2 # Unix SMB/CIFS implementation.
3 # Copyright (C) Stefan Metzmacher 2014,2015
5 # This program is free software; you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 3 of the License, or
8 # (at your option) any later version.
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
15 # You should have received a copy of the GNU General Public License
16 # along with this program. If not, see <http://www.gnu.org/licenses/>.
23 sys.path.insert(0, "bin/python")
24 os.environ["PYTHONUNBUFFERED"] = "1"
26 import samba.dcerpc.dcerpc as dcerpc
27 import samba.dcerpc.base as base
28 import samba.dcerpc.misc as misc
29 import samba.dcerpc.epmapper
30 import samba.dcerpc.mgmt
31 import samba.dcerpc.netlogon
33 from samba import gensec
34 from samba.tests.dcerpc.raw_testcase import RawDCERPCTest
36 global_ndr_print = False
37 global_hexdump = False
39 class TestDCERPC_BIND(RawDCERPCTest):
42 super(TestDCERPC_BIND, self).setUp()
43 self.do_ndr_print = global_ndr_print
44 self.do_hexdump = global_hexdump
46 def _test_no_auth_request_bind_pfc_flags(self, req_pfc_flags, rep_pfc_flags):
47 ndr32 = base.transfer_syntax_ndr()
50 ctx1 = dcerpc.ctx_list()
52 ctx1.num_transfer_syntaxes = len(tsf1_list)
53 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
54 ctx1.transfer_syntaxes = tsf1_list
56 req = self.generate_bind(call_id=0, pfc_flags=req_pfc_flags, ctx_list=[ctx1])
59 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
60 pfc_flags=rep_pfc_flags, auth_length=0)
61 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
62 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
63 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
64 self.assertEquals(rep.u.secondary_address_size, 4)
65 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
66 self.assertEquals(len(rep.u._pad1), 2)
67 # sometimes windows sends random bytes
68 # self.assertEquals(rep.u._pad1, '\0' * 2)
69 self.assertEquals(rep.u.num_results, 1)
70 self.assertEquals(rep.u.ctx_list[0].result,
71 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
72 self.assertEquals(rep.u.ctx_list[0].reason,
73 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
74 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
75 self.assertEquals(rep.u.auth_info, '\0' * 0)
77 # And now try a request
78 req = self.generate_request(call_id = 1,
79 context_id=ctx1.context_id,
84 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
86 self.assertNotEquals(rep.u.alloc_hint, 0)
87 self.assertEquals(rep.u.context_id, req.u.context_id)
88 self.assertEquals(rep.u.cancel_count, 0)
89 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
91 def _test_no_auth_request_alter_pfc_flags(self, req_pfc_flags, rep_pfc_flags):
92 ndr32 = base.transfer_syntax_ndr()
95 ctx1 = dcerpc.ctx_list()
97 ctx1.num_transfer_syntaxes = len(tsf1_list)
98 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
99 ctx1.transfer_syntaxes = tsf1_list
101 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
103 rep = self.recv_pdu()
104 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
106 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
107 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
108 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
109 self.assertEquals(rep.u.secondary_address_size, 4)
110 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
111 self.assertEquals(len(rep.u._pad1), 2)
112 # sometimes windows sends random bytes
113 # self.assertEquals(rep.u._pad1, '\0' * 2)
114 self.assertEquals(rep.u.num_results, 1)
115 self.assertEquals(rep.u.ctx_list[0].result,
116 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
117 self.assertEquals(rep.u.ctx_list[0].reason,
118 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
119 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
120 self.assertEquals(rep.u.auth_info, '\0' * 0)
122 # And now try a alter context
123 req = self.generate_alter(call_id=0, pfc_flags=req_pfc_flags, ctx_list=[ctx1])
125 rep = self.recv_pdu()
126 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
127 pfc_flags=rep_pfc_flags, auth_length=0)
128 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
129 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
130 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
131 self.assertEquals(rep.u.secondary_address_size, 0)
132 self.assertEquals(rep.u.secondary_address, "")
133 self.assertEquals(len(rep.u._pad1), 2)
134 # sometimes windows sends random bytes
135 # self.assertEquals(rep.u._pad1, '\0' * 2)
136 self.assertEquals(rep.u.num_results, 1)
137 self.assertEquals(rep.u.ctx_list[0].result,
138 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
139 self.assertEquals(rep.u.ctx_list[0].reason,
140 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
141 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
142 self.assertEquals(rep.u.auth_info, '\0' * 0)
144 # And now try a request
145 req = self.generate_request(call_id = 1,
146 context_id=ctx1.context_id,
150 rep = self.recv_pdu()
151 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
153 self.assertNotEquals(rep.u.alloc_hint, 0)
154 self.assertEquals(rep.u.context_id, req.u.context_id)
155 self.assertEquals(rep.u.cancel_count, 0)
156 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
158 def test_no_auth_request(self):
159 return self._test_no_auth_request_bind_pfc_flags(
161 dcerpc.DCERPC_PFC_FLAG_FIRST |
162 dcerpc.DCERPC_PFC_FLAG_LAST,
164 dcerpc.DCERPC_PFC_FLAG_FIRST |
165 dcerpc.DCERPC_PFC_FLAG_LAST)
167 def test_no_auth_request_bind_pfc_00(self):
168 return self._test_no_auth_request_bind_pfc_flags(
172 dcerpc.DCERPC_PFC_FLAG_FIRST |
173 dcerpc.DCERPC_PFC_FLAG_LAST)
175 def test_no_auth_request_bind_pfc_FIRST(self):
176 return self._test_no_auth_request_bind_pfc_flags(
178 dcerpc.DCERPC_PFC_FLAG_FIRST |
181 dcerpc.DCERPC_PFC_FLAG_FIRST |
182 dcerpc.DCERPC_PFC_FLAG_LAST)
184 def test_no_auth_request_bind_pfc_LAST(self):
185 return self._test_no_auth_request_bind_pfc_flags(
187 dcerpc.DCERPC_PFC_FLAG_LAST |
190 dcerpc.DCERPC_PFC_FLAG_FIRST |
191 dcerpc.DCERPC_PFC_FLAG_LAST)
193 # TODO: doesn't announce DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
194 # without authentication
195 def _test_no_auth_request_bind_pfc_HDR_SIGNING(self):
196 return self._test_no_auth_request_bind_pfc_flags(
198 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN |
201 dcerpc.DCERPC_PFC_FLAG_FIRST |
202 dcerpc.DCERPC_PFC_FLAG_LAST |
203 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)
205 def test_no_auth_request_bind_pfc_08(self):
206 return self._test_no_auth_request_bind_pfc_flags(
211 dcerpc.DCERPC_PFC_FLAG_FIRST |
212 dcerpc.DCERPC_PFC_FLAG_LAST)
214 def test_no_auth_request_bind_pfc_CONC_MPX(self):
215 return self._test_no_auth_request_bind_pfc_flags(
217 dcerpc.DCERPC_PFC_FLAG_CONC_MPX |
220 dcerpc.DCERPC_PFC_FLAG_FIRST |
221 dcerpc.DCERPC_PFC_FLAG_LAST |
222 dcerpc.DCERPC_PFC_FLAG_CONC_MPX)
224 def test_no_auth_request_bind_pfc_DID_NOT_EXECUTE(self):
225 return self._test_no_auth_request_bind_pfc_flags(
227 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE |
230 dcerpc.DCERPC_PFC_FLAG_FIRST |
231 dcerpc.DCERPC_PFC_FLAG_LAST)
233 def test_no_auth_request_bind_pfc_MAYBE(self):
234 return self._test_no_auth_request_bind_pfc_flags(
236 dcerpc.DCERPC_PFC_FLAG_MAYBE |
239 dcerpc.DCERPC_PFC_FLAG_FIRST |
240 dcerpc.DCERPC_PFC_FLAG_LAST)
242 def test_no_auth_request_bind_pfc_OBJECT_UUID(self):
243 return self._test_no_auth_request_bind_pfc_flags(
245 dcerpc.DCERPC_PFC_FLAG_OBJECT_UUID |
248 dcerpc.DCERPC_PFC_FLAG_FIRST |
249 dcerpc.DCERPC_PFC_FLAG_LAST)
251 # TODO: doesn't announce DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
252 # without authentication
253 # TODO: doesn't announce DCERPC_PFC_FLAG_CONC_MPX
255 def _test_no_auth_request_bind_pfc_ff(self):
256 return self._test_no_auth_request_bind_pfc_flags(
261 dcerpc.DCERPC_PFC_FLAG_FIRST |
262 dcerpc.DCERPC_PFC_FLAG_LAST |
263 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN |
264 dcerpc.DCERPC_PFC_FLAG_CONC_MPX)
266 def test_no_auth_request_alter_pfc_00(self):
267 return self._test_no_auth_request_alter_pfc_flags(
271 dcerpc.DCERPC_PFC_FLAG_FIRST |
272 dcerpc.DCERPC_PFC_FLAG_LAST)
274 def test_no_auth_request_alter_pfc_FIRST(self):
275 return self._test_no_auth_request_alter_pfc_flags(
277 dcerpc.DCERPC_PFC_FLAG_FIRST |
280 dcerpc.DCERPC_PFC_FLAG_FIRST |
281 dcerpc.DCERPC_PFC_FLAG_LAST)
283 def test_no_auth_request_alter_pfc_LAST(self):
284 return self._test_no_auth_request_alter_pfc_flags(
286 dcerpc.DCERPC_PFC_FLAG_LAST |
289 dcerpc.DCERPC_PFC_FLAG_FIRST |
290 dcerpc.DCERPC_PFC_FLAG_LAST)
292 # TODO: doesn't announce DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
293 # without authentication
294 def _test_no_auth_request_alter_pfc_HDR_SIGNING(self):
295 return self._test_no_auth_request_alter_pfc_flags(
297 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN |
300 dcerpc.DCERPC_PFC_FLAG_FIRST |
301 dcerpc.DCERPC_PFC_FLAG_LAST |
302 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)
304 def test_no_auth_request_alter_pfc_08(self):
305 return self._test_no_auth_request_alter_pfc_flags(
310 dcerpc.DCERPC_PFC_FLAG_FIRST |
311 dcerpc.DCERPC_PFC_FLAG_LAST)
313 def test_no_auth_request_alter_pfc_CONC_MPX(self):
314 return self._test_no_auth_request_alter_pfc_flags(
316 dcerpc.DCERPC_PFC_FLAG_CONC_MPX |
319 dcerpc.DCERPC_PFC_FLAG_FIRST |
320 dcerpc.DCERPC_PFC_FLAG_LAST)
322 def test_no_auth_request_alter_pfc_DID_NOT_EXECUTE(self):
323 return self._test_no_auth_request_alter_pfc_flags(
325 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE |
328 dcerpc.DCERPC_PFC_FLAG_FIRST |
329 dcerpc.DCERPC_PFC_FLAG_LAST)
331 def test_no_auth_request_alter_pfc_MAYBE(self):
332 return self._test_no_auth_request_alter_pfc_flags(
334 dcerpc.DCERPC_PFC_FLAG_MAYBE |
337 dcerpc.DCERPC_PFC_FLAG_FIRST |
338 dcerpc.DCERPC_PFC_FLAG_LAST)
340 def test_no_auth_request_alter_pfc_OBJECT_UUID(self):
341 return self._test_no_auth_request_alter_pfc_flags(
343 dcerpc.DCERPC_PFC_FLAG_OBJECT_UUID |
346 dcerpc.DCERPC_PFC_FLAG_FIRST |
347 dcerpc.DCERPC_PFC_FLAG_LAST)
349 # TODO: doesn't announce DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
350 # without authentication
351 def _test_no_auth_request_alter_pfc_ff(self):
352 return self._test_no_auth_request_alter_pfc_flags(
357 dcerpc.DCERPC_PFC_FLAG_FIRST |
358 dcerpc.DCERPC_PFC_FLAG_LAST |
359 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)
361 def test_no_auth_no_ctx(self):
362 # send an useless bind
363 req = self.generate_bind(call_id=0)
365 rep = self.recv_pdu()
366 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
368 self.assertEquals(rep.u.reject_reason,
369 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
370 self.assertEquals(rep.u.num_versions, 1)
371 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
372 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
373 self.assertEquals(len(rep.u._pad), 3)
374 self.assertEquals(rep.u._pad, '\0' * 3)
376 def test_invalid_auth_noctx(self):
377 req = self.generate_bind(call_id=0)
378 req.auth_length = dcerpc.DCERPC_AUTH_TRAILER_LENGTH
380 rep = self.recv_pdu()
381 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
383 self.assertEquals(rep.u.reject_reason,
384 dcerpc.DCERPC_BIND_NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED)
385 self.assertEquals(rep.u.num_versions, 1)
386 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
387 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
388 self.assertEquals(len(rep.u._pad), 3)
389 self.assertEquals(rep.u._pad, '\0' * 3)
391 def test_no_auth_valid_valid_request(self):
392 ndr32 = base.transfer_syntax_ndr()
395 ctx1 = dcerpc.ctx_list()
397 ctx1.num_transfer_syntaxes = len(tsf1_list)
398 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
399 ctx1.transfer_syntaxes = tsf1_list
401 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
403 rep = self.recv_pdu()
404 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
406 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
407 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
408 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
409 self.assertEquals(rep.u.secondary_address_size, 4)
410 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
411 self.assertEquals(len(rep.u._pad1), 2)
412 self.assertEquals(rep.u._pad1, '\0' * 2)
413 self.assertEquals(rep.u.num_results, 1)
414 self.assertEquals(rep.u.ctx_list[0].result,
415 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
416 self.assertEquals(rep.u.ctx_list[0].reason,
417 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
418 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
419 self.assertEquals(rep.u.auth_info, '\0' * 0)
423 ctx2 = dcerpc.ctx_list()
425 ctx2.num_transfer_syntaxes = len(tsf2_list)
426 ctx2.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
427 ctx2.transfer_syntaxes = tsf2_list
429 req = self.generate_bind(call_id=1, ctx_list=[ctx2])
431 rep = self.recv_pdu()
432 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
434 self.assertEquals(rep.u.reject_reason,
435 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
436 self.assertEquals(rep.u.num_versions, 1)
437 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
438 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
439 self.assertEquals(len(rep.u._pad), 3)
440 self.assertEquals(rep.u._pad, '\0' * 3)
442 # wait for a disconnect
443 rep = self.recv_pdu()
444 self.assertIsNone(rep)
445 self.assertNotConnected()
447 def test_no_auth_invalid_valid_request(self):
448 # send an useless bind
449 req = self.generate_bind(call_id=0)
451 rep = self.recv_pdu()
452 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
454 self.assertEquals(rep.u.reject_reason,
455 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
456 self.assertEquals(rep.u.num_versions, 1)
457 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
458 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
459 self.assertEquals(len(rep.u._pad), 3)
460 self.assertEquals(rep.u._pad, '\0' * 3)
462 # wait for a disconnect
463 rep = self.recv_pdu()
464 self.assertIsNone(rep)
465 self.assertNotConnected()
467 def test_alter_no_auth_no_ctx(self):
468 ndr32 = base.transfer_syntax_ndr()
471 ctx1 = dcerpc.ctx_list()
473 ctx1.num_transfer_syntaxes = len(tsf1_list)
474 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
475 ctx1.transfer_syntaxes = tsf1_list
477 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
479 rep = self.recv_pdu()
480 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
482 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
483 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
484 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
485 self.assertEquals(rep.u.secondary_address_size, 4)
486 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
487 self.assertEquals(len(rep.u._pad1), 2)
488 self.assertEquals(rep.u._pad1, '\0' * 2)
489 self.assertEquals(rep.u.num_results, 1)
490 self.assertEquals(rep.u.ctx_list[0].result,
491 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
492 self.assertEquals(rep.u.ctx_list[0].reason,
493 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
494 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
495 self.assertEquals(rep.u.auth_info, '\0' * 0)
498 req = self.generate_alter(call_id=1, ctx_list=[])
500 rep = self.recv_pdu()
501 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
502 pfc_flags=req.pfc_flags |
503 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
505 self.assertNotEquals(rep.u.alloc_hint, 0)
506 self.assertEquals(rep.u.context_id, 0)
507 self.assertEquals(rep.u.cancel_count, 0)
508 self.assertEquals(rep.u.flags, 0)
509 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
510 self.assertEquals(rep.u.reserved, 0)
511 self.assertEquals(len(rep.u.error_and_verifier), 0)
513 # wait for a disconnect
514 rep = self.recv_pdu()
515 self.assertIsNone(rep)
516 self.assertNotConnected()
518 def test_no_auth_presentation_ctx_valid1(self):
519 ndr32 = base.transfer_syntax_ndr()
521 zero_syntax = misc.ndr_syntax_id()
523 tsf1_list = [zero_syntax, ndr32]
524 ctx1 = dcerpc.ctx_list()
526 ctx1.num_transfer_syntaxes = len(tsf1_list)
527 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
528 ctx1.transfer_syntaxes = tsf1_list
530 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
532 rep = self.recv_pdu()
533 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
535 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
536 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
537 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
538 self.assertEquals(rep.u.secondary_address_size, 4)
539 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
540 self.assertEquals(len(rep.u._pad1), 2)
541 self.assertEquals(rep.u._pad1, '\0' * 2)
542 self.assertEquals(rep.u.num_results, 1)
543 self.assertEquals(rep.u.ctx_list[0].result,
544 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
545 self.assertEquals(rep.u.ctx_list[0].reason,
546 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
547 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
548 self.assertEquals(rep.u.auth_info, '\0' * 0)
551 req = self.generate_alter(call_id=1, ctx_list=[ctx1])
553 rep = self.recv_pdu()
554 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
556 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
557 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
558 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
559 self.assertEquals(rep.u.secondary_address_size, 0)
560 self.assertEquals(len(rep.u._pad1), 2)
561 #self.assertEquals(rep.u._pad1, '\0' * 2)
562 self.assertEquals(rep.u.num_results, 1)
563 self.assertEquals(rep.u.ctx_list[0].result,
564 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
565 self.assertEquals(rep.u.ctx_list[0].reason,
566 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
567 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
568 self.assertEquals(rep.u.auth_info, '\0' * 0)
570 req = self.generate_request(call_id = 2,
571 context_id=ctx1.context_id,
575 rep = self.recv_pdu()
576 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
577 pfc_flags=req.pfc_flags |
578 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
580 self.assertNotEquals(rep.u.alloc_hint, 0)
581 self.assertEquals(rep.u.context_id, ctx1.context_id)
582 self.assertEquals(rep.u.cancel_count, 0)
583 self.assertEquals(rep.u.flags, 0)
584 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_OP_RNG_ERROR)
585 self.assertEquals(rep.u.reserved, 0)
586 self.assertEquals(len(rep.u.error_and_verifier), 0)
588 def test_no_auth_presentation_ctx_invalid1(self):
589 ndr32 = base.transfer_syntax_ndr()
591 zero_syntax = misc.ndr_syntax_id()
594 ctx1 = dcerpc.ctx_list()
596 ctx1.num_transfer_syntaxes = len(tsf1_list)
597 ctx1.abstract_syntax = ndr32
598 ctx1.transfer_syntaxes = tsf1_list
600 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
602 rep = self.recv_pdu()
603 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
605 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
606 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
607 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
608 self.assertEquals(rep.u.secondary_address_size, 4)
609 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
610 self.assertEquals(len(rep.u._pad1), 2)
611 self.assertEquals(rep.u._pad1, '\0' * 2)
612 self.assertEquals(rep.u.num_results, 1)
613 self.assertEquals(rep.u.ctx_list[0].result,
614 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
615 self.assertEquals(rep.u.ctx_list[0].reason,
616 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
617 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
618 self.assertEquals(rep.u.auth_info, '\0' * 0)
621 req = self.generate_alter(call_id=1, ctx_list=[ctx1])
623 rep = self.recv_pdu()
624 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
626 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
627 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
628 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
629 self.assertEquals(rep.u.secondary_address_size, 0)
630 self.assertEquals(len(rep.u._pad1), 2)
631 #self.assertEquals(rep.u._pad1, '\0' * 2)
632 self.assertEquals(rep.u.num_results, 1)
633 self.assertEquals(rep.u.ctx_list[0].result,
634 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
635 self.assertEquals(rep.u.ctx_list[0].reason,
636 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
637 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
638 self.assertEquals(rep.u.auth_info, '\0' * 0)
640 req = self.generate_request(call_id = 2,
645 rep = self.recv_pdu()
646 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
647 pfc_flags=req.pfc_flags |
648 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
650 self.assertNotEquals(rep.u.alloc_hint, 0)
651 self.assertEquals(rep.u.context_id, 0)
652 self.assertEquals(rep.u.cancel_count, 0)
653 self.assertEquals(rep.u.flags, 0)
654 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_UNKNOWN_IF)
655 self.assertEquals(rep.u.reserved, 0)
656 self.assertEquals(len(rep.u.error_and_verifier), 0)
658 # Send a alter again to prove the connection is still alive
659 req = self.generate_alter(call_id=3, ctx_list=[ctx1])
661 rep = self.recv_pdu()
662 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
664 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
665 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
666 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
667 self.assertEquals(rep.u.secondary_address_size, 0)
668 self.assertEquals(len(rep.u._pad1), 2)
669 #self.assertEquals(rep.u._pad1, '\0' * 2)
670 self.assertEquals(rep.u.num_results, 1)
671 self.assertEquals(rep.u.ctx_list[0].result,
672 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
673 self.assertEquals(rep.u.ctx_list[0].reason,
674 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
675 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
676 self.assertEquals(rep.u.auth_info, '\0' * 0)
678 def test_no_auth_presentation_ctx_invalid2(self):
679 ndr32 = base.transfer_syntax_ndr()
681 zero_syntax = misc.ndr_syntax_id()
684 ctx1a = dcerpc.ctx_list()
686 ctx1a.num_transfer_syntaxes = len(tsf1a_list)
687 ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
688 ctx1a.transfer_syntaxes = tsf1a_list
690 req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
692 rep = self.recv_pdu()
693 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
695 self.assertEquals(rep.u.reject_reason,
696 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
697 self.assertEquals(rep.u.num_versions, 1)
698 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
699 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
700 self.assertEquals(len(rep.u._pad), 3)
701 self.assertEquals(rep.u._pad, '\0' * 3)
703 # wait for a disconnect
704 rep = self.recv_pdu()
705 self.assertIsNone(rep)
706 self.assertNotConnected()
708 def test_no_auth_presentation_ctx_invalid3(self):
709 ndr32 = base.transfer_syntax_ndr()
711 zero_syntax = misc.ndr_syntax_id()
713 tsf1a_list = [zero_syntax, ndr32, ndr32, ndr32]
714 ctx1a = dcerpc.ctx_list()
716 ctx1a.num_transfer_syntaxes = len(tsf1a_list)
717 ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
718 ctx1a.transfer_syntaxes = tsf1a_list
720 req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
722 rep = self.recv_pdu()
723 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
725 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
726 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
727 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
728 self.assertEquals(rep.u.secondary_address_size, 4)
729 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
730 self.assertEquals(len(rep.u._pad1), 2)
731 self.assertEquals(rep.u._pad1, '\0' * 2)
732 self.assertEquals(rep.u.num_results, 1)
733 self.assertEquals(rep.u.ctx_list[0].result,
734 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
735 self.assertEquals(rep.u.ctx_list[0].reason,
736 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
737 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
738 self.assertEquals(rep.u.auth_info, '\0' * 0)
741 ctx1b = dcerpc.ctx_list()
743 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
744 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
745 ctx1b.transfer_syntaxes = tsf1b_list
748 req = self.generate_alter(call_id=1, ctx_list=[ctx1b])
750 rep = self.recv_pdu()
751 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
752 pfc_flags=req.pfc_flags |
753 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
755 self.assertNotEquals(rep.u.alloc_hint, 0)
756 self.assertEquals(rep.u.context_id, 0)
757 self.assertEquals(rep.u.cancel_count, 0)
758 self.assertEquals(rep.u.flags, 0)
759 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
760 self.assertEquals(rep.u.reserved, 0)
761 self.assertEquals(len(rep.u.error_and_verifier), 0)
763 # wait for a disconnect
764 rep = self.recv_pdu()
765 self.assertIsNone(rep)
766 self.assertNotConnected()
768 def test_no_auth_presentation_ctx_invalid4(self):
769 ndr32 = base.transfer_syntax_ndr()
770 ndr64 = base.transfer_syntax_ndr64()
772 zero_syntax = misc.ndr_syntax_id()
774 tsf1a_list = [zero_syntax, ndr32, ndr32, ndr32]
775 ctx1a = dcerpc.ctx_list()
777 ctx1a.num_transfer_syntaxes = len(tsf1a_list)
778 ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
779 ctx1a.transfer_syntaxes = tsf1a_list
781 req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
783 rep = self.recv_pdu()
784 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
786 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
787 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
788 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
789 self.assertEquals(rep.u.secondary_address_size, 4)
790 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
791 self.assertEquals(len(rep.u._pad1), 2)
792 self.assertEquals(rep.u._pad1, '\0' * 2)
793 self.assertEquals(rep.u.num_results, 1)
794 self.assertEquals(rep.u.ctx_list[0].result,
795 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
796 self.assertEquals(rep.u.ctx_list[0].reason,
797 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
798 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
799 self.assertEquals(rep.u.auth_info, '\0' * 0)
801 # With a known but wrong syntax we get a protocol error
802 # see test_no_auth_presentation_ctx_valid2
803 tsf1b_list = [zero_syntax,samba.dcerpc.epmapper.abstract_syntax(),ndr64]
804 ctx1b = dcerpc.ctx_list()
806 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
807 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
808 ctx1b.transfer_syntaxes = tsf1b_list
811 req = self.generate_alter(call_id=1, ctx_list=[ctx1b])
813 rep = self.recv_pdu()
814 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
815 pfc_flags=req.pfc_flags |
816 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
818 self.assertNotEquals(rep.u.alloc_hint, 0)
819 self.assertEquals(rep.u.context_id, 0)
820 self.assertEquals(rep.u.cancel_count, 0)
821 self.assertEquals(rep.u.flags, 0)
822 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
823 self.assertEquals(rep.u.reserved, 0)
824 self.assertEquals(len(rep.u.error_and_verifier), 0)
826 # wait for a disconnect
827 rep = self.recv_pdu()
828 self.assertIsNone(rep)
829 self.assertNotConnected()
831 def test_no_auth_presentation_ctx_valid2(self):
832 ndr32 = base.transfer_syntax_ndr()
834 zero_syntax = misc.ndr_syntax_id()
836 tsf1a_list = [zero_syntax, ndr32, ndr32, ndr32]
837 ctx1a = dcerpc.ctx_list()
839 ctx1a.num_transfer_syntaxes = len(tsf1a_list)
840 ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
841 ctx1a.transfer_syntaxes = tsf1a_list
843 req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
845 rep = self.recv_pdu()
846 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
848 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
849 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
850 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
851 self.assertEquals(rep.u.secondary_address_size, 4)
852 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
853 self.assertEquals(len(rep.u._pad1), 2)
854 self.assertEquals(rep.u._pad1, '\0' * 2)
855 self.assertEquals(rep.u.num_results, 1)
856 self.assertEquals(rep.u.ctx_list[0].result,
857 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
858 self.assertEquals(rep.u.ctx_list[0].reason,
859 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
860 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
861 self.assertEquals(rep.u.auth_info, '\0' * 0)
863 # With a unknown but wrong syntaxes we get NO protocol error
864 # see test_no_auth_presentation_ctx_invalid4
865 tsf1b_list = [zero_syntax,samba.dcerpc.epmapper.abstract_syntax()]
866 ctx1b = dcerpc.ctx_list()
868 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
869 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
870 ctx1b.transfer_syntaxes = tsf1b_list
873 req = self.generate_alter(call_id=1, ctx_list=[ctx1b])
875 rep = self.recv_pdu()
876 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
878 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
879 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
880 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
881 self.assertEquals(rep.u.secondary_address_size, 0)
882 self.assertEquals(len(rep.u._pad1), 2)
883 #self.assertEquals(rep.u._pad1, '\0' * 2)
884 self.assertEquals(rep.u.num_results, 1)
885 self.assertEquals(rep.u.ctx_list[0].result,
886 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
887 self.assertEquals(rep.u.ctx_list[0].reason,
888 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
889 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
890 self.assertEquals(rep.u.auth_info, '\0' * 0)
892 req = self.generate_request(call_id = 2,
893 context_id=ctx1a.context_id,
897 rep = self.recv_pdu()
898 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
899 pfc_flags=req.pfc_flags |
900 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
902 self.assertNotEquals(rep.u.alloc_hint, 0)
903 self.assertEquals(rep.u.context_id, ctx1a.context_id)
904 self.assertEquals(rep.u.cancel_count, 0)
905 self.assertEquals(rep.u.flags, 0)
906 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_OP_RNG_ERROR)
907 self.assertEquals(rep.u.reserved, 0)
908 self.assertEquals(len(rep.u.error_and_verifier), 0)
910 def test_no_auth_presentation_ctx_no_ndr64(self):
911 ndr32 = base.transfer_syntax_ndr()
912 zero_syntax = misc.ndr_syntax_id()
914 tsfZ_list = [zero_syntax]
915 ctxZ = dcerpc.ctx_list()
916 ctxZ.context_id = 54321
917 ctxZ.num_transfer_syntaxes = len(tsfZ_list)
918 ctxZ.abstract_syntax = zero_syntax
919 ctxZ.transfer_syntaxes = tsfZ_list
921 req = self.generate_bind(call_id=0, ctx_list=[ctxZ])
923 rep = self.recv_pdu()
924 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
926 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
927 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
928 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
929 self.assertEquals(rep.u.secondary_address_size, 4)
930 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
931 self.assertEquals(len(rep.u._pad1), 2)
932 self.assertEquals(rep.u._pad1, '\0' * 2)
933 self.assertEquals(rep.u.num_results, 1)
934 self.assertEquals(rep.u.ctx_list[0].result,
935 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
936 self.assertEquals(rep.u.ctx_list[0].reason,
937 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
938 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
939 self.assertEquals(rep.u.auth_info, '\0' * 0)
942 ctx0 = dcerpc.ctx_list()
944 ctx0.num_transfer_syntaxes = len(tsf0_list)
945 ctx0.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
946 ctx0.transfer_syntaxes = tsf0_list
948 req = self.generate_alter(call_id=0, ctx_list=[ctx0])
950 rep = self.recv_pdu()
951 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
953 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
954 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
955 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
956 self.assertEquals(rep.u.secondary_address_size, 0)
957 self.assertEquals(len(rep.u._pad1), 2)
958 #self.assertEquals(rep.u._pad1, '\0' * 2)
959 self.assertEquals(rep.u.num_results, 1)
960 self.assertEquals(rep.u.ctx_list[0].result,
961 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
962 self.assertEquals(rep.u.ctx_list[0].reason,
963 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
964 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
965 self.assertEquals(rep.u.auth_info, '\0' * 0)
967 req = self.generate_request(call_id = 1,
968 context_id=ctx0.context_id,
972 rep = self.recv_pdu()
973 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
975 self.assertNotEquals(rep.u.alloc_hint, 0)
976 self.assertEquals(rep.u.context_id, req.u.context_id)
977 self.assertEquals(rep.u.cancel_count, 0)
978 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
980 tsf1_list = [zero_syntax,ndr32]
981 ctx1 = dcerpc.ctx_list()
983 ctx1.num_transfer_syntaxes = len(tsf1_list)
984 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
985 ctx1.transfer_syntaxes = tsf1_list
987 req = self.generate_alter(call_id=1, ctx_list=[ctx1])
989 rep = self.recv_pdu()
990 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
992 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
993 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
994 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
995 self.assertEquals(rep.u.secondary_address_size, 0)
996 self.assertEquals(len(rep.u._pad1), 2)
997 #self.assertEquals(rep.u._pad1, '\0' * 2)
998 self.assertEquals(rep.u.num_results, 1)
999 self.assertEquals(rep.u.ctx_list[0].result,
1000 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1001 self.assertEquals(rep.u.ctx_list[0].reason,
1002 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1003 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1004 self.assertEquals(rep.u.auth_info, '\0' * 0)
1006 req = self.generate_request(call_id = 1,
1007 context_id=ctx1.context_id,
1011 rep = self.recv_pdu()
1012 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1014 self.assertNotEquals(rep.u.alloc_hint, 0)
1015 self.assertEquals(rep.u.context_id, req.u.context_id)
1016 self.assertEquals(rep.u.cancel_count, 0)
1017 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1019 tsf2_list = [ndr32,ndr32]
1020 ctx2 = dcerpc.ctx_list()
1022 ctx2.num_transfer_syntaxes = len(tsf2_list)
1023 ctx2.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1024 ctx2.transfer_syntaxes = tsf2_list
1026 req = self.generate_alter(call_id=2, ctx_list=[ctx2])
1028 rep = self.recv_pdu()
1029 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1031 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1032 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1033 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1034 self.assertEquals(rep.u.secondary_address_size, 0)
1035 self.assertEquals(len(rep.u._pad1), 2)
1036 #self.assertEquals(rep.u._pad1, '\0' * 2)
1037 self.assertEquals(rep.u.num_results, 1)
1038 self.assertEquals(rep.u.ctx_list[0].result,
1039 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1040 self.assertEquals(rep.u.ctx_list[0].reason,
1041 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1042 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1043 self.assertEquals(rep.u.auth_info, '\0' * 0)
1045 req = self.generate_request(call_id = 1,
1046 context_id=ctx2.context_id,
1050 rep = self.recv_pdu()
1051 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1053 self.assertNotEquals(rep.u.alloc_hint, 0)
1054 self.assertEquals(rep.u.context_id, req.u.context_id)
1055 self.assertEquals(rep.u.cancel_count, 0)
1056 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1059 ctx3 = dcerpc.ctx_list()
1061 ctx3.num_transfer_syntaxes = len(tsf3_list)
1062 ctx3.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1063 ctx3.transfer_syntaxes = tsf3_list
1066 ctx4 = dcerpc.ctx_list()
1068 ctx4.num_transfer_syntaxes = len(tsf4_list)
1069 ctx4.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1070 ctx4.transfer_syntaxes = tsf4_list
1072 req = self.generate_alter(call_id=34, ctx_list=[ctx3,ctx4])
1074 rep = self.recv_pdu()
1075 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1077 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1078 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1079 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1080 self.assertEquals(rep.u.secondary_address_size, 0)
1081 self.assertEquals(len(rep.u._pad1), 2)
1082 #self.assertEquals(rep.u._pad1, '\0' * 2)
1083 self.assertEquals(rep.u.num_results, 2)
1084 self.assertEquals(rep.u.ctx_list[0].result,
1085 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1086 self.assertEquals(rep.u.ctx_list[0].reason,
1087 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1088 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1089 self.assertEquals(rep.u.ctx_list[1].result,
1090 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1091 self.assertEquals(rep.u.ctx_list[1].reason,
1092 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1093 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1094 self.assertEquals(rep.u.auth_info, '\0' * 0)
1096 req = self.generate_request(call_id = 1,
1097 context_id=ctx3.context_id,
1101 rep = self.recv_pdu()
1102 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1104 self.assertNotEquals(rep.u.alloc_hint, 0)
1105 self.assertEquals(rep.u.context_id, req.u.context_id)
1106 self.assertEquals(rep.u.cancel_count, 0)
1107 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1109 req = self.generate_alter(call_id=43, ctx_list=[ctx4,ctx3])
1111 rep = self.recv_pdu()
1112 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1114 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1115 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1116 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1117 self.assertEquals(rep.u.secondary_address_size, 0)
1118 self.assertEquals(len(rep.u._pad1), 2)
1119 #self.assertEquals(rep.u._pad1, '\0' * 2)
1120 self.assertEquals(rep.u.num_results, 2)
1121 self.assertEquals(rep.u.ctx_list[0].result,
1122 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1123 self.assertEquals(rep.u.ctx_list[0].reason,
1124 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1125 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1126 self.assertEquals(rep.u.ctx_list[1].result,
1127 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1128 self.assertEquals(rep.u.ctx_list[1].reason,
1129 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1130 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1131 self.assertEquals(rep.u.auth_info, '\0' * 0)
1133 req = self.generate_request(call_id = 1,
1134 context_id=ctx4.context_id,
1138 rep = self.recv_pdu()
1139 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1141 self.assertNotEquals(rep.u.alloc_hint, 0)
1142 self.assertEquals(rep.u.context_id, req.u.context_id)
1143 self.assertEquals(rep.u.cancel_count, 0)
1144 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1146 req = self.generate_request(call_id = 1,
1147 context_id=ctx3.context_id,
1151 rep = self.recv_pdu()
1152 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1154 self.assertNotEquals(rep.u.alloc_hint, 0)
1155 self.assertEquals(rep.u.context_id, req.u.context_id)
1156 self.assertEquals(rep.u.cancel_count, 0)
1157 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1159 req = self.generate_alter(call_id=44, ctx_list=[ctx4,ctx4])
1161 rep = self.recv_pdu()
1162 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1164 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1165 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1166 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1167 self.assertEquals(rep.u.secondary_address_size, 0)
1168 self.assertEquals(len(rep.u._pad1), 2)
1169 #self.assertEquals(rep.u._pad1, '\0' * 2)
1170 self.assertEquals(rep.u.num_results, 2)
1171 self.assertEquals(rep.u.ctx_list[0].result,
1172 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1173 self.assertEquals(rep.u.ctx_list[0].reason,
1174 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1175 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1176 self.assertEquals(rep.u.ctx_list[1].result,
1177 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1178 self.assertEquals(rep.u.ctx_list[1].reason,
1179 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1180 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1181 self.assertEquals(rep.u.auth_info, '\0' * 0)
1183 req = self.generate_request(call_id = 1,
1184 context_id=ctx4.context_id,
1188 rep = self.recv_pdu()
1189 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1191 self.assertNotEquals(rep.u.alloc_hint, 0)
1192 self.assertEquals(rep.u.context_id, req.u.context_id)
1193 self.assertEquals(rep.u.cancel_count, 0)
1194 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1196 req = self.generate_request(call_id = 1,
1197 context_id=ctx3.context_id,
1201 rep = self.recv_pdu()
1202 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1204 self.assertNotEquals(rep.u.alloc_hint, 0)
1205 self.assertEquals(rep.u.context_id, req.u.context_id)
1206 self.assertEquals(rep.u.cancel_count, 0)
1207 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1209 tsf5mgmt_list = [ndr32]
1210 ctx5mgmt = dcerpc.ctx_list()
1211 ctx5mgmt.context_id = 5
1212 ctx5mgmt.num_transfer_syntaxes = len(tsf5mgmt_list)
1213 ctx5mgmt.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1214 ctx5mgmt.transfer_syntaxes = tsf5mgmt_list
1216 tsf5epm_list = [ndr32]
1217 ctx5epm = dcerpc.ctx_list()
1218 ctx5epm.context_id = 5
1219 ctx5epm.num_transfer_syntaxes = len(tsf5epm_list)
1220 ctx5epm.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1221 ctx5epm.transfer_syntaxes = tsf5epm_list
1223 req = self.generate_alter(call_id=55, ctx_list=[ctx5mgmt,ctx5epm])
1225 rep = self.recv_pdu()
1226 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1228 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1229 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1230 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1231 self.assertEquals(rep.u.secondary_address_size, 0)
1232 self.assertEquals(len(rep.u._pad1), 2)
1233 #self.assertEquals(rep.u._pad1, '\0' * 2)
1234 self.assertEquals(rep.u.num_results, 2)
1235 self.assertEquals(rep.u.ctx_list[0].result,
1236 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1237 self.assertEquals(rep.u.ctx_list[0].reason,
1238 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1239 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1240 self.assertEquals(rep.u.ctx_list[1].result,
1241 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1242 self.assertEquals(rep.u.ctx_list[1].reason,
1243 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1244 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1245 self.assertEquals(rep.u.auth_info, '\0' * 0)
1247 req = self.generate_request(call_id = 1,
1248 context_id=ctx5mgmt.context_id,
1252 rep = self.recv_pdu()
1253 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1255 self.assertNotEquals(rep.u.alloc_hint, 0)
1256 self.assertEquals(rep.u.context_id, req.u.context_id)
1257 self.assertEquals(rep.u.cancel_count, 0)
1258 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1260 req = self.generate_alter(call_id=55, ctx_list=[ctx5mgmt,ctx5epm])
1262 rep = self.recv_pdu()
1263 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1265 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1266 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1267 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1268 self.assertEquals(rep.u.secondary_address_size, 0)
1269 self.assertEquals(len(rep.u._pad1), 2)
1270 #self.assertEquals(rep.u._pad1, '\0' * 2)
1271 self.assertEquals(rep.u.num_results, 2)
1272 self.assertEquals(rep.u.ctx_list[0].result,
1273 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1274 self.assertEquals(rep.u.ctx_list[0].reason,
1275 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1276 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1277 self.assertEquals(rep.u.ctx_list[1].result,
1278 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1279 self.assertEquals(rep.u.ctx_list[1].reason,
1280 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1281 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1282 self.assertEquals(rep.u.auth_info, '\0' * 0)
1284 req = self.generate_request(call_id = 1,
1285 context_id=ctx5mgmt.context_id,
1289 rep = self.recv_pdu()
1290 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1292 self.assertNotEquals(rep.u.alloc_hint, 0)
1293 self.assertEquals(rep.u.context_id, req.u.context_id)
1294 self.assertEquals(rep.u.cancel_count, 0)
1295 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1297 def test_no_auth_bind_time_none_simple(self):
1299 btf = base.bind_time_features_syntax(features)
1301 zero_syntax = misc.ndr_syntax_id()
1304 ctx1 = dcerpc.ctx_list()
1306 ctx1.num_transfer_syntaxes = len(tsf1_list)
1307 ctx1.abstract_syntax = zero_syntax
1308 ctx1.transfer_syntaxes = tsf1_list
1310 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1312 rep = self.recv_pdu()
1313 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1315 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1316 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1317 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1318 self.assertEquals(rep.u.secondary_address_size, 4)
1319 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1320 self.assertEquals(len(rep.u._pad1), 2)
1321 self.assertEquals(rep.u._pad1, '\0' * 2)
1322 self.assertEquals(rep.u.num_results, 1)
1323 self.assertEquals(rep.u.ctx_list[0].result,
1324 dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1325 self.assertEquals(rep.u.ctx_list[0].reason, features)
1326 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1327 self.assertEquals(rep.u.auth_info, '\0' * 0)
1329 def test_no_auth_bind_time_none_ignore_additional(self):
1331 btf1 = base.bind_time_features_syntax(features1)
1333 features2 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1334 features2 |= dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1335 btf2 = base.bind_time_features_syntax(features2)
1337 zero_syntax = misc.ndr_syntax_id()
1338 ndr64 = base.transfer_syntax_ndr64()
1340 tsf1_list = [btf1,btf2,zero_syntax]
1341 ctx1 = dcerpc.ctx_list()
1343 ctx1.num_transfer_syntaxes = len(tsf1_list)
1344 ctx1.abstract_syntax = ndr64
1345 ctx1.transfer_syntaxes = tsf1_list
1347 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1349 rep = self.recv_pdu()
1350 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1352 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1353 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1354 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1355 self.assertEquals(rep.u.secondary_address_size, 4)
1356 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1357 self.assertEquals(len(rep.u._pad1), 2)
1358 self.assertEquals(rep.u._pad1, '\0' * 2)
1359 self.assertEquals(rep.u.num_results, 1)
1360 self.assertEquals(rep.u.ctx_list[0].result,
1361 dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1362 self.assertEquals(rep.u.ctx_list[0].reason, features1)
1363 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1364 self.assertEquals(rep.u.auth_info, '\0' * 0)
1366 def test_no_auth_bind_time_only_first(self):
1367 features1 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1368 btf1 = base.bind_time_features_syntax(features1)
1370 features2 = dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1371 btf2 = base.bind_time_features_syntax(features2)
1373 zero_syntax = misc.ndr_syntax_id()
1375 tsf1_list = [zero_syntax,btf1,btf2,zero_syntax]
1376 ctx1 = dcerpc.ctx_list()
1378 ctx1.num_transfer_syntaxes = len(tsf1_list)
1379 ctx1.abstract_syntax = zero_syntax
1380 ctx1.transfer_syntaxes = tsf1_list
1382 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1384 rep = self.recv_pdu()
1385 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1387 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1388 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1389 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1390 self.assertEquals(rep.u.secondary_address_size, 4)
1391 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1392 self.assertEquals(len(rep.u._pad1), 2)
1393 self.assertEquals(rep.u._pad1, '\0' * 2)
1394 self.assertEquals(rep.u.num_results, 1)
1395 self.assertEquals(rep.u.ctx_list[0].result,
1396 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1397 self.assertEquals(rep.u.ctx_list[0].reason,
1398 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
1399 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1400 self.assertEquals(rep.u.auth_info, '\0' * 0)
1402 def test_no_auth_bind_time_twice(self):
1403 features1 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1404 btf1 = base.bind_time_features_syntax(features1)
1406 features2 = dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1407 btf2 = base.bind_time_features_syntax(features2)
1409 zero_syntax = misc.ndr_syntax_id()
1412 ctx1 = dcerpc.ctx_list()
1414 ctx1.num_transfer_syntaxes = len(tsf1_list)
1415 ctx1.abstract_syntax = zero_syntax
1416 ctx1.transfer_syntaxes = tsf1_list
1419 ctx2 = dcerpc.ctx_list()
1421 ctx2.num_transfer_syntaxes = len(tsf2_list)
1422 ctx2.abstract_syntax = zero_syntax
1423 ctx2.transfer_syntaxes = tsf2_list
1425 req = self.generate_bind(call_id=0, ctx_list=[ctx1,ctx2])
1427 rep = self.recv_pdu()
1428 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
1430 self.assertEquals(rep.u.reject_reason,
1431 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1432 self.assertEquals(rep.u.num_versions, 1)
1433 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
1434 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
1435 self.assertEquals(len(rep.u._pad), 3)
1436 self.assertEquals(rep.u._pad, '\0' * 3)
1438 # wait for a disconnect
1439 rep = self.recv_pdu()
1440 self.assertIsNone(rep)
1441 self.assertNotConnected()
1443 def test_no_auth_bind_time_keep_on_orphan_simple(self):
1444 features = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1445 btf = base.bind_time_features_syntax(features)
1447 zero_syntax = misc.ndr_syntax_id()
1450 ctx1 = dcerpc.ctx_list()
1452 ctx1.num_transfer_syntaxes = len(tsf1_list)
1453 ctx1.abstract_syntax = zero_syntax
1454 ctx1.transfer_syntaxes = tsf1_list
1456 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1458 rep = self.recv_pdu()
1459 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1461 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1462 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1463 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1464 self.assertEquals(rep.u.secondary_address_size, 4)
1465 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1466 self.assertEquals(len(rep.u._pad1), 2)
1467 self.assertEquals(rep.u._pad1, '\0' * 2)
1468 self.assertEquals(rep.u.num_results, 1)
1469 self.assertEquals(rep.u.ctx_list[0].result,
1470 dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1471 self.assertEquals(rep.u.ctx_list[0].reason, features)
1472 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1473 self.assertEquals(rep.u.auth_info, '\0' * 0)
1475 def test_no_auth_bind_time_keep_on_orphan_ignore_additional(self):
1476 features1 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1477 btf1 = base.bind_time_features_syntax(features1)
1479 features2 = dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1480 btf2 = base.bind_time_features_syntax(features2)
1482 zero_syntax = misc.ndr_syntax_id()
1483 ndr64 = base.transfer_syntax_ndr64()
1485 tsf1_list = [btf1,btf2,zero_syntax]
1486 ctx1 = dcerpc.ctx_list()
1488 ctx1.num_transfer_syntaxes = len(tsf1_list)
1489 ctx1.abstract_syntax = ndr64
1490 ctx1.transfer_syntaxes = tsf1_list
1492 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1494 rep = self.recv_pdu()
1495 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1497 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1498 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1499 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1500 self.assertEquals(rep.u.secondary_address_size, 4)
1501 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1502 self.assertEquals(len(rep.u._pad1), 2)
1503 self.assertEquals(rep.u._pad1, '\0' * 2)
1504 self.assertEquals(rep.u.num_results, 1)
1505 self.assertEquals(rep.u.ctx_list[0].result,
1506 dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1507 self.assertEquals(rep.u.ctx_list[0].reason, features1)
1508 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1509 self.assertEquals(rep.u.auth_info, '\0' * 0)
1511 def _test_auth_type_level_bind_nak(self, auth_type, auth_level, creds=None,
1512 reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_AUTH_TYPE):
1513 ndr32 = base.transfer_syntax_ndr()
1516 ctx1 = dcerpc.ctx_list()
1518 ctx1.num_transfer_syntaxes = len(tsf1_list)
1519 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1520 ctx1.transfer_syntaxes = tsf1_list
1525 if creds is not None:
1526 # We always start with DCERPC_AUTH_LEVEL_INTEGRITY
1527 auth_context = self.get_auth_context_creds(creds,
1528 auth_type=auth_type,
1529 auth_level=auth_level,
1530 auth_context_id=auth_context_id,
1531 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
1533 (finished, to_server) = auth_context["gensec"].update(from_server)
1534 self.assertFalse(finished)
1536 auth_info = self.generate_auth(auth_type=auth_context["auth_type"],
1537 auth_level=auth_context["auth_level"],
1538 auth_context_id=auth_context["auth_context_id"],
1539 auth_blob=to_server)
1542 auth_info = self.generate_auth(auth_type=auth_type,
1543 auth_level=auth_level,
1544 auth_context_id=auth_context_id,
1545 auth_blob=to_server)
1547 req = self.generate_bind(call_id=0,
1549 auth_info=auth_info)
1551 rep = self.recv_pdu()
1552 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
1554 self.assertEquals(rep.u.reject_reason, reason)
1555 self.assertEquals(rep.u.num_versions, 1)
1556 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
1557 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
1558 self.assertEquals(len(rep.u._pad), 3)
1559 self.assertEquals(rep.u._pad, '\0' * 3)
1561 # wait for a disconnect
1562 rep = self.recv_pdu()
1563 self.assertIsNone(rep)
1564 self.assertNotConnected()
1566 def _test_auth_none_level_bind(self, auth_level,
1567 reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_AUTH_TYPE):
1568 return self._test_auth_type_level_bind_nak(auth_type=dcerpc.DCERPC_AUTH_LEVEL_NONE,
1569 auth_level=auth_level, reason=reason)
1571 def test_auth_none_none_bind(self):
1572 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_NONE,
1573 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1575 def test_auth_none_connect_bind(self):
1576 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_CONNECT)
1578 def test_auth_none_call_bind(self):
1579 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_CALL)
1581 def test_auth_none_packet_bind(self):
1582 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_PACKET)
1584 def test_auth_none_integrity_bind(self):
1585 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
1587 def test_auth_none_privacy_bind(self):
1588 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_PRIVACY)
1590 def test_auth_none_0_bind(self):
1591 return self._test_auth_none_level_bind(0,
1592 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1594 def test_auth_none_7_bind(self):
1595 return self._test_auth_none_level_bind(7,
1596 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1598 def test_auth_none_255_bind(self):
1599 return self._test_auth_none_level_bind(255,
1600 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1602 def _test_auth_none_level_request(self, auth_level):
1603 ndr32 = base.transfer_syntax_ndr()
1606 ctx1 = dcerpc.ctx_list()
1608 ctx1.num_transfer_syntaxes = len(tsf1_list)
1609 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1610 ctx1.transfer_syntaxes = tsf1_list
1613 auth_type = dcerpc.DCERPC_AUTH_TYPE_NONE
1616 req = self.generate_bind(call_id=0,
1620 rep = self.recv_pdu()
1621 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
1622 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1623 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1624 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1625 self.assertEquals(rep.u.secondary_address_size, 4)
1626 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1627 self.assertEquals(len(rep.u._pad1), 2)
1628 self.assertEquals(rep.u._pad1, '\0' * 2)
1629 self.assertEquals(rep.u.num_results, 1)
1630 self.assertEquals(rep.u.ctx_list[0].result,
1631 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1632 self.assertEquals(rep.u.ctx_list[0].reason,
1633 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1634 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1635 self.assertEquals(len(rep.u.auth_info), 0)
1637 # And now try a request without auth_info
1638 req = self.generate_request(call_id = 2,
1639 context_id=ctx1.context_id,
1643 rep = self.recv_pdu()
1644 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1646 self.assertNotEquals(rep.u.alloc_hint, 0)
1647 self.assertEquals(rep.u.context_id, req.u.context_id)
1648 self.assertEquals(rep.u.cancel_count, 0)
1649 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1651 auth_info = self.generate_auth(auth_type=auth_type,
1652 auth_level=auth_level,
1653 auth_context_id=auth_context_id,
1656 req = self.generate_request(call_id = 3,
1657 context_id=ctx1.context_id,
1660 auth_info=auth_info)
1662 rep = self.recv_pdu()
1663 # We get a fault back
1664 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
1666 self.assertNotEquals(rep.u.alloc_hint, 0)
1667 self.assertEquals(rep.u.context_id, req.u.context_id)
1668 self.assertEquals(rep.u.cancel_count, 0)
1669 self.assertEquals(rep.u.flags, 0)
1670 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
1671 self.assertEquals(rep.u.reserved, 0)
1672 self.assertEquals(len(rep.u.error_and_verifier), 0)
1674 # wait for a disconnect
1675 rep = self.recv_pdu()
1676 self.assertIsNone(rep)
1677 self.assertNotConnected()
1679 def test_auth_none_none_request(self):
1680 return self._test_auth_none_level_request(dcerpc.DCERPC_AUTH_LEVEL_NONE)
1682 def test_auth_none_connect_request(self):
1683 return self._test_auth_none_level_request(dcerpc.DCERPC_AUTH_LEVEL_CONNECT)
1685 def test_auth_none_call_request(self):
1686 return self._test_auth_none_level_request(dcerpc.DCERPC_AUTH_LEVEL_CALL)
1688 def _test_neg_xmit_check_values(self,
1694 ndr32 = base.transfer_syntax_ndr()
1697 ctx1 = dcerpc.ctx_list()
1699 ctx1.num_transfer_syntaxes = len(tsf1_list)
1700 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1701 ctx1.transfer_syntaxes = tsf1_list
1703 req = self.generate_bind(call_id=0,
1704 max_xmit_frag=req_xmit,
1705 max_recv_frag=req_recv,
1708 rep = self.recv_pdu()
1709 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1711 self.assertEquals(rep.u.max_xmit_frag, rep_both)
1712 self.assertEquals(rep.u.max_recv_frag, rep_both)
1713 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1714 self.assertEquals(rep.u.secondary_address_size, 4)
1715 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1716 self.assertEquals(len(rep.u._pad1), 2)
1717 self.assertEquals(rep.u._pad1, '\0' * 2)
1718 self.assertEquals(rep.u.num_results, 1)
1719 self.assertEquals(rep.u.ctx_list[0].result,
1720 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1721 self.assertEquals(rep.u.ctx_list[0].reason,
1722 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1723 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1724 self.assertEquals(rep.u.auth_info, '\0' * 0)
1726 assoc_group_id = rep.u.assoc_group_id
1727 if alter_xmit is None:
1728 alter_xmit = rep_both - 8
1729 if alter_recv is None:
1730 alter_recv = rep_both - 8
1732 # max_{xmit,recv}_frag and assoc_group_id are completely
1733 # ignored in alter_context requests
1734 req = self.generate_alter(call_id=1,
1735 max_xmit_frag=alter_xmit,
1736 max_recv_frag=alter_recv,
1737 assoc_group_id=0xffffffff-rep.u.assoc_group_id,
1740 rep = self.recv_pdu()
1741 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1743 self.assertEquals(rep.u.max_xmit_frag, rep_both)
1744 self.assertEquals(rep.u.max_recv_frag, rep_both)
1745 self.assertEquals(rep.u.assoc_group_id, rep.u.assoc_group_id)
1746 self.assertEquals(rep.u.secondary_address_size, 0)
1747 self.assertEquals(len(rep.u._pad1), 2)
1748 #self.assertEquals(rep.u._pad1, '\0' * 2)
1749 self.assertEquals(rep.u.num_results, 1)
1750 self.assertEquals(rep.u.ctx_list[0].result,
1751 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1752 self.assertEquals(rep.u.ctx_list[0].reason,
1753 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1754 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1755 self.assertEquals(rep.u.auth_info, '\0' * 0)
1757 chunk_size = rep_both - dcerpc.DCERPC_REQUEST_LENGTH
1758 req = self.generate_request(call_id = 2,
1759 context_id=ctx1.context_id,
1761 alloc_hint=0xffffffff,
1762 stub="\00" * chunk_size)
1763 self.send_pdu(req,ndr_print=True,hexdump=True)
1764 rep = self.recv_pdu(ndr_print=True,hexdump=True)
1765 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1767 self.assertNotEquals(rep.u.alloc_hint, 0)
1768 self.assertEquals(rep.u.context_id, req.u.context_id)
1769 self.assertEquals(rep.u.cancel_count, 0)
1770 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1772 chunk_size = 5840 - dcerpc.DCERPC_REQUEST_LENGTH
1773 req = self.generate_request(call_id = 2,
1774 context_id=ctx1.context_id,
1776 alloc_hint=0xffffffff,
1777 stub="\00" * chunk_size)
1779 rep = self.recv_pdu()
1780 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1782 self.assertNotEquals(rep.u.alloc_hint, 0)
1783 self.assertEquals(rep.u.context_id, req.u.context_id)
1784 self.assertEquals(rep.u.cancel_count, 0)
1785 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1788 req = self.generate_request(call_id = 3,
1789 context_id=ctx1.context_id,
1791 alloc_hint=0xffffffff,
1792 stub="\00" * chunk_size)
1794 rep = self.recv_pdu()
1796 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
1798 self.assertNotEquals(rep.u.alloc_hint, 0)
1799 self.assertEquals(rep.u.context_id, 0)
1800 self.assertEquals(rep.u.cancel_count, 0)
1801 self.assertEquals(rep.u.flags, 0)
1802 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
1803 self.assertEquals(rep.u.reserved, 0)
1804 self.assertEquals(len(rep.u.error_and_verifier), 0)
1806 # wait for a disconnect
1807 rep = self.recv_pdu()
1808 self.assertIsNone(rep)
1809 self.assertNotConnected()
1811 def test_neg_xmit_ffff_ffff(self):
1812 return self._test_neg_xmit_check_values(req_xmit=0xffff,
1816 def test_neg_xmit_0_ffff(self):
1817 return self._test_neg_xmit_check_values(req_xmit=0,
1823 def test_neg_xmit_ffff_0(self):
1824 return self._test_neg_xmit_check_values(req_xmit=0xffff,
1828 def test_neg_xmit_0_0(self):
1829 return self._test_neg_xmit_check_values(req_xmit=0,
1835 def test_neg_xmit_3199_0(self):
1836 return self._test_neg_xmit_check_values(req_xmit=3199,
1839 def test_neg_xmit_0_3199(self):
1840 return self._test_neg_xmit_check_values(req_xmit=0,
1844 def test_neg_xmit_3199_ffff(self):
1845 return self._test_neg_xmit_check_values(req_xmit=3199,
1848 def test_neg_xmit_ffff_3199(self):
1849 return self._test_neg_xmit_check_values(req_xmit=0xffff,
1853 def test_alloc_hint(self):
1854 ndr32 = base.transfer_syntax_ndr()
1857 ctx = dcerpc.ctx_list()
1859 ctx.num_transfer_syntaxes = len(tsf1_list)
1860 ctx.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1861 ctx.transfer_syntaxes = tsf1_list
1863 req = self.generate_bind(call_id=0,
1866 rep = self.recv_pdu()
1867 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1869 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1870 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1871 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1872 self.assertEquals(rep.u.secondary_address_size, 4)
1873 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1874 self.assertEquals(len(rep.u._pad1), 2)
1875 self.assertEquals(rep.u._pad1, '\0' * 2)
1876 self.assertEquals(rep.u.num_results, 1)
1877 self.assertEquals(rep.u.ctx_list[0].result,
1878 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1879 self.assertEquals(rep.u.ctx_list[0].reason,
1880 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1881 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1882 self.assertEquals(rep.u.auth_info, '\0' * 0)
1884 # And now try a request without auth_info
1885 req = self.generate_request(call_id = 2,
1886 context_id=ctx.context_id,
1888 alloc_hint=0xffffffff,
1891 rep = self.recv_pdu()
1892 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1894 self.assertNotEquals(rep.u.alloc_hint, 0)
1895 self.assertEquals(rep.u.context_id, req.u.context_id)
1896 self.assertEquals(rep.u.cancel_count, 0)
1897 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1899 req = self.generate_request(call_id = 3,
1900 context_id=ctx.context_id,
1902 alloc_hint=0xffffffff,
1903 stub="\04\00\00\00\00\00\00\00")
1905 rep = self.recv_pdu()
1906 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1908 self.assertNotEquals(rep.u.alloc_hint, 0)
1909 self.assertEquals(rep.u.context_id, req.u.context_id)
1910 self.assertEquals(rep.u.cancel_count, 0)
1911 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1913 req = self.generate_request(call_id = 4,
1914 context_id=ctx.context_id,
1917 stub="\04\00\00\00\00\00\00\00")
1919 rep = self.recv_pdu()
1920 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1922 self.assertNotEquals(rep.u.alloc_hint, 0)
1923 self.assertEquals(rep.u.context_id, req.u.context_id)
1924 self.assertEquals(rep.u.cancel_count, 0)
1925 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1927 def _get_netlogon_ctx(self):
1928 abstract = samba.dcerpc.netlogon.abstract_syntax()
1929 ndr32 = base.transfer_syntax_ndr()
1931 (ctx, ack) = self.prepare_presentation(abstract, ndr32, context_id=0,
1932 epmap=True, return_ack=True)
1934 server = '\\\\' + self.target_hostname
1935 server_utf16 = unicode(server, 'utf-8').encode('utf-16-le')
1936 computer = 'UNKNOWNCOMPUTER'
1937 computer_utf16 = unicode(computer, 'utf-8').encode('utf-16-le')
1939 real_stub = struct.pack('<IIII', 0x00200000,
1940 len(server)+1, 0, len(server)+1)
1941 real_stub += server_utf16 + '\x00\x00'
1942 mod_len = len(real_stub) % 4
1944 real_stub += '\x00' * (4 - mod_len)
1945 real_stub += struct.pack('<III',
1946 len(computer)+1, 0, len(computer)+1)
1947 real_stub += computer_utf16 + '\x00\x00'
1948 real_stub += '\x11\x22\x33\x44\x55\x66\x77\x88'
1950 return (ctx, ack, real_stub)
1952 def _test_fragmented_requests(self, remaining=None, alloc_hint=None,
1953 fault_first=None, fault_last=None):
1954 (ctx, rep, real_stub) = self._get_netlogon_ctx()
1956 chunk = rep.u.max_recv_frag - dcerpc.DCERPC_REQUEST_LENGTH
1960 while remaining > 0:
1961 thistime = min(remaining, chunk)
1962 remaining -= thistime
1967 pfc_flags |= dcerpc.DCERPC_PFC_FLAG_FIRST
1969 stub = real_stub + '\x00' * (thistime - len(real_stub))
1971 stub = "\x00" * thistime
1974 pfc_flags |= dcerpc.DCERPC_PFC_FLAG_LAST
1976 # And now try a request without auth_info
1977 # netr_ServerReqChallenge()
1978 req = self.generate_request(call_id = 0x21234,
1979 pfc_flags=pfc_flags,
1980 context_id=ctx.context_id,
1982 alloc_hint=alloc_hint,
1984 if alloc_hint >= thistime:
1985 alloc_hint -= thistime
1988 self.send_pdu(req,hexdump=False)
1989 if fault_first is not None:
1990 rep = self.recv_pdu()
1991 # We get a fault back
1992 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
1994 self.assertNotEquals(rep.u.alloc_hint, 0)
1995 self.assertEquals(rep.u.context_id, req.u.context_id)
1996 self.assertEquals(rep.u.cancel_count, 0)
1997 self.assertEquals(rep.u.flags, 0)
1998 self.assertEquals(rep.u.status, fault_first)
1999 self.assertEquals(rep.u.reserved, 0)
2000 self.assertEquals(len(rep.u.error_and_verifier), 0)
2002 # wait for a disconnect
2003 rep = self.recv_pdu()
2004 self.assertIsNone(rep)
2005 self.assertNotConnected()
2009 if total >= 0x400000 and fault_last is not None:
2010 rep = self.recv_pdu()
2011 # We get a fault back
2012 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2014 self.assertNotEquals(rep.u.alloc_hint, 0)
2015 self.assertEquals(rep.u.context_id, req.u.context_id)
2016 self.assertEquals(rep.u.cancel_count, 0)
2017 self.assertEquals(rep.u.flags, 0)
2018 self.assertEquals(rep.u.status, fault_last)
2019 self.assertEquals(rep.u.reserved, 0)
2020 self.assertEquals(len(rep.u.error_and_verifier), 0)
2022 # wait for a disconnect
2023 rep = self.recv_pdu()
2024 self.assertIsNone(rep)
2025 self.assertNotConnected()
2027 rep = self.recv_pdu(timeout=0.01)
2028 self.assertIsNone(rep)
2029 self.assertIsConnected()
2031 if total >= 0x400000 and fault_last is not None:
2032 rep = self.recv_pdu()
2033 # We get a fault back
2034 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2036 self.assertNotEquals(rep.u.alloc_hint, 0)
2037 self.assertEquals(rep.u.context_id, req.u.context_id)
2038 self.assertEquals(rep.u.cancel_count, 0)
2039 self.assertEquals(rep.u.flags, 0)
2040 self.assertEquals(rep.u.status, fault_last)
2041 self.assertEquals(rep.u.reserved, 0)
2042 self.assertEquals(len(rep.u.error_and_verifier), 0)
2044 # wait for a disconnect
2045 rep = self.recv_pdu()
2046 self.assertIsNone(rep)
2047 self.assertNotConnected()
2049 rep = self.recv_pdu()
2050 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2052 self.assertNotEquals(rep.u.alloc_hint, 0)
2053 self.assertEquals(rep.u.context_id, req.u.context_id)
2054 self.assertEquals(rep.u.cancel_count, 0)
2055 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2057 self.assertEquals(len(rep.u.stub_and_verifier), 12)
2058 status = struct.unpack_from("<I", rep.u.stub_and_verifier, len(rep.u.stub_and_verifier) - 4)
2059 self.assertEquals(status[0], 0)
2061 def test_fragmented_requests01(self):
2062 return self._test_fragmented_requests(remaining=0x400000,
2063 alloc_hint=0x400000)
2065 def test_fragmented_requests02(self):
2066 return self._test_fragmented_requests(remaining=0x400000,
2067 alloc_hint=0x100000)
2069 def test_fragmented_requests03(self):
2070 return self._test_fragmented_requests(remaining=0x400000,
2073 def test_fragmented_requests04(self):
2074 return self._test_fragmented_requests(remaining=0x400000,
2075 alloc_hint=0x400001,
2076 fault_first=dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2078 def test_fragmented_requests05(self):
2079 return self._test_fragmented_requests(remaining=0x500001,
2081 fault_last=dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2083 def _test_same_requests(self, pfc_flags, fault_1st=False, fault_2nd=False):
2084 (ctx, rep, real_stub) = self._get_netlogon_ctx()
2086 # netr_ServerReqChallenge with given flags
2087 req = self.generate_request(call_id = 2,
2088 pfc_flags=pfc_flags,
2089 context_id=ctx.context_id,
2094 rep = self.recv_pdu()
2095 # We get a fault back
2096 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2098 self.assertNotEquals(rep.u.alloc_hint, 0)
2099 self.assertEquals(rep.u.context_id, 0)
2100 self.assertEquals(rep.u.cancel_count, 0)
2101 self.assertEquals(rep.u.flags, 0)
2102 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2103 self.assertEquals(rep.u.reserved, 0)
2104 self.assertEquals(len(rep.u.error_and_verifier), 0)
2106 # wait for a disconnect
2107 rep = self.recv_pdu()
2108 self.assertIsNone(rep)
2109 self.assertNotConnected()
2111 rep = self.recv_pdu(timeout=0.1)
2112 self.assertIsNone(rep)
2113 self.assertIsConnected()
2115 # netr_ServerReqChallenge without DCERPC_PFC_FLAG_LAST
2116 # with the same call_id
2117 req = self.generate_request(call_id = 2,
2118 pfc_flags=pfc_flags,
2119 context_id=ctx.context_id,
2124 rep = self.recv_pdu()
2125 # We get a fault back
2126 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2128 self.assertNotEquals(rep.u.alloc_hint, 0)
2129 self.assertEquals(rep.u.context_id, req.u.context_id)
2130 self.assertEquals(rep.u.cancel_count, 0)
2131 self.assertEquals(rep.u.flags, 0)
2132 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2133 self.assertEquals(rep.u.reserved, 0)
2134 self.assertEquals(len(rep.u.error_and_verifier), 0)
2136 # wait for a disconnect
2137 rep = self.recv_pdu()
2138 self.assertIsNone(rep)
2139 self.assertNotConnected()
2142 rep = self.recv_pdu(timeout=0.1)
2143 self.assertIsNone(rep)
2144 self.assertIsConnected()
2146 def test_first_only_requests(self):
2147 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2150 def test_none_only_requests(self):
2151 return self._test_same_requests(pfc_flags=0, fault_1st=True)
2153 def test_last_only_requests(self):
2154 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2157 def test_first_maybe_requests(self):
2158 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2159 dcerpc.DCERPC_PFC_FLAG_MAYBE,
2162 def test_first_didnot_requests(self):
2163 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2164 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
2167 def test_first_cmpx_requests(self):
2168 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2169 dcerpc.DCERPC_PFC_FLAG_CONC_MPX,
2172 def test_first_08_requests(self):
2173 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2177 def test_first_cancel_requests(self):
2178 (ctx, rep, real_stub) = self._get_netlogon_ctx()
2180 # netr_ServerReqChallenge with given flags
2181 req = self.generate_request(call_id = 2,
2182 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2183 dcerpc.DCERPC_PFC_FLAG_PENDING_CANCEL,
2184 context_id=ctx.context_id,
2188 rep = self.recv_pdu()
2189 # We get a fault back
2190 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2191 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2192 dcerpc.DCERPC_PFC_FLAG_LAST |
2193 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
2195 self.assertNotEquals(rep.u.alloc_hint, 0)
2196 self.assertEquals(rep.u.context_id, 0)
2197 self.assertEquals(rep.u.cancel_count, 0)
2198 self.assertEquals(rep.u.flags, 0)
2199 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_NO_CALL_ACTIVE)
2200 self.assertEquals(rep.u.reserved, 0)
2201 self.assertEquals(len(rep.u.error_and_verifier), 0)
2203 # wait for a disconnect
2204 rep = self.recv_pdu()
2205 self.assertIsNone(rep)
2206 self.assertNotConnected()
2208 def test_2nd_cancel_requests(self):
2209 (ctx, rep, real_stub) = self._get_netlogon_ctx()
2211 # netr_ServerReqChallenge with given flags
2212 req = self.generate_request(call_id = 2,
2213 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2214 context_id=ctx.context_id,
2218 rep = self.recv_pdu(timeout=0.1)
2219 self.assertIsNone(rep)
2220 self.assertIsConnected()
2222 # netr_ServerReqChallenge with given flags
2223 req = self.generate_request(call_id = 2,
2224 pfc_flags=dcerpc.DCERPC_PFC_FLAG_PENDING_CANCEL,
2225 context_id=ctx.context_id,
2229 rep = self.recv_pdu(timeout=0.1)
2230 self.assertIsNone(rep)
2231 self.assertIsConnected()
2233 # netr_ServerReqChallenge with given flags
2234 req = self.generate_request(call_id = 2,
2235 pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2236 context_id=ctx.context_id,
2240 rep = self.recv_pdu()
2241 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2243 self.assertNotEquals(rep.u.alloc_hint, 0)
2244 self.assertEquals(rep.u.context_id, req.u.context_id)
2245 self.assertEquals(rep.u.cancel_count, 0)
2246 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2248 self.assertEquals(len(rep.u.stub_and_verifier), 12)
2249 status = struct.unpack_from("<I", rep.u.stub_and_verifier, len(rep.u.stub_and_verifier) - 4)
2250 self.assertEquals(status[0], 0)
2252 def test_last_cancel_requests(self):
2253 (ctx, rep, real_stub) = self._get_netlogon_ctx()
2255 # netr_ServerReqChallenge with given flags
2256 req = self.generate_request(call_id = 2,
2257 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2258 context_id=ctx.context_id,
2262 rep = self.recv_pdu(timeout=0.1)
2263 self.assertIsNone(rep)
2264 self.assertIsConnected()
2266 # netr_ServerReqChallenge with given flags
2267 req = self.generate_request(call_id = 2,
2268 pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST |
2269 dcerpc.DCERPC_PFC_FLAG_PENDING_CANCEL,
2270 context_id=ctx.context_id,
2274 rep = self.recv_pdu()
2275 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2277 self.assertNotEquals(rep.u.alloc_hint, 0)
2278 self.assertEquals(rep.u.context_id, req.u.context_id)
2279 self.assertEquals(rep.u.cancel_count, 0)
2280 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2282 self.assertEquals(len(rep.u.stub_and_verifier), 12)
2283 status = struct.unpack_from("<I", rep.u.stub_and_verifier, len(rep.u.stub_and_verifier) - 4)
2284 self.assertEquals(status[0], 0)
2286 def test_mix_requests(self):
2287 (ctx, rep, real_stub) = self._get_netlogon_ctx()
2289 # netr_ServerReqChallenge with given flags
2290 req = self.generate_request(call_id = 50,
2291 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2292 context_id=ctx.context_id,
2296 rep = self.recv_pdu(timeout=0.1)
2297 self.assertIsNone(rep)
2298 self.assertIsConnected()
2300 # netr_ServerReqChallenge with given flags
2301 req = self.generate_request(call_id = 51,
2302 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2303 context_id=ctx.context_id,
2307 rep = self.recv_pdu()
2308 # We get a fault back
2309 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, 50,
2310 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2311 dcerpc.DCERPC_PFC_FLAG_LAST,
2313 self.assertNotEquals(rep.u.alloc_hint, 0)
2314 self.assertEquals(rep.u.context_id, req.u.context_id)
2315 self.assertEquals(rep.u.cancel_count, 0)
2316 self.assertEquals(rep.u.flags, 0)
2317 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2318 self.assertEquals(rep.u.reserved, 0)
2319 self.assertEquals(len(rep.u.error_and_verifier), 0)
2321 def test_co_cancel_no_request(self):
2322 ndr32 = base.transfer_syntax_ndr()
2323 abstract = samba.dcerpc.mgmt.abstract_syntax()
2324 ctx = self.prepare_presentation(abstract, ndr32, context_id=0xff)
2326 req = self.generate_co_cancel(call_id = 3)
2328 rep = self.recv_pdu(timeout=0.01)
2329 self.assertIsNone(rep)
2330 self.assertIsConnected()
2332 # And now try a request
2333 req = self.generate_request(call_id = 1,
2334 context_id=ctx.context_id,
2338 rep = self.recv_pdu()
2339 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2341 self.assertNotEquals(rep.u.alloc_hint, 0)
2342 self.assertEquals(rep.u.context_id, req.u.context_id)
2343 self.assertEquals(rep.u.cancel_count, 0)
2344 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2346 def test_co_cancel_request_after_first(self):
2347 ndr32 = base.transfer_syntax_ndr()
2348 abstract = samba.dcerpc.mgmt.abstract_syntax()
2349 ctx = self.prepare_presentation(abstract, ndr32, context_id=0xff)
2351 req = self.generate_request(call_id = 1,
2352 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2353 context_id=ctx.context_id,
2357 rep = self.recv_pdu(timeout=0.01)
2358 self.assertIsNone(rep)
2359 self.assertIsConnected()
2361 req = self.generate_co_cancel(call_id = 1)
2363 rep = self.recv_pdu(timeout=0.01)
2364 self.assertIsNone(rep)
2365 self.assertIsConnected()
2367 req = self.generate_request(call_id = 1,
2368 pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2369 context_id=ctx.context_id,
2373 rep = self.recv_pdu()
2374 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2376 self.assertNotEquals(rep.u.alloc_hint, 0)
2377 self.assertEquals(rep.u.context_id, req.u.context_id)
2378 self.assertEquals(rep.u.cancel_count, 0)
2379 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2381 # And now try a request
2382 req = self.generate_request(call_id = 2,
2383 context_id=ctx.context_id,
2387 rep = self.recv_pdu()
2388 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2390 self.assertNotEquals(rep.u.alloc_hint, 0)
2391 self.assertEquals(rep.u.context_id, req.u.context_id)
2392 self.assertEquals(rep.u.cancel_count, 0)
2393 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2395 def test_orphaned_no_request(self):
2396 ndr32 = base.transfer_syntax_ndr()
2397 abstract = samba.dcerpc.mgmt.abstract_syntax()
2398 ctx = self.prepare_presentation(abstract, ndr32)
2400 req = self.generate_orphaned(call_id = 3)
2402 rep = self.recv_pdu(timeout=0.01)
2403 self.assertIsNone(rep)
2404 self.assertIsConnected()
2406 # And now try a request
2407 req = self.generate_request(call_id = 1,
2408 context_id=ctx.context_id,
2412 rep = self.recv_pdu()
2413 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2415 self.assertNotEquals(rep.u.alloc_hint, 0)
2416 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2417 self.assertEquals(rep.u.cancel_count, 0)
2418 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2420 def test_orphaned_request_after_first_last(self):
2421 ndr32 = base.transfer_syntax_ndr()
2422 abstract = samba.dcerpc.mgmt.abstract_syntax()
2423 ctx = self.prepare_presentation(abstract, ndr32)
2425 req = self.generate_request(call_id = 1,
2426 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2427 context_id=ctx.context_id,
2431 rep = self.recv_pdu(timeout=0.1)
2432 self.assertIsNone(rep)
2433 self.assertIsConnected()
2435 req = self.generate_orphaned(call_id = 1)
2437 rep = self.recv_pdu(timeout=0.1)
2438 self.assertIsNone(rep)
2439 self.assertIsConnected()
2441 req = self.generate_request(call_id = 1,
2442 pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2443 context_id=ctx.context_id,
2447 rep = self.recv_pdu()
2448 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2450 self.assertNotEquals(rep.u.alloc_hint, 0)
2451 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2452 self.assertEquals(rep.u.cancel_count, 0)
2453 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2455 # And now try a request
2456 req = self.generate_request(call_id = 2,
2457 context_id=ctx.context_id,
2461 rep = self.recv_pdu()
2462 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2464 self.assertNotEquals(rep.u.alloc_hint, 0)
2465 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2466 self.assertEquals(rep.u.cancel_count, 0)
2467 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2469 def test_orphaned_request_after_first_mpx_last(self):
2470 ndr32 = base.transfer_syntax_ndr()
2471 abstract = samba.dcerpc.mgmt.abstract_syntax()
2473 pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST
2474 pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST
2475 pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_CONC_MPX
2476 ctx = self.prepare_presentation(abstract, ndr32, pfc_flags=pfc_flags)
2478 req = self.generate_request(call_id = 1,
2479 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2480 context_id=ctx.context_id,
2484 rep = self.recv_pdu(timeout=0.1)
2485 self.assertIsNone(rep)
2486 self.assertIsConnected()
2488 req = self.generate_orphaned(call_id = 1)
2490 rep = self.recv_pdu(timeout=0.1)
2491 self.assertIsNone(rep)
2492 self.assertIsConnected()
2494 req = self.generate_request(call_id = 1,
2495 pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2496 context_id=ctx.context_id,
2500 rep = self.recv_pdu()
2501 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2503 self.assertNotEquals(rep.u.alloc_hint, 0)
2504 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2505 self.assertEquals(rep.u.cancel_count, 0)
2506 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2508 # And now try a request
2509 req = self.generate_request(call_id = 2,
2510 context_id=ctx.context_id,
2514 rep = self.recv_pdu()
2515 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2517 self.assertNotEquals(rep.u.alloc_hint, 0)
2518 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2519 self.assertEquals(rep.u.cancel_count, 0)
2520 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2522 def test_orphaned_request_after_first_no_last(self):
2523 ndr32 = base.transfer_syntax_ndr()
2524 abstract = samba.dcerpc.mgmt.abstract_syntax()
2525 ctx = self.prepare_presentation(abstract, ndr32)
2527 req1 = self.generate_request(call_id = 1,
2528 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2529 context_id=ctx.context_id,
2533 rep = self.recv_pdu(timeout=0.1)
2534 self.assertIsNone(rep)
2535 self.assertIsConnected()
2537 req = self.generate_orphaned(call_id = 1)
2539 rep = self.recv_pdu(timeout=0.1)
2540 self.assertIsNone(rep)
2541 self.assertIsConnected()
2543 # And now try a new request
2544 req2 = self.generate_request(call_id = 2,
2545 context_id=ctx.context_id,
2549 rep = self.recv_pdu()
2550 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req1.call_id,
2552 self.assertNotEquals(rep.u.alloc_hint, 0)
2553 self.assertEquals(rep.u.context_id, req1.u.context_id)
2554 self.assertEquals(rep.u.cancel_count, 0)
2555 self.assertEquals(rep.u.flags, 0)
2556 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2557 self.assertEquals(rep.u.reserved, 0)
2558 self.assertEquals(len(rep.u.error_and_verifier), 0)
2560 # wait for a disconnect
2561 rep = self.recv_pdu()
2562 self.assertIsNone(rep)
2563 self.assertNotConnected()
2565 def test_orphaned_request_after_first_mpx_no_last(self):
2566 ndr32 = base.transfer_syntax_ndr()
2567 abstract = samba.dcerpc.mgmt.abstract_syntax()
2569 pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST
2570 pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST
2571 pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_CONC_MPX
2572 ctx = self.prepare_presentation(abstract, ndr32,
2573 pfc_flags=pfc_flags)
2575 req1 = self.generate_request(call_id = 1,
2576 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2577 context_id=ctx.context_id,
2581 rep = self.recv_pdu(timeout=0.1)
2582 self.assertIsNone(rep)
2583 self.assertIsConnected()
2585 req = self.generate_orphaned(call_id = 1)
2587 rep = self.recv_pdu(timeout=0.1)
2588 self.assertIsNone(rep)
2589 self.assertIsConnected()
2591 # And now try a new request
2592 req2 = self.generate_request(call_id = 2,
2593 context_id=ctx.context_id-1,
2597 rep = self.recv_pdu()
2598 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req2.call_id,
2600 self.assertNotEquals(rep.u.alloc_hint, 0)
2601 self.assertEquals(rep.u.context_id, 0)
2602 self.assertEquals(rep.u.cancel_count, 0)
2603 self.assertEquals(rep.u.flags, 0)
2604 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2605 self.assertEquals(rep.u.reserved, 0)
2606 self.assertEquals(len(rep.u.error_and_verifier), 0)
2608 # wait for a disconnect
2609 rep = self.recv_pdu()
2610 self.assertIsNone(rep)
2611 self.assertNotConnected()
2613 def test_spnego_connect_request(self):
2614 ndr32 = base.transfer_syntax_ndr()
2617 ctx1 = dcerpc.ctx_list()
2619 ctx1.num_transfer_syntaxes = len(tsf1_list)
2620 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2621 ctx1.transfer_syntaxes = tsf1_list
2624 c = self.get_anon_creds()
2625 g = gensec.Security.start_client(self.settings)
2626 g.set_credentials(c)
2627 g.want_feature(gensec.FEATURE_DCE_STYLE)
2628 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2629 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
2631 g.start_mech_by_authtype(auth_type, auth_level)
2633 (finished, to_server) = g.update(from_server)
2634 self.assertFalse(finished)
2636 auth_info = self.generate_auth(auth_type=auth_type,
2637 auth_level=auth_level,
2638 auth_context_id=auth_context_id,
2639 auth_blob=to_server)
2641 req = self.generate_bind(call_id=0,
2643 auth_info=auth_info)
2646 rep = self.recv_pdu()
2647 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2648 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2649 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2650 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2651 self.assertEquals(rep.u.secondary_address_size, 4)
2652 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
2653 self.assertEquals(len(rep.u._pad1), 2)
2654 self.assertEquals(rep.u._pad1, '\0' * 2)
2655 self.assertEquals(rep.u.num_results, 1)
2656 self.assertEquals(rep.u.ctx_list[0].result,
2657 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2658 self.assertEquals(rep.u.ctx_list[0].reason,
2659 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2660 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2661 self.assertNotEquals(len(rep.u.auth_info), 0)
2662 a = self.parse_auth(rep.u.auth_info)
2664 from_server = a.credentials
2665 (finished, to_server) = g.update(from_server)
2666 self.assertFalse(finished)
2668 auth_info = self.generate_auth(auth_type=auth_type,
2669 auth_level=auth_level,
2670 auth_context_id=auth_context_id,
2671 auth_blob=to_server)
2673 req = self.generate_alter(call_id=0,
2675 assoc_group_id=rep.u.assoc_group_id,
2676 auth_info=auth_info)
2679 rep = self.recv_pdu()
2680 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
2681 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2682 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2683 self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2684 self.assertEquals(rep.u.secondary_address_size, 0)
2685 self.assertEquals(len(rep.u._pad1), 2)
2686 # Windows sends garbage
2687 #self.assertEquals(rep.u._pad1, '\0' * 2)
2688 self.assertEquals(rep.u.num_results, 1)
2689 self.assertEquals(rep.u.ctx_list[0].result,
2690 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2691 self.assertEquals(rep.u.ctx_list[0].reason,
2692 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2693 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2694 self.assertNotEquals(len(rep.u.auth_info), 0)
2695 a = self.parse_auth(rep.u.auth_info)
2697 from_server = a.credentials
2698 (finished, to_server) = g.update(from_server)
2699 self.assertTrue(finished)
2701 # And now try a request without auth_info
2702 req = self.generate_request(call_id = 2,
2703 context_id=ctx1.context_id,
2707 rep = self.recv_pdu()
2708 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2710 self.assertNotEquals(rep.u.alloc_hint, 0)
2711 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2712 self.assertEquals(rep.u.cancel_count, 0)
2713 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2715 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
2716 auth_info = self.generate_auth(auth_type=auth_type,
2717 auth_level=auth_level,
2718 auth_context_id=auth_context_id,
2719 auth_blob="\x01"+"\x00"*15)
2720 req = self.generate_request(call_id = 3,
2721 context_id=ctx1.context_id,
2724 auth_info=auth_info)
2726 rep = self.recv_pdu()
2727 # We don't get an auth_info back
2728 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2730 self.assertNotEquals(rep.u.alloc_hint, 0)
2731 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2732 self.assertEquals(rep.u.cancel_count, 0)
2733 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2735 # Now a request with auth_info DCERPC_AUTH_LEVEL_INTEGRITY
2736 auth_info = self.generate_auth(auth_type=auth_type,
2737 auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
2738 auth_context_id=auth_context_id,
2739 auth_blob="\x01"+"\x00"*15)
2740 req = self.generate_request(call_id = 4,
2741 context_id=ctx1.context_id,
2744 auth_info=auth_info)
2746 rep = self.recv_pdu()
2747 # We get a fault back
2748 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2750 self.assertNotEquals(rep.u.alloc_hint, 0)
2751 self.assertEquals(rep.u.context_id, req.u.context_id)
2752 self.assertEquals(rep.u.cancel_count, 0)
2753 self.assertEquals(rep.u.flags, 0)
2754 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2755 self.assertEquals(rep.u.reserved, 0)
2756 self.assertEquals(len(rep.u.error_and_verifier), 0)
2758 # wait for a disconnect
2759 rep = self.recv_pdu()
2760 self.assertIsNone(rep)
2761 self.assertNotConnected()
2763 def test_spnego_integrity_request(self):
2764 ndr32 = base.transfer_syntax_ndr()
2767 ctx1 = dcerpc.ctx_list()
2769 ctx1.num_transfer_syntaxes = len(tsf1_list)
2770 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2771 ctx1.transfer_syntaxes = tsf1_list
2774 c = self.get_anon_creds()
2775 g = gensec.Security.start_client(self.settings)
2776 g.set_credentials(c)
2777 g.want_feature(gensec.FEATURE_DCE_STYLE)
2778 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2779 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
2781 g.start_mech_by_authtype(auth_type, auth_level)
2783 (finished, to_server) = g.update(from_server)
2784 self.assertFalse(finished)
2786 auth_info = self.generate_auth(auth_type=auth_type,
2787 auth_level=auth_level,
2788 auth_context_id=auth_context_id,
2789 auth_blob=to_server)
2791 req = self.generate_bind(call_id=0,
2793 auth_info=auth_info)
2796 rep = self.recv_pdu()
2797 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2798 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2799 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2800 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2801 self.assertEquals(rep.u.secondary_address_size, 4)
2802 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
2803 self.assertEquals(len(rep.u._pad1), 2)
2804 self.assertEquals(rep.u._pad1, '\0' * 2)
2805 self.assertEquals(rep.u.num_results, 1)
2806 self.assertEquals(rep.u.ctx_list[0].result,
2807 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2808 self.assertEquals(rep.u.ctx_list[0].reason,
2809 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2810 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2811 self.assertNotEquals(len(rep.u.auth_info), 0)
2812 a = self.parse_auth(rep.u.auth_info)
2814 from_server = a.credentials
2815 (finished, to_server) = g.update(from_server)
2816 self.assertFalse(finished)
2818 auth_info = self.generate_auth(auth_type=auth_type,
2819 auth_level=auth_level,
2820 auth_context_id=auth_context_id,
2821 auth_blob=to_server)
2823 req = self.generate_alter(call_id=0,
2825 assoc_group_id=rep.u.assoc_group_id,
2826 auth_info=auth_info)
2829 rep = self.recv_pdu()
2830 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
2831 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2832 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2833 self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2834 self.assertEquals(rep.u.secondary_address_size, 0)
2835 self.assertEquals(len(rep.u._pad1), 2)
2836 # Windows sends garbage
2837 #self.assertEquals(rep.u._pad1, '\0' * 2)
2838 self.assertEquals(rep.u.num_results, 1)
2839 self.assertEquals(rep.u.ctx_list[0].result,
2840 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2841 self.assertEquals(rep.u.ctx_list[0].reason,
2842 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2843 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2844 self.assertNotEquals(len(rep.u.auth_info), 0)
2845 a = self.parse_auth(rep.u.auth_info)
2847 from_server = a.credentials
2848 (finished, to_server) = g.update(from_server)
2849 self.assertTrue(finished)
2851 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
2852 auth_info = self.generate_auth(auth_type=auth_type,
2853 auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
2854 auth_context_id=auth_context_id,
2855 auth_blob="\x01"+"\x00"*15)
2856 req = self.generate_request(call_id = 3,
2857 context_id=ctx1.context_id,
2860 auth_info=auth_info)
2862 rep = self.recv_pdu()
2863 # We get a fault back
2864 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2866 self.assertNotEquals(rep.u.alloc_hint, 0)
2867 self.assertEquals(rep.u.context_id, req.u.context_id)
2868 self.assertEquals(rep.u.cancel_count, 0)
2869 self.assertEquals(rep.u.flags, 0)
2870 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2871 self.assertEquals(rep.u.reserved, 0)
2872 self.assertEquals(len(rep.u.error_and_verifier), 0)
2874 # wait for a disconnect
2875 rep = self.recv_pdu()
2876 self.assertIsNone(rep)
2877 self.assertNotConnected()
2879 def test_spnego_unfinished_request(self):
2880 ndr32 = base.transfer_syntax_ndr()
2883 ctx1 = dcerpc.ctx_list()
2885 ctx1.num_transfer_syntaxes = len(tsf1_list)
2886 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2887 ctx1.transfer_syntaxes = tsf1_list
2890 c = self.get_anon_creds()
2891 g = gensec.Security.start_client(self.settings)
2892 g.set_credentials(c)
2893 g.want_feature(gensec.FEATURE_DCE_STYLE)
2894 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2895 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
2897 g.start_mech_by_authtype(auth_type, auth_level)
2899 (finished, to_server) = g.update(from_server)
2900 self.assertFalse(finished)
2902 auth_info = self.generate_auth(auth_type=auth_type,
2903 auth_level=auth_level,
2904 auth_context_id=auth_context_id,
2905 auth_blob=to_server)
2907 req = self.generate_bind(call_id=0,
2909 auth_info=auth_info)
2912 rep = self.recv_pdu()
2913 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2914 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2915 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2916 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2917 assoc_group_id = rep.u.assoc_group_id
2918 self.assertEquals(rep.u.secondary_address_size, 4)
2919 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
2920 self.assertEquals(len(rep.u._pad1), 2)
2921 self.assertEquals(rep.u._pad1, '\0' * 2)
2922 self.assertEquals(rep.u.num_results, 1)
2923 self.assertEquals(rep.u.ctx_list[0].result,
2924 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2925 self.assertEquals(rep.u.ctx_list[0].reason,
2926 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2927 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2928 self.assertNotEquals(len(rep.u.auth_info), 0)
2929 a = self.parse_auth(rep.u.auth_info)
2931 from_server = a.credentials
2932 (finished, to_server) = g.update(from_server)
2933 self.assertFalse(finished)
2935 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
2936 auth_info = self.generate_auth(auth_type=auth_type,
2937 auth_level=auth_level,
2938 auth_context_id=auth_context_id,
2939 auth_blob="\x01"+"\x00"*15)
2940 req = self.generate_request(call_id = 1,
2941 context_id=ctx1.context_id,
2944 auth_info=auth_info)
2946 rep = self.recv_pdu()
2948 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2949 pfc_flags=req.pfc_flags |
2950 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
2952 self.assertNotEquals(rep.u.alloc_hint, 0)
2953 self.assertEquals(rep.u.context_id, 0)
2954 self.assertEquals(rep.u.cancel_count, 0)
2955 self.assertEquals(rep.u.flags, 0)
2956 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2957 self.assertEquals(rep.u.reserved, 0)
2958 self.assertEquals(len(rep.u.error_and_verifier), 0)
2960 # wait for a disconnect
2961 rep = self.recv_pdu()
2962 self.assertIsNone(rep)
2963 self.assertNotConnected()
2965 def test_spnego_auth3(self):
2966 ndr32 = base.transfer_syntax_ndr()
2969 ctx1 = dcerpc.ctx_list()
2971 ctx1.num_transfer_syntaxes = len(tsf1_list)
2972 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2973 ctx1.transfer_syntaxes = tsf1_list
2976 c = self.get_anon_creds()
2977 g = gensec.Security.start_client(self.settings)
2978 g.set_credentials(c)
2979 g.want_feature(gensec.FEATURE_DCE_STYLE)
2980 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2981 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
2983 g.start_mech_by_authtype(auth_type, auth_level)
2985 (finished, to_server) = g.update(from_server)
2986 self.assertFalse(finished)
2988 auth_info = self.generate_auth(auth_type=auth_type,
2989 auth_level=auth_level,
2990 auth_context_id=auth_context_id,
2991 auth_blob=to_server)
2992 req = self.generate_bind(call_id=0,
2994 auth_info=auth_info)
2996 rep = self.recv_pdu()
2997 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2998 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2999 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3000 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3001 self.assertEquals(rep.u.secondary_address_size, 4)
3002 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3003 self.assertEquals(len(rep.u._pad1), 2)
3004 #self.assertEquals(rep.u._pad1, '\0' * 2)
3005 self.assertEquals(rep.u.num_results, 1)
3006 self.assertEquals(rep.u.ctx_list[0].result,
3007 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3008 self.assertEquals(rep.u.ctx_list[0].reason,
3009 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3010 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3011 self.assertNotEquals(len(rep.u.auth_info), 0)
3012 a = self.parse_auth(rep.u.auth_info)
3014 from_server = a.credentials
3015 (finished, to_server) = g.update(from_server)
3016 self.assertFalse(finished)
3018 auth_info = self.generate_auth(auth_type=auth_type,
3019 auth_level=auth_level,
3020 auth_context_id=auth_context_id,
3021 auth_blob=to_server)
3022 req = self.generate_auth3(call_id=0,
3023 auth_info=auth_info)
3025 rep = self.recv_pdu()
3026 self.assertIsNone(rep)
3027 self.assertIsConnected()
3029 # And now try a request without auth_info
3030 req = self.generate_request(call_id = 2,
3031 context_id=ctx1.context_id,
3035 rep = self.recv_pdu()
3036 # We get a fault back
3037 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3039 self.assertNotEquals(rep.u.alloc_hint, 0)
3040 self.assertEquals(rep.u.context_id, req.u.context_id)
3041 self.assertEquals(rep.u.cancel_count, 0)
3042 self.assertEquals(rep.u.flags, 0)
3043 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
3044 self.assertEquals(rep.u.reserved, 0)
3045 self.assertEquals(len(rep.u.error_and_verifier), 0)
3047 # wait for a disconnect
3048 rep = self.recv_pdu()
3049 self.assertIsNone(rep)
3050 self.assertNotConnected()
3052 def test_spnego_connect_reauth_alter(self):
3053 ndr32 = base.transfer_syntax_ndr()
3054 ndr64 = base.transfer_syntax_ndr64()
3057 ctx1 = dcerpc.ctx_list()
3059 ctx1.num_transfer_syntaxes = len(tsf1_list)
3060 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3061 ctx1.transfer_syntaxes = tsf1_list
3064 c = self.get_anon_creds()
3065 g = gensec.Security.start_client(self.settings)
3066 g.set_credentials(c)
3067 g.want_feature(gensec.FEATURE_DCE_STYLE)
3068 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3069 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3071 g.start_mech_by_authtype(auth_type, auth_level)
3073 (finished, to_server) = g.update(from_server)
3074 self.assertFalse(finished)
3076 auth_info = self.generate_auth(auth_type=auth_type,
3077 auth_level=auth_level,
3078 auth_context_id=auth_context_id,
3079 auth_blob=to_server)
3081 req = self.generate_bind(call_id=0,
3083 auth_info=auth_info)
3086 rep = self.recv_pdu()
3087 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3088 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3089 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3090 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3091 self.assertEquals(rep.u.secondary_address_size, 4)
3092 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3093 self.assertEquals(len(rep.u._pad1), 2)
3094 self.assertEquals(rep.u._pad1, '\0' * 2)
3095 self.assertEquals(rep.u.num_results, 1)
3096 self.assertEquals(rep.u.ctx_list[0].result,
3097 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3098 self.assertEquals(rep.u.ctx_list[0].reason,
3099 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3100 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3101 self.assertNotEquals(len(rep.u.auth_info), 0)
3102 a = self.parse_auth(rep.u.auth_info)
3104 from_server = a.credentials
3105 (finished, to_server) = g.update(from_server)
3106 self.assertFalse(finished)
3108 auth_info = self.generate_auth(auth_type=auth_type,
3109 auth_level=auth_level,
3110 auth_context_id=auth_context_id,
3111 auth_blob=to_server)
3112 req = self.generate_alter(call_id=0,
3114 assoc_group_id=rep.u.assoc_group_id,
3115 auth_info=auth_info)
3117 rep = self.recv_pdu()
3118 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
3119 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3120 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3121 self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3122 self.assertEquals(rep.u.secondary_address_size, 0)
3123 self.assertEquals(len(rep.u._pad1), 2)
3124 # Windows sends garbage
3125 #self.assertEquals(rep.u._pad1, '\0' * 2)
3126 self.assertEquals(rep.u.num_results, 1)
3127 self.assertEquals(rep.u.ctx_list[0].result,
3128 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3129 self.assertEquals(rep.u.ctx_list[0].reason,
3130 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3131 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3132 self.assertNotEquals(len(rep.u.auth_info), 0)
3133 a = self.parse_auth(rep.u.auth_info)
3135 from_server = a.credentials
3136 (finished, to_server) = g.update(from_server)
3137 self.assertTrue(finished)
3139 # And now try a request without auth_info
3140 req = self.generate_request(call_id = 2,
3141 context_id=ctx1.context_id,
3145 rep = self.recv_pdu()
3146 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3148 self.assertNotEquals(rep.u.alloc_hint, 0)
3149 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
3150 self.assertEquals(rep.u.cancel_count, 0)
3151 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3153 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
3154 auth_info = self.generate_auth(auth_type=auth_type,
3155 auth_level=auth_level,
3156 auth_context_id=auth_context_id,
3157 auth_blob="\x01"+"\x00"*15)
3158 req = self.generate_request(call_id = 3,
3159 context_id=ctx1.context_id,
3162 auth_info=auth_info)
3164 rep = self.recv_pdu()
3165 # We don't get an auth_info back
3166 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3168 self.assertNotEquals(rep.u.alloc_hint, 0)
3169 self.assertEquals(rep.u.context_id, req.u.context_id)
3170 self.assertEquals(rep.u.cancel_count, 0)
3171 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3175 g = gensec.Security.start_client(self.settings)
3176 g.set_credentials(c)
3177 g.want_feature(gensec.FEATURE_DCE_STYLE)
3178 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3179 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3181 g.start_mech_by_authtype(auth_type, auth_level)
3183 (finished, to_server) = g.update(from_server)
3184 self.assertFalse(finished)
3186 auth_info = self.generate_auth(auth_type=auth_type,
3187 auth_level=auth_level,
3188 auth_context_id=auth_context_id,
3189 auth_blob=to_server)
3190 req = self.generate_alter(call_id=0,
3192 auth_info=auth_info)
3194 rep = self.recv_pdu()
3196 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3197 pfc_flags=req.pfc_flags |
3198 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3200 self.assertNotEquals(rep.u.alloc_hint, 0)
3201 self.assertEquals(rep.u.context_id, 0)
3202 self.assertEquals(rep.u.cancel_count, 0)
3203 self.assertEquals(rep.u.flags, 0)
3204 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
3205 self.assertEquals(rep.u.reserved, 0)
3206 self.assertEquals(len(rep.u.error_and_verifier), 0)
3208 # wait for a disconnect
3209 rep = self.recv_pdu()
3210 self.assertIsNone(rep)
3211 self.assertNotConnected()
3213 def test_spnego_connect_reauth_auth3(self):
3214 ndr32 = base.transfer_syntax_ndr()
3215 ndr64 = base.transfer_syntax_ndr64()
3218 ctx1 = dcerpc.ctx_list()
3220 ctx1.num_transfer_syntaxes = len(tsf1_list)
3221 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3222 ctx1.transfer_syntaxes = tsf1_list
3225 c = self.get_anon_creds()
3226 g = gensec.Security.start_client(self.settings)
3227 g.set_credentials(c)
3228 g.want_feature(gensec.FEATURE_DCE_STYLE)
3229 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3230 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3232 g.start_mech_by_authtype(auth_type, auth_level)
3234 (finished, to_server) = g.update(from_server)
3235 self.assertFalse(finished)
3237 auth_info = self.generate_auth(auth_type=auth_type,
3238 auth_level=auth_level,
3239 auth_context_id=auth_context_id,
3240 auth_blob=to_server)
3242 req = self.generate_bind(call_id=0,
3244 auth_info=auth_info)
3247 rep = self.recv_pdu()
3248 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3249 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3250 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3251 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3252 self.assertEquals(rep.u.secondary_address_size, 4)
3253 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3254 self.assertEquals(len(rep.u._pad1), 2)
3255 self.assertEquals(rep.u._pad1, '\0' * 2)
3256 self.assertEquals(rep.u.num_results, 1)
3257 self.assertEquals(rep.u.ctx_list[0].result,
3258 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3259 self.assertEquals(rep.u.ctx_list[0].reason,
3260 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3261 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3262 self.assertNotEquals(len(rep.u.auth_info), 0)
3263 a = self.parse_auth(rep.u.auth_info)
3265 from_server = a.credentials
3266 (finished, to_server) = g.update(from_server)
3267 self.assertFalse(finished)
3269 auth_info = self.generate_auth(auth_type=auth_type,
3270 auth_level=auth_level,
3271 auth_context_id=auth_context_id,
3272 auth_blob=to_server)
3273 req = self.generate_alter(call_id=0,
3275 assoc_group_id=rep.u.assoc_group_id,
3276 auth_info=auth_info)
3278 rep = self.recv_pdu()
3279 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
3280 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3281 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3282 self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3283 self.assertEquals(rep.u.secondary_address_size, 0)
3284 self.assertEquals(len(rep.u._pad1), 2)
3285 # Windows sends garbage
3286 #self.assertEquals(rep.u._pad1, '\0' * 2)
3287 self.assertEquals(rep.u.num_results, 1)
3288 self.assertEquals(rep.u.ctx_list[0].result,
3289 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3290 self.assertEquals(rep.u.ctx_list[0].reason,
3291 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3292 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3293 self.assertNotEquals(len(rep.u.auth_info), 0)
3294 a = self.parse_auth(rep.u.auth_info)
3296 from_server = a.credentials
3297 (finished, to_server) = g.update(from_server)
3298 self.assertTrue(finished)
3300 # And now try a request without auth_info
3301 req = self.generate_request(call_id = 2,
3302 context_id=ctx1.context_id,
3306 rep = self.recv_pdu()
3307 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3309 self.assertNotEquals(rep.u.alloc_hint, 0)
3310 self.assertEquals(rep.u.context_id, req.u.context_id)
3311 self.assertEquals(rep.u.cancel_count, 0)
3312 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3314 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
3315 auth_info = self.generate_auth(auth_type=auth_type,
3316 auth_level=auth_level,
3317 auth_context_id=auth_context_id,
3318 auth_blob="\x01"+"\x00"*15)
3319 req = self.generate_request(call_id = 3,
3320 context_id=ctx1.context_id,
3323 auth_info=auth_info)
3325 rep = self.recv_pdu()
3326 # We don't get an auth_info back
3327 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3329 self.assertNotEquals(rep.u.alloc_hint, 0)
3330 self.assertEquals(rep.u.context_id, req.u.context_id)
3331 self.assertEquals(rep.u.cancel_count, 0)
3332 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3336 g = gensec.Security.start_client(self.settings)
3337 g.set_credentials(c)
3338 g.want_feature(gensec.FEATURE_DCE_STYLE)
3339 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3340 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3342 g.start_mech_by_authtype(auth_type, auth_level)
3344 (finished, to_server) = g.update(from_server)
3345 self.assertFalse(finished)
3347 auth_info = self.generate_auth(auth_type=auth_type,
3348 auth_level=auth_level,
3349 auth_context_id=auth_context_id,
3350 auth_blob=to_server)
3351 req = self.generate_auth3(call_id=0,
3352 auth_info=auth_info)
3354 rep = self.recv_pdu()
3356 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3357 pfc_flags=req.pfc_flags |
3358 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3360 self.assertNotEquals(rep.u.alloc_hint, 0)
3361 self.assertEquals(rep.u.context_id, 0)
3362 self.assertEquals(rep.u.cancel_count, 0)
3363 self.assertEquals(rep.u.flags, 0)
3364 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
3365 self.assertEquals(rep.u.reserved, 0)
3366 self.assertEquals(len(rep.u.error_and_verifier), 0)
3368 # wait for a disconnect
3369 rep = self.recv_pdu()
3370 self.assertIsNone(rep)
3371 self.assertNotConnected()
3373 def test_spnego_change_auth_level(self):
3374 ndr32 = base.transfer_syntax_ndr()
3377 ctx1 = dcerpc.ctx_list()
3379 ctx1.num_transfer_syntaxes = len(tsf1_list)
3380 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3381 ctx1.transfer_syntaxes = tsf1_list
3383 c = self.get_anon_creds()
3384 g = gensec.Security.start_client(self.settings)
3385 g.set_credentials(c)
3386 g.want_feature(gensec.FEATURE_DCE_STYLE)
3387 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3388 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3390 g.start_mech_by_authtype(auth_type, auth_level)
3392 (finished, to_server) = g.update(from_server)
3393 self.assertFalse(finished)
3395 auth_info = self.generate_auth(auth_type=auth_type,
3396 auth_level=auth_level,
3397 auth_context_id=auth_context_id,
3398 auth_blob=to_server)
3399 req = self.generate_bind(call_id=0,
3401 auth_info=auth_info)
3403 rep = self.recv_pdu()
3404 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3405 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3406 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3407 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3408 self.assertEquals(rep.u.secondary_address_size, 4)
3409 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3410 self.assertEquals(len(rep.u._pad1), 2)
3411 self.assertEquals(rep.u._pad1, '\0' * 2)
3412 self.assertEquals(rep.u.num_results, 1)
3413 self.assertEquals(rep.u.ctx_list[0].result,
3414 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3415 self.assertEquals(rep.u.ctx_list[0].reason,
3416 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3417 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3418 self.assertNotEquals(len(rep.u.auth_info), 0)
3419 a = self.parse_auth(rep.u.auth_info)
3421 from_server = a.credentials
3422 (finished, to_server) = g.update(from_server)
3423 self.assertFalse(finished)
3425 auth_info = self.generate_auth(auth_type=auth_type,
3426 auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
3427 auth_context_id=auth_context_id,
3428 auth_blob=to_server)
3429 req = self.generate_alter(call_id=0,
3431 assoc_group_id=rep.u.assoc_group_id,
3432 auth_info=auth_info)
3434 rep = self.recv_pdu()
3435 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3436 pfc_flags=req.pfc_flags |
3437 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3439 self.assertNotEquals(rep.u.alloc_hint, 0)
3440 self.assertEquals(rep.u.context_id, 0)
3441 self.assertEquals(rep.u.cancel_count, 0)
3442 self.assertEquals(rep.u.flags, 0)
3443 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
3444 self.assertEquals(rep.u.reserved, 0)
3445 self.assertEquals(len(rep.u.error_and_verifier), 0)
3447 # wait for a disconnect
3448 rep = self.recv_pdu()
3449 self.assertIsNone(rep)
3450 self.assertNotConnected()
3452 def test_spnego_change_abstract(self):
3453 ndr32 = base.transfer_syntax_ndr()
3456 ctx1 = dcerpc.ctx_list()
3458 ctx1.num_transfer_syntaxes = len(tsf1_list)
3459 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3460 ctx1.transfer_syntaxes = tsf1_list
3462 ctx1b = dcerpc.ctx_list()
3463 ctx1b.context_id = 1
3464 ctx1b.num_transfer_syntaxes = len(tsf1_list)
3465 ctx1b.abstract_syntax = samba.dcerpc.epmapper.abstract_syntax()
3466 ctx1b.transfer_syntaxes = tsf1_list
3468 c = self.get_anon_creds()
3469 g = gensec.Security.start_client(self.settings)
3470 g.set_credentials(c)
3471 g.want_feature(gensec.FEATURE_DCE_STYLE)
3472 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3473 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3475 g.start_mech_by_authtype(auth_type, auth_level)
3477 (finished, to_server) = g.update(from_server)
3478 self.assertFalse(finished)
3480 auth_info = self.generate_auth(auth_type=auth_type,
3481 auth_level=auth_level,
3482 auth_context_id=auth_context_id,
3483 auth_blob=to_server)
3484 req = self.generate_bind(call_id=0,
3486 auth_info=auth_info)
3488 rep = self.recv_pdu()
3489 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3490 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3491 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3492 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3493 self.assertEquals(rep.u.secondary_address_size, 4)
3494 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3495 self.assertEquals(len(rep.u._pad1), 2)
3496 #self.assertEquals(rep.u._pad1, '\0' * 2)
3497 self.assertEquals(rep.u.num_results, 1)
3498 self.assertEquals(rep.u.ctx_list[0].result,
3499 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3500 self.assertEquals(rep.u.ctx_list[0].reason,
3501 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3502 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3503 self.assertNotEquals(len(rep.u.auth_info), 0)
3504 a = self.parse_auth(rep.u.auth_info)
3506 from_server = a.credentials
3507 (finished, to_server) = g.update(from_server)
3508 self.assertFalse(finished)
3510 auth_info = self.generate_auth(auth_type=auth_type,
3511 auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
3512 auth_context_id=auth_context_id,
3513 auth_blob=to_server)
3514 req = self.generate_alter(call_id=0,
3516 assoc_group_id=rep.u.assoc_group_id,
3517 auth_info=auth_info)
3519 rep = self.recv_pdu()
3520 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3521 pfc_flags=req.pfc_flags |
3522 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3524 self.assertNotEquals(rep.u.alloc_hint, 0)
3525 self.assertEquals(rep.u.context_id, 0)
3526 self.assertEquals(rep.u.cancel_count, 0)
3527 self.assertEquals(rep.u.flags, 0)
3528 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
3529 self.assertEquals(rep.u.reserved, 0)
3530 self.assertEquals(len(rep.u.error_and_verifier), 0)
3532 # wait for a disconnect
3533 rep = self.recv_pdu()
3534 self.assertIsNone(rep)
3535 self.assertNotConnected()
3537 def test_spnego_change_transfer(self):
3538 ndr32 = base.transfer_syntax_ndr()
3539 ndr64 = base.transfer_syntax_ndr64()
3542 ctx1 = dcerpc.ctx_list()
3544 ctx1.num_transfer_syntaxes = len(tsf1_list)
3545 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3546 ctx1.transfer_syntaxes = tsf1_list
3548 tsf1b_list = [ndr32,ndr64]
3549 ctx1b = dcerpc.ctx_list()
3550 ctx1b.context_id = 1
3551 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
3552 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3553 ctx1b.transfer_syntaxes = tsf1b_list
3555 c = self.get_anon_creds()
3556 g = gensec.Security.start_client(self.settings)
3557 g.set_credentials(c)
3558 g.want_feature(gensec.FEATURE_DCE_STYLE)
3559 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3560 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3562 g.start_mech_by_authtype(auth_type, auth_level)
3564 (finished, to_server) = g.update(from_server)
3565 self.assertFalse(finished)
3567 auth_info = self.generate_auth(auth_type=auth_type,
3568 auth_level=auth_level,
3569 auth_context_id=auth_context_id,
3570 auth_blob=to_server)
3571 req = self.generate_bind(call_id=0,
3573 auth_info=auth_info)
3575 rep = self.recv_pdu()
3576 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3577 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3578 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3579 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3580 self.assertEquals(rep.u.secondary_address_size, 4)
3581 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3582 self.assertEquals(len(rep.u._pad1), 2)
3583 #self.assertEquals(rep.u._pad1, '\0' * 2)
3584 self.assertEquals(rep.u.num_results, 1)
3585 self.assertEquals(rep.u.ctx_list[0].result,
3586 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3587 self.assertEquals(rep.u.ctx_list[0].reason,
3588 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3589 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3590 self.assertNotEquals(len(rep.u.auth_info), 0)
3591 a = self.parse_auth(rep.u.auth_info)
3593 from_server = a.credentials
3594 (finished, to_server) = g.update(from_server)
3595 self.assertFalse(finished)
3597 # We change ctx_list and auth_level
3598 auth_info = self.generate_auth(auth_type=auth_type,
3599 auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
3600 auth_context_id=auth_context_id,
3601 auth_blob=to_server)
3602 req = self.generate_alter(call_id=0,
3604 assoc_group_id=rep.u.assoc_group_id,
3605 auth_info=auth_info)
3607 rep = self.recv_pdu()
3608 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3609 pfc_flags=req.pfc_flags |
3610 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3612 self.assertNotEquals(rep.u.alloc_hint, 0)
3613 self.assertEquals(rep.u.context_id, 0)
3614 self.assertEquals(rep.u.cancel_count, 0)
3615 self.assertEquals(rep.u.flags, 0)
3616 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
3617 self.assertEquals(rep.u.reserved, 0)
3618 self.assertEquals(len(rep.u.error_and_verifier), 0)
3620 # wait for a disconnect
3621 rep = self.recv_pdu()
3622 self.assertIsNone(rep)
3623 self.assertNotConnected()
3625 def test_spnego_change_auth_type1(self):
3626 ndr32 = base.transfer_syntax_ndr()
3627 ndr64 = base.transfer_syntax_ndr64()
3630 ctx1 = dcerpc.ctx_list()
3632 ctx1.num_transfer_syntaxes = len(tsf1_list)
3633 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3634 ctx1.transfer_syntaxes = tsf1_list
3636 c = self.get_anon_creds()
3637 g = gensec.Security.start_client(self.settings)
3638 g.set_credentials(c)
3639 g.want_feature(gensec.FEATURE_DCE_STYLE)
3640 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3641 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3643 g.start_mech_by_authtype(auth_type, auth_level)
3645 (finished, to_server) = g.update(from_server)
3646 self.assertFalse(finished)
3648 auth_info = self.generate_auth(auth_type=auth_type,
3649 auth_level=auth_level,
3650 auth_context_id=auth_context_id,
3651 auth_blob=to_server)
3652 req = self.generate_bind(call_id=0,
3654 auth_info=auth_info)
3656 rep = self.recv_pdu()
3657 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3658 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3659 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3660 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3661 self.assertEquals(rep.u.secondary_address_size, 4)
3662 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3663 self.assertEquals(len(rep.u._pad1), 2)
3664 #self.assertEquals(rep.u._pad1, '\0' * 2)
3665 self.assertEquals(rep.u.num_results, 1)
3666 self.assertEquals(rep.u.ctx_list[0].result,
3667 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3668 self.assertEquals(rep.u.ctx_list[0].reason,
3669 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3670 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3671 self.assertNotEquals(len(rep.u.auth_info), 0)
3672 a = self.parse_auth(rep.u.auth_info)
3674 from_server = a.credentials
3675 (finished, to_server) = g.update(from_server)
3676 self.assertFalse(finished)
3678 # We change ctx_list and auth_level
3679 auth_info = self.generate_auth(auth_type=dcerpc.DCERPC_AUTH_TYPE_KRB5,
3680 auth_level=auth_level,
3681 auth_context_id=auth_context_id,
3682 auth_blob=to_server)
3683 req = self.generate_alter(call_id=0,
3685 assoc_group_id=rep.u.assoc_group_id,
3686 auth_info=auth_info)
3688 rep = self.recv_pdu()
3689 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3690 pfc_flags=req.pfc_flags |
3691 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3693 self.assertNotEquals(rep.u.alloc_hint, 0)
3694 self.assertEquals(rep.u.context_id, 0)
3695 self.assertEquals(rep.u.cancel_count, 0)
3696 self.assertEquals(rep.u.flags, 0)
3697 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
3698 self.assertEquals(rep.u.reserved, 0)
3699 self.assertEquals(len(rep.u.error_and_verifier), 0)
3701 # wait for a disconnect
3702 rep = self.recv_pdu()
3703 self.assertIsNone(rep)
3704 self.assertNotConnected()
3706 def test_spnego_change_auth_type2(self):
3707 ndr32 = base.transfer_syntax_ndr()
3708 ndr64 = base.transfer_syntax_ndr64()
3711 ctx1 = dcerpc.ctx_list()
3713 ctx1.num_transfer_syntaxes = len(tsf1_list)
3714 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3715 ctx1.transfer_syntaxes = tsf1_list
3717 tsf1b_list = [ndr32,ndr64]
3718 ctx1b = dcerpc.ctx_list()
3719 ctx1b.context_id = 1
3720 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
3721 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3722 ctx1b.transfer_syntaxes = tsf1b_list
3724 c = self.get_anon_creds()
3725 g = gensec.Security.start_client(self.settings)
3726 g.set_credentials(c)
3727 g.want_feature(gensec.FEATURE_DCE_STYLE)
3728 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3729 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3731 g.start_mech_by_authtype(auth_type, auth_level)
3733 (finished, to_server) = g.update(from_server)
3734 self.assertFalse(finished)
3736 auth_info = self.generate_auth(auth_type=auth_type,
3737 auth_level=auth_level,
3738 auth_context_id=auth_context_id,
3739 auth_blob=to_server)
3740 req = self.generate_bind(call_id=0,
3742 auth_info=auth_info)
3744 rep = self.recv_pdu()
3745 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3746 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3747 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3748 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3749 self.assertEquals(rep.u.secondary_address_size, 4)
3750 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3751 self.assertEquals(len(rep.u._pad1), 2)
3752 #self.assertEquals(rep.u._pad1, '\0' * 2)
3753 self.assertEquals(rep.u.num_results, 1)
3754 self.assertEquals(rep.u.ctx_list[0].result,
3755 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3756 self.assertEquals(rep.u.ctx_list[0].reason,
3757 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3758 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3759 self.assertNotEquals(len(rep.u.auth_info), 0)
3760 a = self.parse_auth(rep.u.auth_info)
3762 from_server = a.credentials
3763 (finished, to_server) = g.update(from_server)
3764 self.assertFalse(finished)
3766 # We change ctx_list and auth_level
3767 auth_info = self.generate_auth(auth_type=dcerpc.DCERPC_AUTH_TYPE_KRB5,
3768 auth_level=auth_level,
3769 auth_context_id=auth_context_id,
3770 auth_blob=to_server)
3771 req = self.generate_alter(call_id=0,
3773 assoc_group_id=rep.u.assoc_group_id,
3774 auth_info=auth_info)
3776 rep = self.recv_pdu()
3777 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3778 pfc_flags=req.pfc_flags |
3779 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3781 self.assertNotEquals(rep.u.alloc_hint, 0)
3782 self.assertEquals(rep.u.context_id, 0)
3783 self.assertEquals(rep.u.cancel_count, 0)
3784 self.assertEquals(rep.u.flags, 0)
3785 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
3786 self.assertEquals(rep.u.reserved, 0)
3787 self.assertEquals(len(rep.u.error_and_verifier), 0)
3789 # wait for a disconnect
3790 rep = self.recv_pdu()
3791 self.assertIsNone(rep)
3792 self.assertNotConnected()
3794 def test_spnego_change_auth_type3(self):
3795 ndr32 = base.transfer_syntax_ndr()
3796 ndr64 = base.transfer_syntax_ndr64()
3799 ctx1 = dcerpc.ctx_list()
3801 ctx1.num_transfer_syntaxes = len(tsf1_list)
3802 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3803 ctx1.transfer_syntaxes = tsf1_list
3805 tsf1b_list = [ndr32,ndr64]
3806 ctx1b = dcerpc.ctx_list()
3807 ctx1b.context_id = 1
3808 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
3809 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3810 ctx1b.transfer_syntaxes = tsf1b_list
3812 c = self.get_anon_creds()
3813 g = gensec.Security.start_client(self.settings)
3814 g.set_credentials(c)
3815 g.want_feature(gensec.FEATURE_DCE_STYLE)
3816 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3817 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3819 g.start_mech_by_authtype(auth_type, auth_level)
3821 (finished, to_server) = g.update(from_server)
3822 self.assertFalse(finished)
3824 auth_info = self.generate_auth(auth_type=auth_type,
3825 auth_level=auth_level,
3826 auth_context_id=auth_context_id,
3827 auth_blob=to_server)
3828 req = self.generate_bind(call_id=0,
3830 auth_info=auth_info)
3832 rep = self.recv_pdu()
3833 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3834 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3835 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3836 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3837 self.assertEquals(rep.u.secondary_address_size, 4)
3838 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3839 self.assertEquals(len(rep.u._pad1), 2)
3840 #self.assertEquals(rep.u._pad1, '\0' * 2)
3841 self.assertEquals(rep.u.num_results, 1)
3842 self.assertEquals(rep.u.ctx_list[0].result,
3843 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3844 self.assertEquals(rep.u.ctx_list[0].reason,
3845 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3846 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3847 self.assertNotEquals(len(rep.u.auth_info), 0)
3848 a = self.parse_auth(rep.u.auth_info)
3850 from_server = a.credentials
3851 (finished, to_server) = g.update(from_server)
3852 self.assertFalse(finished)
3854 # We change ctx_list and auth_level
3855 auth_info = self.generate_auth(auth_type=dcerpc.DCERPC_AUTH_TYPE_NONE,
3856 auth_level=auth_level,
3857 auth_context_id=auth_context_id,
3858 auth_blob=to_server)
3859 req = self.generate_alter(call_id=0,
3861 assoc_group_id=rep.u.assoc_group_id,
3862 auth_info=auth_info)
3864 rep = self.recv_pdu()
3865 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3866 pfc_flags=req.pfc_flags |
3867 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3869 self.assertNotEquals(rep.u.alloc_hint, 0)
3870 self.assertEquals(rep.u.context_id, 0)
3871 self.assertEquals(rep.u.cancel_count, 0)
3872 self.assertEquals(rep.u.flags, 0)
3873 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
3874 self.assertEquals(rep.u.reserved, 0)
3875 self.assertEquals(len(rep.u.error_and_verifier), 0)
3877 # wait for a disconnect
3878 rep = self.recv_pdu()
3879 self.assertIsNone(rep)
3880 self.assertNotConnected()
3882 def test_spnego_auth_pad_ok(self):
3883 ndr32 = base.transfer_syntax_ndr()
3886 ctx1 = dcerpc.ctx_list()
3888 ctx1.num_transfer_syntaxes = len(tsf1_list)
3889 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3890 ctx1.transfer_syntaxes = tsf1_list
3893 c = self.get_anon_creds()
3894 g = gensec.Security.start_client(self.settings)
3895 g.set_credentials(c)
3896 g.want_feature(gensec.FEATURE_DCE_STYLE)
3897 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3898 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3900 g.start_mech_by_authtype(auth_type, auth_level)
3902 (finished, to_server) = g.update(from_server)
3903 self.assertFalse(finished)
3905 auth_info = self.generate_auth(auth_type=auth_type,
3906 auth_level=auth_level,
3907 auth_context_id=auth_context_id,
3908 auth_blob=to_server)
3910 req = self.generate_bind(call_id=0,
3912 auth_info=auth_info)
3913 req_pdu = samba.ndr.ndr_pack(req)
3915 auth_pad_ok = len(req_pdu)
3916 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
3917 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
3918 auth_pad_ok -= len(to_server)
3920 auth_info = self.generate_auth(auth_type=auth_type,
3921 auth_level=auth_level,
3922 auth_context_id=auth_context_id,
3923 auth_pad_length=auth_pad_ok,
3924 auth_blob=to_server)
3926 req = self.generate_bind(call_id=0,
3928 auth_info=auth_info)
3930 rep = self.recv_pdu()
3931 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3932 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3933 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3934 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3935 self.assertEquals(rep.u.secondary_address_size, 4)
3936 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3937 self.assertEquals(len(rep.u._pad1), 2)
3938 #self.assertEquals(rep.u._pad1, '\0' * 2)
3939 self.assertEquals(rep.u.num_results, 1)
3940 self.assertEquals(rep.u.ctx_list[0].result,
3941 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3942 self.assertEquals(rep.u.ctx_list[0].reason,
3943 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3944 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3945 self.assertNotEquals(len(rep.u.auth_info), 0)
3946 a = self.parse_auth(rep.u.auth_info)
3948 from_server = a.credentials
3949 (finished, to_server) = g.update(from_server)
3950 self.assertFalse(finished)
3952 auth_info = self.generate_auth(auth_type=auth_type,
3953 auth_level=auth_level,
3954 auth_context_id=auth_context_id,
3955 auth_blob=to_server)
3956 req = self.generate_alter(call_id=0,
3958 assoc_group_id=rep.u.assoc_group_id,
3959 auth_info=auth_info)
3960 req_pdu = samba.ndr.ndr_pack(req)
3962 auth_pad_ok = len(req_pdu)
3963 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
3964 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
3965 auth_pad_ok -= len(to_server)
3966 auth_info = self.generate_auth(auth_type=auth_type,
3967 auth_level=auth_level,
3968 auth_context_id=auth_context_id,
3969 auth_pad_length=auth_pad_ok,
3970 auth_blob=to_server)
3971 req = self.generate_alter(call_id=0,
3973 assoc_group_id=rep.u.assoc_group_id,
3974 auth_info=auth_info)
3976 rep = self.recv_pdu()
3977 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
3978 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3979 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3980 self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3981 self.assertEquals(rep.u.secondary_address_size, 0)
3982 self.assertEquals(len(rep.u._pad1), 2)
3983 # Windows sends garbage
3984 #self.assertEquals(rep.u._pad1, '\0' * 2)
3985 self.assertEquals(rep.u.num_results, 1)
3986 self.assertEquals(rep.u.ctx_list[0].result,
3987 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3988 self.assertEquals(rep.u.ctx_list[0].reason,
3989 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3990 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3991 self.assertNotEquals(len(rep.u.auth_info), 0)
3992 a = self.parse_auth(rep.u.auth_info)
3994 from_server = a.credentials
3995 (finished, to_server) = g.update(from_server)
3996 self.assertTrue(finished)
3998 # And now try a request without auth_info
3999 req = self.generate_request(call_id = 2,
4000 context_id=ctx1.context_id,
4004 rep = self.recv_pdu()
4005 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4007 self.assertNotEquals(rep.u.alloc_hint, 0)
4008 self.assertEquals(rep.u.context_id, req.u.context_id)
4009 self.assertEquals(rep.u.cancel_count, 0)
4010 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4012 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
4013 auth_info = self.generate_auth(auth_type=auth_type,
4014 auth_level=auth_level,
4015 auth_context_id=auth_context_id,
4016 auth_blob="\x01"+"\x00"*15)
4017 req = self.generate_request(call_id = 3,
4018 context_id=ctx1.context_id,
4021 auth_info=auth_info)
4023 rep = self.recv_pdu()
4024 # We don't get an auth_info back
4025 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4027 self.assertNotEquals(rep.u.alloc_hint, 0)
4028 self.assertEquals(rep.u.context_id, req.u.context_id)
4029 self.assertEquals(rep.u.cancel_count, 0)
4030 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4032 self._disconnect("disconnect")
4033 self.assertNotConnected()
4035 def test_spnego_auth_pad_fail_bind(self):
4036 ndr32 = base.transfer_syntax_ndr()
4039 ctx1 = dcerpc.ctx_list()
4041 ctx1.num_transfer_syntaxes = len(tsf1_list)
4042 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4043 ctx1.transfer_syntaxes = tsf1_list
4046 c = self.get_anon_creds()
4047 g = gensec.Security.start_client(self.settings)
4048 g.set_credentials(c)
4049 g.want_feature(gensec.FEATURE_DCE_STYLE)
4050 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
4051 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
4053 g.start_mech_by_authtype(auth_type, auth_level)
4055 (finished, to_server) = g.update(from_server)
4056 self.assertFalse(finished)
4058 auth_info = self.generate_auth(auth_type=auth_type,
4059 auth_level=auth_level,
4060 auth_context_id=auth_context_id,
4061 auth_blob=to_server)
4063 req = self.generate_bind(call_id=0,
4065 auth_info=auth_info)
4066 req_pdu = samba.ndr.ndr_pack(req)
4068 auth_pad_ok = len(req_pdu)
4069 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
4070 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4071 auth_pad_ok -= len(to_server)
4072 auth_pad_bad = auth_pad_ok + 1
4073 auth_info = self.generate_auth(auth_type=auth_type,
4074 auth_level=auth_level,
4075 auth_context_id=auth_context_id,
4076 auth_pad_length=auth_pad_bad,
4077 auth_blob=to_server)
4079 req = self.generate_bind(call_id=0,
4081 auth_info=auth_info)
4083 rep = self.recv_pdu()
4084 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
4086 self.assertEquals(rep.u.reject_reason,
4087 dcerpc.DCERPC_BIND_NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED)
4088 self.assertEquals(rep.u.num_versions, 1)
4089 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
4090 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
4091 self.assertEquals(len(rep.u._pad), 3)
4092 self.assertEquals(rep.u._pad, '\0' * 3)
4094 # wait for a disconnect
4095 rep = self.recv_pdu()
4096 self.assertIsNone(rep)
4097 self.assertNotConnected()
4099 def test_spnego_auth_pad_fail_alter(self):
4100 ndr32 = base.transfer_syntax_ndr()
4103 ctx1 = dcerpc.ctx_list()
4105 ctx1.num_transfer_syntaxes = len(tsf1_list)
4106 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4107 ctx1.transfer_syntaxes = tsf1_list
4110 c = self.get_anon_creds()
4111 g = gensec.Security.start_client(self.settings)
4112 g.set_credentials(c)
4113 g.want_feature(gensec.FEATURE_DCE_STYLE)
4114 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
4115 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
4117 g.start_mech_by_authtype(auth_type, auth_level)
4119 (finished, to_server) = g.update(from_server)
4120 self.assertFalse(finished)
4122 auth_info = self.generate_auth(auth_type=auth_type,
4123 auth_level=auth_level,
4124 auth_context_id=auth_context_id,
4125 auth_blob=to_server)
4127 req = self.generate_bind(call_id=0,
4129 auth_info=auth_info)
4130 req_pdu = samba.ndr.ndr_pack(req)
4132 auth_pad_ok = len(req_pdu)
4133 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
4134 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4135 auth_pad_ok -= len(to_server)
4137 auth_info = self.generate_auth(auth_type=auth_type,
4138 auth_level=auth_level,
4139 auth_context_id=auth_context_id,
4140 auth_pad_length=auth_pad_ok,
4141 auth_blob=to_server)
4143 req = self.generate_bind(call_id=0,
4145 auth_info=auth_info)
4147 rep = self.recv_pdu()
4148 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
4149 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
4150 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
4151 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
4152 self.assertEquals(rep.u.secondary_address_size, 4)
4153 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
4154 self.assertEquals(len(rep.u._pad1), 2)
4155 #self.assertEquals(rep.u._pad1, '\0' * 2)
4156 self.assertEquals(rep.u.num_results, 1)
4157 self.assertEquals(rep.u.ctx_list[0].result,
4158 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
4159 self.assertEquals(rep.u.ctx_list[0].reason,
4160 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
4161 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
4162 self.assertNotEquals(len(rep.u.auth_info), 0)
4163 a = self.parse_auth(rep.u.auth_info)
4165 from_server = a.credentials
4166 (finished, to_server) = g.update(from_server)
4167 self.assertFalse(finished)
4169 auth_info = self.generate_auth(auth_type=auth_type,
4170 auth_level=auth_level,
4171 auth_context_id=auth_context_id,
4172 auth_blob=to_server)
4173 req = self.generate_alter(call_id=0,
4175 assoc_group_id=rep.u.assoc_group_id,
4176 auth_info=auth_info)
4177 req_pdu = samba.ndr.ndr_pack(req)
4179 auth_pad_ok = len(req_pdu)
4180 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
4181 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4182 auth_pad_ok -= len(to_server)
4183 auth_pad_bad = auth_pad_ok + 1
4184 auth_info = self.generate_auth(auth_type=auth_type,
4185 auth_level=auth_level,
4186 auth_context_id=auth_context_id,
4187 auth_pad_length=auth_pad_bad,
4188 auth_blob=to_server)
4189 req = self.generate_alter(call_id=0,
4191 assoc_group_id=rep.u.assoc_group_id,
4192 auth_info=auth_info)
4194 rep = self.recv_pdu()
4195 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
4196 pfc_flags=req.pfc_flags |
4197 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
4199 self.assertNotEquals(rep.u.alloc_hint, 0)
4200 self.assertEquals(rep.u.context_id, 0)
4201 self.assertEquals(rep.u.cancel_count, 0)
4202 self.assertEquals(rep.u.flags, 0)
4203 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
4204 self.assertEquals(rep.u.reserved, 0)
4205 self.assertEquals(len(rep.u.error_and_verifier), 0)
4207 # wait for a disconnect
4208 rep = self.recv_pdu()
4209 self.assertIsNone(rep)
4210 self.assertNotConnected()
4212 def test_ntlmssp_auth_pad_ok(self):
4213 ndr32 = base.transfer_syntax_ndr()
4216 ctx1 = dcerpc.ctx_list()
4218 ctx1.num_transfer_syntaxes = len(tsf1_list)
4219 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4220 ctx1.transfer_syntaxes = tsf1_list
4223 c = self.get_anon_creds()
4224 g = gensec.Security.start_client(self.settings)
4225 g.set_credentials(c)
4226 g.want_feature(gensec.FEATURE_DCE_STYLE)
4227 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
4228 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
4230 g.start_mech_by_authtype(auth_type, auth_level)
4232 (finished, to_server) = g.update(from_server)
4233 self.assertFalse(finished)
4235 auth_info = self.generate_auth(auth_type=auth_type,
4236 auth_level=auth_level,
4237 auth_context_id=auth_context_id,
4238 auth_blob=to_server)
4240 req = self.generate_bind(call_id=0,
4242 auth_info=auth_info)
4243 req_pdu = samba.ndr.ndr_pack(req)
4245 auth_pad_ok = len(req_pdu)
4246 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
4247 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4248 auth_pad_ok -= len(to_server)
4250 auth_info = self.generate_auth(auth_type=auth_type,
4251 auth_level=auth_level,
4252 auth_context_id=auth_context_id,
4253 auth_pad_length=auth_pad_ok,
4254 auth_blob=to_server)
4256 req = self.generate_bind(call_id=0,
4258 auth_info=auth_info)
4260 rep = self.recv_pdu()
4261 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
4262 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
4263 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
4264 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
4265 self.assertEquals(rep.u.secondary_address_size, 4)
4266 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
4267 self.assertEquals(len(rep.u._pad1), 2)
4268 #self.assertEquals(rep.u._pad1, '\0' * 2)
4269 self.assertEquals(rep.u.num_results, 1)
4270 self.assertEquals(rep.u.ctx_list[0].result,
4271 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
4272 self.assertEquals(rep.u.ctx_list[0].reason,
4273 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
4274 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
4275 self.assertNotEquals(len(rep.u.auth_info), 0)
4276 a = self.parse_auth(rep.u.auth_info)
4278 from_server = a.credentials
4279 (finished, to_server) = g.update(from_server)
4280 self.assertTrue(finished)
4283 auth_info = self.generate_auth(auth_type=auth_type,
4284 auth_level=auth_level,
4285 auth_context_id=auth_context_id,
4286 auth_pad_length=auth_pad_ok,
4287 auth_blob=to_server)
4288 req = self.generate_auth3(call_id=0,
4289 auth_info=auth_info)
4291 self.assertIsConnected()
4293 # And now try a request without auth_info
4294 req = self.generate_request(call_id = 2,
4295 context_id=ctx1.context_id,
4299 rep = self.recv_pdu()
4300 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4302 self.assertNotEquals(rep.u.alloc_hint, 0)
4303 self.assertEquals(rep.u.context_id, req.u.context_id)
4304 self.assertEquals(rep.u.cancel_count, 0)
4305 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4307 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
4308 auth_info = self.generate_auth(auth_type=auth_type,
4309 auth_level=auth_level,
4310 auth_context_id=auth_context_id,
4311 auth_blob="\x01"+"\x00"*15)
4312 req = self.generate_request(call_id = 3,
4313 context_id=ctx1.context_id,
4316 auth_info=auth_info)
4318 rep = self.recv_pdu()
4319 # We don't get an auth_info back
4320 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4322 self.assertNotEquals(rep.u.alloc_hint, 0)
4323 self.assertEquals(rep.u.context_id, req.u.context_id)
4324 self.assertEquals(rep.u.cancel_count, 0)
4325 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4327 self._disconnect("disconnect")
4328 self.assertNotConnected()
4330 def test_ntlmssp_auth_pad_fail_auth3(self):
4331 ndr32 = base.transfer_syntax_ndr()
4334 ctx1 = dcerpc.ctx_list()
4336 ctx1.num_transfer_syntaxes = len(tsf1_list)
4337 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4338 ctx1.transfer_syntaxes = tsf1_list
4341 c = self.get_anon_creds()
4342 g = gensec.Security.start_client(self.settings)
4343 g.set_credentials(c)
4344 g.want_feature(gensec.FEATURE_DCE_STYLE)
4345 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
4346 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
4348 g.start_mech_by_authtype(auth_type, auth_level)
4350 (finished, to_server) = g.update(from_server)
4351 self.assertFalse(finished)
4353 auth_info = self.generate_auth(auth_type=auth_type,
4354 auth_level=auth_level,
4355 auth_context_id=auth_context_id,
4356 auth_blob=to_server)
4358 req = self.generate_bind(call_id=0,
4360 auth_info=auth_info)
4361 req_pdu = samba.ndr.ndr_pack(req)
4363 auth_pad_ok = len(req_pdu)
4364 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
4365 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4366 auth_pad_ok -= len(to_server)
4368 auth_info = self.generate_auth(auth_type=auth_type,
4369 auth_level=auth_level,
4370 auth_context_id=auth_context_id,
4371 auth_pad_length=auth_pad_ok,
4372 auth_blob=to_server)
4374 req = self.generate_bind(call_id=0,
4376 auth_info=auth_info)
4378 rep = self.recv_pdu()
4379 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
4380 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
4381 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
4382 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
4383 self.assertEquals(rep.u.secondary_address_size, 4)
4384 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
4385 self.assertEquals(len(rep.u._pad1), 2)
4386 #self.assertEquals(rep.u._pad1, '\0' * 2)
4387 self.assertEquals(rep.u.num_results, 1)
4388 self.assertEquals(rep.u.ctx_list[0].result,
4389 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
4390 self.assertEquals(rep.u.ctx_list[0].reason,
4391 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
4392 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
4393 self.assertNotEquals(len(rep.u.auth_info), 0)
4394 a = self.parse_auth(rep.u.auth_info)
4396 from_server = a.credentials
4397 (finished, to_server) = g.update(from_server)
4398 self.assertTrue(finished)
4401 auth_info = self.generate_auth(auth_type=auth_type,
4402 auth_level=auth_level,
4403 auth_context_id=auth_context_id,
4404 auth_pad_length=auth_pad_bad,
4405 auth_blob=to_server)
4406 req = self.generate_auth3(call_id=0,
4407 auth_info=auth_info)
4409 rep = self.recv_pdu()
4410 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
4411 pfc_flags=req.pfc_flags |
4412 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
4414 self.assertNotEquals(rep.u.alloc_hint, 0)
4415 self.assertEquals(rep.u.context_id, 0)
4416 self.assertEquals(rep.u.cancel_count, 0)
4417 self.assertEquals(rep.u.flags, 0)
4418 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_FAULT_REMOTE_NO_MEMORY)
4419 self.assertEquals(rep.u.reserved, 0)
4420 self.assertEquals(len(rep.u.error_and_verifier), 0)
4422 # wait for a disconnect
4423 rep = self.recv_pdu()
4424 self.assertIsNone(rep)
4425 self.assertNotConnected()
4427 def _test_spnego_bind_auth_level(self, auth_level, auth_context_id, ctx,
4428 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4430 creds = self.get_user_creds()
4431 auth_context = self.get_auth_context_creds(creds=creds,
4432 auth_type=dcerpc.DCERPC_AUTH_TYPE_SPNEGO,
4433 auth_level=auth_level,
4434 auth_context_id=auth_context_id,
4435 g_auth_level=g_auth_level)
4436 if auth_context is None:
4438 ack = self.do_generic_bind(ctx=ctx,
4439 auth_context=auth_context,
4440 alter_fault=alter_fault)
4443 return auth_context["gensec"]
4445 def _test_spnego_level_bind_nak(self, auth_level,
4446 reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_CHECKSUM):
4447 c = self.get_user_creds()
4448 return self._test_auth_type_level_bind_nak(auth_type=dcerpc.DCERPC_AUTH_TYPE_SPNEGO,
4449 auth_level=auth_level, creds=c, reason=reason)
4451 def _test_spnego_level_bind(self, auth_level,
4452 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4455 response_fault_flags=0):
4456 ndr32 = base.transfer_syntax_ndr()
4459 ctx1 = dcerpc.ctx_list()
4460 ctx1.context_id = 0x1001
4461 ctx1.num_transfer_syntaxes = len(tsf1_list)
4462 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4463 ctx1.transfer_syntaxes = tsf1_list
4465 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
4468 g = self._test_spnego_bind_auth_level(auth_level=auth_level,
4469 auth_context_id=auth_context_id,
4471 g_auth_level=g_auth_level,
4472 alter_fault=alter_fault)
4474 if request_fault is None:
4477 self.assertIsNotNone(g)
4479 stub_bin = '\x00' * 17
4480 mod_len = len(stub_bin) % dcerpc.DCERPC_AUTH_PAD_ALIGNMENT
4483 auth_pad_length = dcerpc.DCERPC_AUTH_PAD_ALIGNMENT - mod_len
4484 stub_bin += '\x00' * auth_pad_length
4486 if g_auth_level >= dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY:
4487 sig_size = g.sig_size(len(stub_bin))
4490 zero_sig = "\x00"*sig_size
4492 auth_info = self.generate_auth(auth_type=auth_type,
4493 auth_level=auth_level,
4494 auth_pad_length=auth_pad_length,
4495 auth_context_id=auth_context_id,
4497 req = self.generate_request(call_id = 4,
4498 context_id=ctx1.context_id,
4501 auth_info=auth_info)
4502 if g_auth_level >= dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY:
4503 req_blob = samba.ndr.ndr_pack(req)
4504 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4505 ofs_sig = len(req_blob) - req.auth_length
4506 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4507 req_data = req_blob[ofs_stub:ofs_trailer]
4508 req_whole = req_blob[0:ofs_sig]
4509 sig = g.sign_packet(req_data, req_whole)
4510 auth_info = self.generate_auth(auth_type=auth_type,
4511 auth_level=auth_level,
4512 auth_pad_length=auth_pad_length,
4513 auth_context_id=auth_context_id,
4515 req = self.generate_request(call_id = 4,
4516 context_id=ctx1.context_id,
4519 auth_info=auth_info)
4521 rep = self.recv_pdu()
4522 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
4523 pfc_flags=req.pfc_flags | response_fault_flags,
4525 self.assertNotEquals(rep.u.alloc_hint, 0)
4526 self.assertEquals(rep.u.context_id, ctx1.context_id)
4527 self.assertEquals(rep.u.cancel_count, 0)
4528 self.assertEquals(rep.u.flags, 0)
4529 self.assertEquals(rep.u.status, request_fault)
4530 self.assertEquals(rep.u.reserved, 0)
4531 self.assertEquals(len(rep.u.error_and_verifier), 0)
4533 if response_fault_flags & dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE:
4536 # wait for a disconnect
4537 rep = self.recv_pdu()
4538 self.assertIsNone(rep)
4539 self.assertNotConnected()
4541 def test_spnego_none_bind(self):
4542 return self._test_spnego_level_bind_nak(dcerpc.DCERPC_AUTH_LEVEL_NONE,
4543 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
4545 def test_spnego_call_bind(self):
4546 return self._test_spnego_level_bind_nak(dcerpc.DCERPC_AUTH_LEVEL_CALL,
4547 reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_CHECKSUM)
4549 def test_spnego_0_bind(self):
4550 return self._test_spnego_level_bind_nak(0,
4551 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
4553 def test_spnego_7_bind(self):
4554 return self._test_spnego_level_bind_nak(7,
4555 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
4557 def test_spnego_255_bind(self):
4558 return self._test_spnego_level_bind_nak(255,
4559 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
4561 def test_spnego_connect_bind_none(self):
4562 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
4563 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT)
4565 def test_spnego_connect_bind_sign(self):
4566 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
4567 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
4569 def test_spnego_connect_bind_seal(self):
4570 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
4571 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY)
4573 def test_spnego_packet_bind_none(self):
4574 # DCERPC_AUTH_LEVEL_PACKET is handled as alias of
4575 # DCERPC_AUTH_LEVEL_INTEGRITY
4576 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PACKET,
4577 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
4578 request_fault=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
4580 def test_spnego_packet_bind_sign(self):
4581 # DCERPC_AUTH_LEVEL_PACKET is handled as alias of
4582 # DCERPC_AUTH_LEVEL_INTEGRITY
4583 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PACKET,
4584 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4585 request_fault=dcerpc.DCERPC_NCA_S_OP_RNG_ERROR,
4586 response_fault_flags=dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE)
4588 def test_spnego_packet_bind_sign(self):
4589 # DCERPC_AUTH_LEVEL_PACKET is handled as alias of
4590 # DCERPC_AUTH_LEVEL_INTEGRITY
4591 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PACKET,
4592 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
4593 request_fault=dcerpc.DCERPC_NCA_S_OP_RNG_ERROR,
4594 response_fault_flags=dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE)
4596 def test_spnego_integrity_bind_none(self):
4597 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4598 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
4599 request_fault=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
4601 def test_spnego_integrity_bind_sign(self):
4602 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4603 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4604 request_fault=dcerpc.DCERPC_NCA_S_OP_RNG_ERROR,
4605 response_fault_flags=dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE)
4607 def test_spnego_integrity_bind_seal(self):
4608 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4609 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
4610 request_fault=dcerpc.DCERPC_NCA_S_OP_RNG_ERROR,
4611 response_fault_flags=dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE)
4613 def test_spnego_privacy_bind_none(self):
4615 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
4616 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
4617 alter_fault=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
4619 def test_spnego_privacy_bind_sign(self):
4621 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
4622 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4623 alter_fault=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
4625 def test_spnego_privacy_bind_seal(self):
4626 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
4627 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY)
4631 def _test_spnego_signing_auth_level_request(self, auth_level):
4632 ndr32 = base.transfer_syntax_ndr()
4635 ctx1 = dcerpc.ctx_list()
4636 ctx1.context_id = 0x1001
4637 ctx1.num_transfer_syntaxes = len(tsf1_list)
4638 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4639 ctx1.transfer_syntaxes = tsf1_list
4642 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
4645 g = self._test_spnego_bind_auth_level(auth_level=auth_level,
4646 auth_context_id=auth_context_id,
4649 stub_bin = '\x00' * 0
4650 mod_len = len(stub_bin) % dcerpc.DCERPC_AUTH_PAD_ALIGNMENT
4653 auth_pad_length = dcerpc.DCERPC_AUTH_PAD_ALIGNMENT - mod_len
4654 stub_bin += '\x00' * auth_pad_length
4656 sig_size = g.sig_size(len(stub_bin))
4657 zero_sig = "\x00"*sig_size
4659 auth_info = self.generate_auth(auth_type=auth_type,
4660 auth_level=auth_level,
4661 auth_pad_length=auth_pad_length,
4662 auth_context_id=auth_context_id,
4664 req = self.generate_request(call_id = 3,
4665 context_id=ctx1.context_id,
4668 auth_info=auth_info)
4669 req_blob = samba.ndr.ndr_pack(req)
4670 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4671 ofs_sig = len(req_blob) - req.auth_length
4672 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4673 req_data = req_blob[ofs_stub:ofs_trailer]
4674 req_whole = req_blob[0:ofs_sig]
4675 sig = g.sign_packet(req_data, req_whole)
4676 auth_info = self.generate_auth(auth_type=auth_type,
4677 auth_level=auth_level,
4678 auth_pad_length=auth_pad_length,
4679 auth_context_id=auth_context_id,
4681 req = self.generate_request(call_id = 3,
4682 context_id=ctx1.context_id,
4685 auth_info=auth_info)
4687 (rep, rep_blob) = self.recv_pdu_raw()
4688 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4689 auth_length=sig_size)
4690 self.assertNotEquals(rep.u.alloc_hint, 0)
4691 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
4692 self.assertEquals(rep.u.cancel_count, 0)
4693 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4694 self.assertEquals(rep.auth_length, sig_size)
4696 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4697 ofs_sig = rep.frag_length - rep.auth_length
4698 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4699 rep_data = rep_blob[ofs_stub:ofs_trailer]
4700 rep_whole = rep_blob[0:ofs_sig]
4701 rep_sig = rep_blob[ofs_sig:]
4702 rep_auth_info_blob = rep_blob[ofs_trailer:]
4704 rep_auth_info = self.parse_auth(rep_auth_info_blob)
4705 self.assertEquals(rep_auth_info.auth_type, auth_type)
4706 self.assertEquals(rep_auth_info.auth_level, auth_level)
4707 # mgmt_inq_if_ids() returns no fixed size results
4708 #self.assertEquals(rep_auth_info.auth_pad_length, 0)
4709 self.assertEquals(rep_auth_info.auth_reserved, 0)
4710 self.assertEquals(rep_auth_info.auth_context_id, auth_context_id)
4711 self.assertEquals(rep_auth_info.credentials, rep_sig)
4713 g.check_packet(rep_data, rep_whole, rep_sig)
4715 stub_bin = '\x00' * 17
4716 mod_len = len(stub_bin) % dcerpc.DCERPC_AUTH_PAD_ALIGNMENT
4719 auth_pad_length = dcerpc.DCERPC_AUTH_PAD_ALIGNMENT - mod_len
4720 stub_bin += '\x00' * auth_pad_length
4722 sig_size = g.sig_size(len(stub_bin))
4723 zero_sig = "\x00"*sig_size
4725 auth_info = self.generate_auth(auth_type=auth_type,
4726 auth_level=auth_level,
4727 auth_pad_length=auth_pad_length,
4728 auth_context_id=auth_context_id,
4730 req = self.generate_request(call_id = 4,
4731 context_id=ctx1.context_id,
4734 auth_info=auth_info)
4735 req_blob = samba.ndr.ndr_pack(req)
4736 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4737 ofs_sig = len(req_blob) - req.auth_length
4738 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4739 req_data = req_blob[ofs_stub:ofs_trailer]
4740 req_whole = req_blob[0:ofs_sig]
4741 sig = g.sign_packet(req_data, req_whole)
4742 auth_info = self.generate_auth(auth_type=auth_type,
4743 auth_level=auth_level,
4744 auth_pad_length=auth_pad_length,
4745 auth_context_id=auth_context_id,
4747 req = self.generate_request(call_id = 4,
4748 context_id=ctx1.context_id,
4751 auth_info=auth_info)
4753 rep = self.recv_pdu()
4754 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
4755 pfc_flags=req.pfc_flags |
4756 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
4758 self.assertNotEquals(rep.u.alloc_hint, 0)
4759 self.assertEquals(rep.u.context_id, ctx1.context_id)
4760 self.assertEquals(rep.u.cancel_count, 0)
4761 self.assertEquals(rep.u.flags, 0)
4762 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_OP_RNG_ERROR)
4763 self.assertEquals(rep.u.reserved, 0)
4764 self.assertEquals(len(rep.u.error_and_verifier), 0)
4766 stub_bin = '\x00' * 8
4767 mod_len = len(stub_bin) % dcerpc.DCERPC_AUTH_PAD_ALIGNMENT
4770 auth_pad_length = dcerpc.DCERPC_AUTH_PAD_ALIGNMENT - mod_len
4771 stub_bin += '\x00' * auth_pad_length
4773 sig_size = g.sig_size(len(stub_bin))
4774 zero_sig = "\x00"*sig_size
4776 auth_info = self.generate_auth(auth_type=auth_type,
4777 auth_level=auth_level,
4778 auth_pad_length=auth_pad_length,
4779 auth_context_id=auth_context_id,
4781 req = self.generate_request(call_id = 5,
4782 context_id=ctx1.context_id,
4785 auth_info=auth_info)
4786 req_blob = samba.ndr.ndr_pack(req)
4787 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4788 ofs_sig = len(req_blob) - req.auth_length
4789 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4790 req_data = req_blob[ofs_stub:ofs_trailer]
4791 req_whole = req_blob[0:ofs_sig]
4792 sig = g.sign_packet(req_data, req_whole)
4793 auth_info = self.generate_auth(auth_type=auth_type,
4794 auth_level=auth_level,
4795 auth_pad_length=auth_pad_length,
4796 auth_context_id=auth_context_id,
4798 req = self.generate_request(call_id = 5,
4799 context_id=ctx1.context_id,
4802 auth_info=auth_info)
4804 (rep, rep_blob) = self.recv_pdu_raw()
4805 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4806 auth_length=sig_size)
4807 self.assertNotEquals(rep.u.alloc_hint, 0)
4808 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
4809 self.assertEquals(rep.u.cancel_count, 0)
4810 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4811 self.assertEquals(rep.auth_length, sig_size)
4813 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4814 ofs_sig = rep.frag_length - rep.auth_length
4815 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4816 rep_data = rep_blob[ofs_stub:ofs_trailer]
4817 rep_whole = rep_blob[0:ofs_sig]
4818 rep_sig = rep_blob[ofs_sig:]
4819 rep_auth_info_blob = rep_blob[ofs_trailer:]
4821 rep_auth_info = self.parse_auth(rep_auth_info_blob)
4822 self.assertEquals(rep_auth_info.auth_type, auth_type)
4823 self.assertEquals(rep_auth_info.auth_level, auth_level)
4824 self.assertEquals(rep_auth_info.auth_pad_length, 4)
4825 self.assertEquals(rep_auth_info.auth_reserved, 0)
4826 self.assertEquals(rep_auth_info.auth_context_id, auth_context_id)
4827 self.assertEquals(rep_auth_info.credentials, rep_sig)
4829 g.check_packet(rep_data, rep_whole, rep_sig)
4831 stub_bin = '\x00' * 8
4832 mod_len = len(stub_bin) % dcerpc.DCERPC_AUTH_PAD_ALIGNMENT
4835 auth_pad_length = dcerpc.DCERPC_AUTH_PAD_ALIGNMENT - mod_len
4836 stub_bin += '\x00' * auth_pad_length
4838 sig_size = g.sig_size(len(stub_bin))
4839 zero_sig = "\x00"*sig_size
4841 auth_info = self.generate_auth(auth_type=auth_type,
4842 auth_level=auth_level,
4843 auth_pad_length=auth_pad_length,
4844 auth_context_id=auth_context_id,
4846 req = self.generate_request(call_id = 6,
4847 context_id=ctx1.context_id,
4850 auth_info=auth_info)
4851 req_blob = samba.ndr.ndr_pack(req)
4852 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4853 ofs_sig = len(req_blob) - req.auth_length
4854 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4855 req_data = req_blob[ofs_stub:ofs_trailer]
4856 req_whole = req_blob[0:ofs_sig]
4857 sig = g.sign_packet(req_data, req_whole)
4858 auth_info = self.generate_auth(auth_type=auth_type,
4859 auth_level=auth_level,
4860 auth_pad_length=auth_pad_length,
4861 auth_context_id=auth_context_id,
4863 req = self.generate_request(call_id = 6,
4864 context_id=ctx1.context_id,
4867 auth_info=auth_info)
4869 (rep, rep_blob) = self.recv_pdu_raw()
4870 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4871 auth_length=sig_size)
4872 self.assertNotEquals(rep.u.alloc_hint, 0)
4873 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
4874 self.assertEquals(rep.u.cancel_count, 0)
4875 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4876 self.assertEquals(rep.auth_length, sig_size)
4878 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4879 ofs_sig = rep.frag_length - rep.auth_length
4880 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4881 rep_data = rep_blob[ofs_stub:ofs_trailer]
4882 rep_whole = rep_blob[0:ofs_sig]
4883 rep_sig = rep_blob[ofs_sig:]
4884 rep_auth_info_blob = rep_blob[ofs_trailer:]
4886 rep_auth_info = self.parse_auth(rep_auth_info_blob)
4887 self.assertEquals(rep_auth_info.auth_type, auth_type)
4888 self.assertEquals(rep_auth_info.auth_level, auth_level)
4889 self.assertEquals(rep_auth_info.auth_pad_length, 12)
4890 self.assertEquals(rep_auth_info.auth_reserved, 0)
4891 self.assertEquals(rep_auth_info.auth_context_id, auth_context_id)
4892 self.assertEquals(rep_auth_info.credentials, rep_sig)
4894 g.check_packet(rep_data, rep_whole, rep_sig)
4896 def test_spnego_signing_packet(self):
4897 # DCERPC_AUTH_LEVEL_PACKET is handled as alias of
4898 # DCERPC_AUTH_LEVEL_INTEGRITY
4899 return self._test_spnego_signing_auth_level_request(dcerpc.DCERPC_AUTH_LEVEL_PACKET)
4901 def test_spnego_signing_integrity(self):
4902 return self._test_spnego_signing_auth_level_request(dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
4905 def test_assoc_group_fail1(self):
4906 abstract = samba.dcerpc.mgmt.abstract_syntax()
4907 transfer = base.transfer_syntax_ndr()
4909 tsf1_list = [transfer]
4910 ctx = samba.dcerpc.dcerpc.ctx_list()
4912 ctx.num_transfer_syntaxes = len(tsf1_list)
4913 ctx.abstract_syntax = abstract
4914 ctx.transfer_syntaxes = tsf1_list
4916 ack = self.do_generic_bind(ctx=ctx, assoc_group_id=1,
4917 nak_reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
4920 def test_assoc_group_fail2(self):
4921 abstract = samba.dcerpc.mgmt.abstract_syntax()
4922 transfer = base.transfer_syntax_ndr()
4924 tsf1_list = [transfer]
4925 ctx = samba.dcerpc.dcerpc.ctx_list()
4927 ctx.num_transfer_syntaxes = len(tsf1_list)
4928 ctx.abstract_syntax = abstract
4929 ctx.transfer_syntaxes = tsf1_list
4931 ack = self.do_generic_bind(ctx=ctx)
4933 self._disconnect("test_assoc_group_fail2")
4934 self.assertNotConnected()
4938 ack2 = self.do_generic_bind(ctx=ctx,assoc_group_id=ack.u.assoc_group_id,
4939 nak_reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
4942 def test_assoc_group_diff1(self):
4943 abstract = samba.dcerpc.mgmt.abstract_syntax()
4944 transfer = base.transfer_syntax_ndr()
4946 (ctx1, ack1) = self.prepare_presentation(abstract, transfer,
4947 context_id=1, return_ack=True)
4949 conn2 = self.second_connection()
4950 (ctx2, ack2) = conn2.prepare_presentation(abstract, transfer,
4951 context_id=2, return_ack=True)
4952 self.assertNotEqual(ack2.u.assoc_group_id, ack1.u.assoc_group_id)
4956 def test_assoc_group_ok1(self):
4957 abstract = samba.dcerpc.mgmt.abstract_syntax()
4958 transfer = base.transfer_syntax_ndr()
4960 (ctx1, ack1) = self.prepare_presentation(abstract, transfer,
4961 context_id=1, return_ack=True)
4963 conn2 = self.second_connection()
4964 (ctx2, ack2) = conn2.prepare_presentation(abstract, transfer,
4965 assoc_group_id=ack1.u.assoc_group_id,
4966 context_id=2, return_ack=True)
4968 inq_if_ids = samba.dcerpc.mgmt.inq_if_ids()
4969 self.do_single_request(call_id = 1, ctx=ctx1, io=inq_if_ids)
4970 conn2.do_single_request(call_id = 1, ctx=ctx2, io=inq_if_ids)
4972 conn2.do_single_request(call_id = 1, ctx=ctx1, io=inq_if_ids,
4973 fault_pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST |
4974 samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST |
4975 samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
4976 fault_status=dcerpc.DCERPC_NCA_S_UNKNOWN_IF,
4979 self.do_single_request(call_id = 1, ctx=ctx1, io=inq_if_ids)
4980 conn2.do_single_request(call_id = 1, ctx=ctx2, io=inq_if_ids)
4983 if __name__ == "__main__":
4984 global_ndr_print = True
4985 global_hexdump = True