2 # Unix SMB/CIFS implementation.
3 # Copyright (C) Stefan Metzmacher 2014,2015
5 # This program is free software; you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 3 of the License, or
8 # (at your option) any later version.
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
15 # You should have received a copy of the GNU General Public License
16 # along with this program. If not, see <http://www.gnu.org/licenses/>.
23 sys.path.insert(0, "bin/python")
24 os.environ["PYTHONUNBUFFERED"] = "1"
26 import samba.dcerpc.dcerpc as dcerpc
27 import samba.dcerpc.base as base
28 import samba.dcerpc.misc as misc
29 import samba.dcerpc.epmapper
30 import samba.dcerpc.mgmt
31 import samba.dcerpc.netlogon
33 from samba import gensec
34 from samba.tests.dcerpc.raw_testcase import RawDCERPCTest
35 from samba.compat import binary_type
37 global_ndr_print = False
38 global_hexdump = False
41 class TestDCERPC_BIND(RawDCERPCTest):
44 super(TestDCERPC_BIND, self).setUp()
45 self.do_ndr_print = global_ndr_print
46 self.do_hexdump = global_hexdump
48 def _test_no_auth_request_bind_pfc_flags(self, req_pfc_flags, rep_pfc_flags):
49 ndr32 = base.transfer_syntax_ndr()
52 ctx1 = dcerpc.ctx_list()
54 ctx1.num_transfer_syntaxes = len(tsf1_list)
55 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
56 ctx1.transfer_syntaxes = tsf1_list
58 req = self.generate_bind(call_id=0, pfc_flags=req_pfc_flags, ctx_list=[ctx1])
61 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
62 pfc_flags=rep_pfc_flags, auth_length=0)
63 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
64 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
65 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
66 self.assertEquals(rep.u.secondary_address_size, 4)
67 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
68 self.assertPadding(rep.u._pad1, 2)
69 self.assertEquals(rep.u.num_results, 1)
70 self.assertEquals(rep.u.ctx_list[0].result,
71 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
72 self.assertEquals(rep.u.ctx_list[0].reason,
73 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
74 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
75 self.assertEquals(rep.u.auth_info, b'\0' * 0)
77 # And now try a request
78 req = self.generate_request(call_id=1,
79 context_id=ctx1.context_id,
84 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
86 self.assertNotEquals(rep.u.alloc_hint, 0)
87 self.assertEquals(rep.u.context_id, req.u.context_id)
88 self.assertEquals(rep.u.cancel_count, 0)
89 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
91 def _test_no_auth_request_alter_pfc_flags(self, req_pfc_flags, rep_pfc_flags):
92 ndr32 = base.transfer_syntax_ndr()
95 ctx1 = dcerpc.ctx_list()
97 ctx1.num_transfer_syntaxes = len(tsf1_list)
98 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
99 ctx1.transfer_syntaxes = tsf1_list
101 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
103 rep = self.recv_pdu()
104 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
106 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
107 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
108 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
109 self.assertEquals(rep.u.secondary_address_size, 4)
110 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
111 self.assertPadding(rep.u._pad1, 2)
112 self.assertEquals(rep.u.num_results, 1)
113 self.assertEquals(rep.u.ctx_list[0].result,
114 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
115 self.assertEquals(rep.u.ctx_list[0].reason,
116 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
117 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
118 self.assertEquals(rep.u.auth_info, b'\0' * 0)
120 # And now try a alter context
121 req = self.generate_alter(call_id=0, pfc_flags=req_pfc_flags, ctx_list=[ctx1])
123 rep = self.recv_pdu()
124 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
125 pfc_flags=rep_pfc_flags, auth_length=0)
126 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
127 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
128 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
129 self.assertEquals(rep.u.secondary_address_size, 0)
130 self.assertEquals(rep.u.secondary_address, "")
131 self.assertPadding(rep.u._pad1, 2)
132 self.assertEquals(rep.u.num_results, 1)
133 self.assertEquals(rep.u.ctx_list[0].result,
134 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
135 self.assertEquals(rep.u.ctx_list[0].reason,
136 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
137 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
138 self.assertEquals(rep.u.auth_info, b'\0' * 0)
140 # And now try a request
141 req = self.generate_request(call_id=1,
142 context_id=ctx1.context_id,
146 rep = self.recv_pdu()
147 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
149 self.assertNotEquals(rep.u.alloc_hint, 0)
150 self.assertEquals(rep.u.context_id, req.u.context_id)
151 self.assertEquals(rep.u.cancel_count, 0)
152 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
154 def test_no_auth_request(self):
155 return self._test_no_auth_request_bind_pfc_flags(
157 dcerpc.DCERPC_PFC_FLAG_FIRST |
158 dcerpc.DCERPC_PFC_FLAG_LAST,
160 dcerpc.DCERPC_PFC_FLAG_FIRST |
161 dcerpc.DCERPC_PFC_FLAG_LAST)
163 def test_no_auth_request_bind_pfc_00(self):
164 return self._test_no_auth_request_bind_pfc_flags(
168 dcerpc.DCERPC_PFC_FLAG_FIRST |
169 dcerpc.DCERPC_PFC_FLAG_LAST)
171 def test_no_auth_request_bind_pfc_FIRST(self):
172 return self._test_no_auth_request_bind_pfc_flags(
174 dcerpc.DCERPC_PFC_FLAG_FIRST |
177 dcerpc.DCERPC_PFC_FLAG_FIRST |
178 dcerpc.DCERPC_PFC_FLAG_LAST)
180 def test_no_auth_request_bind_pfc_LAST(self):
181 return self._test_no_auth_request_bind_pfc_flags(
183 dcerpc.DCERPC_PFC_FLAG_LAST |
186 dcerpc.DCERPC_PFC_FLAG_FIRST |
187 dcerpc.DCERPC_PFC_FLAG_LAST)
189 def test_no_auth_request_bind_pfc_HDR_SIGNING(self):
190 return self._test_no_auth_request_bind_pfc_flags(
192 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN |
195 dcerpc.DCERPC_PFC_FLAG_FIRST |
196 dcerpc.DCERPC_PFC_FLAG_LAST |
197 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)
199 def test_no_auth_request_bind_pfc_08(self):
200 return self._test_no_auth_request_bind_pfc_flags(
205 dcerpc.DCERPC_PFC_FLAG_FIRST |
206 dcerpc.DCERPC_PFC_FLAG_LAST)
208 def test_no_auth_request_bind_pfc_CONC_MPX(self):
209 return self._test_no_auth_request_bind_pfc_flags(
211 dcerpc.DCERPC_PFC_FLAG_CONC_MPX |
214 dcerpc.DCERPC_PFC_FLAG_FIRST |
215 dcerpc.DCERPC_PFC_FLAG_LAST |
216 dcerpc.DCERPC_PFC_FLAG_CONC_MPX)
218 def test_no_auth_request_bind_pfc_DID_NOT_EXECUTE(self):
219 return self._test_no_auth_request_bind_pfc_flags(
221 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE |
224 dcerpc.DCERPC_PFC_FLAG_FIRST |
225 dcerpc.DCERPC_PFC_FLAG_LAST)
227 def test_no_auth_request_bind_pfc_MAYBE(self):
228 return self._test_no_auth_request_bind_pfc_flags(
230 dcerpc.DCERPC_PFC_FLAG_MAYBE |
233 dcerpc.DCERPC_PFC_FLAG_FIRST |
234 dcerpc.DCERPC_PFC_FLAG_LAST)
236 def test_no_auth_request_bind_pfc_OBJECT_UUID(self):
237 return self._test_no_auth_request_bind_pfc_flags(
239 dcerpc.DCERPC_PFC_FLAG_OBJECT_UUID |
242 dcerpc.DCERPC_PFC_FLAG_FIRST |
243 dcerpc.DCERPC_PFC_FLAG_LAST)
245 # TODO: doesn't announce DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
246 # without authentication
247 # TODO: doesn't announce DCERPC_PFC_FLAG_CONC_MPX
249 def _test_no_auth_request_bind_pfc_ff(self):
250 return self._test_no_auth_request_bind_pfc_flags(
255 dcerpc.DCERPC_PFC_FLAG_FIRST |
256 dcerpc.DCERPC_PFC_FLAG_LAST |
257 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN |
258 dcerpc.DCERPC_PFC_FLAG_CONC_MPX)
260 def test_no_auth_request_alter_pfc_00(self):
261 return self._test_no_auth_request_alter_pfc_flags(
265 dcerpc.DCERPC_PFC_FLAG_FIRST |
266 dcerpc.DCERPC_PFC_FLAG_LAST)
268 def test_no_auth_request_alter_pfc_FIRST(self):
269 return self._test_no_auth_request_alter_pfc_flags(
271 dcerpc.DCERPC_PFC_FLAG_FIRST |
274 dcerpc.DCERPC_PFC_FLAG_FIRST |
275 dcerpc.DCERPC_PFC_FLAG_LAST)
277 def test_no_auth_request_alter_pfc_LAST(self):
278 return self._test_no_auth_request_alter_pfc_flags(
280 dcerpc.DCERPC_PFC_FLAG_LAST |
283 dcerpc.DCERPC_PFC_FLAG_FIRST |
284 dcerpc.DCERPC_PFC_FLAG_LAST)
286 def test_no_auth_request_alter_pfc_HDR_SIGNING(self):
287 return self._test_no_auth_request_alter_pfc_flags(
289 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN |
292 dcerpc.DCERPC_PFC_FLAG_FIRST |
293 dcerpc.DCERPC_PFC_FLAG_LAST |
294 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)
296 def test_no_auth_request_alter_pfc_08(self):
297 return self._test_no_auth_request_alter_pfc_flags(
302 dcerpc.DCERPC_PFC_FLAG_FIRST |
303 dcerpc.DCERPC_PFC_FLAG_LAST)
305 def test_no_auth_request_alter_pfc_CONC_MPX(self):
306 return self._test_no_auth_request_alter_pfc_flags(
308 dcerpc.DCERPC_PFC_FLAG_CONC_MPX |
311 dcerpc.DCERPC_PFC_FLAG_FIRST |
312 dcerpc.DCERPC_PFC_FLAG_LAST)
314 def test_no_auth_request_alter_pfc_DID_NOT_EXECUTE(self):
315 return self._test_no_auth_request_alter_pfc_flags(
317 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE |
320 dcerpc.DCERPC_PFC_FLAG_FIRST |
321 dcerpc.DCERPC_PFC_FLAG_LAST)
323 def test_no_auth_request_alter_pfc_MAYBE(self):
324 return self._test_no_auth_request_alter_pfc_flags(
326 dcerpc.DCERPC_PFC_FLAG_MAYBE |
329 dcerpc.DCERPC_PFC_FLAG_FIRST |
330 dcerpc.DCERPC_PFC_FLAG_LAST)
332 def test_no_auth_request_alter_pfc_OBJECT_UUID(self):
333 return self._test_no_auth_request_alter_pfc_flags(
335 dcerpc.DCERPC_PFC_FLAG_OBJECT_UUID |
338 dcerpc.DCERPC_PFC_FLAG_FIRST |
339 dcerpc.DCERPC_PFC_FLAG_LAST)
341 def test_no_auth_request_alter_pfc_ff(self):
342 return self._test_no_auth_request_alter_pfc_flags(
347 dcerpc.DCERPC_PFC_FLAG_FIRST |
348 dcerpc.DCERPC_PFC_FLAG_LAST |
349 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)
351 def test_no_auth_no_ctx(self):
352 # send an useless bind
353 req = self.generate_bind(call_id=0)
355 rep = self.recv_pdu()
356 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
358 self.assertEquals(rep.u.reject_reason,
359 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
360 self.assertEquals(rep.u.num_versions, 1)
361 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
362 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
363 self.assertPadding(rep.u._pad, 3)
365 def test_invalid_auth_noctx(self):
366 req = self.generate_bind(call_id=0)
367 req.auth_length = dcerpc.DCERPC_AUTH_TRAILER_LENGTH
369 rep = self.recv_pdu()
370 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
372 self.assertEquals(rep.u.reject_reason,
373 dcerpc.DCERPC_BIND_NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED)
374 self.assertEquals(rep.u.num_versions, 1)
375 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
376 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
377 self.assertPadding(rep.u._pad, 3)
379 def test_no_auth_valid_valid_request(self):
380 ndr32 = base.transfer_syntax_ndr()
383 ctx1 = dcerpc.ctx_list()
385 ctx1.num_transfer_syntaxes = len(tsf1_list)
386 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
387 ctx1.transfer_syntaxes = tsf1_list
389 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
391 rep = self.recv_pdu()
392 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
394 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
395 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
396 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
397 self.assertEquals(rep.u.secondary_address_size, 4)
398 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
399 self.assertPadding(rep.u._pad1, 2)
400 self.assertEquals(rep.u.num_results, 1)
401 self.assertEquals(rep.u.ctx_list[0].result,
402 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
403 self.assertEquals(rep.u.ctx_list[0].reason,
404 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
405 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
406 self.assertEquals(rep.u.auth_info, b'\0' * 0)
410 ctx2 = dcerpc.ctx_list()
412 ctx2.num_transfer_syntaxes = len(tsf2_list)
413 ctx2.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
414 ctx2.transfer_syntaxes = tsf2_list
416 req = self.generate_bind(call_id=1, ctx_list=[ctx2])
418 rep = self.recv_pdu()
419 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
421 self.assertEquals(rep.u.reject_reason,
422 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
423 self.assertEquals(rep.u.num_versions, 1)
424 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
425 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
426 self.assertPadding(rep.u._pad, 3)
428 # wait for a disconnect
429 rep = self.recv_pdu()
430 self.assertIsNone(rep)
431 self.assertNotConnected()
433 def test_no_auth_invalid_valid_request(self):
434 # send an useless bind
435 req = self.generate_bind(call_id=0)
437 rep = self.recv_pdu()
438 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
440 self.assertEquals(rep.u.reject_reason,
441 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
442 self.assertEquals(rep.u.num_versions, 1)
443 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
444 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
445 self.assertPadding(rep.u._pad, 3)
447 # wait for a disconnect
448 rep = self.recv_pdu()
449 self.assertIsNone(rep)
450 self.assertNotConnected()
452 def test_alter_no_auth_no_ctx(self):
453 ndr32 = base.transfer_syntax_ndr()
456 ctx1 = dcerpc.ctx_list()
458 ctx1.num_transfer_syntaxes = len(tsf1_list)
459 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
460 ctx1.transfer_syntaxes = tsf1_list
462 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
464 rep = self.recv_pdu()
465 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
467 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
468 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
469 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
470 self.assertEquals(rep.u.secondary_address_size, 4)
471 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
472 self.assertPadding(rep.u._pad1, 2)
473 self.assertEquals(rep.u.num_results, 1)
474 self.assertEquals(rep.u.ctx_list[0].result,
475 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
476 self.assertEquals(rep.u.ctx_list[0].reason,
477 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
478 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
479 self.assertEquals(rep.u.auth_info, b'\0' * 0)
482 req = self.generate_alter(call_id=1, ctx_list=[])
484 rep = self.recv_pdu()
485 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
486 pfc_flags=req.pfc_flags |
487 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
489 self.assertNotEquals(rep.u.alloc_hint, 0)
490 self.assertEquals(rep.u.context_id, 0)
491 self.assertEquals(rep.u.cancel_count, 0)
492 self.assertEquals(rep.u.flags, 0)
493 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
494 self.assertEquals(rep.u.reserved, 0)
495 self.assertEquals(len(rep.u.error_and_verifier), 0)
497 # wait for a disconnect
498 rep = self.recv_pdu()
499 self.assertIsNone(rep)
500 self.assertNotConnected()
502 def test_no_auth_presentation_ctx_valid1(self):
503 ndr32 = base.transfer_syntax_ndr()
505 zero_syntax = misc.ndr_syntax_id()
507 tsf1_list = [zero_syntax, ndr32]
508 ctx1 = dcerpc.ctx_list()
510 ctx1.num_transfer_syntaxes = len(tsf1_list)
511 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
512 ctx1.transfer_syntaxes = tsf1_list
514 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
516 rep = self.recv_pdu()
517 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
519 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
520 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
521 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
522 self.assertEquals(rep.u.secondary_address_size, 4)
523 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
524 self.assertPadding(rep.u._pad1, 2)
525 self.assertEquals(rep.u.num_results, 1)
526 self.assertEquals(rep.u.ctx_list[0].result,
527 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
528 self.assertEquals(rep.u.ctx_list[0].reason,
529 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
530 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
531 self.assertEquals(rep.u.auth_info, b'\0' * 0)
534 req = self.generate_alter(call_id=1, ctx_list=[ctx1])
536 rep = self.recv_pdu()
537 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
539 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
540 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
541 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
542 self.assertEquals(rep.u.secondary_address_size, 0)
543 self.assertPadding(rep.u._pad1, 2)
544 self.assertEquals(rep.u.num_results, 1)
545 self.assertEquals(rep.u.ctx_list[0].result,
546 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
547 self.assertEquals(rep.u.ctx_list[0].reason,
548 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
549 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
550 self.assertEquals(rep.u.auth_info, b'\0' * 0)
552 req = self.generate_request(call_id=2,
553 context_id=ctx1.context_id,
557 rep = self.recv_pdu()
558 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
559 pfc_flags=req.pfc_flags |
560 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
562 self.assertNotEquals(rep.u.alloc_hint, 0)
563 self.assertEquals(rep.u.context_id, ctx1.context_id)
564 self.assertEquals(rep.u.cancel_count, 0)
565 self.assertEquals(rep.u.flags, 0)
566 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_OP_RNG_ERROR)
567 self.assertEquals(rep.u.reserved, 0)
568 self.assertEquals(len(rep.u.error_and_verifier), 0)
570 def test_no_auth_presentation_ctx_invalid1(self):
571 ndr32 = base.transfer_syntax_ndr()
573 zero_syntax = misc.ndr_syntax_id()
576 ctx1 = dcerpc.ctx_list()
578 ctx1.num_transfer_syntaxes = len(tsf1_list)
579 ctx1.abstract_syntax = ndr32
580 ctx1.transfer_syntaxes = tsf1_list
582 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
584 rep = self.recv_pdu()
585 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
587 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
588 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
589 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
590 self.assertEquals(rep.u.secondary_address_size, 4)
591 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
592 self.assertPadding(rep.u._pad1, 2)
593 self.assertEquals(rep.u.num_results, 1)
594 self.assertEquals(rep.u.ctx_list[0].result,
595 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
596 self.assertEquals(rep.u.ctx_list[0].reason,
597 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
598 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
599 self.assertEquals(rep.u.auth_info, b'\0' * 0)
602 req = self.generate_alter(call_id=1, ctx_list=[ctx1])
604 rep = self.recv_pdu()
605 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
607 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
608 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
609 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
610 self.assertEquals(rep.u.secondary_address_size, 0)
611 self.assertPadding(rep.u._pad1, 2)
612 self.assertEquals(rep.u.num_results, 1)
613 self.assertEquals(rep.u.ctx_list[0].result,
614 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
615 self.assertEquals(rep.u.ctx_list[0].reason,
616 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
617 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
618 self.assertEquals(rep.u.auth_info, b'\0' * 0)
620 req = self.generate_request(call_id=2,
625 rep = self.recv_pdu()
626 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
627 pfc_flags=req.pfc_flags |
628 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
630 self.assertNotEquals(rep.u.alloc_hint, 0)
631 self.assertEquals(rep.u.context_id, 0)
632 self.assertEquals(rep.u.cancel_count, 0)
633 self.assertEquals(rep.u.flags, 0)
634 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_UNKNOWN_IF)
635 self.assertEquals(rep.u.reserved, 0)
636 self.assertEquals(len(rep.u.error_and_verifier), 0)
638 # Send a alter again to prove the connection is still alive
639 req = self.generate_alter(call_id=3, ctx_list=[ctx1])
641 rep = self.recv_pdu()
642 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
644 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
645 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
646 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
647 self.assertEquals(rep.u.secondary_address_size, 0)
648 self.assertPadding(rep.u._pad1, 2)
649 self.assertEquals(rep.u.num_results, 1)
650 self.assertEquals(rep.u.ctx_list[0].result,
651 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
652 self.assertEquals(rep.u.ctx_list[0].reason,
653 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
654 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
655 self.assertEquals(rep.u.auth_info, b'\0' * 0)
657 def test_no_auth_presentation_ctx_invalid2(self):
658 ndr32 = base.transfer_syntax_ndr()
660 zero_syntax = misc.ndr_syntax_id()
663 ctx1a = dcerpc.ctx_list()
665 ctx1a.num_transfer_syntaxes = len(tsf1a_list)
666 ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
667 ctx1a.transfer_syntaxes = tsf1a_list
669 req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
671 rep = self.recv_pdu()
672 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
674 self.assertEquals(rep.u.reject_reason,
675 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
676 self.assertEquals(rep.u.num_versions, 1)
677 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
678 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
679 self.assertPadding(rep.u._pad, 3)
681 # wait for a disconnect
682 rep = self.recv_pdu()
683 self.assertIsNone(rep)
684 self.assertNotConnected()
686 def test_no_auth_presentation_ctx_invalid3(self):
687 ndr32 = base.transfer_syntax_ndr()
689 zero_syntax = misc.ndr_syntax_id()
691 tsf1a_list = [zero_syntax, ndr32, ndr32, ndr32]
692 ctx1a = dcerpc.ctx_list()
694 ctx1a.num_transfer_syntaxes = len(tsf1a_list)
695 ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
696 ctx1a.transfer_syntaxes = tsf1a_list
698 req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
700 rep = self.recv_pdu()
701 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
703 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
704 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
705 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
706 self.assertEquals(rep.u.secondary_address_size, 4)
707 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
708 self.assertPadding(rep.u._pad1, 2)
709 self.assertEquals(rep.u.num_results, 1)
710 self.assertEquals(rep.u.ctx_list[0].result,
711 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
712 self.assertEquals(rep.u.ctx_list[0].reason,
713 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
714 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
715 self.assertEquals(rep.u.auth_info, b'\0' * 0)
718 ctx1b = dcerpc.ctx_list()
720 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
721 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
722 ctx1b.transfer_syntaxes = tsf1b_list
725 req = self.generate_alter(call_id=1, ctx_list=[ctx1b])
727 rep = self.recv_pdu()
728 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
729 pfc_flags=req.pfc_flags |
730 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
732 self.assertNotEquals(rep.u.alloc_hint, 0)
733 self.assertEquals(rep.u.context_id, 0)
734 self.assertEquals(rep.u.cancel_count, 0)
735 self.assertEquals(rep.u.flags, 0)
736 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
737 self.assertEquals(rep.u.reserved, 0)
738 self.assertEquals(len(rep.u.error_and_verifier), 0)
740 # wait for a disconnect
741 rep = self.recv_pdu()
742 self.assertIsNone(rep)
743 self.assertNotConnected()
745 def test_no_auth_presentation_ctx_invalid4(self):
746 ndr32 = base.transfer_syntax_ndr()
747 ndr64 = base.transfer_syntax_ndr64()
749 zero_syntax = misc.ndr_syntax_id()
751 tsf1a_list = [zero_syntax, ndr32, ndr32, ndr32]
752 ctx1a = dcerpc.ctx_list()
754 ctx1a.num_transfer_syntaxes = len(tsf1a_list)
755 ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
756 ctx1a.transfer_syntaxes = tsf1a_list
758 req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
760 rep = self.recv_pdu()
761 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
763 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
764 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
765 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
766 self.assertEquals(rep.u.secondary_address_size, 4)
767 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
768 self.assertPadding(rep.u._pad1, 2)
769 self.assertEquals(rep.u.num_results, 1)
770 self.assertEquals(rep.u.ctx_list[0].result,
771 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
772 self.assertEquals(rep.u.ctx_list[0].reason,
773 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
774 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
775 self.assertEquals(rep.u.auth_info, b'\0' * 0)
777 # With a known but wrong syntax we get a protocol error
778 # see test_no_auth_presentation_ctx_valid2
779 tsf1b_list = [zero_syntax, samba.dcerpc.epmapper.abstract_syntax(), ndr64]
780 ctx1b = dcerpc.ctx_list()
782 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
783 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
784 ctx1b.transfer_syntaxes = tsf1b_list
787 req = self.generate_alter(call_id=1, ctx_list=[ctx1b])
789 rep = self.recv_pdu()
790 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
791 pfc_flags=req.pfc_flags |
792 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
794 self.assertNotEquals(rep.u.alloc_hint, 0)
795 self.assertEquals(rep.u.context_id, 0)
796 self.assertEquals(rep.u.cancel_count, 0)
797 self.assertEquals(rep.u.flags, 0)
798 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
799 self.assertEquals(rep.u.reserved, 0)
800 self.assertEquals(len(rep.u.error_and_verifier), 0)
802 # wait for a disconnect
803 rep = self.recv_pdu()
804 self.assertIsNone(rep)
805 self.assertNotConnected()
807 def test_no_auth_presentation_ctx_valid2(self):
808 ndr32 = base.transfer_syntax_ndr()
810 zero_syntax = misc.ndr_syntax_id()
812 tsf1a_list = [zero_syntax, ndr32, ndr32, ndr32]
813 ctx1a = dcerpc.ctx_list()
815 ctx1a.num_transfer_syntaxes = len(tsf1a_list)
816 ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
817 ctx1a.transfer_syntaxes = tsf1a_list
819 req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
821 rep = self.recv_pdu()
822 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
824 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
825 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
826 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
827 self.assertEquals(rep.u.secondary_address_size, 4)
828 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
829 self.assertPadding(rep.u._pad1, 2)
830 self.assertEquals(rep.u.num_results, 1)
831 self.assertEquals(rep.u.ctx_list[0].result,
832 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
833 self.assertEquals(rep.u.ctx_list[0].reason,
834 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
835 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
836 self.assertEquals(rep.u.auth_info, b'\0' * 0)
838 # With a unknown but wrong syntaxes we get NO protocol error
839 # see test_no_auth_presentation_ctx_invalid4
840 tsf1b_list = [zero_syntax, samba.dcerpc.epmapper.abstract_syntax()]
841 ctx1b = dcerpc.ctx_list()
843 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
844 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
845 ctx1b.transfer_syntaxes = tsf1b_list
848 req = self.generate_alter(call_id=1, ctx_list=[ctx1b])
850 rep = self.recv_pdu()
851 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
853 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
854 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
855 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
856 self.assertEquals(rep.u.secondary_address_size, 0)
857 self.assertPadding(rep.u._pad1, 2)
858 self.assertEquals(rep.u.num_results, 1)
859 self.assertEquals(rep.u.ctx_list[0].result,
860 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
861 self.assertEquals(rep.u.ctx_list[0].reason,
862 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
863 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
864 self.assertEquals(rep.u.auth_info, b'\0' * 0)
866 req = self.generate_request(call_id=2,
867 context_id=ctx1a.context_id,
871 rep = self.recv_pdu()
872 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
873 pfc_flags=req.pfc_flags |
874 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
876 self.assertNotEquals(rep.u.alloc_hint, 0)
877 self.assertEquals(rep.u.context_id, ctx1a.context_id)
878 self.assertEquals(rep.u.cancel_count, 0)
879 self.assertEquals(rep.u.flags, 0)
880 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_OP_RNG_ERROR)
881 self.assertEquals(rep.u.reserved, 0)
882 self.assertEquals(len(rep.u.error_and_verifier), 0)
884 def test_no_auth_presentation_ctx_no_ndr64(self):
885 ndr32 = base.transfer_syntax_ndr()
886 zero_syntax = misc.ndr_syntax_id()
888 tsfZ_list = [zero_syntax]
889 ctxZ = dcerpc.ctx_list()
890 ctxZ.context_id = 54321
891 ctxZ.num_transfer_syntaxes = len(tsfZ_list)
892 ctxZ.abstract_syntax = zero_syntax
893 ctxZ.transfer_syntaxes = tsfZ_list
895 req = self.generate_bind(call_id=0, ctx_list=[ctxZ])
897 rep = self.recv_pdu()
898 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
900 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
901 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
902 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
903 self.assertEquals(rep.u.secondary_address_size, 4)
904 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
905 self.assertPadding(rep.u._pad1, 2)
906 self.assertEquals(rep.u.num_results, 1)
907 self.assertEquals(rep.u.ctx_list[0].result,
908 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
909 self.assertEquals(rep.u.ctx_list[0].reason,
910 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
911 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
912 self.assertEquals(rep.u.auth_info, b'\0' * 0)
915 ctx0 = dcerpc.ctx_list()
917 ctx0.num_transfer_syntaxes = len(tsf0_list)
918 ctx0.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
919 ctx0.transfer_syntaxes = tsf0_list
921 req = self.generate_alter(call_id=0, ctx_list=[ctx0])
923 rep = self.recv_pdu()
924 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
926 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
927 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
928 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
929 self.assertEquals(rep.u.secondary_address_size, 0)
930 self.assertPadding(rep.u._pad1, 2)
931 self.assertEquals(rep.u.num_results, 1)
932 self.assertEquals(rep.u.ctx_list[0].result,
933 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
934 self.assertEquals(rep.u.ctx_list[0].reason,
935 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
936 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
937 self.assertEquals(rep.u.auth_info, b'\0' * 0)
939 req = self.generate_request(call_id=1,
940 context_id=ctx0.context_id,
944 rep = self.recv_pdu()
945 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
947 self.assertNotEquals(rep.u.alloc_hint, 0)
948 self.assertEquals(rep.u.context_id, req.u.context_id)
949 self.assertEquals(rep.u.cancel_count, 0)
950 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
952 tsf1_list = [zero_syntax, ndr32]
953 ctx1 = dcerpc.ctx_list()
955 ctx1.num_transfer_syntaxes = len(tsf1_list)
956 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
957 ctx1.transfer_syntaxes = tsf1_list
959 req = self.generate_alter(call_id=1, ctx_list=[ctx1])
961 rep = self.recv_pdu()
962 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
964 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
965 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
966 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
967 self.assertEquals(rep.u.secondary_address_size, 0)
968 self.assertPadding(rep.u._pad1, 2)
969 self.assertEquals(rep.u.num_results, 1)
970 self.assertEquals(rep.u.ctx_list[0].result,
971 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
972 self.assertEquals(rep.u.ctx_list[0].reason,
973 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
974 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
975 self.assertEquals(rep.u.auth_info, b'\0' * 0)
977 req = self.generate_request(call_id=1,
978 context_id=ctx1.context_id,
982 rep = self.recv_pdu()
983 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
985 self.assertNotEquals(rep.u.alloc_hint, 0)
986 self.assertEquals(rep.u.context_id, req.u.context_id)
987 self.assertEquals(rep.u.cancel_count, 0)
988 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
990 tsf2_list = [ndr32, ndr32]
991 ctx2 = dcerpc.ctx_list()
993 ctx2.num_transfer_syntaxes = len(tsf2_list)
994 ctx2.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
995 ctx2.transfer_syntaxes = tsf2_list
997 req = self.generate_alter(call_id=2, ctx_list=[ctx2])
999 rep = self.recv_pdu()
1000 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1002 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1003 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1004 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1005 self.assertEquals(rep.u.secondary_address_size, 0)
1006 self.assertPadding(rep.u._pad1, 2)
1007 self.assertEquals(rep.u.num_results, 1)
1008 self.assertEquals(rep.u.ctx_list[0].result,
1009 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1010 self.assertEquals(rep.u.ctx_list[0].reason,
1011 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1012 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1013 self.assertEquals(rep.u.auth_info, b'\0' * 0)
1015 req = self.generate_request(call_id=1,
1016 context_id=ctx2.context_id,
1020 rep = self.recv_pdu()
1021 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1023 self.assertNotEquals(rep.u.alloc_hint, 0)
1024 self.assertEquals(rep.u.context_id, req.u.context_id)
1025 self.assertEquals(rep.u.cancel_count, 0)
1026 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1029 ctx3 = dcerpc.ctx_list()
1031 ctx3.num_transfer_syntaxes = len(tsf3_list)
1032 ctx3.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1033 ctx3.transfer_syntaxes = tsf3_list
1036 ctx4 = dcerpc.ctx_list()
1038 ctx4.num_transfer_syntaxes = len(tsf4_list)
1039 ctx4.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1040 ctx4.transfer_syntaxes = tsf4_list
1042 req = self.generate_alter(call_id=34, ctx_list=[ctx3, ctx4])
1044 rep = self.recv_pdu()
1045 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1047 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1048 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1049 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1050 self.assertEquals(rep.u.secondary_address_size, 0)
1051 self.assertPadding(rep.u._pad1, 2)
1052 self.assertEquals(rep.u.num_results, 2)
1053 self.assertEquals(rep.u.ctx_list[0].result,
1054 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1055 self.assertEquals(rep.u.ctx_list[0].reason,
1056 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1057 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1058 self.assertEquals(rep.u.ctx_list[1].result,
1059 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1060 self.assertEquals(rep.u.ctx_list[1].reason,
1061 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1062 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1063 self.assertEquals(rep.u.auth_info, b'\0' * 0)
1065 req = self.generate_request(call_id=1,
1066 context_id=ctx3.context_id,
1070 rep = self.recv_pdu()
1071 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1073 self.assertNotEquals(rep.u.alloc_hint, 0)
1074 self.assertEquals(rep.u.context_id, req.u.context_id)
1075 self.assertEquals(rep.u.cancel_count, 0)
1076 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1078 req = self.generate_alter(call_id=43, ctx_list=[ctx4, ctx3])
1080 rep = self.recv_pdu()
1081 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1083 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1084 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1085 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1086 self.assertEquals(rep.u.secondary_address_size, 0)
1087 self.assertPadding(rep.u._pad1, 2)
1088 self.assertEquals(rep.u.num_results, 2)
1089 self.assertEquals(rep.u.ctx_list[0].result,
1090 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1091 self.assertEquals(rep.u.ctx_list[0].reason,
1092 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1093 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1094 self.assertEquals(rep.u.ctx_list[1].result,
1095 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1096 self.assertEquals(rep.u.ctx_list[1].reason,
1097 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1098 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1099 self.assertEquals(rep.u.auth_info, b'\0' * 0)
1101 req = self.generate_request(call_id=1,
1102 context_id=ctx4.context_id,
1106 rep = self.recv_pdu()
1107 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1109 self.assertNotEquals(rep.u.alloc_hint, 0)
1110 self.assertEquals(rep.u.context_id, req.u.context_id)
1111 self.assertEquals(rep.u.cancel_count, 0)
1112 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1114 req = self.generate_request(call_id=1,
1115 context_id=ctx3.context_id,
1119 rep = self.recv_pdu()
1120 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1122 self.assertNotEquals(rep.u.alloc_hint, 0)
1123 self.assertEquals(rep.u.context_id, req.u.context_id)
1124 self.assertEquals(rep.u.cancel_count, 0)
1125 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1127 req = self.generate_alter(call_id=44, ctx_list=[ctx4, ctx4])
1129 rep = self.recv_pdu()
1130 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1132 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1133 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1134 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1135 self.assertEquals(rep.u.secondary_address_size, 0)
1136 self.assertPadding(rep.u._pad1, 2)
1137 self.assertEquals(rep.u.num_results, 2)
1138 self.assertEquals(rep.u.ctx_list[0].result,
1139 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1140 self.assertEquals(rep.u.ctx_list[0].reason,
1141 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1142 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1143 self.assertEquals(rep.u.ctx_list[1].result,
1144 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1145 self.assertEquals(rep.u.ctx_list[1].reason,
1146 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1147 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1148 self.assertEquals(rep.u.auth_info, b'\0' * 0)
1150 req = self.generate_request(call_id=1,
1151 context_id=ctx4.context_id,
1155 rep = self.recv_pdu()
1156 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1158 self.assertNotEquals(rep.u.alloc_hint, 0)
1159 self.assertEquals(rep.u.context_id, req.u.context_id)
1160 self.assertEquals(rep.u.cancel_count, 0)
1161 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1163 req = self.generate_request(call_id=1,
1164 context_id=ctx3.context_id,
1168 rep = self.recv_pdu()
1169 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1171 self.assertNotEquals(rep.u.alloc_hint, 0)
1172 self.assertEquals(rep.u.context_id, req.u.context_id)
1173 self.assertEquals(rep.u.cancel_count, 0)
1174 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1176 tsf5mgmt_list = [ndr32]
1177 ctx5mgmt = dcerpc.ctx_list()
1178 ctx5mgmt.context_id = 5
1179 ctx5mgmt.num_transfer_syntaxes = len(tsf5mgmt_list)
1180 ctx5mgmt.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1181 ctx5mgmt.transfer_syntaxes = tsf5mgmt_list
1183 tsf5epm_list = [ndr32]
1184 ctx5epm = dcerpc.ctx_list()
1185 ctx5epm.context_id = 5
1186 ctx5epm.num_transfer_syntaxes = len(tsf5epm_list)
1187 ctx5epm.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1188 ctx5epm.transfer_syntaxes = tsf5epm_list
1190 req = self.generate_alter(call_id=55, ctx_list=[ctx5mgmt, ctx5epm])
1192 rep = self.recv_pdu()
1193 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1195 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1196 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1197 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1198 self.assertEquals(rep.u.secondary_address_size, 0)
1199 self.assertPadding(rep.u._pad1, 2)
1200 self.assertEquals(rep.u.num_results, 2)
1201 self.assertEquals(rep.u.ctx_list[0].result,
1202 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1203 self.assertEquals(rep.u.ctx_list[0].reason,
1204 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1205 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1206 self.assertEquals(rep.u.ctx_list[1].result,
1207 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1208 self.assertEquals(rep.u.ctx_list[1].reason,
1209 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1210 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1211 self.assertEquals(rep.u.auth_info, b'\0' * 0)
1213 req = self.generate_request(call_id=1,
1214 context_id=ctx5mgmt.context_id,
1218 rep = self.recv_pdu()
1219 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1221 self.assertNotEquals(rep.u.alloc_hint, 0)
1222 self.assertEquals(rep.u.context_id, req.u.context_id)
1223 self.assertEquals(rep.u.cancel_count, 0)
1224 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1226 req = self.generate_alter(call_id=55, ctx_list=[ctx5mgmt, ctx5epm])
1228 rep = self.recv_pdu()
1229 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1231 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1232 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1233 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1234 self.assertEquals(rep.u.secondary_address_size, 0)
1235 self.assertPadding(rep.u._pad1, 2)
1236 self.assertEquals(rep.u.num_results, 2)
1237 self.assertEquals(rep.u.ctx_list[0].result,
1238 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1239 self.assertEquals(rep.u.ctx_list[0].reason,
1240 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1241 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1242 self.assertEquals(rep.u.ctx_list[1].result,
1243 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1244 self.assertEquals(rep.u.ctx_list[1].reason,
1245 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1246 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1247 self.assertEquals(rep.u.auth_info, b'\0' * 0)
1249 req = self.generate_request(call_id=1,
1250 context_id=ctx5mgmt.context_id,
1254 rep = self.recv_pdu()
1255 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1257 self.assertNotEquals(rep.u.alloc_hint, 0)
1258 self.assertEquals(rep.u.context_id, req.u.context_id)
1259 self.assertEquals(rep.u.cancel_count, 0)
1260 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1262 def test_no_auth_bind_time_none_simple(self):
1264 btf = base.bind_time_features_syntax(features)
1266 zero_syntax = misc.ndr_syntax_id()
1269 ctx1 = dcerpc.ctx_list()
1271 ctx1.num_transfer_syntaxes = len(tsf1_list)
1272 ctx1.abstract_syntax = zero_syntax
1273 ctx1.transfer_syntaxes = tsf1_list
1275 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1277 rep = self.recv_pdu()
1278 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1280 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1281 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1282 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1283 self.assertEquals(rep.u.secondary_address_size, 4)
1284 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1285 self.assertPadding(rep.u._pad1, 2)
1286 self.assertEquals(rep.u.num_results, 1)
1287 self.assertEquals(rep.u.ctx_list[0].result,
1288 dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1289 self.assertEquals(rep.u.ctx_list[0].reason, features)
1290 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1291 self.assertEquals(rep.u.auth_info, b'\0' * 0)
1293 def test_no_auth_bind_time_none_ignore_additional(self):
1295 btf1 = base.bind_time_features_syntax(features1)
1297 features2 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1298 features2 |= dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1299 btf2 = base.bind_time_features_syntax(features2)
1301 zero_syntax = misc.ndr_syntax_id()
1302 ndr64 = base.transfer_syntax_ndr64()
1304 tsf1_list = [btf1, btf2, zero_syntax]
1305 ctx1 = dcerpc.ctx_list()
1307 ctx1.num_transfer_syntaxes = len(tsf1_list)
1308 ctx1.abstract_syntax = ndr64
1309 ctx1.transfer_syntaxes = tsf1_list
1311 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1313 rep = self.recv_pdu()
1314 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1316 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1317 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1318 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1319 self.assertEquals(rep.u.secondary_address_size, 4)
1320 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1321 self.assertPadding(rep.u._pad1, 2)
1322 self.assertEquals(rep.u.num_results, 1)
1323 self.assertEquals(rep.u.ctx_list[0].result,
1324 dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1325 self.assertEquals(rep.u.ctx_list[0].reason, features1)
1326 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1327 self.assertEquals(rep.u.auth_info, b'\0' * 0)
1329 def test_no_auth_bind_time_only_first(self):
1330 features1 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1331 btf1 = base.bind_time_features_syntax(features1)
1333 features2 = dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1334 btf2 = base.bind_time_features_syntax(features2)
1336 zero_syntax = misc.ndr_syntax_id()
1338 tsf1_list = [zero_syntax, btf1, btf2, zero_syntax]
1339 ctx1 = dcerpc.ctx_list()
1341 ctx1.num_transfer_syntaxes = len(tsf1_list)
1342 ctx1.abstract_syntax = zero_syntax
1343 ctx1.transfer_syntaxes = tsf1_list
1345 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1347 rep = self.recv_pdu()
1348 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1350 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1351 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1352 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1353 self.assertEquals(rep.u.secondary_address_size, 4)
1354 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1355 self.assertPadding(rep.u._pad1, 2)
1356 self.assertEquals(rep.u.num_results, 1)
1357 self.assertEquals(rep.u.ctx_list[0].result,
1358 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1359 self.assertEquals(rep.u.ctx_list[0].reason,
1360 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
1361 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1362 self.assertEquals(rep.u.auth_info, b'\0' * 0)
1364 def test_no_auth_bind_time_twice(self):
1365 features1 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1366 btf1 = base.bind_time_features_syntax(features1)
1368 features2 = dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1369 btf2 = base.bind_time_features_syntax(features2)
1371 zero_syntax = misc.ndr_syntax_id()
1374 ctx1 = dcerpc.ctx_list()
1376 ctx1.num_transfer_syntaxes = len(tsf1_list)
1377 ctx1.abstract_syntax = zero_syntax
1378 ctx1.transfer_syntaxes = tsf1_list
1381 ctx2 = dcerpc.ctx_list()
1383 ctx2.num_transfer_syntaxes = len(tsf2_list)
1384 ctx2.abstract_syntax = zero_syntax
1385 ctx2.transfer_syntaxes = tsf2_list
1387 req = self.generate_bind(call_id=0, ctx_list=[ctx1, ctx2])
1389 rep = self.recv_pdu()
1390 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
1392 self.assertEquals(rep.u.reject_reason,
1393 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1394 self.assertEquals(rep.u.num_versions, 1)
1395 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
1396 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
1397 self.assertPadding(rep.u._pad, 3)
1399 # wait for a disconnect
1400 rep = self.recv_pdu()
1401 self.assertIsNone(rep)
1402 self.assertNotConnected()
1404 def test_no_auth_bind_time_keep_on_orphan_simple(self):
1405 features = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1406 btf = base.bind_time_features_syntax(features)
1408 zero_syntax = misc.ndr_syntax_id()
1411 ctx1 = dcerpc.ctx_list()
1413 ctx1.num_transfer_syntaxes = len(tsf1_list)
1414 ctx1.abstract_syntax = zero_syntax
1415 ctx1.transfer_syntaxes = tsf1_list
1417 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1419 rep = self.recv_pdu()
1420 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1422 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1423 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1424 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1425 self.assertEquals(rep.u.secondary_address_size, 4)
1426 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1427 self.assertPadding(rep.u._pad1, 2)
1428 self.assertEquals(rep.u.num_results, 1)
1429 self.assertEquals(rep.u.ctx_list[0].result,
1430 dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1431 self.assertEquals(rep.u.ctx_list[0].reason, features)
1432 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1433 self.assertEquals(rep.u.auth_info, b'\0' * 0)
1435 def test_no_auth_bind_time_keep_on_orphan_ignore_additional(self):
1436 features1 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1437 btf1 = base.bind_time_features_syntax(features1)
1439 features2 = dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1440 btf2 = base.bind_time_features_syntax(features2)
1442 zero_syntax = misc.ndr_syntax_id()
1443 ndr64 = base.transfer_syntax_ndr64()
1445 tsf1_list = [btf1, btf2, zero_syntax]
1446 ctx1 = dcerpc.ctx_list()
1448 ctx1.num_transfer_syntaxes = len(tsf1_list)
1449 ctx1.abstract_syntax = ndr64
1450 ctx1.transfer_syntaxes = tsf1_list
1452 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1454 rep = self.recv_pdu()
1455 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1457 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1458 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1459 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1460 self.assertEquals(rep.u.secondary_address_size, 4)
1461 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1462 self.assertPadding(rep.u._pad1, 2)
1463 self.assertEquals(rep.u.num_results, 1)
1464 self.assertEquals(rep.u.ctx_list[0].result,
1465 dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1466 self.assertEquals(rep.u.ctx_list[0].reason, features1)
1467 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1468 self.assertEquals(rep.u.auth_info, b'\0' * 0)
1470 def _test_auth_type_level_bind_nak(self, auth_type, auth_level, creds=None,
1471 reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_AUTH_TYPE):
1472 ndr32 = base.transfer_syntax_ndr()
1475 ctx1 = dcerpc.ctx_list()
1477 ctx1.num_transfer_syntaxes = len(tsf1_list)
1478 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1479 ctx1.transfer_syntaxes = tsf1_list
1484 if creds is not None:
1485 # We always start with DCERPC_AUTH_LEVEL_INTEGRITY
1486 auth_context = self.get_auth_context_creds(creds,
1487 auth_type=auth_type,
1488 auth_level=auth_level,
1489 auth_context_id=auth_context_id,
1490 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
1492 (finished, to_server) = auth_context["gensec"].update(from_server)
1493 self.assertFalse(finished)
1495 auth_info = self.generate_auth(auth_type=auth_context["auth_type"],
1496 auth_level=auth_context["auth_level"],
1497 auth_context_id=auth_context["auth_context_id"],
1498 auth_blob=to_server)
1501 auth_info = self.generate_auth(auth_type=auth_type,
1502 auth_level=auth_level,
1503 auth_context_id=auth_context_id,
1504 auth_blob=to_server)
1506 req = self.generate_bind(call_id=0,
1508 auth_info=auth_info)
1510 rep = self.recv_pdu()
1511 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
1513 self.assertEquals(rep.u.reject_reason, reason)
1514 self.assertEquals(rep.u.num_versions, 1)
1515 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
1516 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
1517 self.assertPadding(rep.u._pad, 3)
1519 # wait for a disconnect
1520 rep = self.recv_pdu()
1521 self.assertIsNone(rep)
1522 self.assertNotConnected()
1524 def _test_auth_none_level_bind(self, auth_level,
1525 reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_AUTH_TYPE):
1526 return self._test_auth_type_level_bind_nak(auth_type=dcerpc.DCERPC_AUTH_LEVEL_NONE,
1527 auth_level=auth_level, reason=reason)
1529 def test_auth_none_none_bind(self):
1530 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_NONE,
1531 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1533 def test_auth_none_connect_bind(self):
1534 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_CONNECT)
1536 def test_auth_none_call_bind(self):
1537 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_CALL)
1539 def test_auth_none_packet_bind(self):
1540 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_PACKET)
1542 def test_auth_none_integrity_bind(self):
1543 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
1545 def test_auth_none_privacy_bind(self):
1546 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_PRIVACY)
1548 def test_auth_none_0_bind(self):
1549 return self._test_auth_none_level_bind(0,
1550 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1552 def test_auth_none_7_bind(self):
1553 return self._test_auth_none_level_bind(7,
1554 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1556 def test_auth_none_255_bind(self):
1557 return self._test_auth_none_level_bind(255,
1558 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1560 def _test_auth_none_level_request(self, auth_level):
1561 ndr32 = base.transfer_syntax_ndr()
1564 ctx1 = dcerpc.ctx_list()
1566 ctx1.num_transfer_syntaxes = len(tsf1_list)
1567 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1568 ctx1.transfer_syntaxes = tsf1_list
1571 auth_type = dcerpc.DCERPC_AUTH_TYPE_NONE
1574 req = self.generate_bind(call_id=0,
1578 rep = self.recv_pdu()
1579 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
1580 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1581 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1582 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1583 self.assertEquals(rep.u.secondary_address_size, 4)
1584 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1585 self.assertPadding(rep.u._pad1, 2)
1586 self.assertEquals(rep.u.num_results, 1)
1587 self.assertEquals(rep.u.ctx_list[0].result,
1588 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1589 self.assertEquals(rep.u.ctx_list[0].reason,
1590 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1591 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1592 self.assertEquals(len(rep.u.auth_info), 0)
1594 # And now try a request without auth_info
1595 req = self.generate_request(call_id=2,
1596 context_id=ctx1.context_id,
1600 rep = self.recv_pdu()
1601 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1603 self.assertNotEquals(rep.u.alloc_hint, 0)
1604 self.assertEquals(rep.u.context_id, req.u.context_id)
1605 self.assertEquals(rep.u.cancel_count, 0)
1606 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1608 auth_info = self.generate_auth(auth_type=auth_type,
1609 auth_level=auth_level,
1610 auth_context_id=auth_context_id,
1613 req = self.generate_request(call_id=3,
1614 context_id=ctx1.context_id,
1617 auth_info=auth_info)
1619 rep = self.recv_pdu()
1620 # We get a fault back
1621 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
1623 self.assertNotEquals(rep.u.alloc_hint, 0)
1624 self.assertEquals(rep.u.context_id, req.u.context_id)
1625 self.assertEquals(rep.u.cancel_count, 0)
1626 self.assertEquals(rep.u.flags, 0)
1627 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
1628 self.assertEquals(rep.u.reserved, 0)
1629 self.assertEquals(len(rep.u.error_and_verifier), 0)
1631 # wait for a disconnect
1632 rep = self.recv_pdu()
1633 self.assertIsNone(rep)
1634 self.assertNotConnected()
1636 def test_auth_none_none_request(self):
1637 return self._test_auth_none_level_request(dcerpc.DCERPC_AUTH_LEVEL_NONE)
1639 def test_auth_none_connect_request(self):
1640 return self._test_auth_none_level_request(dcerpc.DCERPC_AUTH_LEVEL_CONNECT)
1642 def test_auth_none_call_request(self):
1643 return self._test_auth_none_level_request(dcerpc.DCERPC_AUTH_LEVEL_CALL)
1645 def _test_neg_xmit_check_values(self,
1651 ndr32 = base.transfer_syntax_ndr()
1654 ctx1 = dcerpc.ctx_list()
1656 ctx1.num_transfer_syntaxes = len(tsf1_list)
1657 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1658 ctx1.transfer_syntaxes = tsf1_list
1660 req = self.generate_bind(call_id=0,
1661 max_xmit_frag=req_xmit,
1662 max_recv_frag=req_recv,
1665 rep = self.recv_pdu()
1666 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1668 self.assertEquals(rep.u.max_xmit_frag, rep_both)
1669 self.assertEquals(rep.u.max_recv_frag, rep_both)
1670 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1671 self.assertEquals(rep.u.secondary_address_size, 4)
1672 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1673 self.assertPadding(rep.u._pad1, 2)
1674 self.assertEquals(rep.u.num_results, 1)
1675 self.assertEquals(rep.u.ctx_list[0].result,
1676 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1677 self.assertEquals(rep.u.ctx_list[0].reason,
1678 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1679 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1680 self.assertEquals(rep.u.auth_info, b'\0' * 0)
1682 assoc_group_id = rep.u.assoc_group_id
1683 if alter_xmit is None:
1684 alter_xmit = rep_both - 8
1685 if alter_recv is None:
1686 alter_recv = rep_both - 8
1688 # max_{xmit,recv}_frag and assoc_group_id are completely
1689 # ignored in alter_context requests
1690 req = self.generate_alter(call_id=1,
1691 max_xmit_frag=alter_xmit,
1692 max_recv_frag=alter_recv,
1693 assoc_group_id=0xffffffff - rep.u.assoc_group_id,
1696 rep = self.recv_pdu()
1697 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1699 self.assertEquals(rep.u.max_xmit_frag, rep_both)
1700 self.assertEquals(rep.u.max_recv_frag, rep_both)
1701 self.assertEquals(rep.u.assoc_group_id, rep.u.assoc_group_id)
1702 self.assertEquals(rep.u.secondary_address_size, 0)
1703 self.assertPadding(rep.u._pad1, 2)
1704 self.assertEquals(rep.u.num_results, 1)
1705 self.assertEquals(rep.u.ctx_list[0].result,
1706 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1707 self.assertEquals(rep.u.ctx_list[0].reason,
1708 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1709 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1710 self.assertEquals(rep.u.auth_info, b'\0' * 0)
1712 chunk_size = rep_both - dcerpc.DCERPC_REQUEST_LENGTH
1713 req = self.generate_request(call_id=2,
1714 context_id=ctx1.context_id,
1716 alloc_hint=0xffffffff,
1717 stub=b"\00" * chunk_size)
1718 self.send_pdu(req, ndr_print=True, hexdump=True)
1719 rep = self.recv_pdu(ndr_print=True, hexdump=True)
1720 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1722 self.assertNotEquals(rep.u.alloc_hint, 0)
1723 self.assertEquals(rep.u.context_id, req.u.context_id)
1724 self.assertEquals(rep.u.cancel_count, 0)
1725 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1727 chunk_size = 5840 - dcerpc.DCERPC_REQUEST_LENGTH
1728 req = self.generate_request(call_id=2,
1729 context_id=ctx1.context_id,
1731 alloc_hint=0xffffffff,
1732 stub=b"\00" * chunk_size)
1734 rep = self.recv_pdu()
1735 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1737 self.assertNotEquals(rep.u.alloc_hint, 0)
1738 self.assertEquals(rep.u.context_id, req.u.context_id)
1739 self.assertEquals(rep.u.cancel_count, 0)
1740 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1743 req = self.generate_request(call_id=3,
1744 context_id=ctx1.context_id,
1746 alloc_hint=0xffffffff,
1747 stub=b"\00" * chunk_size)
1749 rep = self.recv_pdu()
1751 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
1753 self.assertNotEquals(rep.u.alloc_hint, 0)
1754 self.assertEquals(rep.u.context_id, 0)
1755 self.assertEquals(rep.u.cancel_count, 0)
1756 self.assertEquals(rep.u.flags, 0)
1757 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
1758 self.assertEquals(rep.u.reserved, 0)
1759 self.assertEquals(len(rep.u.error_and_verifier), 0)
1761 # wait for a disconnect
1762 rep = self.recv_pdu()
1763 self.assertIsNone(rep)
1764 self.assertNotConnected()
1766 def test_neg_xmit_ffff_ffff(self):
1767 return self._test_neg_xmit_check_values(req_xmit=0xffff,
1771 def test_neg_xmit_0_ffff(self):
1772 return self._test_neg_xmit_check_values(req_xmit=0,
1778 def test_neg_xmit_ffff_0(self):
1779 return self._test_neg_xmit_check_values(req_xmit=0xffff,
1783 def test_neg_xmit_0_0(self):
1784 return self._test_neg_xmit_check_values(req_xmit=0,
1790 def test_neg_xmit_3199_0(self):
1791 return self._test_neg_xmit_check_values(req_xmit=3199,
1795 def test_neg_xmit_0_3199(self):
1796 return self._test_neg_xmit_check_values(req_xmit=0,
1800 def test_neg_xmit_3199_ffff(self):
1801 return self._test_neg_xmit_check_values(req_xmit=3199,
1805 def test_neg_xmit_ffff_3199(self):
1806 return self._test_neg_xmit_check_values(req_xmit=0xffff,
1810 def test_alloc_hint(self):
1811 ndr32 = base.transfer_syntax_ndr()
1814 ctx = dcerpc.ctx_list()
1816 ctx.num_transfer_syntaxes = len(tsf1_list)
1817 ctx.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1818 ctx.transfer_syntaxes = tsf1_list
1820 req = self.generate_bind(call_id=0,
1823 rep = self.recv_pdu()
1824 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1826 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1827 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1828 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1829 self.assertEquals(rep.u.secondary_address_size, 4)
1830 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1831 self.assertPadding(rep.u._pad1, 2)
1832 self.assertEquals(rep.u.num_results, 1)
1833 self.assertEquals(rep.u.ctx_list[0].result,
1834 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1835 self.assertEquals(rep.u.ctx_list[0].reason,
1836 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1837 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1838 self.assertEquals(rep.u.auth_info, b'\0' * 0)
1840 # And now try a request without auth_info
1841 req = self.generate_request(call_id=2,
1842 context_id=ctx.context_id,
1844 alloc_hint=0xffffffff,
1847 rep = self.recv_pdu()
1848 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1850 self.assertNotEquals(rep.u.alloc_hint, 0)
1851 self.assertEquals(rep.u.context_id, req.u.context_id)
1852 self.assertEquals(rep.u.cancel_count, 0)
1853 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1855 req = self.generate_request(call_id=3,
1856 context_id=ctx.context_id,
1858 alloc_hint=0xffffffff,
1859 stub=b"\04\00\00\00\00\00\00\00")
1861 rep = self.recv_pdu()
1862 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1864 self.assertNotEquals(rep.u.alloc_hint, 0)
1865 self.assertEquals(rep.u.context_id, req.u.context_id)
1866 self.assertEquals(rep.u.cancel_count, 0)
1867 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1869 req = self.generate_request(call_id=4,
1870 context_id=ctx.context_id,
1873 stub=b"\04\00\00\00\00\00\00\00")
1875 rep = self.recv_pdu()
1876 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1878 self.assertNotEquals(rep.u.alloc_hint, 0)
1879 self.assertEquals(rep.u.context_id, req.u.context_id)
1880 self.assertEquals(rep.u.cancel_count, 0)
1881 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1883 def _get_netlogon_ctx(self):
1884 abstract = samba.dcerpc.netlogon.abstract_syntax()
1885 ndr32 = base.transfer_syntax_ndr()
1887 (ctx, ack) = self.prepare_presentation(abstract, ndr32, context_id=0,
1888 epmap=True, return_ack=True)
1890 server = '\\\\' + self.target_hostname
1891 if isinstance(server, binary_type):
1892 server_utf16 = server.decode('utf-8').encode('utf-16-le')
1894 server_utf16 = server.encode('utf-16-le')
1895 computer = 'UNKNOWNCOMPUTER'
1896 if isinstance(server, binary_type):
1897 computer_utf16 = computer.decode('utf-8').encode('utf-16-le')
1899 computer_utf16 = computer.encode('utf-16-le')
1901 real_stub = struct.pack('<IIII', 0x00200000,
1902 len(server) + 1, 0, len(server) + 1)
1903 real_stub += server_utf16 + b'\x00\x00'
1904 mod_len = len(real_stub) % 4
1906 real_stub += b'\x00' * (4 - mod_len)
1907 real_stub += struct.pack('<III',
1908 len(computer) + 1, 0, len(computer) + 1)
1909 real_stub += computer_utf16 + b'\x00\x00'
1910 real_stub += b'\x11\x22\x33\x44\x55\x66\x77\x88'
1912 return (ctx, ack, real_stub)
1914 def _test_fragmented_requests(self, remaining=None, alloc_hint=None,
1915 fault_first=None, fault_last=None):
1916 (ctx, rep, real_stub) = self._get_netlogon_ctx()
1918 chunk = rep.u.max_recv_frag - dcerpc.DCERPC_REQUEST_LENGTH
1922 while remaining > 0:
1923 thistime = min(remaining, chunk)
1924 remaining -= thistime
1929 pfc_flags |= dcerpc.DCERPC_PFC_FLAG_FIRST
1931 stub = real_stub + b'\x00' * (thistime - len(real_stub))
1933 stub = b"\x00" * thistime
1936 pfc_flags |= dcerpc.DCERPC_PFC_FLAG_LAST
1938 # And now try a request without auth_info
1939 # netr_ServerReqChallenge()
1940 req = self.generate_request(call_id=0x21234,
1941 pfc_flags=pfc_flags,
1942 context_id=ctx.context_id,
1944 alloc_hint=alloc_hint,
1946 if alloc_hint >= thistime:
1947 alloc_hint -= thistime
1950 self.send_pdu(req, hexdump=False)
1951 if fault_first is not None:
1952 rep = self.recv_pdu()
1953 # We get a fault back
1954 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
1956 self.assertNotEquals(rep.u.alloc_hint, 0)
1957 self.assertEquals(rep.u.context_id, req.u.context_id)
1958 self.assertEquals(rep.u.cancel_count, 0)
1959 self.assertEquals(rep.u.flags, 0)
1960 self.assertEquals(rep.u.status, fault_first)
1961 self.assertEquals(rep.u.reserved, 0)
1962 self.assertEquals(len(rep.u.error_and_verifier), 0)
1964 # wait for a disconnect
1965 rep = self.recv_pdu()
1966 self.assertIsNone(rep)
1967 self.assertNotConnected()
1971 if total >= 0x400000 and fault_last is not None:
1972 rep = self.recv_pdu()
1973 # We get a fault back
1974 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
1976 self.assertNotEquals(rep.u.alloc_hint, 0)
1977 self.assertEquals(rep.u.context_id, req.u.context_id)
1978 self.assertEquals(rep.u.cancel_count, 0)
1979 self.assertEquals(rep.u.flags, 0)
1980 self.assertEquals(rep.u.status, fault_last)
1981 self.assertEquals(rep.u.reserved, 0)
1982 self.assertEquals(len(rep.u.error_and_verifier), 0)
1984 # wait for a disconnect
1985 rep = self.recv_pdu()
1986 self.assertIsNone(rep)
1987 self.assertNotConnected()
1989 rep = self.recv_pdu(timeout=0.01)
1990 self.assertIsNone(rep)
1991 self.assertIsConnected()
1993 if total >= 0x400000 and fault_last is not None:
1994 rep = self.recv_pdu()
1995 # We get a fault back
1996 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
1998 self.assertNotEquals(rep.u.alloc_hint, 0)
1999 self.assertEquals(rep.u.context_id, req.u.context_id)
2000 self.assertEquals(rep.u.cancel_count, 0)
2001 self.assertEquals(rep.u.flags, 0)
2002 self.assertEquals(rep.u.status, fault_last)
2003 self.assertEquals(rep.u.reserved, 0)
2004 self.assertEquals(len(rep.u.error_and_verifier), 0)
2006 # wait for a disconnect
2007 rep = self.recv_pdu()
2008 self.assertIsNone(rep)
2009 self.assertNotConnected()
2011 rep = self.recv_pdu()
2012 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2014 self.assertNotEquals(rep.u.alloc_hint, 0)
2015 self.assertEquals(rep.u.context_id, req.u.context_id)
2016 self.assertEquals(rep.u.cancel_count, 0)
2017 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2019 self.assertEquals(len(rep.u.stub_and_verifier), 12)
2020 status = struct.unpack_from("<I", rep.u.stub_and_verifier, len(rep.u.stub_and_verifier) - 4)
2021 self.assertEquals(status[0], 0)
2023 def test_fragmented_requests01(self):
2024 return self._test_fragmented_requests(remaining=0x400000,
2025 alloc_hint=0x400000)
2027 def test_fragmented_requests02(self):
2028 return self._test_fragmented_requests(remaining=0x400000,
2029 alloc_hint=0x100000)
2031 def test_fragmented_requests03(self):
2032 return self._test_fragmented_requests(remaining=0x400000,
2035 def test_fragmented_requests04(self):
2036 return self._test_fragmented_requests(remaining=0x400000,
2037 alloc_hint=0x400001,
2038 fault_first=dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2040 def test_fragmented_requests05(self):
2041 return self._test_fragmented_requests(remaining=0x500001,
2043 fault_last=dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2045 def _test_same_requests(self, pfc_flags, fault_1st=False, fault_2nd=False):
2046 (ctx, rep, real_stub) = self._get_netlogon_ctx()
2048 # netr_ServerReqChallenge with given flags
2049 req = self.generate_request(call_id=2,
2050 pfc_flags=pfc_flags,
2051 context_id=ctx.context_id,
2056 rep = self.recv_pdu()
2057 # We get a fault back
2058 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2060 self.assertNotEquals(rep.u.alloc_hint, 0)
2061 self.assertEquals(rep.u.context_id, 0)
2062 self.assertEquals(rep.u.cancel_count, 0)
2063 self.assertEquals(rep.u.flags, 0)
2064 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2065 self.assertEquals(rep.u.reserved, 0)
2066 self.assertEquals(len(rep.u.error_and_verifier), 0)
2068 # wait for a disconnect
2069 rep = self.recv_pdu()
2070 self.assertIsNone(rep)
2071 self.assertNotConnected()
2073 rep = self.recv_pdu(timeout=0.1)
2074 self.assertIsNone(rep)
2075 self.assertIsConnected()
2077 # netr_ServerReqChallenge without DCERPC_PFC_FLAG_LAST
2078 # with the same call_id
2079 req = self.generate_request(call_id=2,
2080 pfc_flags=pfc_flags,
2081 context_id=ctx.context_id,
2086 rep = self.recv_pdu()
2087 # We get a fault back
2088 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2090 self.assertNotEquals(rep.u.alloc_hint, 0)
2091 self.assertEquals(rep.u.context_id, req.u.context_id)
2092 self.assertEquals(rep.u.cancel_count, 0)
2093 self.assertEquals(rep.u.flags, 0)
2094 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2095 self.assertEquals(rep.u.reserved, 0)
2096 self.assertEquals(len(rep.u.error_and_verifier), 0)
2098 # wait for a disconnect
2099 rep = self.recv_pdu()
2100 self.assertIsNone(rep)
2101 self.assertNotConnected()
2104 rep = self.recv_pdu(timeout=0.1)
2105 self.assertIsNone(rep)
2106 self.assertIsConnected()
2108 def test_first_only_requests(self):
2109 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2112 def test_none_only_requests(self):
2113 return self._test_same_requests(pfc_flags=0, fault_1st=True)
2115 def test_last_only_requests(self):
2116 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2119 def test_first_maybe_requests(self):
2120 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2121 dcerpc.DCERPC_PFC_FLAG_MAYBE,
2124 def test_first_didnot_requests(self):
2125 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2126 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
2129 def test_first_cmpx_requests(self):
2130 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2131 dcerpc.DCERPC_PFC_FLAG_CONC_MPX,
2134 def test_first_08_requests(self):
2135 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2139 def test_first_cancel_requests(self):
2140 (ctx, rep, real_stub) = self._get_netlogon_ctx()
2142 # netr_ServerReqChallenge with given flags
2143 req = self.generate_request(call_id=2,
2144 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2145 dcerpc.DCERPC_PFC_FLAG_PENDING_CANCEL,
2146 context_id=ctx.context_id,
2150 rep = self.recv_pdu()
2151 # We get a fault back
2152 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2153 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2154 dcerpc.DCERPC_PFC_FLAG_LAST |
2155 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
2157 self.assertNotEquals(rep.u.alloc_hint, 0)
2158 self.assertEquals(rep.u.context_id, 0)
2159 self.assertEquals(rep.u.cancel_count, 0)
2160 self.assertEquals(rep.u.flags, 0)
2161 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_NO_CALL_ACTIVE)
2162 self.assertEquals(rep.u.reserved, 0)
2163 self.assertEquals(len(rep.u.error_and_verifier), 0)
2165 # wait for a disconnect
2166 rep = self.recv_pdu()
2167 self.assertIsNone(rep)
2168 self.assertNotConnected()
2170 def test_2nd_cancel_requests(self):
2171 (ctx, rep, real_stub) = self._get_netlogon_ctx()
2173 # netr_ServerReqChallenge with given flags
2174 req = self.generate_request(call_id=2,
2175 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2176 context_id=ctx.context_id,
2180 rep = self.recv_pdu(timeout=0.1)
2181 self.assertIsNone(rep)
2182 self.assertIsConnected()
2184 # netr_ServerReqChallenge with given flags
2185 req = self.generate_request(call_id=2,
2186 pfc_flags=dcerpc.DCERPC_PFC_FLAG_PENDING_CANCEL,
2187 context_id=ctx.context_id,
2191 rep = self.recv_pdu(timeout=0.1)
2192 self.assertIsNone(rep)
2193 self.assertIsConnected()
2195 # netr_ServerReqChallenge with given flags
2196 req = self.generate_request(call_id=2,
2197 pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2198 context_id=ctx.context_id,
2202 rep = self.recv_pdu()
2203 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2205 self.assertNotEquals(rep.u.alloc_hint, 0)
2206 self.assertEquals(rep.u.context_id, req.u.context_id)
2207 self.assertEquals(rep.u.cancel_count, 0)
2208 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2210 self.assertEquals(len(rep.u.stub_and_verifier), 12)
2211 status = struct.unpack_from("<I", rep.u.stub_and_verifier, len(rep.u.stub_and_verifier) - 4)
2212 self.assertEquals(status[0], 0)
2214 def test_last_cancel_requests(self):
2215 (ctx, rep, real_stub) = self._get_netlogon_ctx()
2217 # netr_ServerReqChallenge with given flags
2218 req = self.generate_request(call_id=2,
2219 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2220 context_id=ctx.context_id,
2224 rep = self.recv_pdu(timeout=0.1)
2225 self.assertIsNone(rep)
2226 self.assertIsConnected()
2228 # netr_ServerReqChallenge with given flags
2229 req = self.generate_request(call_id=2,
2230 pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST |
2231 dcerpc.DCERPC_PFC_FLAG_PENDING_CANCEL,
2232 context_id=ctx.context_id,
2236 rep = self.recv_pdu()
2237 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2239 self.assertNotEquals(rep.u.alloc_hint, 0)
2240 self.assertEquals(rep.u.context_id, req.u.context_id)
2241 self.assertEquals(rep.u.cancel_count, 0)
2242 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2244 self.assertEquals(len(rep.u.stub_and_verifier), 12)
2245 status = struct.unpack_from("<I", rep.u.stub_and_verifier, len(rep.u.stub_and_verifier) - 4)
2246 self.assertEquals(status[0], 0)
2248 def test_mix_requests(self):
2249 (ctx, rep, real_stub) = self._get_netlogon_ctx()
2251 # netr_ServerReqChallenge with given flags
2252 req = self.generate_request(call_id=50,
2253 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2254 context_id=ctx.context_id,
2258 rep = self.recv_pdu(timeout=0.1)
2259 self.assertIsNone(rep)
2260 self.assertIsConnected()
2262 # netr_ServerReqChallenge with given flags
2263 req = self.generate_request(call_id=51,
2264 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2265 context_id=ctx.context_id,
2269 rep = self.recv_pdu()
2270 # We get a fault back
2271 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, 50,
2272 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2273 dcerpc.DCERPC_PFC_FLAG_LAST,
2275 self.assertNotEquals(rep.u.alloc_hint, 0)
2276 self.assertEquals(rep.u.context_id, req.u.context_id)
2277 self.assertEquals(rep.u.cancel_count, 0)
2278 self.assertEquals(rep.u.flags, 0)
2279 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2280 self.assertEquals(rep.u.reserved, 0)
2281 self.assertEquals(len(rep.u.error_and_verifier), 0)
2283 def test_co_cancel_no_request(self):
2284 ndr32 = base.transfer_syntax_ndr()
2285 abstract = samba.dcerpc.mgmt.abstract_syntax()
2286 ctx = self.prepare_presentation(abstract, ndr32, context_id=0xff)
2288 req = self.generate_co_cancel(call_id=3)
2290 rep = self.recv_pdu(timeout=0.01)
2291 self.assertIsNone(rep)
2292 self.assertIsConnected()
2294 # And now try a request
2295 req = self.generate_request(call_id=1,
2296 context_id=ctx.context_id,
2300 rep = self.recv_pdu()
2301 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2303 self.assertNotEquals(rep.u.alloc_hint, 0)
2304 self.assertEquals(rep.u.context_id, req.u.context_id)
2305 self.assertEquals(rep.u.cancel_count, 0)
2306 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2308 def test_co_cancel_request_after_first(self):
2309 ndr32 = base.transfer_syntax_ndr()
2310 abstract = samba.dcerpc.mgmt.abstract_syntax()
2311 ctx = self.prepare_presentation(abstract, ndr32, context_id=0xff)
2313 req = self.generate_request(call_id=1,
2314 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2315 context_id=ctx.context_id,
2319 rep = self.recv_pdu(timeout=0.01)
2320 self.assertIsNone(rep)
2321 self.assertIsConnected()
2323 req = self.generate_co_cancel(call_id=1)
2325 rep = self.recv_pdu(timeout=0.01)
2326 self.assertIsNone(rep)
2327 self.assertIsConnected()
2329 req = self.generate_request(call_id=1,
2330 pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2331 context_id=ctx.context_id,
2335 rep = self.recv_pdu()
2336 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2338 self.assertNotEquals(rep.u.alloc_hint, 0)
2339 self.assertEquals(rep.u.context_id, req.u.context_id)
2340 self.assertEquals(rep.u.cancel_count, 0)
2341 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2343 # And now try a request
2344 req = self.generate_request(call_id=2,
2345 context_id=ctx.context_id,
2349 rep = self.recv_pdu()
2350 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2352 self.assertNotEquals(rep.u.alloc_hint, 0)
2353 self.assertEquals(rep.u.context_id, req.u.context_id)
2354 self.assertEquals(rep.u.cancel_count, 0)
2355 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2357 def test_orphaned_no_request(self):
2358 ndr32 = base.transfer_syntax_ndr()
2359 abstract = samba.dcerpc.mgmt.abstract_syntax()
2360 ctx = self.prepare_presentation(abstract, ndr32)
2362 req = self.generate_orphaned(call_id=3)
2364 rep = self.recv_pdu(timeout=0.01)
2365 self.assertIsNone(rep)
2366 self.assertIsConnected()
2368 # And now try a request
2369 req = self.generate_request(call_id=1,
2370 context_id=ctx.context_id,
2374 rep = self.recv_pdu()
2375 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2377 self.assertNotEquals(rep.u.alloc_hint, 0)
2378 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2379 self.assertEquals(rep.u.cancel_count, 0)
2380 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2382 def test_orphaned_request_after_first_last(self):
2383 ndr32 = base.transfer_syntax_ndr()
2384 abstract = samba.dcerpc.mgmt.abstract_syntax()
2385 ctx = self.prepare_presentation(abstract, ndr32)
2387 req = self.generate_request(call_id=1,
2388 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2389 context_id=ctx.context_id,
2393 rep = self.recv_pdu(timeout=0.1)
2394 self.assertIsNone(rep)
2395 self.assertIsConnected()
2397 req = self.generate_orphaned(call_id=1)
2399 rep = self.recv_pdu(timeout=0.1)
2400 self.assertIsNone(rep)
2401 self.assertIsConnected()
2403 req = self.generate_request(call_id=1,
2404 pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2405 context_id=ctx.context_id,
2409 rep = self.recv_pdu()
2410 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2412 self.assertNotEquals(rep.u.alloc_hint, 0)
2413 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2414 self.assertEquals(rep.u.cancel_count, 0)
2415 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2417 # And now try a request
2418 req = self.generate_request(call_id=2,
2419 context_id=ctx.context_id,
2423 rep = self.recv_pdu()
2424 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2426 self.assertNotEquals(rep.u.alloc_hint, 0)
2427 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2428 self.assertEquals(rep.u.cancel_count, 0)
2429 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2431 def test_orphaned_request_after_first_mpx_last(self):
2432 ndr32 = base.transfer_syntax_ndr()
2433 abstract = samba.dcerpc.mgmt.abstract_syntax()
2435 pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST
2436 pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST
2437 pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_CONC_MPX
2438 ctx = self.prepare_presentation(abstract, ndr32, pfc_flags=pfc_flags)
2440 req = self.generate_request(call_id=1,
2441 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2442 context_id=ctx.context_id,
2446 rep = self.recv_pdu(timeout=0.1)
2447 self.assertIsNone(rep)
2448 self.assertIsConnected()
2450 req = self.generate_orphaned(call_id=1)
2452 rep = self.recv_pdu(timeout=0.1)
2453 self.assertIsNone(rep)
2454 self.assertIsConnected()
2456 req = self.generate_request(call_id=1,
2457 pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2458 context_id=ctx.context_id,
2462 rep = self.recv_pdu()
2463 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2465 self.assertNotEquals(rep.u.alloc_hint, 0)
2466 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2467 self.assertEquals(rep.u.cancel_count, 0)
2468 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2470 # And now try a request
2471 req = self.generate_request(call_id=2,
2472 context_id=ctx.context_id,
2476 rep = self.recv_pdu()
2477 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2479 self.assertNotEquals(rep.u.alloc_hint, 0)
2480 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2481 self.assertEquals(rep.u.cancel_count, 0)
2482 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2484 def test_orphaned_request_after_first_no_last(self):
2485 ndr32 = base.transfer_syntax_ndr()
2486 abstract = samba.dcerpc.mgmt.abstract_syntax()
2487 ctx = self.prepare_presentation(abstract, ndr32)
2489 req1 = self.generate_request(call_id=1,
2490 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2491 context_id=ctx.context_id,
2495 rep = self.recv_pdu(timeout=0.1)
2496 self.assertIsNone(rep)
2497 self.assertIsConnected()
2499 req = self.generate_orphaned(call_id=1)
2501 rep = self.recv_pdu(timeout=0.1)
2502 self.assertIsNone(rep)
2503 self.assertIsConnected()
2505 # And now try a new request
2506 req2 = self.generate_request(call_id=2,
2507 context_id=ctx.context_id,
2511 rep = self.recv_pdu()
2512 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req1.call_id,
2514 self.assertNotEquals(rep.u.alloc_hint, 0)
2515 self.assertEquals(rep.u.context_id, req1.u.context_id)
2516 self.assertEquals(rep.u.cancel_count, 0)
2517 self.assertEquals(rep.u.flags, 0)
2518 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2519 self.assertEquals(rep.u.reserved, 0)
2520 self.assertEquals(len(rep.u.error_and_verifier), 0)
2522 # wait for a disconnect
2523 rep = self.recv_pdu()
2524 self.assertIsNone(rep)
2525 self.assertNotConnected()
2527 def test_orphaned_request_after_first_mpx_no_last(self):
2528 ndr32 = base.transfer_syntax_ndr()
2529 abstract = samba.dcerpc.mgmt.abstract_syntax()
2531 pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST
2532 pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST
2533 pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_CONC_MPX
2534 ctx = self.prepare_presentation(abstract, ndr32,
2535 pfc_flags=pfc_flags)
2537 req1 = self.generate_request(call_id=1,
2538 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2539 context_id=ctx.context_id,
2543 rep = self.recv_pdu(timeout=0.1)
2544 self.assertIsNone(rep)
2545 self.assertIsConnected()
2547 req = self.generate_orphaned(call_id=1)
2549 rep = self.recv_pdu(timeout=0.1)
2550 self.assertIsNone(rep)
2551 self.assertIsConnected()
2553 # And now try a new request
2554 req2 = self.generate_request(call_id=2,
2555 context_id=ctx.context_id - 1,
2559 rep = self.recv_pdu()
2560 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req2.call_id,
2562 self.assertNotEquals(rep.u.alloc_hint, 0)
2563 self.assertEquals(rep.u.context_id, 0)
2564 self.assertEquals(rep.u.cancel_count, 0)
2565 self.assertEquals(rep.u.flags, 0)
2566 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2567 self.assertEquals(rep.u.reserved, 0)
2568 self.assertEquals(len(rep.u.error_and_verifier), 0)
2570 # wait for a disconnect
2571 rep = self.recv_pdu()
2572 self.assertIsNone(rep)
2573 self.assertNotConnected()
2575 def test_spnego_connect_request(self):
2576 ndr32 = base.transfer_syntax_ndr()
2579 ctx1 = dcerpc.ctx_list()
2581 ctx1.num_transfer_syntaxes = len(tsf1_list)
2582 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2583 ctx1.transfer_syntaxes = tsf1_list
2586 c = self.get_anon_creds()
2587 g = gensec.Security.start_client(self.settings)
2588 g.set_credentials(c)
2589 g.want_feature(gensec.FEATURE_DCE_STYLE)
2590 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2591 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
2593 g.start_mech_by_authtype(auth_type, auth_level)
2595 (finished, to_server) = g.update(from_server)
2596 self.assertFalse(finished)
2598 auth_info = self.generate_auth(auth_type=auth_type,
2599 auth_level=auth_level,
2600 auth_context_id=auth_context_id,
2601 auth_blob=to_server)
2603 req = self.generate_bind(call_id=0,
2605 auth_info=auth_info)
2608 rep = self.recv_pdu()
2609 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2610 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2611 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2612 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2613 self.assertEquals(rep.u.secondary_address_size, 4)
2614 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
2615 self.assertPadding(rep.u._pad1, 2)
2616 self.assertEquals(rep.u.num_results, 1)
2617 self.assertEquals(rep.u.ctx_list[0].result,
2618 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2619 self.assertEquals(rep.u.ctx_list[0].reason,
2620 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2621 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2622 self.assertNotEquals(len(rep.u.auth_info), 0)
2623 a = self.parse_auth(rep.u.auth_info)
2625 from_server = a.credentials
2626 (finished, to_server) = g.update(from_server)
2627 self.assertFalse(finished)
2629 auth_info = self.generate_auth(auth_type=auth_type,
2630 auth_level=auth_level,
2631 auth_context_id=auth_context_id,
2632 auth_blob=to_server)
2634 req = self.generate_alter(call_id=0,
2636 assoc_group_id=rep.u.assoc_group_id,
2637 auth_info=auth_info)
2640 rep = self.recv_pdu()
2641 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
2642 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2643 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2644 self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2645 self.assertEquals(rep.u.secondary_address_size, 0)
2646 self.assertPadding(rep.u._pad1, 2)
2647 self.assertEquals(rep.u.num_results, 1)
2648 self.assertEquals(rep.u.ctx_list[0].result,
2649 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2650 self.assertEquals(rep.u.ctx_list[0].reason,
2651 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2652 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2653 self.assertNotEquals(len(rep.u.auth_info), 0)
2654 a = self.parse_auth(rep.u.auth_info)
2656 from_server = a.credentials
2657 (finished, to_server) = g.update(from_server)
2658 self.assertTrue(finished)
2660 # And now try a request without auth_info
2661 req = self.generate_request(call_id=2,
2662 context_id=ctx1.context_id,
2666 rep = self.recv_pdu()
2667 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2669 self.assertNotEquals(rep.u.alloc_hint, 0)
2670 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2671 self.assertEquals(rep.u.cancel_count, 0)
2672 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2674 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
2675 auth_info = self.generate_auth(auth_type=auth_type,
2676 auth_level=auth_level,
2677 auth_context_id=auth_context_id,
2678 auth_blob=b"\x01" +b"\x00" *15)
2679 req = self.generate_request(call_id=3,
2680 context_id=ctx1.context_id,
2683 auth_info=auth_info)
2685 rep = self.recv_pdu()
2686 # We don't get an auth_info back
2687 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2689 self.assertNotEquals(rep.u.alloc_hint, 0)
2690 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2691 self.assertEquals(rep.u.cancel_count, 0)
2692 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2694 # Now a request with auth_info DCERPC_AUTH_LEVEL_INTEGRITY
2695 auth_info = self.generate_auth(auth_type=auth_type,
2696 auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
2697 auth_context_id=auth_context_id,
2698 auth_blob=b"\x01" + b"\x00" * 15)
2699 req = self.generate_request(call_id=4,
2700 context_id=ctx1.context_id,
2703 auth_info=auth_info)
2705 rep = self.recv_pdu()
2706 # We get a fault back
2707 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2709 self.assertNotEquals(rep.u.alloc_hint, 0)
2710 self.assertEquals(rep.u.context_id, req.u.context_id)
2711 self.assertEquals(rep.u.cancel_count, 0)
2712 self.assertEquals(rep.u.flags, 0)
2713 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2714 self.assertEquals(rep.u.reserved, 0)
2715 self.assertEquals(len(rep.u.error_and_verifier), 0)
2717 # wait for a disconnect
2718 rep = self.recv_pdu()
2719 self.assertIsNone(rep)
2720 self.assertNotConnected()
2722 def test_spnego_integrity_request(self):
2723 ndr32 = base.transfer_syntax_ndr()
2726 ctx1 = dcerpc.ctx_list()
2728 ctx1.num_transfer_syntaxes = len(tsf1_list)
2729 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2730 ctx1.transfer_syntaxes = tsf1_list
2733 c = self.get_anon_creds()
2734 g = gensec.Security.start_client(self.settings)
2735 g.set_credentials(c)
2736 g.want_feature(gensec.FEATURE_DCE_STYLE)
2737 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2738 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
2740 g.start_mech_by_authtype(auth_type, auth_level)
2742 (finished, to_server) = g.update(from_server)
2743 self.assertFalse(finished)
2745 auth_info = self.generate_auth(auth_type=auth_type,
2746 auth_level=auth_level,
2747 auth_context_id=auth_context_id,
2748 auth_blob=to_server)
2750 req = self.generate_bind(call_id=0,
2752 auth_info=auth_info)
2755 rep = self.recv_pdu()
2756 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2757 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2758 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2759 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2760 self.assertEquals(rep.u.secondary_address_size, 4)
2761 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
2762 self.assertPadding(rep.u._pad1, 2)
2763 self.assertEquals(rep.u.num_results, 1)
2764 self.assertEquals(rep.u.ctx_list[0].result,
2765 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2766 self.assertEquals(rep.u.ctx_list[0].reason,
2767 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2768 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2769 self.assertNotEquals(len(rep.u.auth_info), 0)
2770 a = self.parse_auth(rep.u.auth_info)
2772 from_server = a.credentials
2773 (finished, to_server) = g.update(from_server)
2774 self.assertFalse(finished)
2776 auth_info = self.generate_auth(auth_type=auth_type,
2777 auth_level=auth_level,
2778 auth_context_id=auth_context_id,
2779 auth_blob=to_server)
2781 req = self.generate_alter(call_id=0,
2783 assoc_group_id=rep.u.assoc_group_id,
2784 auth_info=auth_info)
2787 rep = self.recv_pdu()
2788 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
2789 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2790 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2791 self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2792 self.assertEquals(rep.u.secondary_address_size, 0)
2793 self.assertPadding(rep.u._pad1, 2)
2794 self.assertEquals(rep.u.num_results, 1)
2795 self.assertEquals(rep.u.ctx_list[0].result,
2796 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2797 self.assertEquals(rep.u.ctx_list[0].reason,
2798 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2799 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2800 self.assertNotEquals(len(rep.u.auth_info), 0)
2801 a = self.parse_auth(rep.u.auth_info)
2803 from_server = a.credentials
2804 (finished, to_server) = g.update(from_server)
2805 self.assertTrue(finished)
2807 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
2808 auth_info = self.generate_auth(auth_type=auth_type,
2809 auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
2810 auth_context_id=auth_context_id,
2811 auth_blob=b"\x01" + b"\x00" * 15)
2812 req = self.generate_request(call_id=3,
2813 context_id=ctx1.context_id,
2816 auth_info=auth_info)
2818 rep = self.recv_pdu()
2819 # We get a fault back
2820 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2822 self.assertNotEquals(rep.u.alloc_hint, 0)
2823 self.assertEquals(rep.u.context_id, req.u.context_id)
2824 self.assertEquals(rep.u.cancel_count, 0)
2825 self.assertEquals(rep.u.flags, 0)
2826 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2827 self.assertEquals(rep.u.reserved, 0)
2828 self.assertEquals(len(rep.u.error_and_verifier), 0)
2830 # wait for a disconnect
2831 rep = self.recv_pdu()
2832 self.assertIsNone(rep)
2833 self.assertNotConnected()
2835 def test_spnego_unfinished_request(self):
2836 ndr32 = base.transfer_syntax_ndr()
2839 ctx1 = dcerpc.ctx_list()
2841 ctx1.num_transfer_syntaxes = len(tsf1_list)
2842 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2843 ctx1.transfer_syntaxes = tsf1_list
2846 c = self.get_anon_creds()
2847 g = gensec.Security.start_client(self.settings)
2848 g.set_credentials(c)
2849 g.want_feature(gensec.FEATURE_DCE_STYLE)
2850 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2851 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
2853 g.start_mech_by_authtype(auth_type, auth_level)
2855 (finished, to_server) = g.update(from_server)
2856 self.assertFalse(finished)
2858 auth_info = self.generate_auth(auth_type=auth_type,
2859 auth_level=auth_level,
2860 auth_context_id=auth_context_id,
2861 auth_blob=to_server)
2863 req = self.generate_bind(call_id=0,
2865 auth_info=auth_info)
2868 rep = self.recv_pdu()
2869 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2870 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2871 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2872 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2873 assoc_group_id = rep.u.assoc_group_id
2874 self.assertEquals(rep.u.secondary_address_size, 4)
2875 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
2876 self.assertPadding(rep.u._pad1, 2)
2877 self.assertEquals(rep.u.num_results, 1)
2878 self.assertEquals(rep.u.ctx_list[0].result,
2879 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2880 self.assertEquals(rep.u.ctx_list[0].reason,
2881 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2882 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2883 self.assertNotEquals(len(rep.u.auth_info), 0)
2884 a = self.parse_auth(rep.u.auth_info)
2886 from_server = a.credentials
2887 (finished, to_server) = g.update(from_server)
2888 self.assertFalse(finished)
2890 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
2891 auth_info = self.generate_auth(auth_type=auth_type,
2892 auth_level=auth_level,
2893 auth_context_id=auth_context_id,
2894 auth_blob=b"\x01" + b"\x00" * 15)
2895 req = self.generate_request(call_id=1,
2896 context_id=ctx1.context_id,
2899 auth_info=auth_info)
2901 rep = self.recv_pdu()
2903 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2904 pfc_flags=req.pfc_flags |
2905 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
2907 self.assertNotEquals(rep.u.alloc_hint, 0)
2908 self.assertEquals(rep.u.context_id, 0)
2909 self.assertEquals(rep.u.cancel_count, 0)
2910 self.assertEquals(rep.u.flags, 0)
2911 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2912 self.assertEquals(rep.u.reserved, 0)
2913 self.assertEquals(len(rep.u.error_and_verifier), 0)
2915 # wait for a disconnect
2916 rep = self.recv_pdu()
2917 self.assertIsNone(rep)
2918 self.assertNotConnected()
2920 def test_spnego_auth3(self):
2921 ndr32 = base.transfer_syntax_ndr()
2924 ctx1 = dcerpc.ctx_list()
2926 ctx1.num_transfer_syntaxes = len(tsf1_list)
2927 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2928 ctx1.transfer_syntaxes = tsf1_list
2931 c = self.get_anon_creds()
2932 g = gensec.Security.start_client(self.settings)
2933 g.set_credentials(c)
2934 g.want_feature(gensec.FEATURE_DCE_STYLE)
2935 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2936 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
2938 g.start_mech_by_authtype(auth_type, auth_level)
2940 (finished, to_server) = g.update(from_server)
2941 self.assertFalse(finished)
2943 auth_info = self.generate_auth(auth_type=auth_type,
2944 auth_level=auth_level,
2945 auth_context_id=auth_context_id,
2946 auth_blob=to_server)
2947 req = self.generate_bind(call_id=0,
2949 auth_info=auth_info)
2951 rep = self.recv_pdu()
2952 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2953 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2954 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2955 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2956 self.assertEquals(rep.u.secondary_address_size, 4)
2957 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
2958 self.assertPadding(rep.u._pad1, 2)
2959 self.assertEquals(rep.u.num_results, 1)
2960 self.assertEquals(rep.u.ctx_list[0].result,
2961 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2962 self.assertEquals(rep.u.ctx_list[0].reason,
2963 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2964 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2965 self.assertNotEquals(len(rep.u.auth_info), 0)
2966 a = self.parse_auth(rep.u.auth_info)
2968 from_server = a.credentials
2969 (finished, to_server) = g.update(from_server)
2970 self.assertFalse(finished)
2972 auth_info = self.generate_auth(auth_type=auth_type,
2973 auth_level=auth_level,
2974 auth_context_id=auth_context_id,
2975 auth_blob=to_server)
2976 req = self.generate_auth3(call_id=0,
2977 auth_info=auth_info)
2979 rep = self.recv_pdu(timeout=0.01)
2980 self.assertIsNone(rep)
2981 self.assertIsConnected()
2983 # And now try a request without auth_info
2984 req = self.generate_request(call_id=2,
2985 context_id=ctx1.context_id,
2989 rep = self.recv_pdu()
2990 # We get a fault back
2991 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2993 self.assertNotEquals(rep.u.alloc_hint, 0)
2994 self.assertEquals(rep.u.context_id, req.u.context_id)
2995 self.assertEquals(rep.u.cancel_count, 0)
2996 self.assertEquals(rep.u.flags, 0)
2997 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2998 self.assertEquals(rep.u.reserved, 0)
2999 self.assertEquals(len(rep.u.error_and_verifier), 0)
3001 # wait for a disconnect
3002 rep = self.recv_pdu()
3003 self.assertIsNone(rep)
3004 self.assertNotConnected()
3006 def test_spnego_connect_reauth_alter(self):
3007 ndr32 = base.transfer_syntax_ndr()
3008 ndr64 = base.transfer_syntax_ndr64()
3011 ctx1 = dcerpc.ctx_list()
3013 ctx1.num_transfer_syntaxes = len(tsf1_list)
3014 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3015 ctx1.transfer_syntaxes = tsf1_list
3018 c = self.get_anon_creds()
3019 g = gensec.Security.start_client(self.settings)
3020 g.set_credentials(c)
3021 g.want_feature(gensec.FEATURE_DCE_STYLE)
3022 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3023 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3025 g.start_mech_by_authtype(auth_type, auth_level)
3027 (finished, to_server) = g.update(from_server)
3028 self.assertFalse(finished)
3030 auth_info = self.generate_auth(auth_type=auth_type,
3031 auth_level=auth_level,
3032 auth_context_id=auth_context_id,
3033 auth_blob=to_server)
3035 req = self.generate_bind(call_id=0,
3037 auth_info=auth_info)
3040 rep = self.recv_pdu()
3041 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3042 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3043 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3044 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3045 self.assertEquals(rep.u.secondary_address_size, 4)
3046 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3047 self.assertPadding(rep.u._pad1, 2)
3048 self.assertEquals(rep.u.num_results, 1)
3049 self.assertEquals(rep.u.ctx_list[0].result,
3050 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3051 self.assertEquals(rep.u.ctx_list[0].reason,
3052 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3053 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3054 self.assertNotEquals(len(rep.u.auth_info), 0)
3055 a = self.parse_auth(rep.u.auth_info)
3057 from_server = a.credentials
3058 (finished, to_server) = g.update(from_server)
3059 self.assertFalse(finished)
3061 auth_info = self.generate_auth(auth_type=auth_type,
3062 auth_level=auth_level,
3063 auth_context_id=auth_context_id,
3064 auth_blob=to_server)
3065 req = self.generate_alter(call_id=0,
3067 assoc_group_id=rep.u.assoc_group_id,
3068 auth_info=auth_info)
3070 rep = self.recv_pdu()
3071 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
3072 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3073 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3074 self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3075 self.assertEquals(rep.u.secondary_address_size, 0)
3076 self.assertPadding(rep.u._pad1, 2)
3077 self.assertEquals(rep.u.num_results, 1)
3078 self.assertEquals(rep.u.ctx_list[0].result,
3079 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3080 self.assertEquals(rep.u.ctx_list[0].reason,
3081 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3082 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3083 self.assertNotEquals(len(rep.u.auth_info), 0)
3084 a = self.parse_auth(rep.u.auth_info)
3086 from_server = a.credentials
3087 (finished, to_server) = g.update(from_server)
3088 self.assertTrue(finished)
3090 # And now try a request without auth_info
3091 req = self.generate_request(call_id=2,
3092 context_id=ctx1.context_id,
3096 rep = self.recv_pdu()
3097 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3099 self.assertNotEquals(rep.u.alloc_hint, 0)
3100 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
3101 self.assertEquals(rep.u.cancel_count, 0)
3102 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3104 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
3105 auth_info = self.generate_auth(auth_type=auth_type,
3106 auth_level=auth_level,
3107 auth_context_id=auth_context_id,
3108 auth_blob=b"\x01" + b"\x00" * 15)
3109 req = self.generate_request(call_id=3,
3110 context_id=ctx1.context_id,
3113 auth_info=auth_info)
3115 rep = self.recv_pdu()
3116 # We don't get an auth_info back
3117 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3119 self.assertNotEquals(rep.u.alloc_hint, 0)
3120 self.assertEquals(rep.u.context_id, req.u.context_id)
3121 self.assertEquals(rep.u.cancel_count, 0)
3122 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3126 g = gensec.Security.start_client(self.settings)
3127 g.set_credentials(c)
3128 g.want_feature(gensec.FEATURE_DCE_STYLE)
3129 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3130 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3132 g.start_mech_by_authtype(auth_type, auth_level)
3134 (finished, to_server) = g.update(from_server)
3135 self.assertFalse(finished)
3137 auth_info = self.generate_auth(auth_type=auth_type,
3138 auth_level=auth_level,
3139 auth_context_id=auth_context_id,
3140 auth_blob=to_server)
3141 req = self.generate_alter(call_id=0,
3143 auth_info=auth_info)
3145 rep = self.recv_pdu()
3147 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3148 pfc_flags=req.pfc_flags |
3149 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3151 self.assertNotEquals(rep.u.alloc_hint, 0)
3152 self.assertEquals(rep.u.context_id, 0)
3153 self.assertEquals(rep.u.cancel_count, 0)
3154 self.assertEquals(rep.u.flags, 0)
3155 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
3156 self.assertEquals(rep.u.reserved, 0)
3157 self.assertEquals(len(rep.u.error_and_verifier), 0)
3159 # wait for a disconnect
3160 rep = self.recv_pdu()
3161 self.assertIsNone(rep)
3162 self.assertNotConnected()
3164 def test_spnego_connect_reauth_auth3(self):
3165 ndr32 = base.transfer_syntax_ndr()
3166 ndr64 = base.transfer_syntax_ndr64()
3169 ctx1 = dcerpc.ctx_list()
3171 ctx1.num_transfer_syntaxes = len(tsf1_list)
3172 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3173 ctx1.transfer_syntaxes = tsf1_list
3176 c = self.get_anon_creds()
3177 g = gensec.Security.start_client(self.settings)
3178 g.set_credentials(c)
3179 g.want_feature(gensec.FEATURE_DCE_STYLE)
3180 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3181 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3183 g.start_mech_by_authtype(auth_type, auth_level)
3185 (finished, to_server) = g.update(from_server)
3186 self.assertFalse(finished)
3188 auth_info = self.generate_auth(auth_type=auth_type,
3189 auth_level=auth_level,
3190 auth_context_id=auth_context_id,
3191 auth_blob=to_server)
3193 req = self.generate_bind(call_id=0,
3195 auth_info=auth_info)
3198 rep = self.recv_pdu()
3199 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3200 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3201 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3202 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3203 self.assertEquals(rep.u.secondary_address_size, 4)
3204 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3205 self.assertPadding(rep.u._pad1, 2)
3206 self.assertEquals(rep.u.num_results, 1)
3207 self.assertEquals(rep.u.ctx_list[0].result,
3208 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3209 self.assertEquals(rep.u.ctx_list[0].reason,
3210 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3211 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3212 self.assertNotEquals(len(rep.u.auth_info), 0)
3213 a = self.parse_auth(rep.u.auth_info)
3215 from_server = a.credentials
3216 (finished, to_server) = g.update(from_server)
3217 self.assertFalse(finished)
3219 auth_info = self.generate_auth(auth_type=auth_type,
3220 auth_level=auth_level,
3221 auth_context_id=auth_context_id,
3222 auth_blob=to_server)
3223 req = self.generate_alter(call_id=0,
3225 assoc_group_id=rep.u.assoc_group_id,
3226 auth_info=auth_info)
3228 rep = self.recv_pdu()
3229 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
3230 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3231 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3232 self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3233 self.assertEquals(rep.u.secondary_address_size, 0)
3234 self.assertPadding(rep.u._pad1, 2)
3235 self.assertEquals(rep.u.num_results, 1)
3236 self.assertEquals(rep.u.ctx_list[0].result,
3237 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3238 self.assertEquals(rep.u.ctx_list[0].reason,
3239 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3240 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3241 self.assertNotEquals(len(rep.u.auth_info), 0)
3242 a = self.parse_auth(rep.u.auth_info)
3244 from_server = a.credentials
3245 (finished, to_server) = g.update(from_server)
3246 self.assertTrue(finished)
3248 # And now try a request without auth_info
3249 req = self.generate_request(call_id=2,
3250 context_id=ctx1.context_id,
3254 rep = self.recv_pdu()
3255 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3257 self.assertNotEquals(rep.u.alloc_hint, 0)
3258 self.assertEquals(rep.u.context_id, req.u.context_id)
3259 self.assertEquals(rep.u.cancel_count, 0)
3260 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3262 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
3263 auth_info = self.generate_auth(auth_type=auth_type,
3264 auth_level=auth_level,
3265 auth_context_id=auth_context_id,
3266 auth_blob=b"\x01" + b"\x00" * 15)
3267 req = self.generate_request(call_id=3,
3268 context_id=ctx1.context_id,
3271 auth_info=auth_info)
3273 rep = self.recv_pdu()
3274 # We don't get an auth_info back
3275 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3277 self.assertNotEquals(rep.u.alloc_hint, 0)
3278 self.assertEquals(rep.u.context_id, req.u.context_id)
3279 self.assertEquals(rep.u.cancel_count, 0)
3280 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3284 g = gensec.Security.start_client(self.settings)
3285 g.set_credentials(c)
3286 g.want_feature(gensec.FEATURE_DCE_STYLE)
3287 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3288 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3290 g.start_mech_by_authtype(auth_type, auth_level)
3292 (finished, to_server) = g.update(from_server)
3293 self.assertFalse(finished)
3295 auth_info = self.generate_auth(auth_type=auth_type,
3296 auth_level=auth_level,
3297 auth_context_id=auth_context_id,
3298 auth_blob=to_server)
3299 req = self.generate_auth3(call_id=0,
3300 auth_info=auth_info)
3302 rep = self.recv_pdu()
3304 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3305 pfc_flags=req.pfc_flags |
3306 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3308 self.assertNotEquals(rep.u.alloc_hint, 0)
3309 self.assertEquals(rep.u.context_id, 0)
3310 self.assertEquals(rep.u.cancel_count, 0)
3311 self.assertEquals(rep.u.flags, 0)
3312 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
3313 self.assertEquals(rep.u.reserved, 0)
3314 self.assertEquals(len(rep.u.error_and_verifier), 0)
3316 # wait for a disconnect
3317 rep = self.recv_pdu()
3318 self.assertIsNone(rep)
3319 self.assertNotConnected()
3321 def test_spnego_change_auth_level(self):
3322 ndr32 = base.transfer_syntax_ndr()
3325 ctx1 = dcerpc.ctx_list()
3327 ctx1.num_transfer_syntaxes = len(tsf1_list)
3328 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3329 ctx1.transfer_syntaxes = tsf1_list
3331 c = self.get_anon_creds()
3332 g = gensec.Security.start_client(self.settings)
3333 g.set_credentials(c)
3334 g.want_feature(gensec.FEATURE_DCE_STYLE)
3335 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3336 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3338 g.start_mech_by_authtype(auth_type, auth_level)
3340 (finished, to_server) = g.update(from_server)
3341 self.assertFalse(finished)
3343 auth_info = self.generate_auth(auth_type=auth_type,
3344 auth_level=auth_level,
3345 auth_context_id=auth_context_id,
3346 auth_blob=to_server)
3347 req = self.generate_bind(call_id=0,
3349 auth_info=auth_info)
3351 rep = self.recv_pdu()
3352 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3353 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3354 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3355 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3356 self.assertEquals(rep.u.secondary_address_size, 4)
3357 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3358 self.assertPadding(rep.u._pad1, 2)
3359 self.assertEquals(rep.u.num_results, 1)
3360 self.assertEquals(rep.u.ctx_list[0].result,
3361 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3362 self.assertEquals(rep.u.ctx_list[0].reason,
3363 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3364 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3365 self.assertNotEquals(len(rep.u.auth_info), 0)
3366 a = self.parse_auth(rep.u.auth_info)
3368 from_server = a.credentials
3369 (finished, to_server) = g.update(from_server)
3370 self.assertFalse(finished)
3372 auth_info = self.generate_auth(auth_type=auth_type,
3373 auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
3374 auth_context_id=auth_context_id,
3375 auth_blob=to_server)
3376 req = self.generate_alter(call_id=0,
3378 assoc_group_id=rep.u.assoc_group_id,
3379 auth_info=auth_info)
3381 rep = self.recv_pdu()
3382 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3383 pfc_flags=req.pfc_flags |
3384 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3386 self.assertNotEquals(rep.u.alloc_hint, 0)
3387 self.assertEquals(rep.u.context_id, 0)
3388 self.assertEquals(rep.u.cancel_count, 0)
3389 self.assertEquals(rep.u.flags, 0)
3390 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
3391 self.assertEquals(rep.u.reserved, 0)
3392 self.assertEquals(len(rep.u.error_and_verifier), 0)
3394 # wait for a disconnect
3395 rep = self.recv_pdu()
3396 self.assertIsNone(rep)
3397 self.assertNotConnected()
3399 def test_spnego_change_abstract(self):
3400 ndr32 = base.transfer_syntax_ndr()
3403 ctx1 = dcerpc.ctx_list()
3405 ctx1.num_transfer_syntaxes = len(tsf1_list)
3406 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3407 ctx1.transfer_syntaxes = tsf1_list
3409 ctx1b = dcerpc.ctx_list()
3410 ctx1b.context_id = 1
3411 ctx1b.num_transfer_syntaxes = len(tsf1_list)
3412 ctx1b.abstract_syntax = samba.dcerpc.epmapper.abstract_syntax()
3413 ctx1b.transfer_syntaxes = tsf1_list
3415 c = self.get_anon_creds()
3416 g = gensec.Security.start_client(self.settings)
3417 g.set_credentials(c)
3418 g.want_feature(gensec.FEATURE_DCE_STYLE)
3419 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3420 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3422 g.start_mech_by_authtype(auth_type, auth_level)
3424 (finished, to_server) = g.update(from_server)
3425 self.assertFalse(finished)
3427 auth_info = self.generate_auth(auth_type=auth_type,
3428 auth_level=auth_level,
3429 auth_context_id=auth_context_id,
3430 auth_blob=to_server)
3431 req = self.generate_bind(call_id=0,
3433 auth_info=auth_info)
3435 rep = self.recv_pdu()
3436 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3437 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3438 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3439 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3440 self.assertEquals(rep.u.secondary_address_size, 4)
3441 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3442 self.assertPadding(rep.u._pad1, 2)
3443 self.assertEquals(rep.u.num_results, 1)
3444 self.assertEquals(rep.u.ctx_list[0].result,
3445 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3446 self.assertEquals(rep.u.ctx_list[0].reason,
3447 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3448 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3449 self.assertNotEquals(len(rep.u.auth_info), 0)
3450 a = self.parse_auth(rep.u.auth_info)
3452 from_server = a.credentials
3453 (finished, to_server) = g.update(from_server)
3454 self.assertFalse(finished)
3456 auth_info = self.generate_auth(auth_type=auth_type,
3457 auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
3458 auth_context_id=auth_context_id,
3459 auth_blob=to_server)
3460 req = self.generate_alter(call_id=0,
3462 assoc_group_id=rep.u.assoc_group_id,
3463 auth_info=auth_info)
3465 rep = self.recv_pdu()
3466 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3467 pfc_flags=req.pfc_flags |
3468 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3470 self.assertNotEquals(rep.u.alloc_hint, 0)
3471 self.assertEquals(rep.u.context_id, 0)
3472 self.assertEquals(rep.u.cancel_count, 0)
3473 self.assertEquals(rep.u.flags, 0)
3474 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
3475 self.assertEquals(rep.u.reserved, 0)
3476 self.assertEquals(len(rep.u.error_and_verifier), 0)
3478 # wait for a disconnect
3479 rep = self.recv_pdu()
3480 self.assertIsNone(rep)
3481 self.assertNotConnected()
3483 def test_spnego_change_transfer(self):
3484 ndr32 = base.transfer_syntax_ndr()
3485 ndr64 = base.transfer_syntax_ndr64()
3488 ctx1 = dcerpc.ctx_list()
3490 ctx1.num_transfer_syntaxes = len(tsf1_list)
3491 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3492 ctx1.transfer_syntaxes = tsf1_list
3494 tsf1b_list = [ndr32, ndr64]
3495 ctx1b = dcerpc.ctx_list()
3496 ctx1b.context_id = 1
3497 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
3498 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3499 ctx1b.transfer_syntaxes = tsf1b_list
3501 c = self.get_anon_creds()
3502 g = gensec.Security.start_client(self.settings)
3503 g.set_credentials(c)
3504 g.want_feature(gensec.FEATURE_DCE_STYLE)
3505 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3506 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3508 g.start_mech_by_authtype(auth_type, auth_level)
3510 (finished, to_server) = g.update(from_server)
3511 self.assertFalse(finished)
3513 auth_info = self.generate_auth(auth_type=auth_type,
3514 auth_level=auth_level,
3515 auth_context_id=auth_context_id,
3516 auth_blob=to_server)
3517 req = self.generate_bind(call_id=0,
3519 auth_info=auth_info)
3521 rep = self.recv_pdu()
3522 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3523 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3524 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3525 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3526 self.assertEquals(rep.u.secondary_address_size, 4)
3527 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3528 self.assertPadding(rep.u._pad1, 2)
3529 self.assertEquals(rep.u.num_results, 1)
3530 self.assertEquals(rep.u.ctx_list[0].result,
3531 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3532 self.assertEquals(rep.u.ctx_list[0].reason,
3533 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3534 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3535 self.assertNotEquals(len(rep.u.auth_info), 0)
3536 a = self.parse_auth(rep.u.auth_info)
3538 from_server = a.credentials
3539 (finished, to_server) = g.update(from_server)
3540 self.assertFalse(finished)
3542 # We change ctx_list and auth_level
3543 auth_info = self.generate_auth(auth_type=auth_type,
3544 auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
3545 auth_context_id=auth_context_id,
3546 auth_blob=to_server)
3547 req = self.generate_alter(call_id=0,
3549 assoc_group_id=rep.u.assoc_group_id,
3550 auth_info=auth_info)
3552 rep = self.recv_pdu()
3553 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3554 pfc_flags=req.pfc_flags |
3555 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3557 self.assertNotEquals(rep.u.alloc_hint, 0)
3558 self.assertEquals(rep.u.context_id, 0)
3559 self.assertEquals(rep.u.cancel_count, 0)
3560 self.assertEquals(rep.u.flags, 0)
3561 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
3562 self.assertEquals(rep.u.reserved, 0)
3563 self.assertEquals(len(rep.u.error_and_verifier), 0)
3565 # wait for a disconnect
3566 rep = self.recv_pdu()
3567 self.assertIsNone(rep)
3568 self.assertNotConnected()
3570 def test_spnego_change_auth_type1(self):
3571 ndr32 = base.transfer_syntax_ndr()
3572 ndr64 = base.transfer_syntax_ndr64()
3575 ctx1 = dcerpc.ctx_list()
3577 ctx1.num_transfer_syntaxes = len(tsf1_list)
3578 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3579 ctx1.transfer_syntaxes = tsf1_list
3581 c = self.get_anon_creds()
3582 g = gensec.Security.start_client(self.settings)
3583 g.set_credentials(c)
3584 g.want_feature(gensec.FEATURE_DCE_STYLE)
3585 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3586 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3588 g.start_mech_by_authtype(auth_type, auth_level)
3590 (finished, to_server) = g.update(from_server)
3591 self.assertFalse(finished)
3593 auth_info = self.generate_auth(auth_type=auth_type,
3594 auth_level=auth_level,
3595 auth_context_id=auth_context_id,
3596 auth_blob=to_server)
3597 req = self.generate_bind(call_id=0,
3599 auth_info=auth_info)
3601 rep = self.recv_pdu()
3602 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3603 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3604 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3605 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3606 self.assertEquals(rep.u.secondary_address_size, 4)
3607 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3608 self.assertPadding(rep.u._pad1, 2)
3609 self.assertEquals(rep.u.num_results, 1)
3610 self.assertEquals(rep.u.ctx_list[0].result,
3611 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3612 self.assertEquals(rep.u.ctx_list[0].reason,
3613 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3614 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3615 self.assertNotEquals(len(rep.u.auth_info), 0)
3616 a = self.parse_auth(rep.u.auth_info)
3618 from_server = a.credentials
3619 (finished, to_server) = g.update(from_server)
3620 self.assertFalse(finished)
3622 # We change ctx_list and auth_level
3623 auth_info = self.generate_auth(auth_type=dcerpc.DCERPC_AUTH_TYPE_KRB5,
3624 auth_level=auth_level,
3625 auth_context_id=auth_context_id,
3626 auth_blob=to_server)
3627 req = self.generate_alter(call_id=0,
3629 assoc_group_id=rep.u.assoc_group_id,
3630 auth_info=auth_info)
3632 rep = self.recv_pdu()
3633 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3634 pfc_flags=req.pfc_flags |
3635 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3637 self.assertNotEquals(rep.u.alloc_hint, 0)
3638 self.assertEquals(rep.u.context_id, 0)
3639 self.assertEquals(rep.u.cancel_count, 0)
3640 self.assertEquals(rep.u.flags, 0)
3641 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
3642 self.assertEquals(rep.u.reserved, 0)
3643 self.assertEquals(len(rep.u.error_and_verifier), 0)
3645 # wait for a disconnect
3646 rep = self.recv_pdu()
3647 self.assertIsNone(rep)
3648 self.assertNotConnected()
3650 def test_spnego_change_auth_type2(self):
3651 ndr32 = base.transfer_syntax_ndr()
3652 ndr64 = base.transfer_syntax_ndr64()
3655 ctx1 = dcerpc.ctx_list()
3657 ctx1.num_transfer_syntaxes = len(tsf1_list)
3658 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3659 ctx1.transfer_syntaxes = tsf1_list
3661 tsf1b_list = [ndr32, ndr64]
3662 ctx1b = dcerpc.ctx_list()
3663 ctx1b.context_id = 1
3664 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
3665 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3666 ctx1b.transfer_syntaxes = tsf1b_list
3668 c = self.get_anon_creds()
3669 g = gensec.Security.start_client(self.settings)
3670 g.set_credentials(c)
3671 g.want_feature(gensec.FEATURE_DCE_STYLE)
3672 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3673 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3675 g.start_mech_by_authtype(auth_type, auth_level)
3677 (finished, to_server) = g.update(from_server)
3678 self.assertFalse(finished)
3680 auth_info = self.generate_auth(auth_type=auth_type,
3681 auth_level=auth_level,
3682 auth_context_id=auth_context_id,
3683 auth_blob=to_server)
3684 req = self.generate_bind(call_id=0,
3686 auth_info=auth_info)
3688 rep = self.recv_pdu()
3689 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3690 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3691 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3692 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3693 self.assertEquals(rep.u.secondary_address_size, 4)
3694 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3695 self.assertPadding(rep.u._pad1, 2)
3696 self.assertEquals(rep.u.num_results, 1)
3697 self.assertEquals(rep.u.ctx_list[0].result,
3698 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3699 self.assertEquals(rep.u.ctx_list[0].reason,
3700 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3701 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3702 self.assertNotEquals(len(rep.u.auth_info), 0)
3703 a = self.parse_auth(rep.u.auth_info)
3705 from_server = a.credentials
3706 (finished, to_server) = g.update(from_server)
3707 self.assertFalse(finished)
3709 # We change ctx_list and auth_level
3710 auth_info = self.generate_auth(auth_type=dcerpc.DCERPC_AUTH_TYPE_KRB5,
3711 auth_level=auth_level,
3712 auth_context_id=auth_context_id,
3713 auth_blob=to_server)
3714 req = self.generate_alter(call_id=0,
3716 assoc_group_id=rep.u.assoc_group_id,
3717 auth_info=auth_info)
3719 rep = self.recv_pdu()
3720 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3721 pfc_flags=req.pfc_flags |
3722 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3724 self.assertNotEquals(rep.u.alloc_hint, 0)
3725 self.assertEquals(rep.u.context_id, 0)
3726 self.assertEquals(rep.u.cancel_count, 0)
3727 self.assertEquals(rep.u.flags, 0)
3728 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
3729 self.assertEquals(rep.u.reserved, 0)
3730 self.assertEquals(len(rep.u.error_and_verifier), 0)
3732 # wait for a disconnect
3733 rep = self.recv_pdu()
3734 self.assertIsNone(rep)
3735 self.assertNotConnected()
3737 def test_spnego_change_auth_type3(self):
3738 ndr32 = base.transfer_syntax_ndr()
3739 ndr64 = base.transfer_syntax_ndr64()
3742 ctx1 = dcerpc.ctx_list()
3744 ctx1.num_transfer_syntaxes = len(tsf1_list)
3745 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3746 ctx1.transfer_syntaxes = tsf1_list
3748 tsf1b_list = [ndr32, ndr64]
3749 ctx1b = dcerpc.ctx_list()
3750 ctx1b.context_id = 1
3751 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
3752 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3753 ctx1b.transfer_syntaxes = tsf1b_list
3755 c = self.get_anon_creds()
3756 g = gensec.Security.start_client(self.settings)
3757 g.set_credentials(c)
3758 g.want_feature(gensec.FEATURE_DCE_STYLE)
3759 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3760 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3762 g.start_mech_by_authtype(auth_type, auth_level)
3764 (finished, to_server) = g.update(from_server)
3765 self.assertFalse(finished)
3767 auth_info = self.generate_auth(auth_type=auth_type,
3768 auth_level=auth_level,
3769 auth_context_id=auth_context_id,
3770 auth_blob=to_server)
3771 req = self.generate_bind(call_id=0,
3773 auth_info=auth_info)
3775 rep = self.recv_pdu()
3776 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3777 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3778 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3779 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3780 self.assertEquals(rep.u.secondary_address_size, 4)
3781 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3782 self.assertPadding(rep.u._pad1, 2)
3783 self.assertEquals(rep.u.num_results, 1)
3784 self.assertEquals(rep.u.ctx_list[0].result,
3785 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3786 self.assertEquals(rep.u.ctx_list[0].reason,
3787 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3788 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3789 self.assertNotEquals(len(rep.u.auth_info), 0)
3790 a = self.parse_auth(rep.u.auth_info)
3792 from_server = a.credentials
3793 (finished, to_server) = g.update(from_server)
3794 self.assertFalse(finished)
3796 # We change ctx_list and auth_level
3797 auth_info = self.generate_auth(auth_type=dcerpc.DCERPC_AUTH_TYPE_NONE,
3798 auth_level=auth_level,
3799 auth_context_id=auth_context_id,
3800 auth_blob=to_server)
3801 req = self.generate_alter(call_id=0,
3803 assoc_group_id=rep.u.assoc_group_id,
3804 auth_info=auth_info)
3806 rep = self.recv_pdu()
3807 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3808 pfc_flags=req.pfc_flags |
3809 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3811 self.assertNotEquals(rep.u.alloc_hint, 0)
3812 self.assertEquals(rep.u.context_id, 0)
3813 self.assertEquals(rep.u.cancel_count, 0)
3814 self.assertEquals(rep.u.flags, 0)
3815 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
3816 self.assertEquals(rep.u.reserved, 0)
3817 self.assertEquals(len(rep.u.error_and_verifier), 0)
3819 # wait for a disconnect
3820 rep = self.recv_pdu()
3821 self.assertIsNone(rep)
3822 self.assertNotConnected()
3824 def test_spnego_auth_pad_ok(self):
3825 ndr32 = base.transfer_syntax_ndr()
3828 ctx1 = dcerpc.ctx_list()
3830 ctx1.num_transfer_syntaxes = len(tsf1_list)
3831 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3832 ctx1.transfer_syntaxes = tsf1_list
3835 c = self.get_anon_creds()
3836 g = gensec.Security.start_client(self.settings)
3837 g.set_credentials(c)
3838 g.want_feature(gensec.FEATURE_DCE_STYLE)
3839 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3840 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3842 g.start_mech_by_authtype(auth_type, auth_level)
3844 (finished, to_server) = g.update(from_server)
3845 self.assertFalse(finished)
3847 auth_info = self.generate_auth(auth_type=auth_type,
3848 auth_level=auth_level,
3849 auth_context_id=auth_context_id,
3850 auth_blob=to_server)
3852 req = self.generate_bind(call_id=0,
3854 auth_info=auth_info)
3855 req_pdu = samba.ndr.ndr_pack(req)
3857 auth_pad_ok = len(req_pdu)
3858 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
3859 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
3860 auth_pad_ok -= len(to_server)
3862 auth_info = self.generate_auth(auth_type=auth_type,
3863 auth_level=auth_level,
3864 auth_context_id=auth_context_id,
3865 auth_pad_length=auth_pad_ok,
3866 auth_blob=to_server)
3868 req = self.generate_bind(call_id=0,
3870 auth_info=auth_info)
3872 rep = self.recv_pdu()
3873 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3874 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3875 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3876 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3877 self.assertEquals(rep.u.secondary_address_size, 4)
3878 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3879 self.assertPadding(rep.u._pad1, 2)
3880 self.assertEquals(rep.u.num_results, 1)
3881 self.assertEquals(rep.u.ctx_list[0].result,
3882 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3883 self.assertEquals(rep.u.ctx_list[0].reason,
3884 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3885 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3886 self.assertNotEquals(len(rep.u.auth_info), 0)
3887 a = self.parse_auth(rep.u.auth_info)
3889 from_server = a.credentials
3890 (finished, to_server) = g.update(from_server)
3891 self.assertFalse(finished)
3893 auth_info = self.generate_auth(auth_type=auth_type,
3894 auth_level=auth_level,
3895 auth_context_id=auth_context_id,
3896 auth_blob=to_server)
3897 req = self.generate_alter(call_id=0,
3899 assoc_group_id=rep.u.assoc_group_id,
3900 auth_info=auth_info)
3901 req_pdu = samba.ndr.ndr_pack(req)
3903 auth_pad_ok = len(req_pdu)
3904 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
3905 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
3906 auth_pad_ok -= len(to_server)
3907 auth_info = self.generate_auth(auth_type=auth_type,
3908 auth_level=auth_level,
3909 auth_context_id=auth_context_id,
3910 auth_pad_length=auth_pad_ok,
3911 auth_blob=to_server)
3912 req = self.generate_alter(call_id=0,
3914 assoc_group_id=rep.u.assoc_group_id,
3915 auth_info=auth_info)
3917 rep = self.recv_pdu()
3918 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
3919 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3920 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3921 self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3922 self.assertEquals(rep.u.secondary_address_size, 0)
3923 self.assertPadding(rep.u._pad1, 2)
3924 self.assertEquals(rep.u.num_results, 1)
3925 self.assertEquals(rep.u.ctx_list[0].result,
3926 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3927 self.assertEquals(rep.u.ctx_list[0].reason,
3928 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3929 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3930 self.assertNotEquals(len(rep.u.auth_info), 0)
3931 a = self.parse_auth(rep.u.auth_info)
3933 from_server = a.credentials
3934 (finished, to_server) = g.update(from_server)
3935 self.assertTrue(finished)
3937 # And now try a request without auth_info
3938 req = self.generate_request(call_id=2,
3939 context_id=ctx1.context_id,
3943 rep = self.recv_pdu()
3944 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3946 self.assertNotEquals(rep.u.alloc_hint, 0)
3947 self.assertEquals(rep.u.context_id, req.u.context_id)
3948 self.assertEquals(rep.u.cancel_count, 0)
3949 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3951 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
3952 auth_info = self.generate_auth(auth_type=auth_type,
3953 auth_level=auth_level,
3954 auth_context_id=auth_context_id,
3955 auth_blob=b"\x01" + b"\x00" * 15)
3956 req = self.generate_request(call_id=3,
3957 context_id=ctx1.context_id,
3960 auth_info=auth_info)
3962 rep = self.recv_pdu()
3963 # We don't get an auth_info back
3964 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3966 self.assertNotEquals(rep.u.alloc_hint, 0)
3967 self.assertEquals(rep.u.context_id, req.u.context_id)
3968 self.assertEquals(rep.u.cancel_count, 0)
3969 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3971 self._disconnect("disconnect")
3972 self.assertNotConnected()
3974 def test_spnego_auth_pad_fail_bind(self):
3975 ndr32 = base.transfer_syntax_ndr()
3978 ctx1 = dcerpc.ctx_list()
3980 ctx1.num_transfer_syntaxes = len(tsf1_list)
3981 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3982 ctx1.transfer_syntaxes = tsf1_list
3985 c = self.get_anon_creds()
3986 g = gensec.Security.start_client(self.settings)
3987 g.set_credentials(c)
3988 g.want_feature(gensec.FEATURE_DCE_STYLE)
3989 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3990 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3992 g.start_mech_by_authtype(auth_type, auth_level)
3994 (finished, to_server) = g.update(from_server)
3995 self.assertFalse(finished)
3997 auth_info = self.generate_auth(auth_type=auth_type,
3998 auth_level=auth_level,
3999 auth_context_id=auth_context_id,
4000 auth_blob=to_server)
4002 req = self.generate_bind(call_id=0,
4004 auth_info=auth_info)
4005 req_pdu = samba.ndr.ndr_pack(req)
4007 auth_pad_ok = len(req_pdu)
4008 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
4009 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4010 auth_pad_ok -= len(to_server)
4011 auth_pad_bad = auth_pad_ok + 1
4012 auth_info = self.generate_auth(auth_type=auth_type,
4013 auth_level=auth_level,
4014 auth_context_id=auth_context_id,
4015 auth_pad_length=auth_pad_bad,
4016 auth_blob=to_server)
4018 req = self.generate_bind(call_id=0,
4020 auth_info=auth_info)
4022 rep = self.recv_pdu()
4023 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
4025 self.assertEquals(rep.u.reject_reason,
4026 dcerpc.DCERPC_BIND_NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED)
4027 self.assertEquals(rep.u.num_versions, 1)
4028 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
4029 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
4030 self.assertEquals(len(rep.u._pad), 3)
4031 self.assertEquals(rep.u._pad, b'\0' * 3)
4033 # wait for a disconnect
4034 rep = self.recv_pdu()
4035 self.assertIsNone(rep)
4036 self.assertNotConnected()
4038 def test_spnego_auth_pad_fail_alter(self):
4039 ndr32 = base.transfer_syntax_ndr()
4042 ctx1 = dcerpc.ctx_list()
4044 ctx1.num_transfer_syntaxes = len(tsf1_list)
4045 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4046 ctx1.transfer_syntaxes = tsf1_list
4049 c = self.get_anon_creds()
4050 g = gensec.Security.start_client(self.settings)
4051 g.set_credentials(c)
4052 g.want_feature(gensec.FEATURE_DCE_STYLE)
4053 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
4054 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
4056 g.start_mech_by_authtype(auth_type, auth_level)
4058 (finished, to_server) = g.update(from_server)
4059 self.assertFalse(finished)
4061 auth_info = self.generate_auth(auth_type=auth_type,
4062 auth_level=auth_level,
4063 auth_context_id=auth_context_id,
4064 auth_blob=to_server)
4066 req = self.generate_bind(call_id=0,
4068 auth_info=auth_info)
4069 req_pdu = samba.ndr.ndr_pack(req)
4071 auth_pad_ok = len(req_pdu)
4072 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
4073 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4074 auth_pad_ok -= len(to_server)
4076 auth_info = self.generate_auth(auth_type=auth_type,
4077 auth_level=auth_level,
4078 auth_context_id=auth_context_id,
4079 auth_pad_length=auth_pad_ok,
4080 auth_blob=to_server)
4082 req = self.generate_bind(call_id=0,
4084 auth_info=auth_info)
4086 rep = self.recv_pdu()
4087 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
4088 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
4089 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
4090 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
4091 self.assertEquals(rep.u.secondary_address_size, 4)
4092 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
4093 self.assertPadding(rep.u._pad1, 2)
4094 self.assertEquals(rep.u.num_results, 1)
4095 self.assertEquals(rep.u.ctx_list[0].result,
4096 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
4097 self.assertEquals(rep.u.ctx_list[0].reason,
4098 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
4099 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
4100 self.assertNotEquals(len(rep.u.auth_info), 0)
4101 a = self.parse_auth(rep.u.auth_info)
4103 from_server = a.credentials
4104 (finished, to_server) = g.update(from_server)
4105 self.assertFalse(finished)
4107 auth_info = self.generate_auth(auth_type=auth_type,
4108 auth_level=auth_level,
4109 auth_context_id=auth_context_id,
4110 auth_blob=to_server)
4111 req = self.generate_alter(call_id=0,
4113 assoc_group_id=rep.u.assoc_group_id,
4114 auth_info=auth_info)
4115 req_pdu = samba.ndr.ndr_pack(req)
4117 auth_pad_ok = len(req_pdu)
4118 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
4119 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4120 auth_pad_ok -= len(to_server)
4121 auth_pad_bad = auth_pad_ok + 1
4122 auth_info = self.generate_auth(auth_type=auth_type,
4123 auth_level=auth_level,
4124 auth_context_id=auth_context_id,
4125 auth_pad_length=auth_pad_bad,
4126 auth_blob=to_server)
4127 req = self.generate_alter(call_id=0,
4129 assoc_group_id=rep.u.assoc_group_id,
4130 auth_info=auth_info)
4132 rep = self.recv_pdu()
4133 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
4134 pfc_flags=req.pfc_flags |
4135 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
4137 self.assertNotEquals(rep.u.alloc_hint, 0)
4138 self.assertEquals(rep.u.context_id, 0)
4139 self.assertEquals(rep.u.cancel_count, 0)
4140 self.assertEquals(rep.u.flags, 0)
4141 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
4142 self.assertEquals(rep.u.reserved, 0)
4143 self.assertEquals(len(rep.u.error_and_verifier), 0)
4145 # wait for a disconnect
4146 rep = self.recv_pdu()
4147 self.assertIsNone(rep)
4148 self.assertNotConnected()
4150 def test_ntlmssp_auth_pad_ok(self):
4151 ndr32 = base.transfer_syntax_ndr()
4154 ctx1 = dcerpc.ctx_list()
4156 ctx1.num_transfer_syntaxes = len(tsf1_list)
4157 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4158 ctx1.transfer_syntaxes = tsf1_list
4161 c = self.get_anon_creds()
4162 g = gensec.Security.start_client(self.settings)
4163 g.set_credentials(c)
4164 g.want_feature(gensec.FEATURE_DCE_STYLE)
4165 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
4166 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
4168 g.start_mech_by_authtype(auth_type, auth_level)
4170 (finished, to_server) = g.update(from_server)
4171 self.assertFalse(finished)
4173 auth_info = self.generate_auth(auth_type=auth_type,
4174 auth_level=auth_level,
4175 auth_context_id=auth_context_id,
4176 auth_blob=to_server)
4178 req = self.generate_bind(call_id=0,
4180 auth_info=auth_info)
4181 req_pdu = samba.ndr.ndr_pack(req)
4183 auth_pad_ok = len(req_pdu)
4184 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
4185 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4186 auth_pad_ok -= len(to_server)
4188 auth_info = self.generate_auth(auth_type=auth_type,
4189 auth_level=auth_level,
4190 auth_context_id=auth_context_id,
4191 auth_pad_length=auth_pad_ok,
4192 auth_blob=to_server)
4194 req = self.generate_bind(call_id=0,
4196 auth_info=auth_info)
4198 rep = self.recv_pdu()
4199 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
4200 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
4201 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
4202 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
4203 self.assertEquals(rep.u.secondary_address_size, 4)
4204 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
4205 self.assertPadding(rep.u._pad1, 2)
4206 self.assertEquals(rep.u.num_results, 1)
4207 self.assertEquals(rep.u.ctx_list[0].result,
4208 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
4209 self.assertEquals(rep.u.ctx_list[0].reason,
4210 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
4211 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
4212 self.assertNotEquals(len(rep.u.auth_info), 0)
4213 a = self.parse_auth(rep.u.auth_info)
4215 from_server = a.credentials
4216 (finished, to_server) = g.update(from_server)
4217 self.assertTrue(finished)
4220 auth_info = self.generate_auth(auth_type=auth_type,
4221 auth_level=auth_level,
4222 auth_context_id=auth_context_id,
4223 auth_pad_length=auth_pad_ok,
4224 auth_blob=to_server)
4225 req = self.generate_auth3(call_id=0,
4226 auth_info=auth_info)
4228 rep = self.recv_pdu(timeout=0.01)
4229 self.assertIsNone(rep)
4230 self.assertIsConnected()
4232 # And now try a request without auth_info
4233 req = self.generate_request(call_id=2,
4234 context_id=ctx1.context_id,
4238 rep = self.recv_pdu()
4239 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4241 self.assertNotEquals(rep.u.alloc_hint, 0)
4242 self.assertEquals(rep.u.context_id, req.u.context_id)
4243 self.assertEquals(rep.u.cancel_count, 0)
4244 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4246 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
4247 auth_info = self.generate_auth(auth_type=auth_type,
4248 auth_level=auth_level,
4249 auth_context_id=auth_context_id,
4250 auth_blob=b"\x01" + b"\x00" * 15)
4251 req = self.generate_request(call_id=3,
4252 context_id=ctx1.context_id,
4255 auth_info=auth_info)
4257 rep = self.recv_pdu()
4258 # We don't get an auth_info back
4259 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4261 self.assertNotEquals(rep.u.alloc_hint, 0)
4262 self.assertEquals(rep.u.context_id, req.u.context_id)
4263 self.assertEquals(rep.u.cancel_count, 0)
4264 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4266 self._disconnect("disconnect")
4267 self.assertNotConnected()
4269 def test_ntlmssp_auth_pad_fail_auth3(self):
4270 ndr32 = base.transfer_syntax_ndr()
4273 ctx1 = dcerpc.ctx_list()
4275 ctx1.num_transfer_syntaxes = len(tsf1_list)
4276 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4277 ctx1.transfer_syntaxes = tsf1_list
4280 c = self.get_anon_creds()
4281 g = gensec.Security.start_client(self.settings)
4282 g.set_credentials(c)
4283 g.want_feature(gensec.FEATURE_DCE_STYLE)
4284 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
4285 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
4287 g.start_mech_by_authtype(auth_type, auth_level)
4289 (finished, to_server) = g.update(from_server)
4290 self.assertFalse(finished)
4292 auth_info = self.generate_auth(auth_type=auth_type,
4293 auth_level=auth_level,
4294 auth_context_id=auth_context_id,
4295 auth_blob=to_server)
4297 req = self.generate_bind(call_id=0,
4299 auth_info=auth_info)
4300 req_pdu = samba.ndr.ndr_pack(req)
4302 auth_pad_ok = len(req_pdu)
4303 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
4304 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4305 auth_pad_ok -= len(to_server)
4307 auth_info = self.generate_auth(auth_type=auth_type,
4308 auth_level=auth_level,
4309 auth_context_id=auth_context_id,
4310 auth_pad_length=auth_pad_ok,
4311 auth_blob=to_server)
4313 req = self.generate_bind(call_id=0,
4315 auth_info=auth_info)
4317 rep = self.recv_pdu()
4318 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
4319 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
4320 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
4321 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
4322 self.assertEquals(rep.u.secondary_address_size, 4)
4323 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
4324 self.assertPadding(rep.u._pad1, 2)
4325 self.assertEquals(rep.u.num_results, 1)
4326 self.assertEquals(rep.u.ctx_list[0].result,
4327 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
4328 self.assertEquals(rep.u.ctx_list[0].reason,
4329 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
4330 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
4331 self.assertNotEquals(len(rep.u.auth_info), 0)
4332 a = self.parse_auth(rep.u.auth_info)
4334 from_server = a.credentials
4335 (finished, to_server) = g.update(from_server)
4336 self.assertTrue(finished)
4339 auth_info = self.generate_auth(auth_type=auth_type,
4340 auth_level=auth_level,
4341 auth_context_id=auth_context_id,
4342 auth_pad_length=auth_pad_bad,
4343 auth_blob=to_server)
4344 req = self.generate_auth3(call_id=0,
4345 auth_info=auth_info)
4347 rep = self.recv_pdu()
4348 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
4349 pfc_flags=req.pfc_flags |
4350 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
4352 self.assertNotEquals(rep.u.alloc_hint, 0)
4353 self.assertEquals(rep.u.context_id, 0)
4354 self.assertEquals(rep.u.cancel_count, 0)
4355 self.assertEquals(rep.u.flags, 0)
4356 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_FAULT_REMOTE_NO_MEMORY)
4357 self.assertEquals(rep.u.reserved, 0)
4358 self.assertEquals(len(rep.u.error_and_verifier), 0)
4360 # wait for a disconnect
4361 rep = self.recv_pdu()
4362 self.assertIsNone(rep)
4363 self.assertNotConnected()
4365 def _test_auth_bind_auth_level(self, auth_type, auth_level, auth_context_id, ctx,
4366 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4369 creds = self.get_user_creds()
4370 auth_context = self.get_auth_context_creds(creds=creds,
4371 auth_type=auth_type,
4372 auth_level=auth_level,
4373 auth_context_id=auth_context_id,
4374 g_auth_level=g_auth_level,
4375 hdr_signing=hdr_signing)
4376 if auth_context is None:
4378 ack = self.do_generic_bind(ctx=ctx,
4379 auth_context=auth_context,
4380 alter_fault=alter_fault)
4385 def _test_spnego_level_bind_nak(self, auth_level,
4386 reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_CHECKSUM):
4387 c = self.get_user_creds()
4388 return self._test_auth_type_level_bind_nak(auth_type=dcerpc.DCERPC_AUTH_TYPE_SPNEGO,
4389 auth_level=auth_level, creds=c, reason=reason)
4391 def _test_spnego_level_bind(self, auth_level,
4392 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4395 response_fault_flags=0):
4396 ndr32 = base.transfer_syntax_ndr()
4399 ctx1 = dcerpc.ctx_list()
4400 ctx1.context_id = 0x1001
4401 ctx1.num_transfer_syntaxes = len(tsf1_list)
4402 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4403 ctx1.transfer_syntaxes = tsf1_list
4405 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
4408 auth_context = self._test_auth_bind_auth_level(auth_type=auth_type,
4409 auth_level=auth_level,
4410 auth_context_id=auth_context_id,
4412 g_auth_level=g_auth_level,
4413 alter_fault=alter_fault)
4414 if request_fault is None:
4417 self.assertIsNotNone(auth_context)
4418 g = auth_context["gensec"]
4419 self.assertIsNotNone(g)
4421 stub_bin = b'\x00' * 17
4422 mod_len = len(stub_bin) % dcerpc.DCERPC_AUTH_PAD_ALIGNMENT
4425 auth_pad_length = dcerpc.DCERPC_AUTH_PAD_ALIGNMENT - mod_len
4426 stub_bin += b'\x00' * auth_pad_length
4428 if g_auth_level >= dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY:
4429 sig_size = g.sig_size(len(stub_bin))
4432 zero_sig = b"\x00" * sig_size
4434 auth_info = self.generate_auth(auth_type=auth_type,
4435 auth_level=auth_level,
4436 auth_pad_length=auth_pad_length,
4437 auth_context_id=auth_context_id,
4439 req = self.generate_request(call_id=4,
4440 context_id=ctx1.context_id,
4443 auth_info=auth_info)
4444 if g_auth_level >= dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY:
4445 req_blob = samba.ndr.ndr_pack(req)
4446 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4447 ofs_sig = len(req_blob) - req.auth_length
4448 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4449 req_data = req_blob[ofs_stub:ofs_trailer]
4450 req_whole = req_blob[0:ofs_sig]
4451 sig = g.sign_packet(req_data, req_whole)
4452 auth_info = self.generate_auth(auth_type=auth_type,
4453 auth_level=auth_level,
4454 auth_pad_length=auth_pad_length,
4455 auth_context_id=auth_context_id,
4457 req = self.generate_request(call_id=4,
4458 context_id=ctx1.context_id,
4461 auth_info=auth_info)
4463 rep = self.recv_pdu()
4464 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
4465 pfc_flags=req.pfc_flags | response_fault_flags,
4467 self.assertNotEquals(rep.u.alloc_hint, 0)
4468 self.assertEquals(rep.u.context_id, ctx1.context_id)
4469 self.assertEquals(rep.u.cancel_count, 0)
4470 self.assertEquals(rep.u.flags, 0)
4471 self.assertEquals(rep.u.status, request_fault)
4472 self.assertEquals(rep.u.reserved, 0)
4473 self.assertEquals(len(rep.u.error_and_verifier), 0)
4475 if response_fault_flags & dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE:
4478 # wait for a disconnect
4479 rep = self.recv_pdu()
4480 self.assertIsNone(rep)
4481 self.assertNotConnected()
4483 def test_spnego_none_bind(self):
4484 return self._test_spnego_level_bind_nak(dcerpc.DCERPC_AUTH_LEVEL_NONE,
4485 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
4487 def test_spnego_call_bind(self):
4488 return self._test_spnego_level_bind_nak(dcerpc.DCERPC_AUTH_LEVEL_CALL,
4489 reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_CHECKSUM)
4491 def test_spnego_0_bind(self):
4492 return self._test_spnego_level_bind_nak(0,
4493 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
4495 def test_spnego_7_bind(self):
4496 return self._test_spnego_level_bind_nak(7,
4497 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
4499 def test_spnego_255_bind(self):
4500 return self._test_spnego_level_bind_nak(255,
4501 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
4503 def test_spnego_connect_bind_none(self):
4504 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
4505 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT)
4507 def test_spnego_connect_bind_sign(self):
4508 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
4509 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
4511 def test_spnego_connect_bind_seal(self):
4512 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
4513 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY)
4515 def test_spnego_packet_bind_none(self):
4516 # DCERPC_AUTH_LEVEL_PACKET is handled as alias of
4517 # DCERPC_AUTH_LEVEL_INTEGRITY
4518 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PACKET,
4519 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
4520 request_fault=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
4522 def test_spnego_packet_bind_sign(self):
4523 # DCERPC_AUTH_LEVEL_PACKET is handled as alias of
4524 # DCERPC_AUTH_LEVEL_INTEGRITY
4525 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PACKET,
4526 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4527 request_fault=dcerpc.DCERPC_NCA_S_OP_RNG_ERROR,
4528 response_fault_flags=dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE)
4530 def test_spnego_packet_bind_seal(self):
4531 # DCERPC_AUTH_LEVEL_PACKET is handled as alias of
4532 # DCERPC_AUTH_LEVEL_INTEGRITY
4533 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PACKET,
4534 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
4535 request_fault=dcerpc.DCERPC_NCA_S_OP_RNG_ERROR,
4536 response_fault_flags=dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE)
4538 def test_spnego_integrity_bind_none(self):
4539 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4540 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
4541 request_fault=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
4543 def test_spnego_integrity_bind_sign(self):
4544 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4545 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4546 request_fault=dcerpc.DCERPC_NCA_S_OP_RNG_ERROR,
4547 response_fault_flags=dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE)
4549 def test_spnego_integrity_bind_seal(self):
4550 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4551 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
4552 request_fault=dcerpc.DCERPC_NCA_S_OP_RNG_ERROR,
4553 response_fault_flags=dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE)
4555 def test_spnego_privacy_bind_none(self):
4557 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
4558 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
4559 alter_fault=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
4561 def test_spnego_privacy_bind_sign(self):
4563 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
4564 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4565 alter_fault=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
4567 def test_spnego_privacy_bind_seal(self):
4568 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
4569 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY)
4571 def _test_auth_signing_auth_level_request(self, auth_type, auth_level, hdr_sign=False):
4572 ndr32 = base.transfer_syntax_ndr()
4575 ctx1 = dcerpc.ctx_list()
4576 ctx1.context_id = 0x1001
4577 ctx1.num_transfer_syntaxes = len(tsf1_list)
4578 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4579 ctx1.transfer_syntaxes = tsf1_list
4584 auth_context = self._test_auth_bind_auth_level(auth_type=auth_type,
4585 auth_level=auth_level,
4586 auth_context_id=auth_context_id,
4587 hdr_signing=hdr_sign,
4589 self.assertIsNotNone(auth_context)
4590 g = auth_context["gensec"]
4591 self.assertIsNotNone(g)
4593 stub_bin = b'\x00' * 0
4594 mod_len = len(stub_bin) % dcerpc.DCERPC_AUTH_PAD_ALIGNMENT
4597 auth_pad_length = dcerpc.DCERPC_AUTH_PAD_ALIGNMENT - mod_len
4598 stub_bin += b'\x00' * auth_pad_length
4600 sig_size = g.sig_size(len(stub_bin))
4601 zero_sig = b"\x00" * sig_size
4603 auth_info = self.generate_auth(auth_type=auth_type,
4604 auth_level=auth_level,
4605 auth_pad_length=auth_pad_length,
4606 auth_context_id=auth_context_id,
4608 req = self.generate_request(call_id=3,
4609 context_id=ctx1.context_id,
4612 auth_info=auth_info)
4613 req_blob = samba.ndr.ndr_pack(req)
4614 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4615 ofs_sig = len(req_blob) - req.auth_length
4616 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4617 req_data = req_blob[ofs_stub:ofs_trailer]
4618 req_whole = req_blob[0:ofs_sig]
4619 sig = g.sign_packet(req_data, req_whole)
4620 auth_info = self.generate_auth(auth_type=auth_type,
4621 auth_level=auth_level,
4622 auth_pad_length=auth_pad_length,
4623 auth_context_id=auth_context_id,
4625 req = self.generate_request(call_id=3,
4626 context_id=ctx1.context_id,
4629 auth_info=auth_info)
4631 (rep, rep_blob) = self.recv_pdu_raw()
4632 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4633 auth_length=sig_size)
4634 self.assertNotEquals(rep.u.alloc_hint, 0)
4635 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
4636 self.assertEquals(rep.u.cancel_count, 0)
4637 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4638 self.assertEquals(rep.auth_length, sig_size)
4640 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4641 ofs_sig = rep.frag_length - rep.auth_length
4642 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4643 rep_data = rep_blob[ofs_stub:ofs_trailer]
4644 rep_whole = rep_blob[0:ofs_sig]
4645 rep_sig = rep_blob[ofs_sig:]
4646 rep_auth_info_blob = rep_blob[ofs_trailer:]
4648 rep_auth_info = self.parse_auth(rep_auth_info_blob)
4649 self.assertEquals(rep_auth_info.auth_type, auth_type)
4650 self.assertEquals(rep_auth_info.auth_level, auth_level)
4651 # mgmt_inq_if_ids() returns no fixed size results
4652 #self.assertEquals(rep_auth_info.auth_pad_length, 0)
4653 self.assertEquals(rep_auth_info.auth_reserved, 0)
4654 self.assertEquals(rep_auth_info.auth_context_id, auth_context_id)
4655 self.assertEquals(rep_auth_info.credentials, rep_sig)
4657 g.check_packet(rep_data, rep_whole, rep_sig)
4659 stub_bin = b'\x00' * 17
4660 mod_len = len(stub_bin) % dcerpc.DCERPC_AUTH_PAD_ALIGNMENT
4663 auth_pad_length = dcerpc.DCERPC_AUTH_PAD_ALIGNMENT - mod_len
4664 stub_bin += b'\x00' * auth_pad_length
4666 sig_size = g.sig_size(len(stub_bin))
4667 zero_sig = b"\x00" * sig_size
4669 auth_info = self.generate_auth(auth_type=auth_type,
4670 auth_level=auth_level,
4671 auth_pad_length=auth_pad_length,
4672 auth_context_id=auth_context_id,
4674 req = self.generate_request(call_id=4,
4675 context_id=ctx1.context_id,
4678 auth_info=auth_info)
4679 req_blob = samba.ndr.ndr_pack(req)
4680 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4681 ofs_sig = len(req_blob) - req.auth_length
4682 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4683 req_data = req_blob[ofs_stub:ofs_trailer]
4684 req_whole = req_blob[0:ofs_sig]
4685 sig = g.sign_packet(req_data, req_whole)
4686 auth_info = self.generate_auth(auth_type=auth_type,
4687 auth_level=auth_level,
4688 auth_pad_length=auth_pad_length,
4689 auth_context_id=auth_context_id,
4691 req = self.generate_request(call_id=4,
4692 context_id=ctx1.context_id,
4695 auth_info=auth_info)
4697 rep = self.recv_pdu()
4698 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
4699 pfc_flags=req.pfc_flags |
4700 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
4702 self.assertNotEquals(rep.u.alloc_hint, 0)
4703 self.assertEquals(rep.u.context_id, ctx1.context_id)
4704 self.assertEquals(rep.u.cancel_count, 0)
4705 self.assertEquals(rep.u.flags, 0)
4706 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_OP_RNG_ERROR)
4707 self.assertEquals(rep.u.reserved, 0)
4708 self.assertEquals(len(rep.u.error_and_verifier), 0)
4710 stub_bin = b'\x00' * 8
4711 mod_len = len(stub_bin) % dcerpc.DCERPC_AUTH_PAD_ALIGNMENT
4714 auth_pad_length = dcerpc.DCERPC_AUTH_PAD_ALIGNMENT - mod_len
4715 stub_bin += b'\x00' * auth_pad_length
4717 sig_size = g.sig_size(len(stub_bin))
4718 zero_sig = b"\x00" * sig_size
4720 auth_info = self.generate_auth(auth_type=auth_type,
4721 auth_level=auth_level,
4722 auth_pad_length=auth_pad_length,
4723 auth_context_id=auth_context_id,
4725 req = self.generate_request(call_id=5,
4726 context_id=ctx1.context_id,
4729 auth_info=auth_info)
4730 req_blob = samba.ndr.ndr_pack(req)
4731 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4732 ofs_sig = len(req_blob) - req.auth_length
4733 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4734 req_data = req_blob[ofs_stub:ofs_trailer]
4735 req_whole = req_blob[0:ofs_sig]
4736 sig = g.sign_packet(req_data, req_whole)
4737 auth_info = self.generate_auth(auth_type=auth_type,
4738 auth_level=auth_level,
4739 auth_pad_length=auth_pad_length,
4740 auth_context_id=auth_context_id,
4742 req = self.generate_request(call_id=5,
4743 context_id=ctx1.context_id,
4746 auth_info=auth_info)
4748 (rep, rep_blob) = self.recv_pdu_raw()
4749 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4750 auth_length=sig_size)
4751 self.assertNotEquals(rep.u.alloc_hint, 0)
4752 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
4753 self.assertEquals(rep.u.cancel_count, 0)
4754 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4755 self.assertEquals(rep.auth_length, sig_size)
4757 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4758 ofs_sig = rep.frag_length - rep.auth_length
4759 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4760 rep_data = rep_blob[ofs_stub:ofs_trailer]
4761 rep_whole = rep_blob[0:ofs_sig]
4762 rep_sig = rep_blob[ofs_sig:]
4763 rep_auth_info_blob = rep_blob[ofs_trailer:]
4765 rep_auth_info = self.parse_auth(rep_auth_info_blob)
4766 self.assertEquals(rep_auth_info.auth_type, auth_type)
4767 self.assertEquals(rep_auth_info.auth_level, auth_level)
4768 self.assertEquals(rep_auth_info.auth_pad_length, 4)
4769 self.assertEquals(rep_auth_info.auth_reserved, 0)
4770 self.assertEquals(rep_auth_info.auth_context_id, auth_context_id)
4771 self.assertEquals(rep_auth_info.credentials, rep_sig)
4773 g.check_packet(rep_data, rep_whole, rep_sig)
4775 stub_bin = b'\x00' * 8
4776 mod_len = len(stub_bin) % dcerpc.DCERPC_AUTH_PAD_ALIGNMENT
4779 auth_pad_length = dcerpc.DCERPC_AUTH_PAD_ALIGNMENT - mod_len
4780 stub_bin += b'\x00' * auth_pad_length
4782 sig_size = g.sig_size(len(stub_bin))
4783 zero_sig = b"\x00" * sig_size
4785 auth_info = self.generate_auth(auth_type=auth_type,
4786 auth_level=auth_level,
4787 auth_pad_length=auth_pad_length,
4788 auth_context_id=auth_context_id,
4790 req = self.generate_request(call_id=6,
4791 context_id=ctx1.context_id,
4794 auth_info=auth_info)
4795 req_blob = samba.ndr.ndr_pack(req)
4796 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4797 ofs_sig = len(req_blob) - req.auth_length
4798 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4799 req_data = req_blob[ofs_stub:ofs_trailer]
4800 req_whole = req_blob[0:ofs_sig]
4801 sig = g.sign_packet(req_data, req_whole)
4802 auth_info = self.generate_auth(auth_type=auth_type,
4803 auth_level=auth_level,
4804 auth_pad_length=auth_pad_length,
4805 auth_context_id=auth_context_id,
4807 req = self.generate_request(call_id=6,
4808 context_id=ctx1.context_id,
4811 auth_info=auth_info)
4813 (rep, rep_blob) = self.recv_pdu_raw()
4814 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4815 auth_length=sig_size)
4816 self.assertNotEquals(rep.u.alloc_hint, 0)
4817 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
4818 self.assertEquals(rep.u.cancel_count, 0)
4819 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4820 self.assertEquals(rep.auth_length, sig_size)
4822 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4823 ofs_sig = rep.frag_length - rep.auth_length
4824 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4825 rep_data = rep_blob[ofs_stub:ofs_trailer]
4826 rep_whole = rep_blob[0:ofs_sig]
4827 rep_sig = rep_blob[ofs_sig:]
4828 rep_auth_info_blob = rep_blob[ofs_trailer:]
4830 rep_auth_info = self.parse_auth(rep_auth_info_blob)
4831 self.assertEquals(rep_auth_info.auth_type, auth_type)
4832 self.assertEquals(rep_auth_info.auth_level, auth_level)
4833 self.assertEquals(rep_auth_info.auth_pad_length, 12)
4834 self.assertEquals(rep_auth_info.auth_reserved, 0)
4835 self.assertEquals(rep_auth_info.auth_context_id, auth_context_id)
4836 self.assertEquals(rep_auth_info.credentials, rep_sig)
4838 g.check_packet(rep_data, rep_whole, rep_sig)
4840 def test_spnego_signing_packet(self):
4841 # DCERPC_AUTH_LEVEL_PACKET is handled as alias of
4842 # DCERPC_AUTH_LEVEL_INTEGRITY
4843 return self._test_auth_signing_auth_level_request(dcerpc.DCERPC_AUTH_TYPE_SPNEGO,
4844 dcerpc.DCERPC_AUTH_LEVEL_PACKET)
4846 def test_spnego_hdr_signing_packet(self):
4847 # DCERPC_AUTH_LEVEL_PACKET is handled as alias of
4848 # DCERPC_AUTH_LEVEL_INTEGRITY
4849 return self._test_auth_signing_auth_level_request(dcerpc.DCERPC_AUTH_TYPE_SPNEGO,
4850 dcerpc.DCERPC_AUTH_LEVEL_PACKET,
4853 def test_spnego_signing_integrity(self):
4854 return self._test_auth_signing_auth_level_request(dcerpc.DCERPC_AUTH_TYPE_SPNEGO,
4855 dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
4857 def test_spnego_hdr_signing_integrity(self):
4858 return self._test_auth_signing_auth_level_request(dcerpc.DCERPC_AUTH_TYPE_SPNEGO,
4859 dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4862 def test_ntlm_signing_packet(self):
4863 # DCERPC_AUTH_LEVEL_PACKET is handled as alias of
4864 # DCERPC_AUTH_LEVEL_INTEGRITY
4865 return self._test_auth_signing_auth_level_request(dcerpc.DCERPC_AUTH_TYPE_NTLMSSP,
4866 dcerpc.DCERPC_AUTH_LEVEL_PACKET)
4868 def test_ntlm_hdr_signing_packet(self):
4869 # DCERPC_AUTH_LEVEL_PACKET is handled as alias of
4870 # DCERPC_AUTH_LEVEL_INTEGRITY
4871 return self._test_auth_signing_auth_level_request(dcerpc.DCERPC_AUTH_TYPE_NTLMSSP,
4872 dcerpc.DCERPC_AUTH_LEVEL_PACKET,
4875 def test_ntlm_signing_integrity(self):
4876 return self._test_auth_signing_auth_level_request(dcerpc.DCERPC_AUTH_TYPE_NTLMSSP,
4877 dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
4879 def test_ntlm_hdr_signing_integrity(self):
4880 return self._test_auth_signing_auth_level_request(dcerpc.DCERPC_AUTH_TYPE_NTLMSSP,
4881 dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4884 def test_krb5_signing_packet(self):
4885 # DCERPC_AUTH_LEVEL_PACKET is handled as alias of
4886 # DCERPC_AUTH_LEVEL_INTEGRITY
4887 return self._test_auth_signing_auth_level_request(dcerpc.DCERPC_AUTH_TYPE_KRB5,
4888 dcerpc.DCERPC_AUTH_LEVEL_PACKET)
4890 def test_krb5_hdr_signing_packet(self):
4891 # DCERPC_AUTH_LEVEL_PACKET is handled as alias of
4892 # DCERPC_AUTH_LEVEL_INTEGRITY
4893 return self._test_auth_signing_auth_level_request(dcerpc.DCERPC_AUTH_TYPE_KRB5,
4894 dcerpc.DCERPC_AUTH_LEVEL_PACKET,
4897 def test_krb5_signing_integrity(self):
4898 return self._test_auth_signing_auth_level_request(dcerpc.DCERPC_AUTH_TYPE_KRB5,
4899 dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
4901 def test_krb5_hdr_signing_integrity(self):
4902 return self._test_auth_signing_auth_level_request(dcerpc.DCERPC_AUTH_TYPE_KRB5,
4903 dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4906 def test_assoc_group_fail1(self):
4907 abstract = samba.dcerpc.mgmt.abstract_syntax()
4908 transfer = base.transfer_syntax_ndr()
4910 tsf1_list = [transfer]
4911 ctx = samba.dcerpc.dcerpc.ctx_list()
4913 ctx.num_transfer_syntaxes = len(tsf1_list)
4914 ctx.abstract_syntax = abstract
4915 ctx.transfer_syntaxes = tsf1_list
4917 ack = self.do_generic_bind(ctx=ctx, assoc_group_id=1,
4918 nak_reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
4921 def test_assoc_group_fail2(self):
4922 abstract = samba.dcerpc.mgmt.abstract_syntax()
4923 transfer = base.transfer_syntax_ndr()
4925 tsf1_list = [transfer]
4926 ctx = samba.dcerpc.dcerpc.ctx_list()
4928 ctx.num_transfer_syntaxes = len(tsf1_list)
4929 ctx.abstract_syntax = abstract
4930 ctx.transfer_syntaxes = tsf1_list
4932 ack = self.do_generic_bind(ctx=ctx)
4934 self._disconnect("test_assoc_group_fail2")
4935 self.assertNotConnected()
4939 ack2 = self.do_generic_bind(ctx=ctx, assoc_group_id=ack.u.assoc_group_id,
4940 nak_reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
4943 def test_assoc_group_diff1(self):
4944 abstract = samba.dcerpc.mgmt.abstract_syntax()
4945 transfer = base.transfer_syntax_ndr()
4947 (ctx1, ack1) = self.prepare_presentation(abstract, transfer,
4948 context_id=1, return_ack=True)
4950 conn2 = self.second_connection()
4951 (ctx2, ack2) = conn2.prepare_presentation(abstract, transfer,
4952 context_id=2, return_ack=True)
4953 self.assertNotEqual(ack2.u.assoc_group_id, ack1.u.assoc_group_id)
4955 conn2._disconnect("End of Test")
4958 def test_assoc_group_ok1(self):
4959 abstract = samba.dcerpc.mgmt.abstract_syntax()
4960 transfer = base.transfer_syntax_ndr()
4962 (ctx1, ack1) = self.prepare_presentation(abstract, transfer,
4963 context_id=1, return_ack=True)
4965 conn2 = self.second_connection()
4966 (ctx2, ack2) = conn2.prepare_presentation(abstract, transfer,
4967 assoc_group_id=ack1.u.assoc_group_id,
4968 context_id=2, return_ack=True)
4970 inq_if_ids = samba.dcerpc.mgmt.inq_if_ids()
4971 self.do_single_request(call_id=1, ctx=ctx1, io=inq_if_ids)
4972 conn2.do_single_request(call_id=1, ctx=ctx2, io=inq_if_ids)
4974 conn2.do_single_request(call_id=1, ctx=ctx1, io=inq_if_ids,
4976 samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST |
4977 samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST |
4978 samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE),
4979 fault_status=dcerpc.DCERPC_NCA_S_UNKNOWN_IF,
4982 self.do_single_request(call_id=1, ctx=ctx1, io=inq_if_ids)
4983 conn2.do_single_request(call_id=1, ctx=ctx2, io=inq_if_ids)
4984 conn2._disconnect("End of Test")
4987 def test_assoc_group_ok2(self):
4988 abstract = samba.dcerpc.mgmt.abstract_syntax()
4989 transfer = base.transfer_syntax_ndr()
4991 self.reconnect_smb_pipe(primary_address='\\pipe\\lsass',
4992 transport_creds=self.get_user_creds())
4993 (ctx1, ack1) = self.prepare_presentation(abstract, transfer,
4994 context_id=1, return_ack=True)
4996 conn2 = self.second_connection()
4997 (ctx2, ack2) = conn2.prepare_presentation(abstract, transfer,
4998 assoc_group_id=ack1.u.assoc_group_id,
4999 context_id=2, return_ack=True)
5001 inq_if_ids = samba.dcerpc.mgmt.inq_if_ids()
5002 self.do_single_request(call_id=1, ctx=ctx1, io=inq_if_ids)
5003 conn2.do_single_request(call_id=1, ctx=ctx2, io=inq_if_ids)
5005 conn2.do_single_request(call_id=1, ctx=ctx1, io=inq_if_ids,
5007 samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST |
5008 samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST |
5009 samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE),
5010 fault_status=dcerpc.DCERPC_NCA_S_UNKNOWN_IF,
5013 self.do_single_request(call_id=1, ctx=ctx1, io=inq_if_ids)
5014 conn2.do_single_request(call_id=1, ctx=ctx2, io=inq_if_ids)
5015 conn2._disconnect("End of Test")
5018 def test_assoc_group_fail3(self):
5019 abstract = samba.dcerpc.mgmt.abstract_syntax()
5020 transfer = base.transfer_syntax_ndr()
5022 (ctx1, ack1) = self.prepare_presentation(abstract, transfer,
5023 context_id=1, return_ack=True)
5025 # assoc groups are per transport
5026 connF = self.second_connection(primary_address="\\pipe\\lsass",
5027 transport_creds=self.get_user_creds())
5028 tsfF_list = [transfer]
5029 ctxF = samba.dcerpc.dcerpc.ctx_list()
5030 ctxF.context_id = 0xF
5031 ctxF.num_transfer_syntaxes = len(tsfF_list)
5032 ctxF.abstract_syntax = abstract
5033 ctxF.transfer_syntaxes = tsfF_list
5034 ack = connF.do_generic_bind(ctx=ctxF, assoc_group_id=ack1.u.assoc_group_id,
5035 nak_reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
5036 # wait for a disconnect
5037 rep = connF.recv_pdu()
5038 self.assertIsNone(rep)
5039 connF.assertNotConnected()
5041 conn2 = self.second_connection()
5042 (ctx2, ack2) = conn2.prepare_presentation(abstract, transfer,
5043 assoc_group_id=ack1.u.assoc_group_id,
5044 context_id=2, return_ack=True)
5046 inq_if_ids = samba.dcerpc.mgmt.inq_if_ids()
5047 self.do_single_request(call_id=1, ctx=ctx1, io=inq_if_ids)
5048 conn2.do_single_request(call_id=1, ctx=ctx2, io=inq_if_ids)
5050 conn2.do_single_request(call_id=1, ctx=ctx1, io=inq_if_ids,
5052 samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST |
5053 samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST |
5054 samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE),
5055 fault_status=dcerpc.DCERPC_NCA_S_UNKNOWN_IF,
5058 self.do_single_request(call_id=1, ctx=ctx1, io=inq_if_ids)
5059 conn2.do_single_request(call_id=1, ctx=ctx2, io=inq_if_ids)
5060 conn2._disconnect("End of Test")
5063 def _test_krb5_hdr_sign_delayed1(self, do_upgrade):
5064 auth_type = dcerpc.DCERPC_AUTH_TYPE_KRB5
5065 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
5068 creds = self.get_user_creds()
5070 abstract = samba.dcerpc.mgmt.abstract_syntax()
5071 transfer = base.transfer_syntax_ndr()
5073 tsf1_list = [transfer]
5074 ctx = samba.dcerpc.dcerpc.ctx_list()
5076 ctx.num_transfer_syntaxes = len(tsf1_list)
5077 ctx.abstract_syntax = abstract
5078 ctx.transfer_syntaxes = tsf1_list
5080 auth_context = self.get_auth_context_creds(creds=creds,
5081 auth_type=auth_type,
5082 auth_level=auth_level,
5083 auth_context_id=auth_context_id,
5086 ack = self.do_generic_bind(call_id=1,
5088 auth_context=auth_context)
5090 inq_if_ids = samba.dcerpc.mgmt.inq_if_ids()
5091 self.do_single_request(call_id=2, ctx=ctx, io=inq_if_ids,
5092 auth_context=auth_context)
5095 # This is just an alter context without authentication
5096 # But it can turn on header signing for the whole connection
5098 ack2 = self.do_generic_bind(call_id=3, ctx=ctx,
5099 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
5100 dcerpc.DCERPC_PFC_FLAG_LAST |
5101 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN,
5102 assoc_group_id = ack.u.assoc_group_id,
5103 start_with_alter=True)
5105 self.assertFalse(auth_context['hdr_signing'])
5107 auth_context['hdr_signing'] = True
5108 auth_context["gensec"].want_feature(gensec.FEATURE_SIGN_PKT_HEADER)
5111 fault_status=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR
5113 self.do_single_request(call_id=4, ctx=ctx, io=inq_if_ids,
5114 auth_context=auth_context,
5115 fault_status=fault_status)
5117 if fault_status is not None:
5118 # wait for a disconnect
5119 rep = self.recv_pdu()
5120 self.assertIsNone(rep)
5121 self.assertNotConnected()
5124 self.do_single_request(call_id=5, ctx=ctx, io=inq_if_ids,
5125 auth_context=auth_context)
5128 def test_krb5_hdr_sign_delayed1_ok1(self):
5129 return self._test_krb5_hdr_sign_delayed1(do_upgrade=True)
5131 def test_krb5_hdr_sign_delayed1_fail1(self):
5132 return self._test_krb5_hdr_sign_delayed1(do_upgrade=False)
5134 def _test_krb5_hdr_sign_delayed2(self, do_upgrade):
5135 auth_type = dcerpc.DCERPC_AUTH_TYPE_KRB5
5136 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
5139 creds = self.get_user_creds()
5141 abstract = samba.dcerpc.mgmt.abstract_syntax()
5142 transfer = base.transfer_syntax_ndr()
5144 tsf1_list = [transfer]
5145 ctx = samba.dcerpc.dcerpc.ctx_list()
5147 ctx.num_transfer_syntaxes = len(tsf1_list)
5148 ctx.abstract_syntax = abstract
5149 ctx.transfer_syntaxes = tsf1_list
5151 auth_context = self.get_auth_context_creds(creds=creds,
5152 auth_type=auth_type,
5153 auth_level=auth_level,
5154 auth_context_id=auth_context_id,
5158 # SUPPORT_HEADER_SIGN on alter context activates header signing
5160 ack = self.do_generic_bind(call_id=1,
5162 auth_context=auth_context,
5163 pfc_flags_2nd=dcerpc.DCERPC_PFC_FLAG_FIRST |
5164 dcerpc.DCERPC_PFC_FLAG_LAST |
5165 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)
5167 self.assertFalse(auth_context['hdr_signing'])
5169 auth_context['hdr_signing'] = True
5170 auth_context["gensec"].want_feature(gensec.FEATURE_SIGN_PKT_HEADER)
5173 fault_status=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR
5175 inq_if_ids = samba.dcerpc.mgmt.inq_if_ids()
5176 self.do_single_request(call_id=4, ctx=ctx, io=inq_if_ids,
5177 auth_context=auth_context,
5178 fault_status=fault_status)
5180 if fault_status is not None:
5181 # wait for a disconnect
5182 rep = self.recv_pdu()
5183 self.assertIsNone(rep)
5184 self.assertNotConnected()
5187 self.do_single_request(call_id=5, ctx=ctx, io=inq_if_ids,
5188 auth_context=auth_context)
5191 def test_krb5_hdr_sign_delayed2_ok1(self):
5192 return self._test_krb5_hdr_sign_delayed2(do_upgrade=True)
5194 def test_krb5_hdr_sign_delayed2_fail1(self):
5195 return self._test_krb5_hdr_sign_delayed2(do_upgrade=False)
5197 def test_krb5_hdr_sign_delayed3_fail1(self):
5198 auth_type = dcerpc.DCERPC_AUTH_TYPE_KRB5
5199 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
5202 creds = self.get_user_creds()
5204 abstract = samba.dcerpc.mgmt.abstract_syntax()
5205 transfer = base.transfer_syntax_ndr()
5207 tsf1_list = [transfer]
5208 ctx = samba.dcerpc.dcerpc.ctx_list()
5210 ctx.num_transfer_syntaxes = len(tsf1_list)
5211 ctx.abstract_syntax = abstract
5212 ctx.transfer_syntaxes = tsf1_list
5214 auth_context = self.get_auth_context_creds(creds=creds,
5215 auth_type=auth_type,
5216 auth_level=auth_level,
5217 auth_context_id=auth_context_id,
5221 # SUPPORT_HEADER_SIGN on auth3 doesn't activate header signing
5223 ack = self.do_generic_bind(call_id=1,
5225 auth_context=auth_context,
5226 pfc_flags_2nd=dcerpc.DCERPC_PFC_FLAG_FIRST |
5227 dcerpc.DCERPC_PFC_FLAG_LAST |
5228 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN,
5231 inq_if_ids = samba.dcerpc.mgmt.inq_if_ids()
5232 self.do_single_request(call_id=2, ctx=ctx, io=inq_if_ids,
5233 auth_context=auth_context)
5235 self.assertFalse(auth_context['hdr_signing'])
5236 auth_context['hdr_signing'] = True
5237 auth_context["gensec"].want_feature(gensec.FEATURE_SIGN_PKT_HEADER)
5238 fault_status=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR
5240 self.do_single_request(call_id=4, ctx=ctx, io=inq_if_ids,
5241 auth_context=auth_context,
5242 fault_status=fault_status)
5244 # wait for a disconnect
5245 rep = self.recv_pdu()
5246 self.assertIsNone(rep)
5247 self.assertNotConnected()
5250 if __name__ == "__main__":
5251 global_ndr_print = True
5252 global_hexdump = True