2 # Unix SMB/CIFS implementation.
3 # Copyright (C) Stefan Metzmacher 2014,2015
5 # This program is free software; you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 3 of the License, or
8 # (at your option) any later version.
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
15 # You should have received a copy of the GNU General Public License
16 # along with this program. If not, see <http://www.gnu.org/licenses/>.
22 sys.path.insert(0, "bin/python")
23 os.environ["PYTHONUNBUFFERED"] = "1"
25 import samba.dcerpc.dcerpc as dcerpc
26 import samba.dcerpc.base as base
27 import samba.dcerpc.misc as misc
28 import samba.dcerpc.epmapper
29 import samba.dcerpc.mgmt
30 import samba.dcerpc.netlogon
32 from samba import gensec
33 from samba.tests import RawDCERPCTest
35 global_ndr_print = False
36 global_hexdump = False
38 class TestDCERPC_BIND(RawDCERPCTest):
41 super(TestDCERPC_BIND, self).setUp()
42 self.do_ndr_print = global_ndr_print
43 self.do_hexdump = global_hexdump
45 def _test_no_auth_request_bind_pfc_flags(self, req_pfc_flags, rep_pfc_flags):
46 ndr32 = base.transfer_syntax_ndr()
49 ctx1 = dcerpc.ctx_list()
51 ctx1.num_transfer_syntaxes = len(tsf1_list)
52 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
53 ctx1.transfer_syntaxes = tsf1_list
55 req = self.generate_bind(call_id=0, pfc_flags=req_pfc_flags, ctx_list=[ctx1])
58 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
59 pfc_flags=rep_pfc_flags, auth_length=0)
60 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
61 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
62 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
63 self.assertEquals(rep.u.secondary_address_size, 4)
64 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
65 self.assertEquals(len(rep.u._pad1), 2)
66 # sometimes windows sends random bytes
67 # self.assertEquals(rep.u._pad1, '\0' * 2)
68 self.assertEquals(rep.u.num_results, 1)
69 self.assertEquals(rep.u.ctx_list[0].result,
70 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
71 self.assertEquals(rep.u.ctx_list[0].reason,
72 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
73 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
74 self.assertEquals(rep.u.auth_info, '\0' * 0)
76 # And now try a request
77 req = self.generate_request(call_id = 1,
78 context_id=ctx1.context_id,
83 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
85 self.assertNotEquals(rep.u.alloc_hint, 0)
86 self.assertEquals(rep.u.context_id, req.u.context_id)
87 self.assertEquals(rep.u.cancel_count, 0)
88 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
90 def _test_no_auth_request_alter_pfc_flags(self, req_pfc_flags, rep_pfc_flags):
91 ndr32 = base.transfer_syntax_ndr()
94 ctx1 = dcerpc.ctx_list()
96 ctx1.num_transfer_syntaxes = len(tsf1_list)
97 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
98 ctx1.transfer_syntaxes = tsf1_list
100 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
102 rep = self.recv_pdu()
103 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
105 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
106 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
107 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
108 self.assertEquals(rep.u.secondary_address_size, 4)
109 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
110 self.assertEquals(len(rep.u._pad1), 2)
111 # sometimes windows sends random bytes
112 # self.assertEquals(rep.u._pad1, '\0' * 2)
113 self.assertEquals(rep.u.num_results, 1)
114 self.assertEquals(rep.u.ctx_list[0].result,
115 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
116 self.assertEquals(rep.u.ctx_list[0].reason,
117 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
118 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
119 self.assertEquals(rep.u.auth_info, '\0' * 0)
121 # And now try a alter context
122 req = self.generate_alter(call_id=0, pfc_flags=req_pfc_flags, ctx_list=[ctx1])
124 rep = self.recv_pdu()
125 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
126 pfc_flags=rep_pfc_flags, auth_length=0)
127 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
128 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
129 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
130 self.assertEquals(rep.u.secondary_address_size, 0)
131 self.assertEquals(rep.u.secondary_address, "")
132 self.assertEquals(len(rep.u._pad1), 2)
133 # sometimes windows sends random bytes
134 # self.assertEquals(rep.u._pad1, '\0' * 2)
135 self.assertEquals(rep.u.num_results, 1)
136 self.assertEquals(rep.u.ctx_list[0].result,
137 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
138 self.assertEquals(rep.u.ctx_list[0].reason,
139 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
140 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
141 self.assertEquals(rep.u.auth_info, '\0' * 0)
143 # And now try a request
144 req = self.generate_request(call_id = 1,
145 context_id=ctx1.context_id,
149 rep = self.recv_pdu()
150 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
152 self.assertNotEquals(rep.u.alloc_hint, 0)
153 self.assertEquals(rep.u.context_id, req.u.context_id)
154 self.assertEquals(rep.u.cancel_count, 0)
155 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
157 def test_no_auth_request(self):
158 return self._test_no_auth_request_bind_pfc_flags(
160 dcerpc.DCERPC_PFC_FLAG_FIRST |
161 dcerpc.DCERPC_PFC_FLAG_LAST,
163 dcerpc.DCERPC_PFC_FLAG_FIRST |
164 dcerpc.DCERPC_PFC_FLAG_LAST)
166 def test_no_auth_request_bind_pfc_00(self):
167 return self._test_no_auth_request_bind_pfc_flags(
171 dcerpc.DCERPC_PFC_FLAG_FIRST |
172 dcerpc.DCERPC_PFC_FLAG_LAST)
174 def test_no_auth_request_bind_pfc_FIRST(self):
175 return self._test_no_auth_request_bind_pfc_flags(
177 dcerpc.DCERPC_PFC_FLAG_FIRST |
180 dcerpc.DCERPC_PFC_FLAG_FIRST |
181 dcerpc.DCERPC_PFC_FLAG_LAST)
183 def test_no_auth_request_bind_pfc_LAST(self):
184 return self._test_no_auth_request_bind_pfc_flags(
186 dcerpc.DCERPC_PFC_FLAG_LAST |
189 dcerpc.DCERPC_PFC_FLAG_FIRST |
190 dcerpc.DCERPC_PFC_FLAG_LAST)
192 # TODO: doesn't announce DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
193 # without authentication
194 def _test_no_auth_request_bind_pfc_HDR_SIGNING(self):
195 return self._test_no_auth_request_bind_pfc_flags(
197 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN |
200 dcerpc.DCERPC_PFC_FLAG_FIRST |
201 dcerpc.DCERPC_PFC_FLAG_LAST |
202 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)
204 def test_no_auth_request_bind_pfc_08(self):
205 return self._test_no_auth_request_bind_pfc_flags(
210 dcerpc.DCERPC_PFC_FLAG_FIRST |
211 dcerpc.DCERPC_PFC_FLAG_LAST)
213 def test_no_auth_request_bind_pfc_CONC_MPX(self):
214 return self._test_no_auth_request_bind_pfc_flags(
216 dcerpc.DCERPC_PFC_FLAG_CONC_MPX |
219 dcerpc.DCERPC_PFC_FLAG_FIRST |
220 dcerpc.DCERPC_PFC_FLAG_LAST |
221 dcerpc.DCERPC_PFC_FLAG_CONC_MPX)
223 def test_no_auth_request_bind_pfc_DID_NOT_EXECUTE(self):
224 return self._test_no_auth_request_bind_pfc_flags(
226 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE |
229 dcerpc.DCERPC_PFC_FLAG_FIRST |
230 dcerpc.DCERPC_PFC_FLAG_LAST)
232 def test_no_auth_request_bind_pfc_MAYBE(self):
233 return self._test_no_auth_request_bind_pfc_flags(
235 dcerpc.DCERPC_PFC_FLAG_MAYBE |
238 dcerpc.DCERPC_PFC_FLAG_FIRST |
239 dcerpc.DCERPC_PFC_FLAG_LAST)
241 def test_no_auth_request_bind_pfc_OBJECT_UUID(self):
242 return self._test_no_auth_request_bind_pfc_flags(
244 dcerpc.DCERPC_PFC_FLAG_OBJECT_UUID |
247 dcerpc.DCERPC_PFC_FLAG_FIRST |
248 dcerpc.DCERPC_PFC_FLAG_LAST)
250 # TODO: doesn't announce DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
251 # without authentication
252 # TODO: doesn't announce DCERPC_PFC_FLAG_CONC_MPX
254 def _test_no_auth_request_bind_pfc_ff(self):
255 return self._test_no_auth_request_bind_pfc_flags(
260 dcerpc.DCERPC_PFC_FLAG_FIRST |
261 dcerpc.DCERPC_PFC_FLAG_LAST |
262 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN |
263 dcerpc.DCERPC_PFC_FLAG_CONC_MPX)
265 def test_no_auth_request_alter_pfc_00(self):
266 return self._test_no_auth_request_alter_pfc_flags(
270 dcerpc.DCERPC_PFC_FLAG_FIRST |
271 dcerpc.DCERPC_PFC_FLAG_LAST)
273 def test_no_auth_request_alter_pfc_FIRST(self):
274 return self._test_no_auth_request_alter_pfc_flags(
276 dcerpc.DCERPC_PFC_FLAG_FIRST |
279 dcerpc.DCERPC_PFC_FLAG_FIRST |
280 dcerpc.DCERPC_PFC_FLAG_LAST)
282 def test_no_auth_request_alter_pfc_LAST(self):
283 return self._test_no_auth_request_alter_pfc_flags(
285 dcerpc.DCERPC_PFC_FLAG_LAST |
288 dcerpc.DCERPC_PFC_FLAG_FIRST |
289 dcerpc.DCERPC_PFC_FLAG_LAST)
291 # TODO: doesn't announce DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
292 # without authentication
293 def _test_no_auth_request_alter_pfc_HDR_SIGNING(self):
294 return self._test_no_auth_request_alter_pfc_flags(
296 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN |
299 dcerpc.DCERPC_PFC_FLAG_FIRST |
300 dcerpc.DCERPC_PFC_FLAG_LAST |
301 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)
303 def test_no_auth_request_alter_pfc_08(self):
304 return self._test_no_auth_request_alter_pfc_flags(
309 dcerpc.DCERPC_PFC_FLAG_FIRST |
310 dcerpc.DCERPC_PFC_FLAG_LAST)
312 def test_no_auth_request_alter_pfc_CONC_MPX(self):
313 return self._test_no_auth_request_alter_pfc_flags(
315 dcerpc.DCERPC_PFC_FLAG_CONC_MPX |
318 dcerpc.DCERPC_PFC_FLAG_FIRST |
319 dcerpc.DCERPC_PFC_FLAG_LAST)
321 def test_no_auth_request_alter_pfc_DID_NOT_EXECUTE(self):
322 return self._test_no_auth_request_alter_pfc_flags(
324 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE |
327 dcerpc.DCERPC_PFC_FLAG_FIRST |
328 dcerpc.DCERPC_PFC_FLAG_LAST)
330 def test_no_auth_request_alter_pfc_MAYBE(self):
331 return self._test_no_auth_request_alter_pfc_flags(
333 dcerpc.DCERPC_PFC_FLAG_MAYBE |
336 dcerpc.DCERPC_PFC_FLAG_FIRST |
337 dcerpc.DCERPC_PFC_FLAG_LAST)
339 def test_no_auth_request_alter_pfc_OBJECT_UUID(self):
340 return self._test_no_auth_request_alter_pfc_flags(
342 dcerpc.DCERPC_PFC_FLAG_OBJECT_UUID |
345 dcerpc.DCERPC_PFC_FLAG_FIRST |
346 dcerpc.DCERPC_PFC_FLAG_LAST)
348 # TODO: doesn't announce DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
349 # without authentication
350 def _test_no_auth_request_alter_pfc_ff(self):
351 return self._test_no_auth_request_alter_pfc_flags(
356 dcerpc.DCERPC_PFC_FLAG_FIRST |
357 dcerpc.DCERPC_PFC_FLAG_LAST |
358 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)
360 def test_no_auth_no_ctx(self):
361 # send an useless bind
362 req = self.generate_bind(call_id=0)
364 rep = self.recv_pdu()
365 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
367 self.assertEquals(rep.u.reject_reason,
368 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
369 self.assertEquals(rep.u.num_versions, 1)
370 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
371 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
372 self.assertEquals(len(rep.u._pad), 3)
373 self.assertEquals(rep.u._pad, '\0' * 3)
375 def test_invalid_auth_noctx(self):
376 req = self.generate_bind(call_id=0)
377 req.auth_length = dcerpc.DCERPC_AUTH_TRAILER_LENGTH
379 rep = self.recv_pdu()
380 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
382 self.assertEquals(rep.u.reject_reason,
383 dcerpc.DCERPC_BIND_NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED)
384 self.assertEquals(rep.u.num_versions, 1)
385 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
386 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
387 self.assertEquals(len(rep.u._pad), 3)
388 self.assertEquals(rep.u._pad, '\0' * 3)
390 def test_no_auth_valid_valid_request(self):
391 ndr32 = base.transfer_syntax_ndr()
394 ctx1 = dcerpc.ctx_list()
396 ctx1.num_transfer_syntaxes = len(tsf1_list)
397 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
398 ctx1.transfer_syntaxes = tsf1_list
400 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
402 rep = self.recv_pdu()
403 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
405 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
406 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
407 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
408 self.assertEquals(rep.u.secondary_address_size, 4)
409 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
410 self.assertEquals(len(rep.u._pad1), 2)
411 self.assertEquals(rep.u._pad1, '\0' * 2)
412 self.assertEquals(rep.u.num_results, 1)
413 self.assertEquals(rep.u.ctx_list[0].result,
414 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
415 self.assertEquals(rep.u.ctx_list[0].reason,
416 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
417 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
418 self.assertEquals(rep.u.auth_info, '\0' * 0)
422 ctx2 = dcerpc.ctx_list()
424 ctx2.num_transfer_syntaxes = len(tsf2_list)
425 ctx2.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
426 ctx2.transfer_syntaxes = tsf2_list
428 req = self.generate_bind(call_id=1, ctx_list=[ctx2])
430 rep = self.recv_pdu()
431 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
433 self.assertEquals(rep.u.reject_reason,
434 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
435 self.assertEquals(rep.u.num_versions, 1)
436 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
437 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
438 self.assertEquals(len(rep.u._pad), 3)
439 self.assertEquals(rep.u._pad, '\0' * 3)
441 # wait for a disconnect
442 rep = self.recv_pdu()
443 self.assertIsNone(rep)
444 self.assertNotConnected()
446 def test_no_auth_invalid_valid_request(self):
447 # send an useless bind
448 req = self.generate_bind(call_id=0)
450 rep = self.recv_pdu()
451 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
453 self.assertEquals(rep.u.reject_reason,
454 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
455 self.assertEquals(rep.u.num_versions, 1)
456 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
457 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
458 self.assertEquals(len(rep.u._pad), 3)
459 self.assertEquals(rep.u._pad, '\0' * 3)
461 # wait for a disconnect
462 rep = self.recv_pdu()
463 self.assertIsNone(rep)
464 self.assertNotConnected()
466 def test_alter_no_auth_no_ctx(self):
467 ndr32 = base.transfer_syntax_ndr()
470 ctx1 = dcerpc.ctx_list()
472 ctx1.num_transfer_syntaxes = len(tsf1_list)
473 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
474 ctx1.transfer_syntaxes = tsf1_list
476 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
478 rep = self.recv_pdu()
479 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
481 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
482 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
483 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
484 self.assertEquals(rep.u.secondary_address_size, 4)
485 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
486 self.assertEquals(len(rep.u._pad1), 2)
487 self.assertEquals(rep.u._pad1, '\0' * 2)
488 self.assertEquals(rep.u.num_results, 1)
489 self.assertEquals(rep.u.ctx_list[0].result,
490 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
491 self.assertEquals(rep.u.ctx_list[0].reason,
492 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
493 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
494 self.assertEquals(rep.u.auth_info, '\0' * 0)
497 req = self.generate_alter(call_id=1, ctx_list=[])
499 rep = self.recv_pdu()
500 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
501 pfc_flags=req.pfc_flags |
502 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
504 self.assertNotEquals(rep.u.alloc_hint, 0)
505 self.assertEquals(rep.u.context_id, 0)
506 self.assertEquals(rep.u.cancel_count, 0)
507 self.assertEquals(rep.u.flags, 0)
508 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
509 self.assertEquals(rep.u.reserved, 0)
510 self.assertEquals(len(rep.u.error_and_verifier), 0)
512 # wait for a disconnect
513 rep = self.recv_pdu()
514 self.assertIsNone(rep)
515 self.assertNotConnected()
517 def test_no_auth_presentation_ctx_valid1(self):
518 ndr32 = base.transfer_syntax_ndr()
520 zero_syntax = misc.ndr_syntax_id()
522 tsf1_list = [zero_syntax, ndr32]
523 ctx1 = dcerpc.ctx_list()
525 ctx1.num_transfer_syntaxes = len(tsf1_list)
526 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
527 ctx1.transfer_syntaxes = tsf1_list
529 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
531 rep = self.recv_pdu()
532 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
534 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
535 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
536 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
537 self.assertEquals(rep.u.secondary_address_size, 4)
538 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
539 self.assertEquals(len(rep.u._pad1), 2)
540 self.assertEquals(rep.u._pad1, '\0' * 2)
541 self.assertEquals(rep.u.num_results, 1)
542 self.assertEquals(rep.u.ctx_list[0].result,
543 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
544 self.assertEquals(rep.u.ctx_list[0].reason,
545 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
546 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
547 self.assertEquals(rep.u.auth_info, '\0' * 0)
550 req = self.generate_alter(call_id=1, ctx_list=[ctx1])
552 rep = self.recv_pdu()
553 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
555 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
556 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
557 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
558 self.assertEquals(rep.u.secondary_address_size, 0)
559 self.assertEquals(len(rep.u._pad1), 2)
560 #self.assertEquals(rep.u._pad1, '\0' * 2)
561 self.assertEquals(rep.u.num_results, 1)
562 self.assertEquals(rep.u.ctx_list[0].result,
563 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
564 self.assertEquals(rep.u.ctx_list[0].reason,
565 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
566 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
567 self.assertEquals(rep.u.auth_info, '\0' * 0)
569 req = self.generate_request(call_id = 2,
570 context_id=ctx1.context_id,
574 rep = self.recv_pdu()
575 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
576 pfc_flags=req.pfc_flags |
577 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
579 self.assertNotEquals(rep.u.alloc_hint, 0)
580 self.assertEquals(rep.u.context_id, ctx1.context_id)
581 self.assertEquals(rep.u.cancel_count, 0)
582 self.assertEquals(rep.u.flags, 0)
583 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_OP_RNG_ERROR)
584 self.assertEquals(rep.u.reserved, 0)
585 self.assertEquals(len(rep.u.error_and_verifier), 0)
587 def test_no_auth_presentation_ctx_invalid1(self):
588 ndr32 = base.transfer_syntax_ndr()
590 zero_syntax = misc.ndr_syntax_id()
593 ctx1 = dcerpc.ctx_list()
595 ctx1.num_transfer_syntaxes = len(tsf1_list)
596 ctx1.abstract_syntax = ndr32
597 ctx1.transfer_syntaxes = tsf1_list
599 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
601 rep = self.recv_pdu()
602 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
604 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
605 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
606 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
607 self.assertEquals(rep.u.secondary_address_size, 4)
608 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
609 self.assertEquals(len(rep.u._pad1), 2)
610 self.assertEquals(rep.u._pad1, '\0' * 2)
611 self.assertEquals(rep.u.num_results, 1)
612 self.assertEquals(rep.u.ctx_list[0].result,
613 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
614 self.assertEquals(rep.u.ctx_list[0].reason,
615 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
616 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
617 self.assertEquals(rep.u.auth_info, '\0' * 0)
620 req = self.generate_alter(call_id=1, ctx_list=[ctx1])
622 rep = self.recv_pdu()
623 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
625 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
626 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
627 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
628 self.assertEquals(rep.u.secondary_address_size, 0)
629 self.assertEquals(len(rep.u._pad1), 2)
630 #self.assertEquals(rep.u._pad1, '\0' * 2)
631 self.assertEquals(rep.u.num_results, 1)
632 self.assertEquals(rep.u.ctx_list[0].result,
633 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
634 self.assertEquals(rep.u.ctx_list[0].reason,
635 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
636 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
637 self.assertEquals(rep.u.auth_info, '\0' * 0)
639 req = self.generate_request(call_id = 2,
644 rep = self.recv_pdu()
645 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
646 pfc_flags=req.pfc_flags |
647 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
649 self.assertNotEquals(rep.u.alloc_hint, 0)
650 self.assertEquals(rep.u.context_id, 0)
651 self.assertEquals(rep.u.cancel_count, 0)
652 self.assertEquals(rep.u.flags, 0)
653 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_UNKNOWN_IF)
654 self.assertEquals(rep.u.reserved, 0)
655 self.assertEquals(len(rep.u.error_and_verifier), 0)
657 # Send a alter again to prove the connection is still alive
658 req = self.generate_alter(call_id=3, ctx_list=[ctx1])
660 rep = self.recv_pdu()
661 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
663 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
664 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
665 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
666 self.assertEquals(rep.u.secondary_address_size, 0)
667 self.assertEquals(len(rep.u._pad1), 2)
668 #self.assertEquals(rep.u._pad1, '\0' * 2)
669 self.assertEquals(rep.u.num_results, 1)
670 self.assertEquals(rep.u.ctx_list[0].result,
671 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
672 self.assertEquals(rep.u.ctx_list[0].reason,
673 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
674 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
675 self.assertEquals(rep.u.auth_info, '\0' * 0)
677 def test_no_auth_presentation_ctx_invalid2(self):
678 ndr32 = base.transfer_syntax_ndr()
680 zero_syntax = misc.ndr_syntax_id()
683 ctx1a = dcerpc.ctx_list()
685 ctx1a.num_transfer_syntaxes = len(tsf1a_list)
686 ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
687 ctx1a.transfer_syntaxes = tsf1a_list
689 req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
691 rep = self.recv_pdu()
692 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
694 self.assertEquals(rep.u.reject_reason,
695 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
696 self.assertEquals(rep.u.num_versions, 1)
697 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
698 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
699 self.assertEquals(len(rep.u._pad), 3)
700 self.assertEquals(rep.u._pad, '\0' * 3)
702 # wait for a disconnect
703 rep = self.recv_pdu()
704 self.assertIsNone(rep)
705 self.assertNotConnected()
707 def test_no_auth_presentation_ctx_invalid3(self):
708 ndr32 = base.transfer_syntax_ndr()
710 zero_syntax = misc.ndr_syntax_id()
712 tsf1a_list = [zero_syntax, ndr32, ndr32, ndr32]
713 ctx1a = dcerpc.ctx_list()
715 ctx1a.num_transfer_syntaxes = len(tsf1a_list)
716 ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
717 ctx1a.transfer_syntaxes = tsf1a_list
719 req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
721 rep = self.recv_pdu()
722 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
724 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
725 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
726 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
727 self.assertEquals(rep.u.secondary_address_size, 4)
728 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
729 self.assertEquals(len(rep.u._pad1), 2)
730 self.assertEquals(rep.u._pad1, '\0' * 2)
731 self.assertEquals(rep.u.num_results, 1)
732 self.assertEquals(rep.u.ctx_list[0].result,
733 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
734 self.assertEquals(rep.u.ctx_list[0].reason,
735 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
736 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
737 self.assertEquals(rep.u.auth_info, '\0' * 0)
740 ctx1b = dcerpc.ctx_list()
742 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
743 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
744 ctx1b.transfer_syntaxes = tsf1b_list
747 req = self.generate_alter(call_id=1, ctx_list=[ctx1b])
749 rep = self.recv_pdu()
750 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
751 pfc_flags=req.pfc_flags |
752 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
754 self.assertNotEquals(rep.u.alloc_hint, 0)
755 self.assertEquals(rep.u.context_id, 0)
756 self.assertEquals(rep.u.cancel_count, 0)
757 self.assertEquals(rep.u.flags, 0)
758 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
759 self.assertEquals(rep.u.reserved, 0)
760 self.assertEquals(len(rep.u.error_and_verifier), 0)
762 # wait for a disconnect
763 rep = self.recv_pdu()
764 self.assertIsNone(rep)
765 self.assertNotConnected()
767 def test_no_auth_presentation_ctx_invalid4(self):
768 ndr32 = base.transfer_syntax_ndr()
769 ndr64 = base.transfer_syntax_ndr64()
771 zero_syntax = misc.ndr_syntax_id()
773 tsf1a_list = [zero_syntax, ndr32, ndr32, ndr32]
774 ctx1a = dcerpc.ctx_list()
776 ctx1a.num_transfer_syntaxes = len(tsf1a_list)
777 ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
778 ctx1a.transfer_syntaxes = tsf1a_list
780 req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
782 rep = self.recv_pdu()
783 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
785 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
786 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
787 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
788 self.assertEquals(rep.u.secondary_address_size, 4)
789 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
790 self.assertEquals(len(rep.u._pad1), 2)
791 self.assertEquals(rep.u._pad1, '\0' * 2)
792 self.assertEquals(rep.u.num_results, 1)
793 self.assertEquals(rep.u.ctx_list[0].result,
794 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
795 self.assertEquals(rep.u.ctx_list[0].reason,
796 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
797 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
798 self.assertEquals(rep.u.auth_info, '\0' * 0)
800 # With a known but wrong syntax we get a protocol error
801 # see test_no_auth_presentation_ctx_valid2
802 tsf1b_list = [zero_syntax,samba.dcerpc.epmapper.abstract_syntax(),ndr64]
803 ctx1b = dcerpc.ctx_list()
805 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
806 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
807 ctx1b.transfer_syntaxes = tsf1b_list
810 req = self.generate_alter(call_id=1, ctx_list=[ctx1b])
812 rep = self.recv_pdu()
813 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
814 pfc_flags=req.pfc_flags |
815 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
817 self.assertNotEquals(rep.u.alloc_hint, 0)
818 self.assertEquals(rep.u.context_id, 0)
819 self.assertEquals(rep.u.cancel_count, 0)
820 self.assertEquals(rep.u.flags, 0)
821 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
822 self.assertEquals(rep.u.reserved, 0)
823 self.assertEquals(len(rep.u.error_and_verifier), 0)
825 # wait for a disconnect
826 rep = self.recv_pdu()
827 self.assertIsNone(rep)
828 self.assertNotConnected()
830 def test_no_auth_presentation_ctx_valid2(self):
831 ndr32 = base.transfer_syntax_ndr()
833 zero_syntax = misc.ndr_syntax_id()
835 tsf1a_list = [zero_syntax, ndr32, ndr32, ndr32]
836 ctx1a = dcerpc.ctx_list()
838 ctx1a.num_transfer_syntaxes = len(tsf1a_list)
839 ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
840 ctx1a.transfer_syntaxes = tsf1a_list
842 req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
844 rep = self.recv_pdu()
845 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
847 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
848 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
849 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
850 self.assertEquals(rep.u.secondary_address_size, 4)
851 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
852 self.assertEquals(len(rep.u._pad1), 2)
853 self.assertEquals(rep.u._pad1, '\0' * 2)
854 self.assertEquals(rep.u.num_results, 1)
855 self.assertEquals(rep.u.ctx_list[0].result,
856 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
857 self.assertEquals(rep.u.ctx_list[0].reason,
858 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
859 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
860 self.assertEquals(rep.u.auth_info, '\0' * 0)
862 # With a unknown but wrong syntaxes we get NO protocol error
863 # see test_no_auth_presentation_ctx_invalid4
864 tsf1b_list = [zero_syntax,samba.dcerpc.epmapper.abstract_syntax()]
865 ctx1b = dcerpc.ctx_list()
867 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
868 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
869 ctx1b.transfer_syntaxes = tsf1b_list
872 req = self.generate_alter(call_id=1, ctx_list=[ctx1b])
874 rep = self.recv_pdu()
875 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
877 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
878 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
879 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
880 self.assertEquals(rep.u.secondary_address_size, 0)
881 self.assertEquals(len(rep.u._pad1), 2)
882 #self.assertEquals(rep.u._pad1, '\0' * 2)
883 self.assertEquals(rep.u.num_results, 1)
884 self.assertEquals(rep.u.ctx_list[0].result,
885 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
886 self.assertEquals(rep.u.ctx_list[0].reason,
887 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
888 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
889 self.assertEquals(rep.u.auth_info, '\0' * 0)
891 req = self.generate_request(call_id = 2,
892 context_id=ctx1a.context_id,
896 rep = self.recv_pdu()
897 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
898 pfc_flags=req.pfc_flags |
899 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
901 self.assertNotEquals(rep.u.alloc_hint, 0)
902 self.assertEquals(rep.u.context_id, ctx1a.context_id)
903 self.assertEquals(rep.u.cancel_count, 0)
904 self.assertEquals(rep.u.flags, 0)
905 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_OP_RNG_ERROR)
906 self.assertEquals(rep.u.reserved, 0)
907 self.assertEquals(len(rep.u.error_and_verifier), 0)
909 def test_no_auth_presentation_ctx_no_ndr64(self):
910 ndr32 = base.transfer_syntax_ndr()
911 zero_syntax = misc.ndr_syntax_id()
913 tsfZ_list = [zero_syntax]
914 ctxZ = dcerpc.ctx_list()
915 ctxZ.context_id = 54321
916 ctxZ.num_transfer_syntaxes = len(tsfZ_list)
917 ctxZ.abstract_syntax = zero_syntax
918 ctxZ.transfer_syntaxes = tsfZ_list
920 req = self.generate_bind(call_id=0, ctx_list=[ctxZ])
922 rep = self.recv_pdu()
923 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
925 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
926 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
927 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
928 self.assertEquals(rep.u.secondary_address_size, 4)
929 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
930 self.assertEquals(len(rep.u._pad1), 2)
931 self.assertEquals(rep.u._pad1, '\0' * 2)
932 self.assertEquals(rep.u.num_results, 1)
933 self.assertEquals(rep.u.ctx_list[0].result,
934 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
935 self.assertEquals(rep.u.ctx_list[0].reason,
936 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
937 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
938 self.assertEquals(rep.u.auth_info, '\0' * 0)
941 ctx0 = dcerpc.ctx_list()
943 ctx0.num_transfer_syntaxes = len(tsf0_list)
944 ctx0.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
945 ctx0.transfer_syntaxes = tsf0_list
947 req = self.generate_alter(call_id=0, ctx_list=[ctx0])
949 rep = self.recv_pdu()
950 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
952 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
953 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
954 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
955 self.assertEquals(rep.u.secondary_address_size, 0)
956 self.assertEquals(len(rep.u._pad1), 2)
957 #self.assertEquals(rep.u._pad1, '\0' * 2)
958 self.assertEquals(rep.u.num_results, 1)
959 self.assertEquals(rep.u.ctx_list[0].result,
960 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
961 self.assertEquals(rep.u.ctx_list[0].reason,
962 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
963 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
964 self.assertEquals(rep.u.auth_info, '\0' * 0)
966 req = self.generate_request(call_id = 1,
967 context_id=ctx0.context_id,
971 rep = self.recv_pdu()
972 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
974 self.assertNotEquals(rep.u.alloc_hint, 0)
975 self.assertEquals(rep.u.context_id, req.u.context_id)
976 self.assertEquals(rep.u.cancel_count, 0)
977 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
979 tsf1_list = [zero_syntax,ndr32]
980 ctx1 = dcerpc.ctx_list()
982 ctx1.num_transfer_syntaxes = len(tsf1_list)
983 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
984 ctx1.transfer_syntaxes = tsf1_list
986 req = self.generate_alter(call_id=1, ctx_list=[ctx1])
988 rep = self.recv_pdu()
989 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
991 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
992 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
993 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
994 self.assertEquals(rep.u.secondary_address_size, 0)
995 self.assertEquals(len(rep.u._pad1), 2)
996 #self.assertEquals(rep.u._pad1, '\0' * 2)
997 self.assertEquals(rep.u.num_results, 1)
998 self.assertEquals(rep.u.ctx_list[0].result,
999 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1000 self.assertEquals(rep.u.ctx_list[0].reason,
1001 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1002 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1003 self.assertEquals(rep.u.auth_info, '\0' * 0)
1005 req = self.generate_request(call_id = 1,
1006 context_id=ctx1.context_id,
1010 rep = self.recv_pdu()
1011 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1013 self.assertNotEquals(rep.u.alloc_hint, 0)
1014 self.assertEquals(rep.u.context_id, req.u.context_id)
1015 self.assertEquals(rep.u.cancel_count, 0)
1016 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1018 tsf2_list = [ndr32,ndr32]
1019 ctx2 = dcerpc.ctx_list()
1021 ctx2.num_transfer_syntaxes = len(tsf2_list)
1022 ctx2.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1023 ctx2.transfer_syntaxes = tsf2_list
1025 req = self.generate_alter(call_id=2, ctx_list=[ctx2])
1027 rep = self.recv_pdu()
1028 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1030 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1031 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1032 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1033 self.assertEquals(rep.u.secondary_address_size, 0)
1034 self.assertEquals(len(rep.u._pad1), 2)
1035 #self.assertEquals(rep.u._pad1, '\0' * 2)
1036 self.assertEquals(rep.u.num_results, 1)
1037 self.assertEquals(rep.u.ctx_list[0].result,
1038 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1039 self.assertEquals(rep.u.ctx_list[0].reason,
1040 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1041 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1042 self.assertEquals(rep.u.auth_info, '\0' * 0)
1044 req = self.generate_request(call_id = 1,
1045 context_id=ctx2.context_id,
1049 rep = self.recv_pdu()
1050 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1052 self.assertNotEquals(rep.u.alloc_hint, 0)
1053 self.assertEquals(rep.u.context_id, req.u.context_id)
1054 self.assertEquals(rep.u.cancel_count, 0)
1055 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1058 ctx3 = dcerpc.ctx_list()
1060 ctx3.num_transfer_syntaxes = len(tsf3_list)
1061 ctx3.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1062 ctx3.transfer_syntaxes = tsf3_list
1065 ctx4 = dcerpc.ctx_list()
1067 ctx4.num_transfer_syntaxes = len(tsf4_list)
1068 ctx4.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1069 ctx4.transfer_syntaxes = tsf4_list
1071 req = self.generate_alter(call_id=34, ctx_list=[ctx3,ctx4])
1073 rep = self.recv_pdu()
1074 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1076 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1077 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1078 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1079 self.assertEquals(rep.u.secondary_address_size, 0)
1080 self.assertEquals(len(rep.u._pad1), 2)
1081 #self.assertEquals(rep.u._pad1, '\0' * 2)
1082 self.assertEquals(rep.u.num_results, 2)
1083 self.assertEquals(rep.u.ctx_list[0].result,
1084 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1085 self.assertEquals(rep.u.ctx_list[0].reason,
1086 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1087 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1088 self.assertEquals(rep.u.ctx_list[1].result,
1089 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1090 self.assertEquals(rep.u.ctx_list[1].reason,
1091 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1092 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1093 self.assertEquals(rep.u.auth_info, '\0' * 0)
1095 req = self.generate_request(call_id = 1,
1096 context_id=ctx3.context_id,
1100 rep = self.recv_pdu()
1101 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1103 self.assertNotEquals(rep.u.alloc_hint, 0)
1104 self.assertEquals(rep.u.context_id, req.u.context_id)
1105 self.assertEquals(rep.u.cancel_count, 0)
1106 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1108 req = self.generate_alter(call_id=43, ctx_list=[ctx4,ctx3])
1110 rep = self.recv_pdu()
1111 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1113 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1114 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1115 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1116 self.assertEquals(rep.u.secondary_address_size, 0)
1117 self.assertEquals(len(rep.u._pad1), 2)
1118 #self.assertEquals(rep.u._pad1, '\0' * 2)
1119 self.assertEquals(rep.u.num_results, 2)
1120 self.assertEquals(rep.u.ctx_list[0].result,
1121 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1122 self.assertEquals(rep.u.ctx_list[0].reason,
1123 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1124 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1125 self.assertEquals(rep.u.ctx_list[1].result,
1126 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1127 self.assertEquals(rep.u.ctx_list[1].reason,
1128 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1129 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1130 self.assertEquals(rep.u.auth_info, '\0' * 0)
1132 req = self.generate_request(call_id = 1,
1133 context_id=ctx4.context_id,
1137 rep = self.recv_pdu()
1138 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1140 self.assertNotEquals(rep.u.alloc_hint, 0)
1141 self.assertEquals(rep.u.context_id, req.u.context_id)
1142 self.assertEquals(rep.u.cancel_count, 0)
1143 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1145 req = self.generate_request(call_id = 1,
1146 context_id=ctx3.context_id,
1150 rep = self.recv_pdu()
1151 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1153 self.assertNotEquals(rep.u.alloc_hint, 0)
1154 self.assertEquals(rep.u.context_id, req.u.context_id)
1155 self.assertEquals(rep.u.cancel_count, 0)
1156 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1158 req = self.generate_alter(call_id=44, ctx_list=[ctx4,ctx4])
1160 rep = self.recv_pdu()
1161 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1163 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1164 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1165 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1166 self.assertEquals(rep.u.secondary_address_size, 0)
1167 self.assertEquals(len(rep.u._pad1), 2)
1168 #self.assertEquals(rep.u._pad1, '\0' * 2)
1169 self.assertEquals(rep.u.num_results, 2)
1170 self.assertEquals(rep.u.ctx_list[0].result,
1171 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1172 self.assertEquals(rep.u.ctx_list[0].reason,
1173 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1174 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1175 self.assertEquals(rep.u.ctx_list[1].result,
1176 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1177 self.assertEquals(rep.u.ctx_list[1].reason,
1178 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1179 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1180 self.assertEquals(rep.u.auth_info, '\0' * 0)
1182 req = self.generate_request(call_id = 1,
1183 context_id=ctx4.context_id,
1187 rep = self.recv_pdu()
1188 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1190 self.assertNotEquals(rep.u.alloc_hint, 0)
1191 self.assertEquals(rep.u.context_id, req.u.context_id)
1192 self.assertEquals(rep.u.cancel_count, 0)
1193 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1195 req = self.generate_request(call_id = 1,
1196 context_id=ctx3.context_id,
1200 rep = self.recv_pdu()
1201 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1203 self.assertNotEquals(rep.u.alloc_hint, 0)
1204 self.assertEquals(rep.u.context_id, req.u.context_id)
1205 self.assertEquals(rep.u.cancel_count, 0)
1206 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1208 tsf5mgmt_list = [ndr32]
1209 ctx5mgmt = dcerpc.ctx_list()
1210 ctx5mgmt.context_id = 5
1211 ctx5mgmt.num_transfer_syntaxes = len(tsf5mgmt_list)
1212 ctx5mgmt.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1213 ctx5mgmt.transfer_syntaxes = tsf5mgmt_list
1215 tsf5epm_list = [ndr32]
1216 ctx5epm = dcerpc.ctx_list()
1217 ctx5epm.context_id = 5
1218 ctx5epm.num_transfer_syntaxes = len(tsf5epm_list)
1219 ctx5epm.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1220 ctx5epm.transfer_syntaxes = tsf5epm_list
1222 req = self.generate_alter(call_id=55, ctx_list=[ctx5mgmt,ctx5epm])
1224 rep = self.recv_pdu()
1225 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1227 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1228 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1229 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1230 self.assertEquals(rep.u.secondary_address_size, 0)
1231 self.assertEquals(len(rep.u._pad1), 2)
1232 #self.assertEquals(rep.u._pad1, '\0' * 2)
1233 self.assertEquals(rep.u.num_results, 2)
1234 self.assertEquals(rep.u.ctx_list[0].result,
1235 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1236 self.assertEquals(rep.u.ctx_list[0].reason,
1237 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1238 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1239 self.assertEquals(rep.u.ctx_list[1].result,
1240 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1241 self.assertEquals(rep.u.ctx_list[1].reason,
1242 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1243 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1244 self.assertEquals(rep.u.auth_info, '\0' * 0)
1246 req = self.generate_request(call_id = 1,
1247 context_id=ctx5mgmt.context_id,
1251 rep = self.recv_pdu()
1252 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1254 self.assertNotEquals(rep.u.alloc_hint, 0)
1255 self.assertEquals(rep.u.context_id, req.u.context_id)
1256 self.assertEquals(rep.u.cancel_count, 0)
1257 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1259 req = self.generate_alter(call_id=55, ctx_list=[ctx5mgmt,ctx5epm])
1261 rep = self.recv_pdu()
1262 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1264 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1265 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1266 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1267 self.assertEquals(rep.u.secondary_address_size, 0)
1268 self.assertEquals(len(rep.u._pad1), 2)
1269 #self.assertEquals(rep.u._pad1, '\0' * 2)
1270 self.assertEquals(rep.u.num_results, 2)
1271 self.assertEquals(rep.u.ctx_list[0].result,
1272 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1273 self.assertEquals(rep.u.ctx_list[0].reason,
1274 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1275 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1276 self.assertEquals(rep.u.ctx_list[1].result,
1277 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1278 self.assertEquals(rep.u.ctx_list[1].reason,
1279 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1280 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1281 self.assertEquals(rep.u.auth_info, '\0' * 0)
1283 req = self.generate_request(call_id = 1,
1284 context_id=ctx5mgmt.context_id,
1288 rep = self.recv_pdu()
1289 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1291 self.assertNotEquals(rep.u.alloc_hint, 0)
1292 self.assertEquals(rep.u.context_id, req.u.context_id)
1293 self.assertEquals(rep.u.cancel_count, 0)
1294 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1296 def test_no_auth_bind_time_none_simple(self):
1298 btf = base.bind_time_features_syntax(features)
1300 zero_syntax = misc.ndr_syntax_id()
1303 ctx1 = dcerpc.ctx_list()
1305 ctx1.num_transfer_syntaxes = len(tsf1_list)
1306 ctx1.abstract_syntax = zero_syntax
1307 ctx1.transfer_syntaxes = tsf1_list
1309 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1311 rep = self.recv_pdu()
1312 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1314 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1315 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1316 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1317 self.assertEquals(rep.u.secondary_address_size, 4)
1318 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1319 self.assertEquals(len(rep.u._pad1), 2)
1320 self.assertEquals(rep.u._pad1, '\0' * 2)
1321 self.assertEquals(rep.u.num_results, 1)
1322 self.assertEquals(rep.u.ctx_list[0].result,
1323 dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1324 self.assertEquals(rep.u.ctx_list[0].reason, features)
1325 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1326 self.assertEquals(rep.u.auth_info, '\0' * 0)
1328 def test_no_auth_bind_time_none_ignore_additional(self):
1330 btf1 = base.bind_time_features_syntax(features1)
1332 features2 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1333 features2 |= dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1334 btf2 = base.bind_time_features_syntax(features2)
1336 zero_syntax = misc.ndr_syntax_id()
1337 ndr64 = base.transfer_syntax_ndr64()
1339 tsf1_list = [btf1,btf2,zero_syntax]
1340 ctx1 = dcerpc.ctx_list()
1342 ctx1.num_transfer_syntaxes = len(tsf1_list)
1343 ctx1.abstract_syntax = ndr64
1344 ctx1.transfer_syntaxes = tsf1_list
1346 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1348 rep = self.recv_pdu()
1349 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1351 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1352 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1353 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1354 self.assertEquals(rep.u.secondary_address_size, 4)
1355 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1356 self.assertEquals(len(rep.u._pad1), 2)
1357 self.assertEquals(rep.u._pad1, '\0' * 2)
1358 self.assertEquals(rep.u.num_results, 1)
1359 self.assertEquals(rep.u.ctx_list[0].result,
1360 dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1361 self.assertEquals(rep.u.ctx_list[0].reason, features1)
1362 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1363 self.assertEquals(rep.u.auth_info, '\0' * 0)
1365 def test_no_auth_bind_time_only_first(self):
1366 features1 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1367 btf1 = base.bind_time_features_syntax(features1)
1369 features2 = dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1370 btf2 = base.bind_time_features_syntax(features2)
1372 zero_syntax = misc.ndr_syntax_id()
1374 tsf1_list = [zero_syntax,btf1,btf2,zero_syntax]
1375 ctx1 = dcerpc.ctx_list()
1377 ctx1.num_transfer_syntaxes = len(tsf1_list)
1378 ctx1.abstract_syntax = zero_syntax
1379 ctx1.transfer_syntaxes = tsf1_list
1381 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1383 rep = self.recv_pdu()
1384 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1386 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1387 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1388 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1389 self.assertEquals(rep.u.secondary_address_size, 4)
1390 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1391 self.assertEquals(len(rep.u._pad1), 2)
1392 self.assertEquals(rep.u._pad1, '\0' * 2)
1393 self.assertEquals(rep.u.num_results, 1)
1394 self.assertEquals(rep.u.ctx_list[0].result,
1395 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1396 self.assertEquals(rep.u.ctx_list[0].reason,
1397 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
1398 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1399 self.assertEquals(rep.u.auth_info, '\0' * 0)
1401 def test_no_auth_bind_time_twice(self):
1402 features1 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1403 btf1 = base.bind_time_features_syntax(features1)
1405 features2 = dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1406 btf2 = base.bind_time_features_syntax(features2)
1408 zero_syntax = misc.ndr_syntax_id()
1411 ctx1 = dcerpc.ctx_list()
1413 ctx1.num_transfer_syntaxes = len(tsf1_list)
1414 ctx1.abstract_syntax = zero_syntax
1415 ctx1.transfer_syntaxes = tsf1_list
1418 ctx2 = dcerpc.ctx_list()
1420 ctx2.num_transfer_syntaxes = len(tsf2_list)
1421 ctx2.abstract_syntax = zero_syntax
1422 ctx2.transfer_syntaxes = tsf2_list
1424 req = self.generate_bind(call_id=0, ctx_list=[ctx1,ctx2])
1426 rep = self.recv_pdu()
1427 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
1429 self.assertEquals(rep.u.reject_reason,
1430 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1431 self.assertEquals(rep.u.num_versions, 1)
1432 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
1433 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
1434 self.assertEquals(len(rep.u._pad), 3)
1435 self.assertEquals(rep.u._pad, '\0' * 3)
1437 # wait for a disconnect
1438 rep = self.recv_pdu()
1439 self.assertIsNone(rep)
1440 self.assertNotConnected()
1442 def test_no_auth_bind_time_keep_on_orphan_simple(self):
1443 features = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1444 btf = base.bind_time_features_syntax(features)
1446 zero_syntax = misc.ndr_syntax_id()
1449 ctx1 = dcerpc.ctx_list()
1451 ctx1.num_transfer_syntaxes = len(tsf1_list)
1452 ctx1.abstract_syntax = zero_syntax
1453 ctx1.transfer_syntaxes = tsf1_list
1455 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1457 rep = self.recv_pdu()
1458 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1460 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1461 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1462 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1463 self.assertEquals(rep.u.secondary_address_size, 4)
1464 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1465 self.assertEquals(len(rep.u._pad1), 2)
1466 self.assertEquals(rep.u._pad1, '\0' * 2)
1467 self.assertEquals(rep.u.num_results, 1)
1468 self.assertEquals(rep.u.ctx_list[0].result,
1469 dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1470 self.assertEquals(rep.u.ctx_list[0].reason, features)
1471 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1472 self.assertEquals(rep.u.auth_info, '\0' * 0)
1474 def test_no_auth_bind_time_keep_on_orphan_ignore_additional(self):
1475 features1 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1476 btf1 = base.bind_time_features_syntax(features1)
1478 features2 = dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1479 btf2 = base.bind_time_features_syntax(features2)
1481 zero_syntax = misc.ndr_syntax_id()
1482 ndr64 = base.transfer_syntax_ndr64()
1484 tsf1_list = [btf1,btf2,zero_syntax]
1485 ctx1 = dcerpc.ctx_list()
1487 ctx1.num_transfer_syntaxes = len(tsf1_list)
1488 ctx1.abstract_syntax = ndr64
1489 ctx1.transfer_syntaxes = tsf1_list
1491 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1493 rep = self.recv_pdu()
1494 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1496 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1497 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1498 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1499 self.assertEquals(rep.u.secondary_address_size, 4)
1500 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1501 self.assertEquals(len(rep.u._pad1), 2)
1502 self.assertEquals(rep.u._pad1, '\0' * 2)
1503 self.assertEquals(rep.u.num_results, 1)
1504 self.assertEquals(rep.u.ctx_list[0].result,
1505 dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1506 self.assertEquals(rep.u.ctx_list[0].reason, features1)
1507 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1508 self.assertEquals(rep.u.auth_info, '\0' * 0)
1510 def _test_auth_type_level_bind_nak(self, auth_type, auth_level, creds=None,
1511 reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_AUTH_TYPE):
1512 ndr32 = base.transfer_syntax_ndr()
1515 ctx1 = dcerpc.ctx_list()
1517 ctx1.num_transfer_syntaxes = len(tsf1_list)
1518 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1519 ctx1.transfer_syntaxes = tsf1_list
1524 if creds is not None:
1525 # We always start with DCERPC_AUTH_LEVEL_INTEGRITY
1526 auth_context = self.get_auth_context_creds(creds,
1527 auth_type=auth_type,
1528 auth_level=auth_level,
1529 auth_context_id=auth_context_id,
1530 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
1532 (finished, to_server) = auth_context["gensec"].update(from_server)
1533 self.assertFalse(finished)
1535 auth_info = self.generate_auth(auth_type=auth_context["auth_type"],
1536 auth_level=auth_context["auth_level"],
1537 auth_context_id=auth_context["auth_context_id"],
1538 auth_blob=to_server)
1541 auth_info = self.generate_auth(auth_type=auth_type,
1542 auth_level=auth_level,
1543 auth_context_id=auth_context_id,
1544 auth_blob=to_server)
1546 req = self.generate_bind(call_id=0,
1548 auth_info=auth_info)
1550 rep = self.recv_pdu()
1551 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
1553 self.assertEquals(rep.u.reject_reason, reason)
1554 self.assertEquals(rep.u.num_versions, 1)
1555 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
1556 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
1557 self.assertEquals(len(rep.u._pad), 3)
1558 self.assertEquals(rep.u._pad, '\0' * 3)
1560 # wait for a disconnect
1561 rep = self.recv_pdu()
1562 self.assertIsNone(rep)
1563 self.assertNotConnected()
1565 def _test_auth_none_level_bind(self, auth_level,
1566 reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_AUTH_TYPE):
1567 return self._test_auth_type_level_bind_nak(auth_type=dcerpc.DCERPC_AUTH_LEVEL_NONE,
1568 auth_level=auth_level, reason=reason)
1570 def test_auth_none_none_bind(self):
1571 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_NONE,
1572 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1574 def test_auth_none_connect_bind(self):
1575 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_CONNECT)
1577 def test_auth_none_call_bind(self):
1578 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_CALL)
1580 def test_auth_none_packet_bind(self):
1581 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_PACKET)
1583 def test_auth_none_integrity_bind(self):
1584 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
1586 def test_auth_none_privacy_bind(self):
1587 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_PRIVACY)
1589 def test_auth_none_0_bind(self):
1590 return self._test_auth_none_level_bind(0,
1591 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1593 def test_auth_none_7_bind(self):
1594 return self._test_auth_none_level_bind(7,
1595 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1597 def test_auth_none_255_bind(self):
1598 return self._test_auth_none_level_bind(255,
1599 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1601 def _test_auth_none_level_request(self, auth_level):
1602 ndr32 = base.transfer_syntax_ndr()
1605 ctx1 = dcerpc.ctx_list()
1607 ctx1.num_transfer_syntaxes = len(tsf1_list)
1608 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1609 ctx1.transfer_syntaxes = tsf1_list
1612 auth_type = dcerpc.DCERPC_AUTH_TYPE_NONE
1615 req = self.generate_bind(call_id=0,
1619 rep = self.recv_pdu()
1620 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
1621 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1622 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1623 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1624 self.assertEquals(rep.u.secondary_address_size, 4)
1625 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1626 self.assertEquals(len(rep.u._pad1), 2)
1627 self.assertEquals(rep.u._pad1, '\0' * 2)
1628 self.assertEquals(rep.u.num_results, 1)
1629 self.assertEquals(rep.u.ctx_list[0].result,
1630 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1631 self.assertEquals(rep.u.ctx_list[0].reason,
1632 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1633 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1634 self.assertEquals(len(rep.u.auth_info), 0)
1636 # And now try a request without auth_info
1637 req = self.generate_request(call_id = 2,
1638 context_id=ctx1.context_id,
1642 rep = self.recv_pdu()
1643 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1645 self.assertNotEquals(rep.u.alloc_hint, 0)
1646 self.assertEquals(rep.u.context_id, req.u.context_id)
1647 self.assertEquals(rep.u.cancel_count, 0)
1648 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1650 auth_info = self.generate_auth(auth_type=auth_type,
1651 auth_level=auth_level,
1652 auth_context_id=auth_context_id,
1655 req = self.generate_request(call_id = 3,
1656 context_id=ctx1.context_id,
1659 auth_info=auth_info)
1661 rep = self.recv_pdu()
1662 # We get a fault back
1663 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
1665 self.assertNotEquals(rep.u.alloc_hint, 0)
1666 self.assertEquals(rep.u.context_id, req.u.context_id)
1667 self.assertEquals(rep.u.cancel_count, 0)
1668 self.assertEquals(rep.u.flags, 0)
1669 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
1670 self.assertEquals(rep.u.reserved, 0)
1671 self.assertEquals(len(rep.u.error_and_verifier), 0)
1673 # wait for a disconnect
1674 rep = self.recv_pdu()
1675 self.assertIsNone(rep)
1676 self.assertNotConnected()
1678 def test_auth_none_none_request(self):
1679 return self._test_auth_none_level_request(dcerpc.DCERPC_AUTH_LEVEL_NONE)
1681 def test_auth_none_connect_request(self):
1682 return self._test_auth_none_level_request(dcerpc.DCERPC_AUTH_LEVEL_CONNECT)
1684 def test_auth_none_call_request(self):
1685 return self._test_auth_none_level_request(dcerpc.DCERPC_AUTH_LEVEL_CALL)
1687 def _test_neg_xmit_check_values(self,
1693 ndr32 = base.transfer_syntax_ndr()
1696 ctx1 = dcerpc.ctx_list()
1698 ctx1.num_transfer_syntaxes = len(tsf1_list)
1699 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1700 ctx1.transfer_syntaxes = tsf1_list
1702 req = self.generate_bind(call_id=0,
1703 max_xmit_frag=req_xmit,
1704 max_recv_frag=req_recv,
1707 rep = self.recv_pdu()
1708 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1710 self.assertEquals(rep.u.max_xmit_frag, rep_both)
1711 self.assertEquals(rep.u.max_recv_frag, rep_both)
1712 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1713 self.assertEquals(rep.u.secondary_address_size, 4)
1714 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1715 self.assertEquals(len(rep.u._pad1), 2)
1716 self.assertEquals(rep.u._pad1, '\0' * 2)
1717 self.assertEquals(rep.u.num_results, 1)
1718 self.assertEquals(rep.u.ctx_list[0].result,
1719 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1720 self.assertEquals(rep.u.ctx_list[0].reason,
1721 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1722 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1723 self.assertEquals(rep.u.auth_info, '\0' * 0)
1725 assoc_group_id = rep.u.assoc_group_id
1726 if alter_xmit is None:
1727 alter_xmit = rep_both - 8
1728 if alter_recv is None:
1729 alter_recv = rep_both - 8
1731 # max_{xmit,recv}_frag and assoc_group_id are completely
1732 # ignored in alter_context requests
1733 req = self.generate_alter(call_id=1,
1734 max_xmit_frag=alter_xmit,
1735 max_recv_frag=alter_recv,
1736 assoc_group_id=0xffffffff-rep.u.assoc_group_id,
1739 rep = self.recv_pdu()
1740 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1742 self.assertEquals(rep.u.max_xmit_frag, rep_both)
1743 self.assertEquals(rep.u.max_recv_frag, rep_both)
1744 self.assertEquals(rep.u.assoc_group_id, rep.u.assoc_group_id)
1745 self.assertEquals(rep.u.secondary_address_size, 0)
1746 self.assertEquals(len(rep.u._pad1), 2)
1747 #self.assertEquals(rep.u._pad1, '\0' * 2)
1748 self.assertEquals(rep.u.num_results, 1)
1749 self.assertEquals(rep.u.ctx_list[0].result,
1750 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1751 self.assertEquals(rep.u.ctx_list[0].reason,
1752 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1753 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1754 self.assertEquals(rep.u.auth_info, '\0' * 0)
1756 chunk_size = rep_both - dcerpc.DCERPC_REQUEST_LENGTH
1757 req = self.generate_request(call_id = 2,
1758 context_id=ctx1.context_id,
1760 alloc_hint=0xffffffff,
1761 stub="\00" * chunk_size)
1762 self.send_pdu(req,ndr_print=True,hexdump=True)
1763 rep = self.recv_pdu(ndr_print=True,hexdump=True)
1764 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1766 self.assertNotEquals(rep.u.alloc_hint, 0)
1767 self.assertEquals(rep.u.context_id, req.u.context_id)
1768 self.assertEquals(rep.u.cancel_count, 0)
1769 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1771 chunk_size = 5840 - dcerpc.DCERPC_REQUEST_LENGTH
1772 req = self.generate_request(call_id = 2,
1773 context_id=ctx1.context_id,
1775 alloc_hint=0xffffffff,
1776 stub="\00" * chunk_size)
1778 rep = self.recv_pdu()
1779 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1781 self.assertNotEquals(rep.u.alloc_hint, 0)
1782 self.assertEquals(rep.u.context_id, req.u.context_id)
1783 self.assertEquals(rep.u.cancel_count, 0)
1784 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1787 req = self.generate_request(call_id = 3,
1788 context_id=ctx1.context_id,
1790 alloc_hint=0xffffffff,
1791 stub="\00" * chunk_size)
1793 rep = self.recv_pdu()
1795 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
1797 self.assertNotEquals(rep.u.alloc_hint, 0)
1798 self.assertEquals(rep.u.context_id, 0)
1799 self.assertEquals(rep.u.cancel_count, 0)
1800 self.assertEquals(rep.u.flags, 0)
1801 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
1802 self.assertEquals(rep.u.reserved, 0)
1803 self.assertEquals(len(rep.u.error_and_verifier), 0)
1805 # wait for a disconnect
1806 rep = self.recv_pdu()
1807 self.assertIsNone(rep)
1808 self.assertNotConnected()
1810 def test_neg_xmit_ffff_ffff(self):
1811 return self._test_neg_xmit_check_values(req_xmit=0xffff,
1815 def test_neg_xmit_0_ffff(self):
1816 return self._test_neg_xmit_check_values(req_xmit=0,
1822 def test_neg_xmit_ffff_0(self):
1823 return self._test_neg_xmit_check_values(req_xmit=0xffff,
1827 def test_neg_xmit_0_0(self):
1828 return self._test_neg_xmit_check_values(req_xmit=0,
1834 def test_neg_xmit_3199_0(self):
1835 return self._test_neg_xmit_check_values(req_xmit=3199,
1838 def test_neg_xmit_0_3199(self):
1839 return self._test_neg_xmit_check_values(req_xmit=0,
1843 def test_neg_xmit_3199_ffff(self):
1844 return self._test_neg_xmit_check_values(req_xmit=3199,
1847 def test_neg_xmit_ffff_3199(self):
1848 return self._test_neg_xmit_check_values(req_xmit=0xffff,
1852 def test_alloc_hint(self):
1853 ndr32 = base.transfer_syntax_ndr()
1856 ctx = dcerpc.ctx_list()
1858 ctx.num_transfer_syntaxes = len(tsf1_list)
1859 ctx.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1860 ctx.transfer_syntaxes = tsf1_list
1862 req = self.generate_bind(call_id=0,
1865 rep = self.recv_pdu()
1866 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1868 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1869 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1870 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1871 self.assertEquals(rep.u.secondary_address_size, 4)
1872 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1873 self.assertEquals(len(rep.u._pad1), 2)
1874 self.assertEquals(rep.u._pad1, '\0' * 2)
1875 self.assertEquals(rep.u.num_results, 1)
1876 self.assertEquals(rep.u.ctx_list[0].result,
1877 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1878 self.assertEquals(rep.u.ctx_list[0].reason,
1879 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1880 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1881 self.assertEquals(rep.u.auth_info, '\0' * 0)
1883 # And now try a request without auth_info
1884 req = self.generate_request(call_id = 2,
1885 context_id=ctx.context_id,
1887 alloc_hint=0xffffffff,
1890 rep = self.recv_pdu()
1891 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1893 self.assertNotEquals(rep.u.alloc_hint, 0)
1894 self.assertEquals(rep.u.context_id, req.u.context_id)
1895 self.assertEquals(rep.u.cancel_count, 0)
1896 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1898 req = self.generate_request(call_id = 3,
1899 context_id=ctx.context_id,
1901 alloc_hint=0xffffffff,
1902 stub="\04\00\00\00\00\00\00\00")
1904 rep = self.recv_pdu()
1905 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1907 self.assertNotEquals(rep.u.alloc_hint, 0)
1908 self.assertEquals(rep.u.context_id, req.u.context_id)
1909 self.assertEquals(rep.u.cancel_count, 0)
1910 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1912 req = self.generate_request(call_id = 4,
1913 context_id=ctx.context_id,
1916 stub="\04\00\00\00\00\00\00\00")
1918 rep = self.recv_pdu()
1919 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1921 self.assertNotEquals(rep.u.alloc_hint, 0)
1922 self.assertEquals(rep.u.context_id, req.u.context_id)
1923 self.assertEquals(rep.u.cancel_count, 0)
1924 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1926 def _get_netlogon_ctx(self):
1927 abstract = samba.dcerpc.netlogon.abstract_syntax()
1928 ndr32 = base.transfer_syntax_ndr()
1930 (ctx, ack) = self.prepare_presentation(abstract, ndr32, context_id=0,
1931 epmap=True, return_ack=True)
1933 server = '\\\\' + self.target_hostname
1934 server_utf16 = unicode(server, 'utf-8').encode('utf-16-le')
1935 computer = 'UNKNOWNCOMPUTER'
1936 computer_utf16 = unicode(computer, 'utf-8').encode('utf-16-le')
1938 real_stub = struct.pack('<IIII', 0x00200000,
1939 len(server)+1, 0, len(server)+1)
1940 real_stub += server_utf16 + '\x00\x00'
1941 mod_len = len(real_stub) % 4
1943 real_stub += '\x00' * (4 - mod_len)
1944 real_stub += struct.pack('<III',
1945 len(computer)+1, 0, len(computer)+1)
1946 real_stub += computer_utf16 + '\x00\x00'
1947 real_stub += '\x11\x22\x33\x44\x55\x66\x77\x88'
1949 return (ctx, ack, real_stub)
1951 def _test_fragmented_requests(self, remaining=None, alloc_hint=None,
1952 fault_first=None, fault_last=None):
1953 (ctx, rep, real_stub) = self._get_netlogon_ctx()
1955 chunk = rep.u.max_recv_frag - dcerpc.DCERPC_REQUEST_LENGTH
1959 while remaining > 0:
1960 thistime = min(remaining, chunk)
1961 remaining -= thistime
1966 pfc_flags |= dcerpc.DCERPC_PFC_FLAG_FIRST
1968 stub = real_stub + '\x00' * (thistime - len(real_stub))
1970 stub = "\x00" * thistime
1973 pfc_flags |= dcerpc.DCERPC_PFC_FLAG_LAST
1975 # And now try a request without auth_info
1976 # netr_ServerReqChallenge()
1977 req = self.generate_request(call_id = 2,
1978 pfc_flags=pfc_flags,
1979 context_id=ctx.context_id,
1981 alloc_hint=alloc_hint,
1983 if alloc_hint >= thistime:
1984 alloc_hint -= thistime
1987 self.send_pdu(req,hexdump=False)
1988 if fault_first is not None:
1989 rep = self.recv_pdu()
1990 # We get a fault back
1991 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
1993 self.assertNotEquals(rep.u.alloc_hint, 0)
1994 self.assertEquals(rep.u.context_id, req.u.context_id)
1995 self.assertEquals(rep.u.cancel_count, 0)
1996 self.assertEquals(rep.u.flags, 0)
1997 self.assertEquals(rep.u.status, fault_first)
1998 self.assertEquals(rep.u.reserved, 0)
1999 self.assertEquals(len(rep.u.error_and_verifier), 0)
2001 # wait for a disconnect
2002 rep = self.recv_pdu()
2003 self.assertIsNone(rep)
2004 self.assertNotConnected()
2008 if total >= 0x400000 and fault_last is not None:
2009 rep = self.recv_pdu()
2010 # We get a fault back
2011 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2013 self.assertNotEquals(rep.u.alloc_hint, 0)
2014 self.assertEquals(rep.u.context_id, req.u.context_id)
2015 self.assertEquals(rep.u.cancel_count, 0)
2016 self.assertEquals(rep.u.flags, 0)
2017 self.assertEquals(rep.u.status, fault_last)
2018 self.assertEquals(rep.u.reserved, 0)
2019 self.assertEquals(len(rep.u.error_and_verifier), 0)
2021 # wait for a disconnect
2022 rep = self.recv_pdu()
2023 self.assertIsNone(rep)
2024 self.assertNotConnected()
2026 rep = self.recv_pdu(timeout=0.01)
2027 self.assertIsNone(rep)
2028 self.assertIsConnected()
2030 if total >= 0x400000 and fault_last is not None:
2031 rep = self.recv_pdu()
2032 # We get a fault back
2033 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2035 self.assertNotEquals(rep.u.alloc_hint, 0)
2036 self.assertEquals(rep.u.context_id, req.u.context_id)
2037 self.assertEquals(rep.u.cancel_count, 0)
2038 self.assertEquals(rep.u.flags, 0)
2039 self.assertEquals(rep.u.status, fault_last)
2040 self.assertEquals(rep.u.reserved, 0)
2041 self.assertEquals(len(rep.u.error_and_verifier), 0)
2043 # wait for a disconnect
2044 rep = self.recv_pdu()
2045 self.assertIsNone(rep)
2046 self.assertNotConnected()
2048 rep = self.recv_pdu()
2049 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2051 self.assertNotEquals(rep.u.alloc_hint, 0)
2052 self.assertEquals(rep.u.context_id, req.u.context_id)
2053 self.assertEquals(rep.u.cancel_count, 0)
2054 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2056 self.assertEquals(len(rep.u.stub_and_verifier), 12)
2057 status = struct.unpack_from("<I", rep.u.stub_and_verifier, len(rep.u.stub_and_verifier) - 4)
2058 self.assertEquals(status[0], 0)
2060 def test_fragmented_requests01(self):
2061 return self._test_fragmented_requests(remaining=0x400000,
2062 alloc_hint=0x400000)
2064 def test_fragmented_requests02(self):
2065 return self._test_fragmented_requests(remaining=0x400000,
2066 alloc_hint=0x100000)
2068 def test_fragmented_requests03(self):
2069 return self._test_fragmented_requests(remaining=0x400000,
2072 def test_fragmented_requests04(self):
2073 return self._test_fragmented_requests(remaining=0x400000,
2074 alloc_hint=0x400001,
2075 fault_first=dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2077 def test_fragmented_requests05(self):
2078 return self._test_fragmented_requests(remaining=0x500001,
2080 fault_last=dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2082 def _test_same_requests(self, pfc_flags, fault_1st=False, fault_2nd=False):
2083 (ctx, rep, real_stub) = self._get_netlogon_ctx()
2085 # netr_ServerReqChallenge with given flags
2086 req = self.generate_request(call_id = 2,
2087 pfc_flags=pfc_flags,
2088 context_id=ctx.context_id,
2093 rep = self.recv_pdu()
2094 # We get a fault back
2095 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2097 self.assertNotEquals(rep.u.alloc_hint, 0)
2098 self.assertEquals(rep.u.context_id, 0)
2099 self.assertEquals(rep.u.cancel_count, 0)
2100 self.assertEquals(rep.u.flags, 0)
2101 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2102 self.assertEquals(rep.u.reserved, 0)
2103 self.assertEquals(len(rep.u.error_and_verifier), 0)
2105 # wait for a disconnect
2106 rep = self.recv_pdu()
2107 self.assertIsNone(rep)
2108 self.assertNotConnected()
2110 rep = self.recv_pdu(timeout=0.1)
2111 self.assertIsNone(rep)
2112 self.assertIsConnected()
2114 # netr_ServerReqChallenge without DCERPC_PFC_FLAG_LAST
2115 # with the same call_id
2116 req = self.generate_request(call_id = 2,
2117 pfc_flags=pfc_flags,
2118 context_id=ctx.context_id,
2123 rep = self.recv_pdu()
2124 # We get a fault back
2125 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2127 self.assertNotEquals(rep.u.alloc_hint, 0)
2128 self.assertEquals(rep.u.context_id, req.u.context_id)
2129 self.assertEquals(rep.u.cancel_count, 0)
2130 self.assertEquals(rep.u.flags, 0)
2131 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2132 self.assertEquals(rep.u.reserved, 0)
2133 self.assertEquals(len(rep.u.error_and_verifier), 0)
2135 # wait for a disconnect
2136 rep = self.recv_pdu()
2137 self.assertIsNone(rep)
2138 self.assertNotConnected()
2141 rep = self.recv_pdu(timeout=0.1)
2142 self.assertIsNone(rep)
2143 self.assertIsConnected()
2145 def test_first_only_requests(self):
2146 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2149 def test_none_only_requests(self):
2150 return self._test_same_requests(pfc_flags=0, fault_1st=True)
2152 def test_last_only_requests(self):
2153 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2156 def test_first_maybe_requests(self):
2157 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2158 dcerpc.DCERPC_PFC_FLAG_MAYBE,
2161 def test_first_didnot_requests(self):
2162 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2163 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
2166 def test_first_cmpx_requests(self):
2167 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2168 dcerpc.DCERPC_PFC_FLAG_CONC_MPX,
2171 def test_first_08_requests(self):
2172 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2176 def test_first_cancel_requests(self):
2177 (ctx, rep, real_stub) = self._get_netlogon_ctx()
2179 # netr_ServerReqChallenge with given flags
2180 req = self.generate_request(call_id = 2,
2181 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2182 dcerpc.DCERPC_PFC_FLAG_PENDING_CANCEL,
2183 context_id=ctx.context_id,
2187 rep = self.recv_pdu()
2188 # We get a fault back
2189 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2190 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2191 dcerpc.DCERPC_PFC_FLAG_LAST |
2192 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
2194 self.assertNotEquals(rep.u.alloc_hint, 0)
2195 self.assertEquals(rep.u.context_id, 0)
2196 self.assertEquals(rep.u.cancel_count, 0)
2197 self.assertEquals(rep.u.flags, 0)
2198 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_NO_CALL_ACTIVE)
2199 self.assertEquals(rep.u.reserved, 0)
2200 self.assertEquals(len(rep.u.error_and_verifier), 0)
2202 # wait for a disconnect
2203 rep = self.recv_pdu()
2204 self.assertIsNone(rep)
2205 self.assertNotConnected()
2207 def test_2nd_cancel_requests(self):
2208 (ctx, rep, real_stub) = self._get_netlogon_ctx()
2210 # netr_ServerReqChallenge with given flags
2211 req = self.generate_request(call_id = 2,
2212 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2213 context_id=ctx.context_id,
2217 rep = self.recv_pdu(timeout=0.1)
2218 self.assertIsNone(rep)
2219 self.assertIsConnected()
2221 # netr_ServerReqChallenge with given flags
2222 req = self.generate_request(call_id = 2,
2223 pfc_flags=dcerpc.DCERPC_PFC_FLAG_PENDING_CANCEL,
2224 context_id=ctx.context_id,
2228 rep = self.recv_pdu(timeout=0.1)
2229 self.assertIsNone(rep)
2230 self.assertIsConnected()
2232 # netr_ServerReqChallenge with given flags
2233 req = self.generate_request(call_id = 2,
2234 pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2235 context_id=ctx.context_id,
2239 rep = self.recv_pdu()
2240 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2242 self.assertNotEquals(rep.u.alloc_hint, 0)
2243 self.assertEquals(rep.u.context_id, req.u.context_id)
2244 self.assertEquals(rep.u.cancel_count, 0)
2245 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2247 self.assertEquals(len(rep.u.stub_and_verifier), 12)
2248 status = struct.unpack_from("<I", rep.u.stub_and_verifier, len(rep.u.stub_and_verifier) - 4)
2249 self.assertEquals(status[0], 0)
2251 def test_last_cancel_requests(self):
2252 (ctx, rep, real_stub) = self._get_netlogon_ctx()
2254 # netr_ServerReqChallenge with given flags
2255 req = self.generate_request(call_id = 2,
2256 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2257 context_id=ctx.context_id,
2261 rep = self.recv_pdu(timeout=0.1)
2262 self.assertIsNone(rep)
2263 self.assertIsConnected()
2265 # netr_ServerReqChallenge with given flags
2266 req = self.generate_request(call_id = 2,
2267 pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST |
2268 dcerpc.DCERPC_PFC_FLAG_PENDING_CANCEL,
2269 context_id=ctx.context_id,
2273 rep = self.recv_pdu()
2274 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2276 self.assertNotEquals(rep.u.alloc_hint, 0)
2277 self.assertEquals(rep.u.context_id, req.u.context_id)
2278 self.assertEquals(rep.u.cancel_count, 0)
2279 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2281 self.assertEquals(len(rep.u.stub_and_verifier), 12)
2282 status = struct.unpack_from("<I", rep.u.stub_and_verifier, len(rep.u.stub_and_verifier) - 4)
2283 self.assertEquals(status[0], 0)
2285 def test_mix_requests(self):
2286 (ctx, rep, real_stub) = self._get_netlogon_ctx()
2288 # netr_ServerReqChallenge with given flags
2289 req = self.generate_request(call_id = 50,
2290 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2291 context_id=ctx.context_id,
2295 rep = self.recv_pdu(timeout=0.1)
2296 self.assertIsNone(rep)
2297 self.assertIsConnected()
2299 # netr_ServerReqChallenge with given flags
2300 req = self.generate_request(call_id = 51,
2301 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2302 context_id=ctx.context_id,
2306 rep = self.recv_pdu()
2307 # We get a fault back
2308 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, 50,
2309 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2310 dcerpc.DCERPC_PFC_FLAG_LAST,
2312 self.assertNotEquals(rep.u.alloc_hint, 0)
2313 self.assertEquals(rep.u.context_id, req.u.context_id)
2314 self.assertEquals(rep.u.cancel_count, 0)
2315 self.assertEquals(rep.u.flags, 0)
2316 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2317 self.assertEquals(rep.u.reserved, 0)
2318 self.assertEquals(len(rep.u.error_and_verifier), 0)
2320 def test_spnego_connect_request(self):
2321 ndr32 = base.transfer_syntax_ndr()
2324 ctx1 = dcerpc.ctx_list()
2326 ctx1.num_transfer_syntaxes = len(tsf1_list)
2327 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2328 ctx1.transfer_syntaxes = tsf1_list
2331 c = self.get_anon_creds()
2332 g = gensec.Security.start_client(self.settings)
2333 g.set_credentials(c)
2334 g.want_feature(gensec.FEATURE_DCE_STYLE)
2335 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2336 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
2338 g.start_mech_by_authtype(auth_type, auth_level)
2340 (finished, to_server) = g.update(from_server)
2341 self.assertFalse(finished)
2343 auth_info = self.generate_auth(auth_type=auth_type,
2344 auth_level=auth_level,
2345 auth_context_id=auth_context_id,
2346 auth_blob=to_server)
2348 req = self.generate_bind(call_id=0,
2350 auth_info=auth_info)
2353 rep = self.recv_pdu()
2354 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2355 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2356 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2357 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2358 self.assertEquals(rep.u.secondary_address_size, 4)
2359 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
2360 self.assertEquals(len(rep.u._pad1), 2)
2361 self.assertEquals(rep.u._pad1, '\0' * 2)
2362 self.assertEquals(rep.u.num_results, 1)
2363 self.assertEquals(rep.u.ctx_list[0].result,
2364 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2365 self.assertEquals(rep.u.ctx_list[0].reason,
2366 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2367 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2368 self.assertNotEquals(len(rep.u.auth_info), 0)
2369 a = self.parse_auth(rep.u.auth_info)
2371 from_server = a.credentials
2372 (finished, to_server) = g.update(from_server)
2373 self.assertFalse(finished)
2375 auth_info = self.generate_auth(auth_type=auth_type,
2376 auth_level=auth_level,
2377 auth_context_id=auth_context_id,
2378 auth_blob=to_server)
2380 req = self.generate_alter(call_id=0,
2382 assoc_group_id=rep.u.assoc_group_id,
2383 auth_info=auth_info)
2386 rep = self.recv_pdu()
2387 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
2388 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2389 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2390 self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2391 self.assertEquals(rep.u.secondary_address_size, 0)
2392 self.assertEquals(len(rep.u._pad1), 2)
2393 # Windows sends garbage
2394 #self.assertEquals(rep.u._pad1, '\0' * 2)
2395 self.assertEquals(rep.u.num_results, 1)
2396 self.assertEquals(rep.u.ctx_list[0].result,
2397 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2398 self.assertEquals(rep.u.ctx_list[0].reason,
2399 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2400 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2401 self.assertNotEquals(len(rep.u.auth_info), 0)
2402 a = self.parse_auth(rep.u.auth_info)
2404 from_server = a.credentials
2405 (finished, to_server) = g.update(from_server)
2406 self.assertTrue(finished)
2408 # And now try a request without auth_info
2409 req = self.generate_request(call_id = 2,
2410 context_id=ctx1.context_id,
2414 rep = self.recv_pdu()
2415 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2417 self.assertNotEquals(rep.u.alloc_hint, 0)
2418 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2419 self.assertEquals(rep.u.cancel_count, 0)
2420 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2422 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
2423 auth_info = self.generate_auth(auth_type=auth_type,
2424 auth_level=auth_level,
2425 auth_context_id=auth_context_id,
2426 auth_blob="\x01"+"\x00"*15)
2427 req = self.generate_request(call_id = 3,
2428 context_id=ctx1.context_id,
2431 auth_info=auth_info)
2433 rep = self.recv_pdu()
2434 # We don't get an auth_info back
2435 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2437 self.assertNotEquals(rep.u.alloc_hint, 0)
2438 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2439 self.assertEquals(rep.u.cancel_count, 0)
2440 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2442 # Now a request with auth_info DCERPC_AUTH_LEVEL_INTEGRITY
2443 auth_info = self.generate_auth(auth_type=auth_type,
2444 auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
2445 auth_context_id=auth_context_id,
2446 auth_blob="\x01"+"\x00"*15)
2447 req = self.generate_request(call_id = 4,
2448 context_id=ctx1.context_id,
2451 auth_info=auth_info)
2453 rep = self.recv_pdu()
2454 # We get a fault back
2455 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2457 self.assertNotEquals(rep.u.alloc_hint, 0)
2458 self.assertEquals(rep.u.context_id, req.u.context_id)
2459 self.assertEquals(rep.u.cancel_count, 0)
2460 self.assertEquals(rep.u.flags, 0)
2461 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2462 self.assertEquals(rep.u.reserved, 0)
2463 self.assertEquals(len(rep.u.error_and_verifier), 0)
2465 # wait for a disconnect
2466 rep = self.recv_pdu()
2467 self.assertIsNone(rep)
2468 self.assertNotConnected()
2470 def test_spnego_integrity_request(self):
2471 ndr32 = base.transfer_syntax_ndr()
2474 ctx1 = dcerpc.ctx_list()
2476 ctx1.num_transfer_syntaxes = len(tsf1_list)
2477 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2478 ctx1.transfer_syntaxes = tsf1_list
2481 c = self.get_anon_creds()
2482 g = gensec.Security.start_client(self.settings)
2483 g.set_credentials(c)
2484 g.want_feature(gensec.FEATURE_DCE_STYLE)
2485 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2486 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
2488 g.start_mech_by_authtype(auth_type, auth_level)
2490 (finished, to_server) = g.update(from_server)
2491 self.assertFalse(finished)
2493 auth_info = self.generate_auth(auth_type=auth_type,
2494 auth_level=auth_level,
2495 auth_context_id=auth_context_id,
2496 auth_blob=to_server)
2498 req = self.generate_bind(call_id=0,
2500 auth_info=auth_info)
2503 rep = self.recv_pdu()
2504 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2505 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2506 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2507 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2508 self.assertEquals(rep.u.secondary_address_size, 4)
2509 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
2510 self.assertEquals(len(rep.u._pad1), 2)
2511 self.assertEquals(rep.u._pad1, '\0' * 2)
2512 self.assertEquals(rep.u.num_results, 1)
2513 self.assertEquals(rep.u.ctx_list[0].result,
2514 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2515 self.assertEquals(rep.u.ctx_list[0].reason,
2516 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2517 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2518 self.assertNotEquals(len(rep.u.auth_info), 0)
2519 a = self.parse_auth(rep.u.auth_info)
2521 from_server = a.credentials
2522 (finished, to_server) = g.update(from_server)
2523 self.assertFalse(finished)
2525 auth_info = self.generate_auth(auth_type=auth_type,
2526 auth_level=auth_level,
2527 auth_context_id=auth_context_id,
2528 auth_blob=to_server)
2530 req = self.generate_alter(call_id=0,
2532 assoc_group_id=rep.u.assoc_group_id,
2533 auth_info=auth_info)
2536 rep = self.recv_pdu()
2537 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
2538 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2539 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2540 self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2541 self.assertEquals(rep.u.secondary_address_size, 0)
2542 self.assertEquals(len(rep.u._pad1), 2)
2543 # Windows sends garbage
2544 #self.assertEquals(rep.u._pad1, '\0' * 2)
2545 self.assertEquals(rep.u.num_results, 1)
2546 self.assertEquals(rep.u.ctx_list[0].result,
2547 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2548 self.assertEquals(rep.u.ctx_list[0].reason,
2549 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2550 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2551 self.assertNotEquals(len(rep.u.auth_info), 0)
2552 a = self.parse_auth(rep.u.auth_info)
2554 from_server = a.credentials
2555 (finished, to_server) = g.update(from_server)
2556 self.assertTrue(finished)
2558 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
2559 auth_info = self.generate_auth(auth_type=auth_type,
2560 auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
2561 auth_context_id=auth_context_id,
2562 auth_blob="\x01"+"\x00"*15)
2563 req = self.generate_request(call_id = 3,
2564 context_id=ctx1.context_id,
2567 auth_info=auth_info)
2569 rep = self.recv_pdu()
2570 # We get a fault back
2571 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2573 self.assertNotEquals(rep.u.alloc_hint, 0)
2574 self.assertEquals(rep.u.context_id, req.u.context_id)
2575 self.assertEquals(rep.u.cancel_count, 0)
2576 self.assertEquals(rep.u.flags, 0)
2577 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2578 self.assertEquals(rep.u.reserved, 0)
2579 self.assertEquals(len(rep.u.error_and_verifier), 0)
2581 # wait for a disconnect
2582 rep = self.recv_pdu()
2583 self.assertIsNone(rep)
2584 self.assertNotConnected()
2586 def test_spnego_unfinished_request(self):
2587 ndr32 = base.transfer_syntax_ndr()
2590 ctx1 = dcerpc.ctx_list()
2592 ctx1.num_transfer_syntaxes = len(tsf1_list)
2593 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2594 ctx1.transfer_syntaxes = tsf1_list
2597 c = self.get_anon_creds()
2598 g = gensec.Security.start_client(self.settings)
2599 g.set_credentials(c)
2600 g.want_feature(gensec.FEATURE_DCE_STYLE)
2601 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2602 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
2604 g.start_mech_by_authtype(auth_type, auth_level)
2606 (finished, to_server) = g.update(from_server)
2607 self.assertFalse(finished)
2609 auth_info = self.generate_auth(auth_type=auth_type,
2610 auth_level=auth_level,
2611 auth_context_id=auth_context_id,
2612 auth_blob=to_server)
2614 req = self.generate_bind(call_id=0,
2616 auth_info=auth_info)
2619 rep = self.recv_pdu()
2620 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2621 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2622 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2623 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2624 assoc_group_id = rep.u.assoc_group_id
2625 self.assertEquals(rep.u.secondary_address_size, 4)
2626 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
2627 self.assertEquals(len(rep.u._pad1), 2)
2628 self.assertEquals(rep.u._pad1, '\0' * 2)
2629 self.assertEquals(rep.u.num_results, 1)
2630 self.assertEquals(rep.u.ctx_list[0].result,
2631 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2632 self.assertEquals(rep.u.ctx_list[0].reason,
2633 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2634 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2635 self.assertNotEquals(len(rep.u.auth_info), 0)
2636 a = self.parse_auth(rep.u.auth_info)
2638 from_server = a.credentials
2639 (finished, to_server) = g.update(from_server)
2640 self.assertFalse(finished)
2642 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
2643 auth_info = self.generate_auth(auth_type=auth_type,
2644 auth_level=auth_level,
2645 auth_context_id=auth_context_id,
2646 auth_blob="\x01"+"\x00"*15)
2647 req = self.generate_request(call_id = 1,
2648 context_id=ctx1.context_id,
2651 auth_info=auth_info)
2653 rep = self.recv_pdu()
2655 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2656 pfc_flags=req.pfc_flags |
2657 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
2659 self.assertNotEquals(rep.u.alloc_hint, 0)
2660 self.assertEquals(rep.u.context_id, 0)
2661 self.assertEquals(rep.u.cancel_count, 0)
2662 self.assertEquals(rep.u.flags, 0)
2663 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2664 self.assertEquals(rep.u.reserved, 0)
2665 self.assertEquals(len(rep.u.error_and_verifier), 0)
2667 # wait for a disconnect
2668 rep = self.recv_pdu()
2669 self.assertIsNone(rep)
2670 self.assertNotConnected()
2672 def test_spnego_auth3(self):
2673 ndr32 = base.transfer_syntax_ndr()
2676 ctx1 = dcerpc.ctx_list()
2678 ctx1.num_transfer_syntaxes = len(tsf1_list)
2679 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2680 ctx1.transfer_syntaxes = tsf1_list
2683 c = self.get_anon_creds()
2684 g = gensec.Security.start_client(self.settings)
2685 g.set_credentials(c)
2686 g.want_feature(gensec.FEATURE_DCE_STYLE)
2687 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2688 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
2690 g.start_mech_by_authtype(auth_type, auth_level)
2692 (finished, to_server) = g.update(from_server)
2693 self.assertFalse(finished)
2695 auth_info = self.generate_auth(auth_type=auth_type,
2696 auth_level=auth_level,
2697 auth_context_id=auth_context_id,
2698 auth_blob=to_server)
2699 req = self.generate_bind(call_id=0,
2701 auth_info=auth_info)
2703 rep = self.recv_pdu()
2704 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2705 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2706 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2707 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2708 self.assertEquals(rep.u.secondary_address_size, 4)
2709 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
2710 self.assertEquals(len(rep.u._pad1), 2)
2711 #self.assertEquals(rep.u._pad1, '\0' * 2)
2712 self.assertEquals(rep.u.num_results, 1)
2713 self.assertEquals(rep.u.ctx_list[0].result,
2714 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2715 self.assertEquals(rep.u.ctx_list[0].reason,
2716 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2717 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2718 self.assertNotEquals(len(rep.u.auth_info), 0)
2719 a = self.parse_auth(rep.u.auth_info)
2721 from_server = a.credentials
2722 (finished, to_server) = g.update(from_server)
2723 self.assertFalse(finished)
2725 auth_info = self.generate_auth(auth_type=auth_type,
2726 auth_level=auth_level,
2727 auth_context_id=auth_context_id,
2728 auth_blob=to_server)
2729 req = self.generate_auth3(call_id=0,
2730 auth_info=auth_info)
2732 rep = self.recv_pdu()
2733 self.assertIsNone(rep)
2734 self.assertIsConnected()
2736 # And now try a request without auth_info
2737 req = self.generate_request(call_id = 2,
2738 context_id=ctx1.context_id,
2742 rep = self.recv_pdu()
2743 # We get a fault back
2744 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2746 self.assertNotEquals(rep.u.alloc_hint, 0)
2747 self.assertEquals(rep.u.context_id, req.u.context_id)
2748 self.assertEquals(rep.u.cancel_count, 0)
2749 self.assertEquals(rep.u.flags, 0)
2750 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2751 self.assertEquals(rep.u.reserved, 0)
2752 self.assertEquals(len(rep.u.error_and_verifier), 0)
2754 # wait for a disconnect
2755 rep = self.recv_pdu()
2756 self.assertIsNone(rep)
2757 self.assertNotConnected()
2759 def test_spnego_connect_reauth_alter(self):
2760 ndr32 = base.transfer_syntax_ndr()
2761 ndr64 = base.transfer_syntax_ndr64()
2764 ctx1 = dcerpc.ctx_list()
2766 ctx1.num_transfer_syntaxes = len(tsf1_list)
2767 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2768 ctx1.transfer_syntaxes = tsf1_list
2771 c = self.get_anon_creds()
2772 g = gensec.Security.start_client(self.settings)
2773 g.set_credentials(c)
2774 g.want_feature(gensec.FEATURE_DCE_STYLE)
2775 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2776 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
2778 g.start_mech_by_authtype(auth_type, auth_level)
2780 (finished, to_server) = g.update(from_server)
2781 self.assertFalse(finished)
2783 auth_info = self.generate_auth(auth_type=auth_type,
2784 auth_level=auth_level,
2785 auth_context_id=auth_context_id,
2786 auth_blob=to_server)
2788 req = self.generate_bind(call_id=0,
2790 auth_info=auth_info)
2793 rep = self.recv_pdu()
2794 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2795 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2796 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2797 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2798 self.assertEquals(rep.u.secondary_address_size, 4)
2799 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
2800 self.assertEquals(len(rep.u._pad1), 2)
2801 self.assertEquals(rep.u._pad1, '\0' * 2)
2802 self.assertEquals(rep.u.num_results, 1)
2803 self.assertEquals(rep.u.ctx_list[0].result,
2804 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2805 self.assertEquals(rep.u.ctx_list[0].reason,
2806 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2807 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2808 self.assertNotEquals(len(rep.u.auth_info), 0)
2809 a = self.parse_auth(rep.u.auth_info)
2811 from_server = a.credentials
2812 (finished, to_server) = g.update(from_server)
2813 self.assertFalse(finished)
2815 auth_info = self.generate_auth(auth_type=auth_type,
2816 auth_level=auth_level,
2817 auth_context_id=auth_context_id,
2818 auth_blob=to_server)
2819 req = self.generate_alter(call_id=0,
2821 assoc_group_id=rep.u.assoc_group_id,
2822 auth_info=auth_info)
2824 rep = self.recv_pdu()
2825 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
2826 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2827 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2828 self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2829 self.assertEquals(rep.u.secondary_address_size, 0)
2830 self.assertEquals(len(rep.u._pad1), 2)
2831 # Windows sends garbage
2832 #self.assertEquals(rep.u._pad1, '\0' * 2)
2833 self.assertEquals(rep.u.num_results, 1)
2834 self.assertEquals(rep.u.ctx_list[0].result,
2835 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2836 self.assertEquals(rep.u.ctx_list[0].reason,
2837 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2838 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2839 self.assertNotEquals(len(rep.u.auth_info), 0)
2840 a = self.parse_auth(rep.u.auth_info)
2842 from_server = a.credentials
2843 (finished, to_server) = g.update(from_server)
2844 self.assertTrue(finished)
2846 # And now try a request without auth_info
2847 req = self.generate_request(call_id = 2,
2848 context_id=ctx1.context_id,
2852 rep = self.recv_pdu()
2853 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2855 self.assertNotEquals(rep.u.alloc_hint, 0)
2856 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2857 self.assertEquals(rep.u.cancel_count, 0)
2858 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2860 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
2861 auth_info = self.generate_auth(auth_type=auth_type,
2862 auth_level=auth_level,
2863 auth_context_id=auth_context_id,
2864 auth_blob="\x01"+"\x00"*15)
2865 req = self.generate_request(call_id = 3,
2866 context_id=ctx1.context_id,
2869 auth_info=auth_info)
2871 rep = self.recv_pdu()
2872 # We don't get an auth_info back
2873 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2875 self.assertNotEquals(rep.u.alloc_hint, 0)
2876 self.assertEquals(rep.u.context_id, req.u.context_id)
2877 self.assertEquals(rep.u.cancel_count, 0)
2878 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2882 g = gensec.Security.start_client(self.settings)
2883 g.set_credentials(c)
2884 g.want_feature(gensec.FEATURE_DCE_STYLE)
2885 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2886 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
2888 g.start_mech_by_authtype(auth_type, auth_level)
2890 (finished, to_server) = g.update(from_server)
2891 self.assertFalse(finished)
2893 auth_info = self.generate_auth(auth_type=auth_type,
2894 auth_level=auth_level,
2895 auth_context_id=auth_context_id,
2896 auth_blob=to_server)
2897 req = self.generate_alter(call_id=0,
2899 auth_info=auth_info)
2901 rep = self.recv_pdu()
2903 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2904 pfc_flags=req.pfc_flags |
2905 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
2907 self.assertNotEquals(rep.u.alloc_hint, 0)
2908 self.assertEquals(rep.u.context_id, 0)
2909 self.assertEquals(rep.u.cancel_count, 0)
2910 self.assertEquals(rep.u.flags, 0)
2911 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2912 self.assertEquals(rep.u.reserved, 0)
2913 self.assertEquals(len(rep.u.error_and_verifier), 0)
2915 # wait for a disconnect
2916 rep = self.recv_pdu()
2917 self.assertIsNone(rep)
2918 self.assertNotConnected()
2920 def test_spnego_connect_reauth_auth3(self):
2921 ndr32 = base.transfer_syntax_ndr()
2922 ndr64 = base.transfer_syntax_ndr64()
2925 ctx1 = dcerpc.ctx_list()
2927 ctx1.num_transfer_syntaxes = len(tsf1_list)
2928 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2929 ctx1.transfer_syntaxes = tsf1_list
2932 c = self.get_anon_creds()
2933 g = gensec.Security.start_client(self.settings)
2934 g.set_credentials(c)
2935 g.want_feature(gensec.FEATURE_DCE_STYLE)
2936 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2937 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
2939 g.start_mech_by_authtype(auth_type, auth_level)
2941 (finished, to_server) = g.update(from_server)
2942 self.assertFalse(finished)
2944 auth_info = self.generate_auth(auth_type=auth_type,
2945 auth_level=auth_level,
2946 auth_context_id=auth_context_id,
2947 auth_blob=to_server)
2949 req = self.generate_bind(call_id=0,
2951 auth_info=auth_info)
2954 rep = self.recv_pdu()
2955 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2956 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2957 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2958 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2959 self.assertEquals(rep.u.secondary_address_size, 4)
2960 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
2961 self.assertEquals(len(rep.u._pad1), 2)
2962 self.assertEquals(rep.u._pad1, '\0' * 2)
2963 self.assertEquals(rep.u.num_results, 1)
2964 self.assertEquals(rep.u.ctx_list[0].result,
2965 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2966 self.assertEquals(rep.u.ctx_list[0].reason,
2967 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2968 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2969 self.assertNotEquals(len(rep.u.auth_info), 0)
2970 a = self.parse_auth(rep.u.auth_info)
2972 from_server = a.credentials
2973 (finished, to_server) = g.update(from_server)
2974 self.assertFalse(finished)
2976 auth_info = self.generate_auth(auth_type=auth_type,
2977 auth_level=auth_level,
2978 auth_context_id=auth_context_id,
2979 auth_blob=to_server)
2980 req = self.generate_alter(call_id=0,
2982 assoc_group_id=rep.u.assoc_group_id,
2983 auth_info=auth_info)
2985 rep = self.recv_pdu()
2986 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
2987 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2988 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2989 self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2990 self.assertEquals(rep.u.secondary_address_size, 0)
2991 self.assertEquals(len(rep.u._pad1), 2)
2992 # Windows sends garbage
2993 #self.assertEquals(rep.u._pad1, '\0' * 2)
2994 self.assertEquals(rep.u.num_results, 1)
2995 self.assertEquals(rep.u.ctx_list[0].result,
2996 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2997 self.assertEquals(rep.u.ctx_list[0].reason,
2998 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2999 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3000 self.assertNotEquals(len(rep.u.auth_info), 0)
3001 a = self.parse_auth(rep.u.auth_info)
3003 from_server = a.credentials
3004 (finished, to_server) = g.update(from_server)
3005 self.assertTrue(finished)
3007 # And now try a request without auth_info
3008 req = self.generate_request(call_id = 2,
3009 context_id=ctx1.context_id,
3013 rep = self.recv_pdu()
3014 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3016 self.assertNotEquals(rep.u.alloc_hint, 0)
3017 self.assertEquals(rep.u.context_id, req.u.context_id)
3018 self.assertEquals(rep.u.cancel_count, 0)
3019 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3021 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
3022 auth_info = self.generate_auth(auth_type=auth_type,
3023 auth_level=auth_level,
3024 auth_context_id=auth_context_id,
3025 auth_blob="\x01"+"\x00"*15)
3026 req = self.generate_request(call_id = 3,
3027 context_id=ctx1.context_id,
3030 auth_info=auth_info)
3032 rep = self.recv_pdu()
3033 # We don't get an auth_info back
3034 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3036 self.assertNotEquals(rep.u.alloc_hint, 0)
3037 self.assertEquals(rep.u.context_id, req.u.context_id)
3038 self.assertEquals(rep.u.cancel_count, 0)
3039 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3043 g = gensec.Security.start_client(self.settings)
3044 g.set_credentials(c)
3045 g.want_feature(gensec.FEATURE_DCE_STYLE)
3046 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3047 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3049 g.start_mech_by_authtype(auth_type, auth_level)
3051 (finished, to_server) = g.update(from_server)
3052 self.assertFalse(finished)
3054 auth_info = self.generate_auth(auth_type=auth_type,
3055 auth_level=auth_level,
3056 auth_context_id=auth_context_id,
3057 auth_blob=to_server)
3058 req = self.generate_auth3(call_id=0,
3059 auth_info=auth_info)
3061 rep = self.recv_pdu()
3063 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3064 pfc_flags=req.pfc_flags |
3065 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3067 self.assertNotEquals(rep.u.alloc_hint, 0)
3068 self.assertEquals(rep.u.context_id, 0)
3069 self.assertEquals(rep.u.cancel_count, 0)
3070 self.assertEquals(rep.u.flags, 0)
3071 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
3072 self.assertEquals(rep.u.reserved, 0)
3073 self.assertEquals(len(rep.u.error_and_verifier), 0)
3075 # wait for a disconnect
3076 rep = self.recv_pdu()
3077 self.assertIsNone(rep)
3078 self.assertNotConnected()
3080 def test_spnego_change_auth_level(self):
3081 ndr32 = base.transfer_syntax_ndr()
3084 ctx1 = dcerpc.ctx_list()
3086 ctx1.num_transfer_syntaxes = len(tsf1_list)
3087 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3088 ctx1.transfer_syntaxes = tsf1_list
3090 c = self.get_anon_creds()
3091 g = gensec.Security.start_client(self.settings)
3092 g.set_credentials(c)
3093 g.want_feature(gensec.FEATURE_DCE_STYLE)
3094 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3095 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3097 g.start_mech_by_authtype(auth_type, auth_level)
3099 (finished, to_server) = g.update(from_server)
3100 self.assertFalse(finished)
3102 auth_info = self.generate_auth(auth_type=auth_type,
3103 auth_level=auth_level,
3104 auth_context_id=auth_context_id,
3105 auth_blob=to_server)
3106 req = self.generate_bind(call_id=0,
3108 auth_info=auth_info)
3110 rep = self.recv_pdu()
3111 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3112 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3113 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3114 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3115 self.assertEquals(rep.u.secondary_address_size, 4)
3116 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3117 self.assertEquals(len(rep.u._pad1), 2)
3118 self.assertEquals(rep.u._pad1, '\0' * 2)
3119 self.assertEquals(rep.u.num_results, 1)
3120 self.assertEquals(rep.u.ctx_list[0].result,
3121 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3122 self.assertEquals(rep.u.ctx_list[0].reason,
3123 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3124 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3125 self.assertNotEquals(len(rep.u.auth_info), 0)
3126 a = self.parse_auth(rep.u.auth_info)
3128 from_server = a.credentials
3129 (finished, to_server) = g.update(from_server)
3130 self.assertFalse(finished)
3132 auth_info = self.generate_auth(auth_type=auth_type,
3133 auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
3134 auth_context_id=auth_context_id,
3135 auth_blob=to_server)
3136 req = self.generate_alter(call_id=0,
3138 assoc_group_id=rep.u.assoc_group_id,
3139 auth_info=auth_info)
3141 rep = self.recv_pdu()
3142 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3143 pfc_flags=req.pfc_flags |
3144 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3146 self.assertNotEquals(rep.u.alloc_hint, 0)
3147 self.assertEquals(rep.u.context_id, 0)
3148 self.assertEquals(rep.u.cancel_count, 0)
3149 self.assertEquals(rep.u.flags, 0)
3150 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
3151 self.assertEquals(rep.u.reserved, 0)
3152 self.assertEquals(len(rep.u.error_and_verifier), 0)
3154 # wait for a disconnect
3155 rep = self.recv_pdu()
3156 self.assertIsNone(rep)
3157 self.assertNotConnected()
3159 def test_spnego_change_abstract(self):
3160 ndr32 = base.transfer_syntax_ndr()
3163 ctx1 = dcerpc.ctx_list()
3165 ctx1.num_transfer_syntaxes = len(tsf1_list)
3166 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3167 ctx1.transfer_syntaxes = tsf1_list
3169 ctx1b = dcerpc.ctx_list()
3170 ctx1b.context_id = 1
3171 ctx1b.num_transfer_syntaxes = len(tsf1_list)
3172 ctx1b.abstract_syntax = samba.dcerpc.epmapper.abstract_syntax()
3173 ctx1b.transfer_syntaxes = tsf1_list
3175 c = self.get_anon_creds()
3176 g = gensec.Security.start_client(self.settings)
3177 g.set_credentials(c)
3178 g.want_feature(gensec.FEATURE_DCE_STYLE)
3179 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3180 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3182 g.start_mech_by_authtype(auth_type, auth_level)
3184 (finished, to_server) = g.update(from_server)
3185 self.assertFalse(finished)
3187 auth_info = self.generate_auth(auth_type=auth_type,
3188 auth_level=auth_level,
3189 auth_context_id=auth_context_id,
3190 auth_blob=to_server)
3191 req = self.generate_bind(call_id=0,
3193 auth_info=auth_info)
3195 rep = self.recv_pdu()
3196 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3197 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3198 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3199 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3200 self.assertEquals(rep.u.secondary_address_size, 4)
3201 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3202 self.assertEquals(len(rep.u._pad1), 2)
3203 #self.assertEquals(rep.u._pad1, '\0' * 2)
3204 self.assertEquals(rep.u.num_results, 1)
3205 self.assertEquals(rep.u.ctx_list[0].result,
3206 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3207 self.assertEquals(rep.u.ctx_list[0].reason,
3208 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3209 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3210 self.assertNotEquals(len(rep.u.auth_info), 0)
3211 a = self.parse_auth(rep.u.auth_info)
3213 from_server = a.credentials
3214 (finished, to_server) = g.update(from_server)
3215 self.assertFalse(finished)
3217 auth_info = self.generate_auth(auth_type=auth_type,
3218 auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
3219 auth_context_id=auth_context_id,
3220 auth_blob=to_server)
3221 req = self.generate_alter(call_id=0,
3223 assoc_group_id=rep.u.assoc_group_id,
3224 auth_info=auth_info)
3226 rep = self.recv_pdu()
3227 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3228 pfc_flags=req.pfc_flags |
3229 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3231 self.assertNotEquals(rep.u.alloc_hint, 0)
3232 self.assertEquals(rep.u.context_id, 0)
3233 self.assertEquals(rep.u.cancel_count, 0)
3234 self.assertEquals(rep.u.flags, 0)
3235 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
3236 self.assertEquals(rep.u.reserved, 0)
3237 self.assertEquals(len(rep.u.error_and_verifier), 0)
3239 # wait for a disconnect
3240 rep = self.recv_pdu()
3241 self.assertIsNone(rep)
3242 self.assertNotConnected()
3244 def test_spnego_change_transfer(self):
3245 ndr32 = base.transfer_syntax_ndr()
3246 ndr64 = base.transfer_syntax_ndr64()
3249 ctx1 = dcerpc.ctx_list()
3251 ctx1.num_transfer_syntaxes = len(tsf1_list)
3252 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3253 ctx1.transfer_syntaxes = tsf1_list
3255 tsf1b_list = [ndr32,ndr64]
3256 ctx1b = dcerpc.ctx_list()
3257 ctx1b.context_id = 1
3258 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
3259 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3260 ctx1b.transfer_syntaxes = tsf1b_list
3262 c = self.get_anon_creds()
3263 g = gensec.Security.start_client(self.settings)
3264 g.set_credentials(c)
3265 g.want_feature(gensec.FEATURE_DCE_STYLE)
3266 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3267 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3269 g.start_mech_by_authtype(auth_type, auth_level)
3271 (finished, to_server) = g.update(from_server)
3272 self.assertFalse(finished)
3274 auth_info = self.generate_auth(auth_type=auth_type,
3275 auth_level=auth_level,
3276 auth_context_id=auth_context_id,
3277 auth_blob=to_server)
3278 req = self.generate_bind(call_id=0,
3280 auth_info=auth_info)
3282 rep = self.recv_pdu()
3283 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3284 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3285 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3286 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3287 self.assertEquals(rep.u.secondary_address_size, 4)
3288 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3289 self.assertEquals(len(rep.u._pad1), 2)
3290 #self.assertEquals(rep.u._pad1, '\0' * 2)
3291 self.assertEquals(rep.u.num_results, 1)
3292 self.assertEquals(rep.u.ctx_list[0].result,
3293 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3294 self.assertEquals(rep.u.ctx_list[0].reason,
3295 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3296 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3297 self.assertNotEquals(len(rep.u.auth_info), 0)
3298 a = self.parse_auth(rep.u.auth_info)
3300 from_server = a.credentials
3301 (finished, to_server) = g.update(from_server)
3302 self.assertFalse(finished)
3304 # We change ctx_list and auth_level
3305 auth_info = self.generate_auth(auth_type=auth_type,
3306 auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
3307 auth_context_id=auth_context_id,
3308 auth_blob=to_server)
3309 req = self.generate_alter(call_id=0,
3311 assoc_group_id=rep.u.assoc_group_id,
3312 auth_info=auth_info)
3314 rep = self.recv_pdu()
3315 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3316 pfc_flags=req.pfc_flags |
3317 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3319 self.assertNotEquals(rep.u.alloc_hint, 0)
3320 self.assertEquals(rep.u.context_id, 0)
3321 self.assertEquals(rep.u.cancel_count, 0)
3322 self.assertEquals(rep.u.flags, 0)
3323 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
3324 self.assertEquals(rep.u.reserved, 0)
3325 self.assertEquals(len(rep.u.error_and_verifier), 0)
3327 # wait for a disconnect
3328 rep = self.recv_pdu()
3329 self.assertIsNone(rep)
3330 self.assertNotConnected()
3332 def test_spnego_change_auth_type1(self):
3333 ndr32 = base.transfer_syntax_ndr()
3334 ndr64 = base.transfer_syntax_ndr64()
3337 ctx1 = dcerpc.ctx_list()
3339 ctx1.num_transfer_syntaxes = len(tsf1_list)
3340 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3341 ctx1.transfer_syntaxes = tsf1_list
3343 c = self.get_anon_creds()
3344 g = gensec.Security.start_client(self.settings)
3345 g.set_credentials(c)
3346 g.want_feature(gensec.FEATURE_DCE_STYLE)
3347 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3348 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3350 g.start_mech_by_authtype(auth_type, auth_level)
3352 (finished, to_server) = g.update(from_server)
3353 self.assertFalse(finished)
3355 auth_info = self.generate_auth(auth_type=auth_type,
3356 auth_level=auth_level,
3357 auth_context_id=auth_context_id,
3358 auth_blob=to_server)
3359 req = self.generate_bind(call_id=0,
3361 auth_info=auth_info)
3363 rep = self.recv_pdu()
3364 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3365 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3366 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3367 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3368 self.assertEquals(rep.u.secondary_address_size, 4)
3369 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3370 self.assertEquals(len(rep.u._pad1), 2)
3371 #self.assertEquals(rep.u._pad1, '\0' * 2)
3372 self.assertEquals(rep.u.num_results, 1)
3373 self.assertEquals(rep.u.ctx_list[0].result,
3374 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3375 self.assertEquals(rep.u.ctx_list[0].reason,
3376 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3377 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3378 self.assertNotEquals(len(rep.u.auth_info), 0)
3379 a = self.parse_auth(rep.u.auth_info)
3381 from_server = a.credentials
3382 (finished, to_server) = g.update(from_server)
3383 self.assertFalse(finished)
3385 # We change ctx_list and auth_level
3386 auth_info = self.generate_auth(auth_type=dcerpc.DCERPC_AUTH_TYPE_KRB5,
3387 auth_level=auth_level,
3388 auth_context_id=auth_context_id,
3389 auth_blob=to_server)
3390 req = self.generate_alter(call_id=0,
3392 assoc_group_id=rep.u.assoc_group_id,
3393 auth_info=auth_info)
3395 rep = self.recv_pdu()
3396 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3397 pfc_flags=req.pfc_flags |
3398 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3400 self.assertNotEquals(rep.u.alloc_hint, 0)
3401 self.assertEquals(rep.u.context_id, 0)
3402 self.assertEquals(rep.u.cancel_count, 0)
3403 self.assertEquals(rep.u.flags, 0)
3404 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
3405 self.assertEquals(rep.u.reserved, 0)
3406 self.assertEquals(len(rep.u.error_and_verifier), 0)
3408 # wait for a disconnect
3409 rep = self.recv_pdu()
3410 self.assertIsNone(rep)
3411 self.assertNotConnected()
3413 def test_spnego_change_auth_type2(self):
3414 ndr32 = base.transfer_syntax_ndr()
3415 ndr64 = base.transfer_syntax_ndr64()
3418 ctx1 = dcerpc.ctx_list()
3420 ctx1.num_transfer_syntaxes = len(tsf1_list)
3421 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3422 ctx1.transfer_syntaxes = tsf1_list
3424 tsf1b_list = [ndr32,ndr64]
3425 ctx1b = dcerpc.ctx_list()
3426 ctx1b.context_id = 1
3427 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
3428 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3429 ctx1b.transfer_syntaxes = tsf1b_list
3431 c = self.get_anon_creds()
3432 g = gensec.Security.start_client(self.settings)
3433 g.set_credentials(c)
3434 g.want_feature(gensec.FEATURE_DCE_STYLE)
3435 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3436 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3438 g.start_mech_by_authtype(auth_type, auth_level)
3440 (finished, to_server) = g.update(from_server)
3441 self.assertFalse(finished)
3443 auth_info = self.generate_auth(auth_type=auth_type,
3444 auth_level=auth_level,
3445 auth_context_id=auth_context_id,
3446 auth_blob=to_server)
3447 req = self.generate_bind(call_id=0,
3449 auth_info=auth_info)
3451 rep = self.recv_pdu()
3452 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3453 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3454 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3455 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3456 self.assertEquals(rep.u.secondary_address_size, 4)
3457 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3458 self.assertEquals(len(rep.u._pad1), 2)
3459 #self.assertEquals(rep.u._pad1, '\0' * 2)
3460 self.assertEquals(rep.u.num_results, 1)
3461 self.assertEquals(rep.u.ctx_list[0].result,
3462 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3463 self.assertEquals(rep.u.ctx_list[0].reason,
3464 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3465 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3466 self.assertNotEquals(len(rep.u.auth_info), 0)
3467 a = self.parse_auth(rep.u.auth_info)
3469 from_server = a.credentials
3470 (finished, to_server) = g.update(from_server)
3471 self.assertFalse(finished)
3473 # We change ctx_list and auth_level
3474 auth_info = self.generate_auth(auth_type=dcerpc.DCERPC_AUTH_TYPE_KRB5,
3475 auth_level=auth_level,
3476 auth_context_id=auth_context_id,
3477 auth_blob=to_server)
3478 req = self.generate_alter(call_id=0,
3480 assoc_group_id=rep.u.assoc_group_id,
3481 auth_info=auth_info)
3483 rep = self.recv_pdu()
3484 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3485 pfc_flags=req.pfc_flags |
3486 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3488 self.assertNotEquals(rep.u.alloc_hint, 0)
3489 self.assertEquals(rep.u.context_id, 0)
3490 self.assertEquals(rep.u.cancel_count, 0)
3491 self.assertEquals(rep.u.flags, 0)
3492 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
3493 self.assertEquals(rep.u.reserved, 0)
3494 self.assertEquals(len(rep.u.error_and_verifier), 0)
3496 # wait for a disconnect
3497 rep = self.recv_pdu()
3498 self.assertIsNone(rep)
3499 self.assertNotConnected()
3501 def test_spnego_change_auth_type3(self):
3502 ndr32 = base.transfer_syntax_ndr()
3503 ndr64 = base.transfer_syntax_ndr64()
3506 ctx1 = dcerpc.ctx_list()
3508 ctx1.num_transfer_syntaxes = len(tsf1_list)
3509 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3510 ctx1.transfer_syntaxes = tsf1_list
3512 tsf1b_list = [ndr32,ndr64]
3513 ctx1b = dcerpc.ctx_list()
3514 ctx1b.context_id = 1
3515 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
3516 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3517 ctx1b.transfer_syntaxes = tsf1b_list
3519 c = self.get_anon_creds()
3520 g = gensec.Security.start_client(self.settings)
3521 g.set_credentials(c)
3522 g.want_feature(gensec.FEATURE_DCE_STYLE)
3523 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3524 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3526 g.start_mech_by_authtype(auth_type, auth_level)
3528 (finished, to_server) = g.update(from_server)
3529 self.assertFalse(finished)
3531 auth_info = self.generate_auth(auth_type=auth_type,
3532 auth_level=auth_level,
3533 auth_context_id=auth_context_id,
3534 auth_blob=to_server)
3535 req = self.generate_bind(call_id=0,
3537 auth_info=auth_info)
3539 rep = self.recv_pdu()
3540 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3541 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3542 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3543 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3544 self.assertEquals(rep.u.secondary_address_size, 4)
3545 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3546 self.assertEquals(len(rep.u._pad1), 2)
3547 #self.assertEquals(rep.u._pad1, '\0' * 2)
3548 self.assertEquals(rep.u.num_results, 1)
3549 self.assertEquals(rep.u.ctx_list[0].result,
3550 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3551 self.assertEquals(rep.u.ctx_list[0].reason,
3552 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3553 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3554 self.assertNotEquals(len(rep.u.auth_info), 0)
3555 a = self.parse_auth(rep.u.auth_info)
3557 from_server = a.credentials
3558 (finished, to_server) = g.update(from_server)
3559 self.assertFalse(finished)
3561 # We change ctx_list and auth_level
3562 auth_info = self.generate_auth(auth_type=dcerpc.DCERPC_AUTH_TYPE_NONE,
3563 auth_level=auth_level,
3564 auth_context_id=auth_context_id,
3565 auth_blob=to_server)
3566 req = self.generate_alter(call_id=0,
3568 assoc_group_id=rep.u.assoc_group_id,
3569 auth_info=auth_info)
3571 rep = self.recv_pdu()
3572 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3573 pfc_flags=req.pfc_flags |
3574 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3576 self.assertNotEquals(rep.u.alloc_hint, 0)
3577 self.assertEquals(rep.u.context_id, 0)
3578 self.assertEquals(rep.u.cancel_count, 0)
3579 self.assertEquals(rep.u.flags, 0)
3580 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
3581 self.assertEquals(rep.u.reserved, 0)
3582 self.assertEquals(len(rep.u.error_and_verifier), 0)
3584 # wait for a disconnect
3585 rep = self.recv_pdu()
3586 self.assertIsNone(rep)
3587 self.assertNotConnected()
3589 def test_spnego_auth_pad_ok(self):
3590 ndr32 = base.transfer_syntax_ndr()
3593 ctx1 = dcerpc.ctx_list()
3595 ctx1.num_transfer_syntaxes = len(tsf1_list)
3596 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3597 ctx1.transfer_syntaxes = tsf1_list
3600 c = self.get_anon_creds()
3601 g = gensec.Security.start_client(self.settings)
3602 g.set_credentials(c)
3603 g.want_feature(gensec.FEATURE_DCE_STYLE)
3604 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3605 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3607 g.start_mech_by_authtype(auth_type, auth_level)
3609 (finished, to_server) = g.update(from_server)
3610 self.assertFalse(finished)
3612 auth_info = self.generate_auth(auth_type=auth_type,
3613 auth_level=auth_level,
3614 auth_context_id=auth_context_id,
3615 auth_blob=to_server)
3617 req = self.generate_bind(call_id=0,
3619 auth_info=auth_info)
3620 req_pdu = samba.ndr.ndr_pack(req)
3622 auth_pad_ok = len(req_pdu)
3623 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
3624 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
3625 auth_pad_ok -= len(to_server)
3627 auth_info = self.generate_auth(auth_type=auth_type,
3628 auth_level=auth_level,
3629 auth_context_id=auth_context_id,
3630 auth_pad_length=auth_pad_ok,
3631 auth_blob=to_server)
3633 req = self.generate_bind(call_id=0,
3635 auth_info=auth_info)
3637 rep = self.recv_pdu()
3638 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3639 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3640 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3641 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3642 self.assertEquals(rep.u.secondary_address_size, 4)
3643 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3644 self.assertEquals(len(rep.u._pad1), 2)
3645 #self.assertEquals(rep.u._pad1, '\0' * 2)
3646 self.assertEquals(rep.u.num_results, 1)
3647 self.assertEquals(rep.u.ctx_list[0].result,
3648 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3649 self.assertEquals(rep.u.ctx_list[0].reason,
3650 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3651 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3652 self.assertNotEquals(len(rep.u.auth_info), 0)
3653 a = self.parse_auth(rep.u.auth_info)
3655 from_server = a.credentials
3656 (finished, to_server) = g.update(from_server)
3657 self.assertFalse(finished)
3659 auth_info = self.generate_auth(auth_type=auth_type,
3660 auth_level=auth_level,
3661 auth_context_id=auth_context_id,
3662 auth_blob=to_server)
3663 req = self.generate_alter(call_id=0,
3665 assoc_group_id=rep.u.assoc_group_id,
3666 auth_info=auth_info)
3667 req_pdu = samba.ndr.ndr_pack(req)
3669 auth_pad_ok = len(req_pdu)
3670 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
3671 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
3672 auth_pad_ok -= len(to_server)
3673 auth_info = self.generate_auth(auth_type=auth_type,
3674 auth_level=auth_level,
3675 auth_context_id=auth_context_id,
3676 auth_pad_length=auth_pad_ok,
3677 auth_blob=to_server)
3678 req = self.generate_alter(call_id=0,
3680 assoc_group_id=rep.u.assoc_group_id,
3681 auth_info=auth_info)
3683 rep = self.recv_pdu()
3684 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
3685 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3686 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3687 self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3688 self.assertEquals(rep.u.secondary_address_size, 0)
3689 self.assertEquals(len(rep.u._pad1), 2)
3690 # Windows sends garbage
3691 #self.assertEquals(rep.u._pad1, '\0' * 2)
3692 self.assertEquals(rep.u.num_results, 1)
3693 self.assertEquals(rep.u.ctx_list[0].result,
3694 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3695 self.assertEquals(rep.u.ctx_list[0].reason,
3696 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3697 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3698 self.assertNotEquals(len(rep.u.auth_info), 0)
3699 a = self.parse_auth(rep.u.auth_info)
3701 from_server = a.credentials
3702 (finished, to_server) = g.update(from_server)
3703 self.assertTrue(finished)
3705 # And now try a request without auth_info
3706 req = self.generate_request(call_id = 2,
3707 context_id=ctx1.context_id,
3711 rep = self.recv_pdu()
3712 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3714 self.assertNotEquals(rep.u.alloc_hint, 0)
3715 self.assertEquals(rep.u.context_id, req.u.context_id)
3716 self.assertEquals(rep.u.cancel_count, 0)
3717 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3719 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
3720 auth_info = self.generate_auth(auth_type=auth_type,
3721 auth_level=auth_level,
3722 auth_context_id=auth_context_id,
3723 auth_blob="\x01"+"\x00"*15)
3724 req = self.generate_request(call_id = 3,
3725 context_id=ctx1.context_id,
3728 auth_info=auth_info)
3730 rep = self.recv_pdu()
3731 # We don't get an auth_info back
3732 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3734 self.assertNotEquals(rep.u.alloc_hint, 0)
3735 self.assertEquals(rep.u.context_id, req.u.context_id)
3736 self.assertEquals(rep.u.cancel_count, 0)
3737 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3739 self._disconnect("disconnect")
3740 self.assertNotConnected()
3742 def test_spnego_auth_pad_fail_bind(self):
3743 ndr32 = base.transfer_syntax_ndr()
3746 ctx1 = dcerpc.ctx_list()
3748 ctx1.num_transfer_syntaxes = len(tsf1_list)
3749 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3750 ctx1.transfer_syntaxes = tsf1_list
3753 c = self.get_anon_creds()
3754 g = gensec.Security.start_client(self.settings)
3755 g.set_credentials(c)
3756 g.want_feature(gensec.FEATURE_DCE_STYLE)
3757 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3758 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3760 g.start_mech_by_authtype(auth_type, auth_level)
3762 (finished, to_server) = g.update(from_server)
3763 self.assertFalse(finished)
3765 auth_info = self.generate_auth(auth_type=auth_type,
3766 auth_level=auth_level,
3767 auth_context_id=auth_context_id,
3768 auth_blob=to_server)
3770 req = self.generate_bind(call_id=0,
3772 auth_info=auth_info)
3773 req_pdu = samba.ndr.ndr_pack(req)
3775 auth_pad_ok = len(req_pdu)
3776 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
3777 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
3778 auth_pad_ok -= len(to_server)
3779 auth_pad_bad = auth_pad_ok + 1
3780 auth_info = self.generate_auth(auth_type=auth_type,
3781 auth_level=auth_level,
3782 auth_context_id=auth_context_id,
3783 auth_pad_length=auth_pad_bad,
3784 auth_blob=to_server)
3786 req = self.generate_bind(call_id=0,
3788 auth_info=auth_info)
3790 rep = self.recv_pdu()
3791 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
3793 self.assertEquals(rep.u.reject_reason,
3794 dcerpc.DCERPC_BIND_NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED)
3795 self.assertEquals(rep.u.num_versions, 1)
3796 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
3797 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
3798 self.assertEquals(len(rep.u._pad), 3)
3799 self.assertEquals(rep.u._pad, '\0' * 3)
3801 # wait for a disconnect
3802 rep = self.recv_pdu()
3803 self.assertIsNone(rep)
3804 self.assertNotConnected()
3806 def test_spnego_auth_pad_fail_alter(self):
3807 ndr32 = base.transfer_syntax_ndr()
3810 ctx1 = dcerpc.ctx_list()
3812 ctx1.num_transfer_syntaxes = len(tsf1_list)
3813 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3814 ctx1.transfer_syntaxes = tsf1_list
3817 c = self.get_anon_creds()
3818 g = gensec.Security.start_client(self.settings)
3819 g.set_credentials(c)
3820 g.want_feature(gensec.FEATURE_DCE_STYLE)
3821 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3822 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3824 g.start_mech_by_authtype(auth_type, auth_level)
3826 (finished, to_server) = g.update(from_server)
3827 self.assertFalse(finished)
3829 auth_info = self.generate_auth(auth_type=auth_type,
3830 auth_level=auth_level,
3831 auth_context_id=auth_context_id,
3832 auth_blob=to_server)
3834 req = self.generate_bind(call_id=0,
3836 auth_info=auth_info)
3837 req_pdu = samba.ndr.ndr_pack(req)
3839 auth_pad_ok = len(req_pdu)
3840 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
3841 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
3842 auth_pad_ok -= len(to_server)
3844 auth_info = self.generate_auth(auth_type=auth_type,
3845 auth_level=auth_level,
3846 auth_context_id=auth_context_id,
3847 auth_pad_length=auth_pad_ok,
3848 auth_blob=to_server)
3850 req = self.generate_bind(call_id=0,
3852 auth_info=auth_info)
3854 rep = self.recv_pdu()
3855 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3856 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3857 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3858 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3859 self.assertEquals(rep.u.secondary_address_size, 4)
3860 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3861 self.assertEquals(len(rep.u._pad1), 2)
3862 #self.assertEquals(rep.u._pad1, '\0' * 2)
3863 self.assertEquals(rep.u.num_results, 1)
3864 self.assertEquals(rep.u.ctx_list[0].result,
3865 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3866 self.assertEquals(rep.u.ctx_list[0].reason,
3867 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3868 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3869 self.assertNotEquals(len(rep.u.auth_info), 0)
3870 a = self.parse_auth(rep.u.auth_info)
3872 from_server = a.credentials
3873 (finished, to_server) = g.update(from_server)
3874 self.assertFalse(finished)
3876 auth_info = self.generate_auth(auth_type=auth_type,
3877 auth_level=auth_level,
3878 auth_context_id=auth_context_id,
3879 auth_blob=to_server)
3880 req = self.generate_alter(call_id=0,
3882 assoc_group_id=rep.u.assoc_group_id,
3883 auth_info=auth_info)
3884 req_pdu = samba.ndr.ndr_pack(req)
3886 auth_pad_ok = len(req_pdu)
3887 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
3888 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
3889 auth_pad_ok -= len(to_server)
3890 auth_pad_bad = auth_pad_ok + 1
3891 auth_info = self.generate_auth(auth_type=auth_type,
3892 auth_level=auth_level,
3893 auth_context_id=auth_context_id,
3894 auth_pad_length=auth_pad_bad,
3895 auth_blob=to_server)
3896 req = self.generate_alter(call_id=0,
3898 assoc_group_id=rep.u.assoc_group_id,
3899 auth_info=auth_info)
3901 rep = self.recv_pdu()
3902 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3903 pfc_flags=req.pfc_flags |
3904 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3906 self.assertNotEquals(rep.u.alloc_hint, 0)
3907 self.assertEquals(rep.u.context_id, 0)
3908 self.assertEquals(rep.u.cancel_count, 0)
3909 self.assertEquals(rep.u.flags, 0)
3910 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
3911 self.assertEquals(rep.u.reserved, 0)
3912 self.assertEquals(len(rep.u.error_and_verifier), 0)
3914 # wait for a disconnect
3915 rep = self.recv_pdu()
3916 self.assertIsNone(rep)
3917 self.assertNotConnected()
3919 def test_ntlmssp_auth_pad_ok(self):
3920 ndr32 = base.transfer_syntax_ndr()
3923 ctx1 = dcerpc.ctx_list()
3925 ctx1.num_transfer_syntaxes = len(tsf1_list)
3926 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3927 ctx1.transfer_syntaxes = tsf1_list
3930 c = self.get_anon_creds()
3931 g = gensec.Security.start_client(self.settings)
3932 g.set_credentials(c)
3933 g.want_feature(gensec.FEATURE_DCE_STYLE)
3934 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
3935 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3937 g.start_mech_by_authtype(auth_type, auth_level)
3939 (finished, to_server) = g.update(from_server)
3940 self.assertFalse(finished)
3942 auth_info = self.generate_auth(auth_type=auth_type,
3943 auth_level=auth_level,
3944 auth_context_id=auth_context_id,
3945 auth_blob=to_server)
3947 req = self.generate_bind(call_id=0,
3949 auth_info=auth_info)
3950 req_pdu = samba.ndr.ndr_pack(req)
3952 auth_pad_ok = len(req_pdu)
3953 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
3954 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
3955 auth_pad_ok -= len(to_server)
3957 auth_info = self.generate_auth(auth_type=auth_type,
3958 auth_level=auth_level,
3959 auth_context_id=auth_context_id,
3960 auth_pad_length=auth_pad_ok,
3961 auth_blob=to_server)
3963 req = self.generate_bind(call_id=0,
3965 auth_info=auth_info)
3967 rep = self.recv_pdu()
3968 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3969 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3970 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3971 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3972 self.assertEquals(rep.u.secondary_address_size, 4)
3973 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3974 self.assertEquals(len(rep.u._pad1), 2)
3975 #self.assertEquals(rep.u._pad1, '\0' * 2)
3976 self.assertEquals(rep.u.num_results, 1)
3977 self.assertEquals(rep.u.ctx_list[0].result,
3978 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3979 self.assertEquals(rep.u.ctx_list[0].reason,
3980 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3981 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3982 self.assertNotEquals(len(rep.u.auth_info), 0)
3983 a = self.parse_auth(rep.u.auth_info)
3985 from_server = a.credentials
3986 (finished, to_server) = g.update(from_server)
3987 self.assertTrue(finished)
3990 auth_info = self.generate_auth(auth_type=auth_type,
3991 auth_level=auth_level,
3992 auth_context_id=auth_context_id,
3993 auth_pad_length=auth_pad_ok,
3994 auth_blob=to_server)
3995 req = self.generate_auth3(call_id=0,
3996 auth_info=auth_info)
3998 self.assertIsConnected()
4000 # And now try a request without auth_info
4001 req = self.generate_request(call_id = 2,
4002 context_id=ctx1.context_id,
4006 rep = self.recv_pdu()
4007 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4009 self.assertNotEquals(rep.u.alloc_hint, 0)
4010 self.assertEquals(rep.u.context_id, req.u.context_id)
4011 self.assertEquals(rep.u.cancel_count, 0)
4012 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4014 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
4015 auth_info = self.generate_auth(auth_type=auth_type,
4016 auth_level=auth_level,
4017 auth_context_id=auth_context_id,
4018 auth_blob="\x01"+"\x00"*15)
4019 req = self.generate_request(call_id = 3,
4020 context_id=ctx1.context_id,
4023 auth_info=auth_info)
4025 rep = self.recv_pdu()
4026 # We don't get an auth_info back
4027 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4029 self.assertNotEquals(rep.u.alloc_hint, 0)
4030 self.assertEquals(rep.u.context_id, req.u.context_id)
4031 self.assertEquals(rep.u.cancel_count, 0)
4032 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4034 self._disconnect("disconnect")
4035 self.assertNotConnected()
4037 def test_ntlmssp_auth_pad_fail_auth3(self):
4038 ndr32 = base.transfer_syntax_ndr()
4041 ctx1 = dcerpc.ctx_list()
4043 ctx1.num_transfer_syntaxes = len(tsf1_list)
4044 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4045 ctx1.transfer_syntaxes = tsf1_list
4048 c = self.get_anon_creds()
4049 g = gensec.Security.start_client(self.settings)
4050 g.set_credentials(c)
4051 g.want_feature(gensec.FEATURE_DCE_STYLE)
4052 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
4053 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
4055 g.start_mech_by_authtype(auth_type, auth_level)
4057 (finished, to_server) = g.update(from_server)
4058 self.assertFalse(finished)
4060 auth_info = self.generate_auth(auth_type=auth_type,
4061 auth_level=auth_level,
4062 auth_context_id=auth_context_id,
4063 auth_blob=to_server)
4065 req = self.generate_bind(call_id=0,
4067 auth_info=auth_info)
4068 req_pdu = samba.ndr.ndr_pack(req)
4070 auth_pad_ok = len(req_pdu)
4071 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
4072 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4073 auth_pad_ok -= len(to_server)
4075 auth_info = self.generate_auth(auth_type=auth_type,
4076 auth_level=auth_level,
4077 auth_context_id=auth_context_id,
4078 auth_pad_length=auth_pad_ok,
4079 auth_blob=to_server)
4081 req = self.generate_bind(call_id=0,
4083 auth_info=auth_info)
4085 rep = self.recv_pdu()
4086 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
4087 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
4088 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
4089 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
4090 self.assertEquals(rep.u.secondary_address_size, 4)
4091 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
4092 self.assertEquals(len(rep.u._pad1), 2)
4093 #self.assertEquals(rep.u._pad1, '\0' * 2)
4094 self.assertEquals(rep.u.num_results, 1)
4095 self.assertEquals(rep.u.ctx_list[0].result,
4096 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
4097 self.assertEquals(rep.u.ctx_list[0].reason,
4098 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
4099 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
4100 self.assertNotEquals(len(rep.u.auth_info), 0)
4101 a = self.parse_auth(rep.u.auth_info)
4103 from_server = a.credentials
4104 (finished, to_server) = g.update(from_server)
4105 self.assertTrue(finished)
4108 auth_info = self.generate_auth(auth_type=auth_type,
4109 auth_level=auth_level,
4110 auth_context_id=auth_context_id,
4111 auth_pad_length=auth_pad_bad,
4112 auth_blob=to_server)
4113 req = self.generate_auth3(call_id=0,
4114 auth_info=auth_info)
4116 rep = self.recv_pdu()
4117 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
4118 pfc_flags=req.pfc_flags |
4119 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
4121 self.assertNotEquals(rep.u.alloc_hint, 0)
4122 self.assertEquals(rep.u.context_id, 0)
4123 self.assertEquals(rep.u.cancel_count, 0)
4124 self.assertEquals(rep.u.flags, 0)
4125 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_FAULT_REMOTE_NO_MEMORY)
4126 self.assertEquals(rep.u.reserved, 0)
4127 self.assertEquals(len(rep.u.error_and_verifier), 0)
4129 # wait for a disconnect
4130 rep = self.recv_pdu()
4131 self.assertIsNone(rep)
4132 self.assertNotConnected()
4134 def _test_spnego_bind_auth_level(self, auth_level, auth_context_id, ctx,
4135 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4137 creds = self.get_user_creds()
4138 auth_context = self.get_auth_context_creds(creds=creds,
4139 auth_type=dcerpc.DCERPC_AUTH_TYPE_SPNEGO,
4140 auth_level=auth_level,
4141 auth_context_id=auth_context_id,
4142 g_auth_level=g_auth_level)
4143 if auth_context is None:
4145 ack = self.do_generic_bind(ctx=ctx,
4146 auth_context=auth_context,
4147 alter_fault=alter_fault)
4150 return auth_context["gensec"]
4152 def _test_spnego_level_bind_nak(self, auth_level,
4153 reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_CHECKSUM):
4154 c = self.get_user_creds()
4155 return self._test_auth_type_level_bind_nak(auth_type=dcerpc.DCERPC_AUTH_TYPE_SPNEGO,
4156 auth_level=auth_level, creds=c, reason=reason)
4158 def _test_spnego_level_bind(self, auth_level,
4159 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4162 response_fault_flags=0):
4163 ndr32 = base.transfer_syntax_ndr()
4166 ctx1 = dcerpc.ctx_list()
4167 ctx1.context_id = 0x1001
4168 ctx1.num_transfer_syntaxes = len(tsf1_list)
4169 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4170 ctx1.transfer_syntaxes = tsf1_list
4172 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
4175 g = self._test_spnego_bind_auth_level(auth_level=auth_level,
4176 auth_context_id=auth_context_id,
4178 g_auth_level=g_auth_level,
4179 alter_fault=alter_fault)
4181 if request_fault is None:
4184 self.assertIsNotNone(g)
4186 stub_bin = '\x00' * 17
4187 mod_len = len(stub_bin) % dcerpc.DCERPC_AUTH_PAD_ALIGNMENT
4190 auth_pad_length = dcerpc.DCERPC_AUTH_PAD_ALIGNMENT - mod_len
4191 stub_bin += '\x00' * auth_pad_length
4193 if g_auth_level >= dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY:
4194 sig_size = g.sig_size(len(stub_bin))
4197 zero_sig = "\x00"*sig_size
4199 auth_info = self.generate_auth(auth_type=auth_type,
4200 auth_level=auth_level,
4201 auth_pad_length=auth_pad_length,
4202 auth_context_id=auth_context_id,
4204 req = self.generate_request(call_id = 4,
4205 context_id=ctx1.context_id,
4208 auth_info=auth_info)
4209 if g_auth_level >= dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY:
4210 req_blob = samba.ndr.ndr_pack(req)
4211 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4212 ofs_sig = len(req_blob) - req.auth_length
4213 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4214 req_data = req_blob[ofs_stub:ofs_trailer]
4215 req_whole = req_blob[0:ofs_sig]
4216 sig = g.sign_packet(req_data, req_whole)
4217 auth_info = self.generate_auth(auth_type=auth_type,
4218 auth_level=auth_level,
4219 auth_pad_length=auth_pad_length,
4220 auth_context_id=auth_context_id,
4222 req = self.generate_request(call_id = 4,
4223 context_id=ctx1.context_id,
4226 auth_info=auth_info)
4228 rep = self.recv_pdu()
4229 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
4230 pfc_flags=req.pfc_flags | response_fault_flags,
4232 self.assertNotEquals(rep.u.alloc_hint, 0)
4233 self.assertEquals(rep.u.context_id, ctx1.context_id)
4234 self.assertEquals(rep.u.cancel_count, 0)
4235 self.assertEquals(rep.u.flags, 0)
4236 self.assertEquals(rep.u.status, request_fault)
4237 self.assertEquals(rep.u.reserved, 0)
4238 self.assertEquals(len(rep.u.error_and_verifier), 0)
4240 if response_fault_flags & dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE:
4243 # wait for a disconnect
4244 rep = self.recv_pdu()
4245 self.assertIsNone(rep)
4246 self.assertNotConnected()
4248 def test_spnego_none_bind(self):
4249 return self._test_spnego_level_bind_nak(dcerpc.DCERPC_AUTH_LEVEL_NONE,
4250 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
4252 def test_spnego_call_bind(self):
4253 return self._test_spnego_level_bind_nak(dcerpc.DCERPC_AUTH_LEVEL_CALL,
4254 reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_CHECKSUM)
4256 def test_spnego_0_bind(self):
4257 return self._test_spnego_level_bind_nak(0,
4258 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
4260 def test_spnego_7_bind(self):
4261 return self._test_spnego_level_bind_nak(7,
4262 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
4264 def test_spnego_255_bind(self):
4265 return self._test_spnego_level_bind_nak(255,
4266 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
4268 def test_spnego_connect_bind_none(self):
4269 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
4270 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT)
4272 def test_spnego_connect_bind_sign(self):
4273 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
4274 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
4276 def test_spnego_connect_bind_seal(self):
4277 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
4278 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY)
4280 def test_spnego_packet_bind_none(self):
4281 # DCERPC_AUTH_LEVEL_PACKET is handled as alias of
4282 # DCERPC_AUTH_LEVEL_INTEGRITY
4283 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PACKET,
4284 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
4285 request_fault=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
4287 def test_spnego_packet_bind_sign(self):
4288 # DCERPC_AUTH_LEVEL_PACKET is handled as alias of
4289 # DCERPC_AUTH_LEVEL_INTEGRITY
4290 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PACKET,
4291 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4292 request_fault=dcerpc.DCERPC_NCA_S_OP_RNG_ERROR,
4293 response_fault_flags=dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE)
4295 def test_spnego_packet_bind_sign(self):
4296 # DCERPC_AUTH_LEVEL_PACKET is handled as alias of
4297 # DCERPC_AUTH_LEVEL_INTEGRITY
4298 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PACKET,
4299 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
4300 request_fault=dcerpc.DCERPC_NCA_S_OP_RNG_ERROR,
4301 response_fault_flags=dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE)
4303 def test_spnego_integrity_bind_none(self):
4304 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4305 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
4306 request_fault=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
4308 def test_spnego_integrity_bind_sign(self):
4309 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4310 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4311 request_fault=dcerpc.DCERPC_NCA_S_OP_RNG_ERROR,
4312 response_fault_flags=dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE)
4314 def test_spnego_integrity_bind_seal(self):
4315 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4316 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
4317 request_fault=dcerpc.DCERPC_NCA_S_OP_RNG_ERROR,
4318 response_fault_flags=dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE)
4320 def test_spnego_privacy_bind_none(self):
4322 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
4323 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
4324 alter_fault=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
4326 def test_spnego_privacy_bind_sign(self):
4328 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
4329 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4330 alter_fault=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
4332 def test_spnego_privacy_bind_seal(self):
4333 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
4334 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY)
4338 def _test_spnego_signing_auth_level_request(self, auth_level):
4339 ndr32 = base.transfer_syntax_ndr()
4342 ctx1 = dcerpc.ctx_list()
4343 ctx1.context_id = 0x1001
4344 ctx1.num_transfer_syntaxes = len(tsf1_list)
4345 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4346 ctx1.transfer_syntaxes = tsf1_list
4349 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
4352 g = self._test_spnego_bind_auth_level(auth_level=auth_level,
4353 auth_context_id=auth_context_id,
4356 stub_bin = '\x00' * 0
4357 mod_len = len(stub_bin) % dcerpc.DCERPC_AUTH_PAD_ALIGNMENT
4360 auth_pad_length = dcerpc.DCERPC_AUTH_PAD_ALIGNMENT - mod_len
4361 stub_bin += '\x00' * auth_pad_length
4363 sig_size = g.sig_size(len(stub_bin))
4364 zero_sig = "\x00"*sig_size
4366 auth_info = self.generate_auth(auth_type=auth_type,
4367 auth_level=auth_level,
4368 auth_pad_length=auth_pad_length,
4369 auth_context_id=auth_context_id,
4371 req = self.generate_request(call_id = 3,
4372 context_id=ctx1.context_id,
4375 auth_info=auth_info)
4376 req_blob = samba.ndr.ndr_pack(req)
4377 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4378 ofs_sig = len(req_blob) - req.auth_length
4379 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4380 req_data = req_blob[ofs_stub:ofs_trailer]
4381 req_whole = req_blob[0:ofs_sig]
4382 sig = g.sign_packet(req_data, req_whole)
4383 auth_info = self.generate_auth(auth_type=auth_type,
4384 auth_level=auth_level,
4385 auth_pad_length=auth_pad_length,
4386 auth_context_id=auth_context_id,
4388 req = self.generate_request(call_id = 3,
4389 context_id=ctx1.context_id,
4392 auth_info=auth_info)
4394 (rep, rep_blob) = self.recv_pdu_raw()
4395 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4396 auth_length=sig_size)
4397 self.assertNotEquals(rep.u.alloc_hint, 0)
4398 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
4399 self.assertEquals(rep.u.cancel_count, 0)
4400 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4401 self.assertEquals(rep.auth_length, sig_size)
4403 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4404 ofs_sig = rep.frag_length - rep.auth_length
4405 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4406 rep_data = rep_blob[ofs_stub:ofs_trailer]
4407 rep_whole = rep_blob[0:ofs_sig]
4408 rep_sig = rep_blob[ofs_sig:]
4409 rep_auth_info_blob = rep_blob[ofs_trailer:]
4411 rep_auth_info = self.parse_auth(rep_auth_info_blob)
4412 self.assertEquals(rep_auth_info.auth_type, auth_type)
4413 self.assertEquals(rep_auth_info.auth_level, auth_level)
4414 # mgmt_inq_if_ids() returns no fixed size results
4415 #self.assertEquals(rep_auth_info.auth_pad_length, 0)
4416 self.assertEquals(rep_auth_info.auth_reserved, 0)
4417 self.assertEquals(rep_auth_info.auth_context_id, auth_context_id)
4418 self.assertEquals(rep_auth_info.credentials, rep_sig)
4420 g.check_packet(rep_data, rep_whole, rep_sig)
4422 stub_bin = '\x00' * 17
4423 mod_len = len(stub_bin) % dcerpc.DCERPC_AUTH_PAD_ALIGNMENT
4426 auth_pad_length = dcerpc.DCERPC_AUTH_PAD_ALIGNMENT - mod_len
4427 stub_bin += '\x00' * auth_pad_length
4429 sig_size = g.sig_size(len(stub_bin))
4430 zero_sig = "\x00"*sig_size
4432 auth_info = self.generate_auth(auth_type=auth_type,
4433 auth_level=auth_level,
4434 auth_pad_length=auth_pad_length,
4435 auth_context_id=auth_context_id,
4437 req = self.generate_request(call_id = 4,
4438 context_id=ctx1.context_id,
4441 auth_info=auth_info)
4442 req_blob = samba.ndr.ndr_pack(req)
4443 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4444 ofs_sig = len(req_blob) - req.auth_length
4445 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4446 req_data = req_blob[ofs_stub:ofs_trailer]
4447 req_whole = req_blob[0:ofs_sig]
4448 sig = g.sign_packet(req_data, req_whole)
4449 auth_info = self.generate_auth(auth_type=auth_type,
4450 auth_level=auth_level,
4451 auth_pad_length=auth_pad_length,
4452 auth_context_id=auth_context_id,
4454 req = self.generate_request(call_id = 4,
4455 context_id=ctx1.context_id,
4458 auth_info=auth_info)
4460 rep = self.recv_pdu()
4461 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
4462 pfc_flags=req.pfc_flags |
4463 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
4465 self.assertNotEquals(rep.u.alloc_hint, 0)
4466 self.assertEquals(rep.u.context_id, ctx1.context_id)
4467 self.assertEquals(rep.u.cancel_count, 0)
4468 self.assertEquals(rep.u.flags, 0)
4469 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_OP_RNG_ERROR)
4470 self.assertEquals(rep.u.reserved, 0)
4471 self.assertEquals(len(rep.u.error_and_verifier), 0)
4473 stub_bin = '\x00' * 8
4474 mod_len = len(stub_bin) % dcerpc.DCERPC_AUTH_PAD_ALIGNMENT
4477 auth_pad_length = dcerpc.DCERPC_AUTH_PAD_ALIGNMENT - mod_len
4478 stub_bin += '\x00' * auth_pad_length
4480 sig_size = g.sig_size(len(stub_bin))
4481 zero_sig = "\x00"*sig_size
4483 auth_info = self.generate_auth(auth_type=auth_type,
4484 auth_level=auth_level,
4485 auth_pad_length=auth_pad_length,
4486 auth_context_id=auth_context_id,
4488 req = self.generate_request(call_id = 5,
4489 context_id=ctx1.context_id,
4492 auth_info=auth_info)
4493 req_blob = samba.ndr.ndr_pack(req)
4494 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4495 ofs_sig = len(req_blob) - req.auth_length
4496 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4497 req_data = req_blob[ofs_stub:ofs_trailer]
4498 req_whole = req_blob[0:ofs_sig]
4499 sig = g.sign_packet(req_data, req_whole)
4500 auth_info = self.generate_auth(auth_type=auth_type,
4501 auth_level=auth_level,
4502 auth_pad_length=auth_pad_length,
4503 auth_context_id=auth_context_id,
4505 req = self.generate_request(call_id = 5,
4506 context_id=ctx1.context_id,
4509 auth_info=auth_info)
4511 (rep, rep_blob) = self.recv_pdu_raw()
4512 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4513 auth_length=sig_size)
4514 self.assertNotEquals(rep.u.alloc_hint, 0)
4515 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
4516 self.assertEquals(rep.u.cancel_count, 0)
4517 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4518 self.assertEquals(rep.auth_length, sig_size)
4520 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4521 ofs_sig = rep.frag_length - rep.auth_length
4522 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4523 rep_data = rep_blob[ofs_stub:ofs_trailer]
4524 rep_whole = rep_blob[0:ofs_sig]
4525 rep_sig = rep_blob[ofs_sig:]
4526 rep_auth_info_blob = rep_blob[ofs_trailer:]
4528 rep_auth_info = self.parse_auth(rep_auth_info_blob)
4529 self.assertEquals(rep_auth_info.auth_type, auth_type)
4530 self.assertEquals(rep_auth_info.auth_level, auth_level)
4531 self.assertEquals(rep_auth_info.auth_pad_length, 4)
4532 self.assertEquals(rep_auth_info.auth_reserved, 0)
4533 self.assertEquals(rep_auth_info.auth_context_id, auth_context_id)
4534 self.assertEquals(rep_auth_info.credentials, rep_sig)
4536 g.check_packet(rep_data, rep_whole, rep_sig)
4538 stub_bin = '\x00' * 8
4539 mod_len = len(stub_bin) % dcerpc.DCERPC_AUTH_PAD_ALIGNMENT
4542 auth_pad_length = dcerpc.DCERPC_AUTH_PAD_ALIGNMENT - mod_len
4543 stub_bin += '\x00' * auth_pad_length
4545 sig_size = g.sig_size(len(stub_bin))
4546 zero_sig = "\x00"*sig_size
4548 auth_info = self.generate_auth(auth_type=auth_type,
4549 auth_level=auth_level,
4550 auth_pad_length=auth_pad_length,
4551 auth_context_id=auth_context_id,
4553 req = self.generate_request(call_id = 6,
4554 context_id=ctx1.context_id,
4557 auth_info=auth_info)
4558 req_blob = samba.ndr.ndr_pack(req)
4559 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4560 ofs_sig = len(req_blob) - req.auth_length
4561 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4562 req_data = req_blob[ofs_stub:ofs_trailer]
4563 req_whole = req_blob[0:ofs_sig]
4564 sig = g.sign_packet(req_data, req_whole)
4565 auth_info = self.generate_auth(auth_type=auth_type,
4566 auth_level=auth_level,
4567 auth_pad_length=auth_pad_length,
4568 auth_context_id=auth_context_id,
4570 req = self.generate_request(call_id = 6,
4571 context_id=ctx1.context_id,
4574 auth_info=auth_info)
4576 (rep, rep_blob) = self.recv_pdu_raw()
4577 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4578 auth_length=sig_size)
4579 self.assertNotEquals(rep.u.alloc_hint, 0)
4580 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
4581 self.assertEquals(rep.u.cancel_count, 0)
4582 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4583 self.assertEquals(rep.auth_length, sig_size)
4585 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4586 ofs_sig = rep.frag_length - rep.auth_length
4587 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4588 rep_data = rep_blob[ofs_stub:ofs_trailer]
4589 rep_whole = rep_blob[0:ofs_sig]
4590 rep_sig = rep_blob[ofs_sig:]
4591 rep_auth_info_blob = rep_blob[ofs_trailer:]
4593 rep_auth_info = self.parse_auth(rep_auth_info_blob)
4594 self.assertEquals(rep_auth_info.auth_type, auth_type)
4595 self.assertEquals(rep_auth_info.auth_level, auth_level)
4596 self.assertEquals(rep_auth_info.auth_pad_length, 12)
4597 self.assertEquals(rep_auth_info.auth_reserved, 0)
4598 self.assertEquals(rep_auth_info.auth_context_id, auth_context_id)
4599 self.assertEquals(rep_auth_info.credentials, rep_sig)
4601 g.check_packet(rep_data, rep_whole, rep_sig)
4603 def test_spnego_signing_packet(self):
4604 # DCERPC_AUTH_LEVEL_PACKET is handled as alias of
4605 # DCERPC_AUTH_LEVEL_INTEGRITY
4606 return self._test_spnego_signing_auth_level_request(dcerpc.DCERPC_AUTH_LEVEL_PACKET)
4608 def test_spnego_signing_integrity(self):
4609 return self._test_spnego_signing_auth_level_request(dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
4612 if __name__ == "__main__":
4613 global_ndr_print = True
4614 global_hexdump = True