4821 self.assertEquals(rep.auth_length, sig_size)
4823 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4824 ofs_sig = rep.frag_length - rep.auth_length
4825 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4826 rep_data = rep_blob[ofs_stub:ofs_trailer]
4827 rep_whole = rep_blob[0:ofs_sig]
4828 rep_sig = rep_blob[ofs_sig:]
4829 rep_auth_info_blob = rep_blob[ofs_trailer:]
4831 rep_auth_info = self.parse_auth(rep_auth_info_blob)
4832 self.assertEquals(rep_auth_info.auth_type, auth_type)
4833 self.assertEquals(rep_auth_info.auth_level, auth_level)
4834 self.assertEquals(rep_auth_info.auth_pad_length, 12)
4835 self.assertEquals(rep_auth_info.auth_reserved, 0)
4836 self.assertEquals(rep_auth_info.auth_context_id, auth_context_id)
4837 self.assertEquals(rep_auth_info.credentials, rep_sig)
4839 g.check_packet(rep_data, rep_whole, rep_sig)
4841 def test_spnego_signing_packet(self):
4842 # DCERPC_AUTH_LEVEL_PACKET is handled as alias of
4843 # DCERPC_AUTH_LEVEL_INTEGRITY
4844 return self._test_auth_signing_auth_level_request(dcerpc.DCERPC_AUTH_TYPE_SPNEGO,
4845 dcerpc.DCERPC_AUTH_LEVEL_PACKET)
4847 def test_spnego_signing_integrity(self):
4848 return self._test_auth_signing_auth_level_request(dcerpc.DCERPC_AUTH_TYPE_SPNEGO,
4849 dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
4851 def test_assoc_group_fail1(self):
4852 abstract = samba.dcerpc.mgmt.abstract_syntax()
4853 transfer = base.transfer_syntax_ndr()
4855 tsf1_list = [transfer]
4856 ctx = samba.dcerpc.dcerpc.ctx_list()
4858 ctx.num_transfer_syntaxes = len(tsf1_list)
4859 ctx.abstract_syntax = abstract
4860 ctx.transfer_syntaxes = tsf1_list
4862 ack = self.do_generic_bind(ctx=ctx, assoc_group_id=1,
4863 nak_reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
4866 def test_assoc_group_fail2(self):
4867 abstract = samba.dcerpc.mgmt.abstract_syntax()
4868 transfer = base.transfer_syntax_ndr()
4870 tsf1_list = [transfer]
4871 ctx = samba.dcerpc.dcerpc.ctx_list()
4873 ctx.num_transfer_syntaxes = len(tsf1_list)
4874 ctx.abstract_syntax = abstract
4875 ctx.transfer_syntaxes = tsf1_list
4877 ack = self.do_generic_bind(ctx=ctx)
4879 self._disconnect("test_assoc_group_fail2")
4880 self.assertNotConnected()
4884 ack2 = self.do_generic_bind(ctx=ctx, assoc_group_id=ack.u.assoc_group_id,
4885 nak_reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
4888 def test_assoc_group_diff1(self):
4889 abstract = samba.dcerpc.mgmt.abstract_syntax()
4890 transfer = base.transfer_syntax_ndr()
4892 (ctx1, ack1) = self.prepare_presentation(abstract, transfer,
4893 context_id=1, return_ack=True)
4895 conn2 = self.second_connection()
4896 (ctx2, ack2) = conn2.prepare_presentation(abstract, transfer,
4897 context_id=2, return_ack=True)
4898 self.assertNotEqual(ack2.u.assoc_group_id, ack1.u.assoc_group_id)
4900 conn2._disconnect("End of Test")
4903 def test_assoc_group_ok1(self):
4904 abstract = samba.dcerpc.mgmt.abstract_syntax()
4905 transfer = base.transfer_syntax_ndr()
4907 (ctx1, ack1) = self.prepare_presentation(abstract, transfer,
4908 context_id=1, return_ack=True)
4910 conn2 = self.second_connection()
4911 (ctx2, ack2) = conn2.prepare_presentation(abstract, transfer,
4912 assoc_group_id=ack1.u.assoc_group_id,
4913 context_id=2, return_ack=True)
4915 inq_if_ids = samba.dcerpc.mgmt.inq_if_ids()
4916 self.do_single_request(call_id=1, ctx=ctx1, io=inq_if_ids)
4917 conn2.do_single_request(call_id=1, ctx=ctx2, io=inq_if_ids)
4919 conn2.do_single_request(call_id=1, ctx=ctx1, io=inq_if_ids,
4921 samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST |
4922 samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST |
4923 samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE),
4924 fault_status=dcerpc.DCERPC_NCA_S_UNKNOWN_IF,
4927 self.do_single_request(call_id=1, ctx=ctx1, io=inq_if_ids)
4928 conn2.do_single_request(call_id=1, ctx=ctx2, io=inq_if_ids)
4929 conn2._disconnect("End of Test")
4933 if __name__ == "__main__":
4934 global_ndr_print = True
4935 global_hexdump = True