2 # Unix SMB/CIFS implementation.
3 # Copyright (C) Stefan Metzmacher 2014,2015
5 # This program is free software; you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 3 of the License, or
8 # (at your option) any later version.
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
15 # You should have received a copy of the GNU General Public License
16 # along with this program. If not, see <http://www.gnu.org/licenses/>.
23 sys.path.insert(0, "bin/python")
24 os.environ["PYTHONUNBUFFERED"] = "1"
26 import samba.dcerpc.dcerpc as dcerpc
27 import samba.dcerpc.base as base
28 import samba.dcerpc.misc as misc
29 import samba.dcerpc.epmapper
30 import samba.dcerpc.mgmt
31 import samba.dcerpc.netlogon
33 from samba import gensec
34 from samba.tests.dcerpc.raw_testcase import RawDCERPCTest
36 global_ndr_print = False
37 global_hexdump = False
40 class TestDCERPC_BIND(RawDCERPCTest):
43 super(TestDCERPC_BIND, self).setUp()
44 self.do_ndr_print = global_ndr_print
45 self.do_hexdump = global_hexdump
47 def _test_no_auth_request_bind_pfc_flags(self, req_pfc_flags, rep_pfc_flags):
48 ndr32 = base.transfer_syntax_ndr()
51 ctx1 = dcerpc.ctx_list()
53 ctx1.num_transfer_syntaxes = len(tsf1_list)
54 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
55 ctx1.transfer_syntaxes = tsf1_list
57 req = self.generate_bind(call_id=0, pfc_flags=req_pfc_flags, ctx_list=[ctx1])
60 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
61 pfc_flags=rep_pfc_flags, auth_length=0)
62 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
63 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
64 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
65 self.assertEquals(rep.u.secondary_address_size, 4)
66 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
67 self.assertEquals(len(rep.u._pad1), 2)
68 # sometimes windows sends random bytes
69 # self.assertEquals(rep.u._pad1, '\0' * 2)
70 self.assertEquals(rep.u.num_results, 1)
71 self.assertEquals(rep.u.ctx_list[0].result,
72 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
73 self.assertEquals(rep.u.ctx_list[0].reason,
74 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
75 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
76 self.assertEquals(rep.u.auth_info, '\0' * 0)
78 # And now try a request
79 req = self.generate_request(call_id=1,
80 context_id=ctx1.context_id,
85 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
87 self.assertNotEquals(rep.u.alloc_hint, 0)
88 self.assertEquals(rep.u.context_id, req.u.context_id)
89 self.assertEquals(rep.u.cancel_count, 0)
90 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
92 def _test_no_auth_request_alter_pfc_flags(self, req_pfc_flags, rep_pfc_flags):
93 ndr32 = base.transfer_syntax_ndr()
96 ctx1 = dcerpc.ctx_list()
98 ctx1.num_transfer_syntaxes = len(tsf1_list)
99 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
100 ctx1.transfer_syntaxes = tsf1_list
102 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
104 rep = self.recv_pdu()
105 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
107 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
108 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
109 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
110 self.assertEquals(rep.u.secondary_address_size, 4)
111 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
112 self.assertEquals(len(rep.u._pad1), 2)
113 # sometimes windows sends random bytes
114 # self.assertEquals(rep.u._pad1, '\0' * 2)
115 self.assertEquals(rep.u.num_results, 1)
116 self.assertEquals(rep.u.ctx_list[0].result,
117 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
118 self.assertEquals(rep.u.ctx_list[0].reason,
119 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
120 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
121 self.assertEquals(rep.u.auth_info, '\0' * 0)
123 # And now try a alter context
124 req = self.generate_alter(call_id=0, pfc_flags=req_pfc_flags, ctx_list=[ctx1])
126 rep = self.recv_pdu()
127 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
128 pfc_flags=rep_pfc_flags, auth_length=0)
129 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
130 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
131 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
132 self.assertEquals(rep.u.secondary_address_size, 0)
133 self.assertEquals(rep.u.secondary_address, "")
134 self.assertEquals(len(rep.u._pad1), 2)
135 # sometimes windows sends random bytes
136 # self.assertEquals(rep.u._pad1, '\0' * 2)
137 self.assertEquals(rep.u.num_results, 1)
138 self.assertEquals(rep.u.ctx_list[0].result,
139 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
140 self.assertEquals(rep.u.ctx_list[0].reason,
141 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
142 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
143 self.assertEquals(rep.u.auth_info, '\0' * 0)
145 # And now try a request
146 req = self.generate_request(call_id=1,
147 context_id=ctx1.context_id,
151 rep = self.recv_pdu()
152 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
154 self.assertNotEquals(rep.u.alloc_hint, 0)
155 self.assertEquals(rep.u.context_id, req.u.context_id)
156 self.assertEquals(rep.u.cancel_count, 0)
157 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
159 def test_no_auth_request(self):
160 return self._test_no_auth_request_bind_pfc_flags(
162 dcerpc.DCERPC_PFC_FLAG_FIRST |
163 dcerpc.DCERPC_PFC_FLAG_LAST,
165 dcerpc.DCERPC_PFC_FLAG_FIRST |
166 dcerpc.DCERPC_PFC_FLAG_LAST)
168 def test_no_auth_request_bind_pfc_00(self):
169 return self._test_no_auth_request_bind_pfc_flags(
173 dcerpc.DCERPC_PFC_FLAG_FIRST |
174 dcerpc.DCERPC_PFC_FLAG_LAST)
176 def test_no_auth_request_bind_pfc_FIRST(self):
177 return self._test_no_auth_request_bind_pfc_flags(
179 dcerpc.DCERPC_PFC_FLAG_FIRST |
182 dcerpc.DCERPC_PFC_FLAG_FIRST |
183 dcerpc.DCERPC_PFC_FLAG_LAST)
185 def test_no_auth_request_bind_pfc_LAST(self):
186 return self._test_no_auth_request_bind_pfc_flags(
188 dcerpc.DCERPC_PFC_FLAG_LAST |
191 dcerpc.DCERPC_PFC_FLAG_FIRST |
192 dcerpc.DCERPC_PFC_FLAG_LAST)
194 # TODO: doesn't announce DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
195 # without authentication
196 def _test_no_auth_request_bind_pfc_HDR_SIGNING(self):
197 return self._test_no_auth_request_bind_pfc_flags(
199 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN |
202 dcerpc.DCERPC_PFC_FLAG_FIRST |
203 dcerpc.DCERPC_PFC_FLAG_LAST |
204 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)
206 def test_no_auth_request_bind_pfc_08(self):
207 return self._test_no_auth_request_bind_pfc_flags(
212 dcerpc.DCERPC_PFC_FLAG_FIRST |
213 dcerpc.DCERPC_PFC_FLAG_LAST)
215 def test_no_auth_request_bind_pfc_CONC_MPX(self):
216 return self._test_no_auth_request_bind_pfc_flags(
218 dcerpc.DCERPC_PFC_FLAG_CONC_MPX |
221 dcerpc.DCERPC_PFC_FLAG_FIRST |
222 dcerpc.DCERPC_PFC_FLAG_LAST |
223 dcerpc.DCERPC_PFC_FLAG_CONC_MPX)
225 def test_no_auth_request_bind_pfc_DID_NOT_EXECUTE(self):
226 return self._test_no_auth_request_bind_pfc_flags(
228 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE |
231 dcerpc.DCERPC_PFC_FLAG_FIRST |
232 dcerpc.DCERPC_PFC_FLAG_LAST)
234 def test_no_auth_request_bind_pfc_MAYBE(self):
235 return self._test_no_auth_request_bind_pfc_flags(
237 dcerpc.DCERPC_PFC_FLAG_MAYBE |
240 dcerpc.DCERPC_PFC_FLAG_FIRST |
241 dcerpc.DCERPC_PFC_FLAG_LAST)
243 def test_no_auth_request_bind_pfc_OBJECT_UUID(self):
244 return self._test_no_auth_request_bind_pfc_flags(
246 dcerpc.DCERPC_PFC_FLAG_OBJECT_UUID |
249 dcerpc.DCERPC_PFC_FLAG_FIRST |
250 dcerpc.DCERPC_PFC_FLAG_LAST)
252 # TODO: doesn't announce DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
253 # without authentication
254 # TODO: doesn't announce DCERPC_PFC_FLAG_CONC_MPX
256 def _test_no_auth_request_bind_pfc_ff(self):
257 return self._test_no_auth_request_bind_pfc_flags(
262 dcerpc.DCERPC_PFC_FLAG_FIRST |
263 dcerpc.DCERPC_PFC_FLAG_LAST |
264 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN |
265 dcerpc.DCERPC_PFC_FLAG_CONC_MPX)
267 def test_no_auth_request_alter_pfc_00(self):
268 return self._test_no_auth_request_alter_pfc_flags(
272 dcerpc.DCERPC_PFC_FLAG_FIRST |
273 dcerpc.DCERPC_PFC_FLAG_LAST)
275 def test_no_auth_request_alter_pfc_FIRST(self):
276 return self._test_no_auth_request_alter_pfc_flags(
278 dcerpc.DCERPC_PFC_FLAG_FIRST |
281 dcerpc.DCERPC_PFC_FLAG_FIRST |
282 dcerpc.DCERPC_PFC_FLAG_LAST)
284 def test_no_auth_request_alter_pfc_LAST(self):
285 return self._test_no_auth_request_alter_pfc_flags(
287 dcerpc.DCERPC_PFC_FLAG_LAST |
290 dcerpc.DCERPC_PFC_FLAG_FIRST |
291 dcerpc.DCERPC_PFC_FLAG_LAST)
293 # TODO: doesn't announce DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
294 # without authentication
295 def _test_no_auth_request_alter_pfc_HDR_SIGNING(self):
296 return self._test_no_auth_request_alter_pfc_flags(
298 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN |
301 dcerpc.DCERPC_PFC_FLAG_FIRST |
302 dcerpc.DCERPC_PFC_FLAG_LAST |
303 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)
305 def test_no_auth_request_alter_pfc_08(self):
306 return self._test_no_auth_request_alter_pfc_flags(
311 dcerpc.DCERPC_PFC_FLAG_FIRST |
312 dcerpc.DCERPC_PFC_FLAG_LAST)
314 def test_no_auth_request_alter_pfc_CONC_MPX(self):
315 return self._test_no_auth_request_alter_pfc_flags(
317 dcerpc.DCERPC_PFC_FLAG_CONC_MPX |
320 dcerpc.DCERPC_PFC_FLAG_FIRST |
321 dcerpc.DCERPC_PFC_FLAG_LAST)
323 def test_no_auth_request_alter_pfc_DID_NOT_EXECUTE(self):
324 return self._test_no_auth_request_alter_pfc_flags(
326 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE |
329 dcerpc.DCERPC_PFC_FLAG_FIRST |
330 dcerpc.DCERPC_PFC_FLAG_LAST)
332 def test_no_auth_request_alter_pfc_MAYBE(self):
333 return self._test_no_auth_request_alter_pfc_flags(
335 dcerpc.DCERPC_PFC_FLAG_MAYBE |
338 dcerpc.DCERPC_PFC_FLAG_FIRST |
339 dcerpc.DCERPC_PFC_FLAG_LAST)
341 def test_no_auth_request_alter_pfc_OBJECT_UUID(self):
342 return self._test_no_auth_request_alter_pfc_flags(
344 dcerpc.DCERPC_PFC_FLAG_OBJECT_UUID |
347 dcerpc.DCERPC_PFC_FLAG_FIRST |
348 dcerpc.DCERPC_PFC_FLAG_LAST)
350 # TODO: doesn't announce DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
351 # without authentication
352 def _test_no_auth_request_alter_pfc_ff(self):
353 return self._test_no_auth_request_alter_pfc_flags(
358 dcerpc.DCERPC_PFC_FLAG_FIRST |
359 dcerpc.DCERPC_PFC_FLAG_LAST |
360 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)
362 def test_no_auth_no_ctx(self):
363 # send an useless bind
364 req = self.generate_bind(call_id=0)
366 rep = self.recv_pdu()
367 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
369 self.assertEquals(rep.u.reject_reason,
370 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
371 self.assertEquals(rep.u.num_versions, 1)
372 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
373 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
374 self.assertEquals(len(rep.u._pad), 3)
375 self.assertEquals(rep.u._pad, '\0' * 3)
377 def test_invalid_auth_noctx(self):
378 req = self.generate_bind(call_id=0)
379 req.auth_length = dcerpc.DCERPC_AUTH_TRAILER_LENGTH
381 rep = self.recv_pdu()
382 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
384 self.assertEquals(rep.u.reject_reason,
385 dcerpc.DCERPC_BIND_NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED)
386 self.assertEquals(rep.u.num_versions, 1)
387 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
388 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
389 self.assertEquals(len(rep.u._pad), 3)
390 self.assertEquals(rep.u._pad, '\0' * 3)
392 def test_no_auth_valid_valid_request(self):
393 ndr32 = base.transfer_syntax_ndr()
396 ctx1 = dcerpc.ctx_list()
398 ctx1.num_transfer_syntaxes = len(tsf1_list)
399 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
400 ctx1.transfer_syntaxes = tsf1_list
402 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
404 rep = self.recv_pdu()
405 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
407 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
408 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
409 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
410 self.assertEquals(rep.u.secondary_address_size, 4)
411 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
412 self.assertEquals(len(rep.u._pad1), 2)
413 self.assertEquals(rep.u._pad1, '\0' * 2)
414 self.assertEquals(rep.u.num_results, 1)
415 self.assertEquals(rep.u.ctx_list[0].result,
416 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
417 self.assertEquals(rep.u.ctx_list[0].reason,
418 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
419 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
420 self.assertEquals(rep.u.auth_info, '\0' * 0)
424 ctx2 = dcerpc.ctx_list()
426 ctx2.num_transfer_syntaxes = len(tsf2_list)
427 ctx2.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
428 ctx2.transfer_syntaxes = tsf2_list
430 req = self.generate_bind(call_id=1, ctx_list=[ctx2])
432 rep = self.recv_pdu()
433 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
435 self.assertEquals(rep.u.reject_reason,
436 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
437 self.assertEquals(rep.u.num_versions, 1)
438 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
439 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
440 self.assertEquals(len(rep.u._pad), 3)
441 self.assertEquals(rep.u._pad, '\0' * 3)
443 # wait for a disconnect
444 rep = self.recv_pdu()
445 self.assertIsNone(rep)
446 self.assertNotConnected()
448 def test_no_auth_invalid_valid_request(self):
449 # send an useless bind
450 req = self.generate_bind(call_id=0)
452 rep = self.recv_pdu()
453 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
455 self.assertEquals(rep.u.reject_reason,
456 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
457 self.assertEquals(rep.u.num_versions, 1)
458 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
459 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
460 self.assertEquals(len(rep.u._pad), 3)
461 self.assertEquals(rep.u._pad, '\0' * 3)
463 # wait for a disconnect
464 rep = self.recv_pdu()
465 self.assertIsNone(rep)
466 self.assertNotConnected()
468 def test_alter_no_auth_no_ctx(self):
469 ndr32 = base.transfer_syntax_ndr()
472 ctx1 = dcerpc.ctx_list()
474 ctx1.num_transfer_syntaxes = len(tsf1_list)
475 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
476 ctx1.transfer_syntaxes = tsf1_list
478 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
480 rep = self.recv_pdu()
481 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
483 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
484 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
485 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
486 self.assertEquals(rep.u.secondary_address_size, 4)
487 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
488 self.assertEquals(len(rep.u._pad1), 2)
489 self.assertEquals(rep.u._pad1, '\0' * 2)
490 self.assertEquals(rep.u.num_results, 1)
491 self.assertEquals(rep.u.ctx_list[0].result,
492 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
493 self.assertEquals(rep.u.ctx_list[0].reason,
494 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
495 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
496 self.assertEquals(rep.u.auth_info, '\0' * 0)
499 req = self.generate_alter(call_id=1, ctx_list=[])
501 rep = self.recv_pdu()
502 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
503 pfc_flags=req.pfc_flags |
504 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
506 self.assertNotEquals(rep.u.alloc_hint, 0)
507 self.assertEquals(rep.u.context_id, 0)
508 self.assertEquals(rep.u.cancel_count, 0)
509 self.assertEquals(rep.u.flags, 0)
510 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
511 self.assertEquals(rep.u.reserved, 0)
512 self.assertEquals(len(rep.u.error_and_verifier), 0)
514 # wait for a disconnect
515 rep = self.recv_pdu()
516 self.assertIsNone(rep)
517 self.assertNotConnected()
519 def test_no_auth_presentation_ctx_valid1(self):
520 ndr32 = base.transfer_syntax_ndr()
522 zero_syntax = misc.ndr_syntax_id()
524 tsf1_list = [zero_syntax, ndr32]
525 ctx1 = dcerpc.ctx_list()
527 ctx1.num_transfer_syntaxes = len(tsf1_list)
528 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
529 ctx1.transfer_syntaxes = tsf1_list
531 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
533 rep = self.recv_pdu()
534 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
536 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
537 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
538 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
539 self.assertEquals(rep.u.secondary_address_size, 4)
540 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
541 self.assertEquals(len(rep.u._pad1), 2)
542 self.assertEquals(rep.u._pad1, '\0' * 2)
543 self.assertEquals(rep.u.num_results, 1)
544 self.assertEquals(rep.u.ctx_list[0].result,
545 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
546 self.assertEquals(rep.u.ctx_list[0].reason,
547 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
548 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
549 self.assertEquals(rep.u.auth_info, '\0' * 0)
552 req = self.generate_alter(call_id=1, ctx_list=[ctx1])
554 rep = self.recv_pdu()
555 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
557 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
558 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
559 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
560 self.assertEquals(rep.u.secondary_address_size, 0)
561 self.assertEquals(len(rep.u._pad1), 2)
562 #self.assertEquals(rep.u._pad1, '\0' * 2)
563 self.assertEquals(rep.u.num_results, 1)
564 self.assertEquals(rep.u.ctx_list[0].result,
565 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
566 self.assertEquals(rep.u.ctx_list[0].reason,
567 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
568 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
569 self.assertEquals(rep.u.auth_info, '\0' * 0)
571 req = self.generate_request(call_id=2,
572 context_id=ctx1.context_id,
576 rep = self.recv_pdu()
577 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
578 pfc_flags=req.pfc_flags |
579 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
581 self.assertNotEquals(rep.u.alloc_hint, 0)
582 self.assertEquals(rep.u.context_id, ctx1.context_id)
583 self.assertEquals(rep.u.cancel_count, 0)
584 self.assertEquals(rep.u.flags, 0)
585 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_OP_RNG_ERROR)
586 self.assertEquals(rep.u.reserved, 0)
587 self.assertEquals(len(rep.u.error_and_verifier), 0)
589 def test_no_auth_presentation_ctx_invalid1(self):
590 ndr32 = base.transfer_syntax_ndr()
592 zero_syntax = misc.ndr_syntax_id()
595 ctx1 = dcerpc.ctx_list()
597 ctx1.num_transfer_syntaxes = len(tsf1_list)
598 ctx1.abstract_syntax = ndr32
599 ctx1.transfer_syntaxes = tsf1_list
601 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
603 rep = self.recv_pdu()
604 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
606 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
607 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
608 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
609 self.assertEquals(rep.u.secondary_address_size, 4)
610 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
611 self.assertEquals(len(rep.u._pad1), 2)
612 self.assertEquals(rep.u._pad1, '\0' * 2)
613 self.assertEquals(rep.u.num_results, 1)
614 self.assertEquals(rep.u.ctx_list[0].result,
615 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
616 self.assertEquals(rep.u.ctx_list[0].reason,
617 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
618 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
619 self.assertEquals(rep.u.auth_info, '\0' * 0)
622 req = self.generate_alter(call_id=1, ctx_list=[ctx1])
624 rep = self.recv_pdu()
625 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
627 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
628 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
629 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
630 self.assertEquals(rep.u.secondary_address_size, 0)
631 self.assertEquals(len(rep.u._pad1), 2)
632 #self.assertEquals(rep.u._pad1, '\0' * 2)
633 self.assertEquals(rep.u.num_results, 1)
634 self.assertEquals(rep.u.ctx_list[0].result,
635 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
636 self.assertEquals(rep.u.ctx_list[0].reason,
637 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
638 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
639 self.assertEquals(rep.u.auth_info, '\0' * 0)
641 req = self.generate_request(call_id=2,
646 rep = self.recv_pdu()
647 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
648 pfc_flags=req.pfc_flags |
649 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
651 self.assertNotEquals(rep.u.alloc_hint, 0)
652 self.assertEquals(rep.u.context_id, 0)
653 self.assertEquals(rep.u.cancel_count, 0)
654 self.assertEquals(rep.u.flags, 0)
655 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_UNKNOWN_IF)
656 self.assertEquals(rep.u.reserved, 0)
657 self.assertEquals(len(rep.u.error_and_verifier), 0)
659 # Send a alter again to prove the connection is still alive
660 req = self.generate_alter(call_id=3, ctx_list=[ctx1])
662 rep = self.recv_pdu()
663 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
665 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
666 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
667 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
668 self.assertEquals(rep.u.secondary_address_size, 0)
669 self.assertEquals(len(rep.u._pad1), 2)
670 #self.assertEquals(rep.u._pad1, '\0' * 2)
671 self.assertEquals(rep.u.num_results, 1)
672 self.assertEquals(rep.u.ctx_list[0].result,
673 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
674 self.assertEquals(rep.u.ctx_list[0].reason,
675 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
676 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
677 self.assertEquals(rep.u.auth_info, '\0' * 0)
679 def test_no_auth_presentation_ctx_invalid2(self):
680 ndr32 = base.transfer_syntax_ndr()
682 zero_syntax = misc.ndr_syntax_id()
685 ctx1a = dcerpc.ctx_list()
687 ctx1a.num_transfer_syntaxes = len(tsf1a_list)
688 ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
689 ctx1a.transfer_syntaxes = tsf1a_list
691 req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
693 rep = self.recv_pdu()
694 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
696 self.assertEquals(rep.u.reject_reason,
697 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
698 self.assertEquals(rep.u.num_versions, 1)
699 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
700 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
701 self.assertEquals(len(rep.u._pad), 3)
702 self.assertEquals(rep.u._pad, '\0' * 3)
704 # wait for a disconnect
705 rep = self.recv_pdu()
706 self.assertIsNone(rep)
707 self.assertNotConnected()
709 def test_no_auth_presentation_ctx_invalid3(self):
710 ndr32 = base.transfer_syntax_ndr()
712 zero_syntax = misc.ndr_syntax_id()
714 tsf1a_list = [zero_syntax, ndr32, ndr32, ndr32]
715 ctx1a = dcerpc.ctx_list()
717 ctx1a.num_transfer_syntaxes = len(tsf1a_list)
718 ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
719 ctx1a.transfer_syntaxes = tsf1a_list
721 req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
723 rep = self.recv_pdu()
724 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
726 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
727 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
728 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
729 self.assertEquals(rep.u.secondary_address_size, 4)
730 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
731 self.assertEquals(len(rep.u._pad1), 2)
732 self.assertEquals(rep.u._pad1, '\0' * 2)
733 self.assertEquals(rep.u.num_results, 1)
734 self.assertEquals(rep.u.ctx_list[0].result,
735 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
736 self.assertEquals(rep.u.ctx_list[0].reason,
737 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
738 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
739 self.assertEquals(rep.u.auth_info, '\0' * 0)
742 ctx1b = dcerpc.ctx_list()
744 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
745 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
746 ctx1b.transfer_syntaxes = tsf1b_list
749 req = self.generate_alter(call_id=1, ctx_list=[ctx1b])
751 rep = self.recv_pdu()
752 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
753 pfc_flags=req.pfc_flags |
754 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
756 self.assertNotEquals(rep.u.alloc_hint, 0)
757 self.assertEquals(rep.u.context_id, 0)
758 self.assertEquals(rep.u.cancel_count, 0)
759 self.assertEquals(rep.u.flags, 0)
760 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
761 self.assertEquals(rep.u.reserved, 0)
762 self.assertEquals(len(rep.u.error_and_verifier), 0)
764 # wait for a disconnect
765 rep = self.recv_pdu()
766 self.assertIsNone(rep)
767 self.assertNotConnected()
769 def test_no_auth_presentation_ctx_invalid4(self):
770 ndr32 = base.transfer_syntax_ndr()
771 ndr64 = base.transfer_syntax_ndr64()
773 zero_syntax = misc.ndr_syntax_id()
775 tsf1a_list = [zero_syntax, ndr32, ndr32, ndr32]
776 ctx1a = dcerpc.ctx_list()
778 ctx1a.num_transfer_syntaxes = len(tsf1a_list)
779 ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
780 ctx1a.transfer_syntaxes = tsf1a_list
782 req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
784 rep = self.recv_pdu()
785 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
787 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
788 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
789 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
790 self.assertEquals(rep.u.secondary_address_size, 4)
791 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
792 self.assertEquals(len(rep.u._pad1), 2)
793 self.assertEquals(rep.u._pad1, '\0' * 2)
794 self.assertEquals(rep.u.num_results, 1)
795 self.assertEquals(rep.u.ctx_list[0].result,
796 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
797 self.assertEquals(rep.u.ctx_list[0].reason,
798 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
799 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
800 self.assertEquals(rep.u.auth_info, '\0' * 0)
802 # With a known but wrong syntax we get a protocol error
803 # see test_no_auth_presentation_ctx_valid2
804 tsf1b_list = [zero_syntax, samba.dcerpc.epmapper.abstract_syntax(), ndr64]
805 ctx1b = dcerpc.ctx_list()
807 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
808 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
809 ctx1b.transfer_syntaxes = tsf1b_list
812 req = self.generate_alter(call_id=1, ctx_list=[ctx1b])
814 rep = self.recv_pdu()
815 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
816 pfc_flags=req.pfc_flags |
817 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
819 self.assertNotEquals(rep.u.alloc_hint, 0)
820 self.assertEquals(rep.u.context_id, 0)
821 self.assertEquals(rep.u.cancel_count, 0)
822 self.assertEquals(rep.u.flags, 0)
823 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
824 self.assertEquals(rep.u.reserved, 0)
825 self.assertEquals(len(rep.u.error_and_verifier), 0)
827 # wait for a disconnect
828 rep = self.recv_pdu()
829 self.assertIsNone(rep)
830 self.assertNotConnected()
832 def test_no_auth_presentation_ctx_valid2(self):
833 ndr32 = base.transfer_syntax_ndr()
835 zero_syntax = misc.ndr_syntax_id()
837 tsf1a_list = [zero_syntax, ndr32, ndr32, ndr32]
838 ctx1a = dcerpc.ctx_list()
840 ctx1a.num_transfer_syntaxes = len(tsf1a_list)
841 ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
842 ctx1a.transfer_syntaxes = tsf1a_list
844 req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
846 rep = self.recv_pdu()
847 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
849 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
850 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
851 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
852 self.assertEquals(rep.u.secondary_address_size, 4)
853 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
854 self.assertEquals(len(rep.u._pad1), 2)
855 self.assertEquals(rep.u._pad1, '\0' * 2)
856 self.assertEquals(rep.u.num_results, 1)
857 self.assertEquals(rep.u.ctx_list[0].result,
858 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
859 self.assertEquals(rep.u.ctx_list[0].reason,
860 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
861 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
862 self.assertEquals(rep.u.auth_info, '\0' * 0)
864 # With a unknown but wrong syntaxes we get NO protocol error
865 # see test_no_auth_presentation_ctx_invalid4
866 tsf1b_list = [zero_syntax, samba.dcerpc.epmapper.abstract_syntax()]
867 ctx1b = dcerpc.ctx_list()
869 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
870 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
871 ctx1b.transfer_syntaxes = tsf1b_list
874 req = self.generate_alter(call_id=1, ctx_list=[ctx1b])
876 rep = self.recv_pdu()
877 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
879 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
880 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
881 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
882 self.assertEquals(rep.u.secondary_address_size, 0)
883 self.assertEquals(len(rep.u._pad1), 2)
884 #self.assertEquals(rep.u._pad1, '\0' * 2)
885 self.assertEquals(rep.u.num_results, 1)
886 self.assertEquals(rep.u.ctx_list[0].result,
887 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
888 self.assertEquals(rep.u.ctx_list[0].reason,
889 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
890 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
891 self.assertEquals(rep.u.auth_info, '\0' * 0)
893 req = self.generate_request(call_id=2,
894 context_id=ctx1a.context_id,
898 rep = self.recv_pdu()
899 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
900 pfc_flags=req.pfc_flags |
901 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
903 self.assertNotEquals(rep.u.alloc_hint, 0)
904 self.assertEquals(rep.u.context_id, ctx1a.context_id)
905 self.assertEquals(rep.u.cancel_count, 0)
906 self.assertEquals(rep.u.flags, 0)
907 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_OP_RNG_ERROR)
908 self.assertEquals(rep.u.reserved, 0)
909 self.assertEquals(len(rep.u.error_and_verifier), 0)
911 def test_no_auth_presentation_ctx_no_ndr64(self):
912 ndr32 = base.transfer_syntax_ndr()
913 zero_syntax = misc.ndr_syntax_id()
915 tsfZ_list = [zero_syntax]
916 ctxZ = dcerpc.ctx_list()
917 ctxZ.context_id = 54321
918 ctxZ.num_transfer_syntaxes = len(tsfZ_list)
919 ctxZ.abstract_syntax = zero_syntax
920 ctxZ.transfer_syntaxes = tsfZ_list
922 req = self.generate_bind(call_id=0, ctx_list=[ctxZ])
924 rep = self.recv_pdu()
925 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
927 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
928 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
929 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
930 self.assertEquals(rep.u.secondary_address_size, 4)
931 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
932 self.assertEquals(len(rep.u._pad1), 2)
933 self.assertEquals(rep.u._pad1, '\0' * 2)
934 self.assertEquals(rep.u.num_results, 1)
935 self.assertEquals(rep.u.ctx_list[0].result,
936 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
937 self.assertEquals(rep.u.ctx_list[0].reason,
938 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
939 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
940 self.assertEquals(rep.u.auth_info, '\0' * 0)
943 ctx0 = dcerpc.ctx_list()
945 ctx0.num_transfer_syntaxes = len(tsf0_list)
946 ctx0.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
947 ctx0.transfer_syntaxes = tsf0_list
949 req = self.generate_alter(call_id=0, ctx_list=[ctx0])
951 rep = self.recv_pdu()
952 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
954 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
955 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
956 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
957 self.assertEquals(rep.u.secondary_address_size, 0)
958 self.assertEquals(len(rep.u._pad1), 2)
959 #self.assertEquals(rep.u._pad1, '\0' * 2)
960 self.assertEquals(rep.u.num_results, 1)
961 self.assertEquals(rep.u.ctx_list[0].result,
962 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
963 self.assertEquals(rep.u.ctx_list[0].reason,
964 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
965 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
966 self.assertEquals(rep.u.auth_info, '\0' * 0)
968 req = self.generate_request(call_id=1,
969 context_id=ctx0.context_id,
973 rep = self.recv_pdu()
974 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
976 self.assertNotEquals(rep.u.alloc_hint, 0)
977 self.assertEquals(rep.u.context_id, req.u.context_id)
978 self.assertEquals(rep.u.cancel_count, 0)
979 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
981 tsf1_list = [zero_syntax, ndr32]
982 ctx1 = dcerpc.ctx_list()
984 ctx1.num_transfer_syntaxes = len(tsf1_list)
985 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
986 ctx1.transfer_syntaxes = tsf1_list
988 req = self.generate_alter(call_id=1, ctx_list=[ctx1])
990 rep = self.recv_pdu()
991 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
993 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
994 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
995 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
996 self.assertEquals(rep.u.secondary_address_size, 0)
997 self.assertEquals(len(rep.u._pad1), 2)
998 #self.assertEquals(rep.u._pad1, '\0' * 2)
999 self.assertEquals(rep.u.num_results, 1)
1000 self.assertEquals(rep.u.ctx_list[0].result,
1001 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1002 self.assertEquals(rep.u.ctx_list[0].reason,
1003 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1004 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1005 self.assertEquals(rep.u.auth_info, '\0' * 0)
1007 req = self.generate_request(call_id=1,
1008 context_id=ctx1.context_id,
1012 rep = self.recv_pdu()
1013 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1015 self.assertNotEquals(rep.u.alloc_hint, 0)
1016 self.assertEquals(rep.u.context_id, req.u.context_id)
1017 self.assertEquals(rep.u.cancel_count, 0)
1018 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1020 tsf2_list = [ndr32, ndr32]
1021 ctx2 = dcerpc.ctx_list()
1023 ctx2.num_transfer_syntaxes = len(tsf2_list)
1024 ctx2.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1025 ctx2.transfer_syntaxes = tsf2_list
1027 req = self.generate_alter(call_id=2, ctx_list=[ctx2])
1029 rep = self.recv_pdu()
1030 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1032 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1033 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1034 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1035 self.assertEquals(rep.u.secondary_address_size, 0)
1036 self.assertEquals(len(rep.u._pad1), 2)
1037 #self.assertEquals(rep.u._pad1, '\0' * 2)
1038 self.assertEquals(rep.u.num_results, 1)
1039 self.assertEquals(rep.u.ctx_list[0].result,
1040 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1041 self.assertEquals(rep.u.ctx_list[0].reason,
1042 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1043 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1044 self.assertEquals(rep.u.auth_info, '\0' * 0)
1046 req = self.generate_request(call_id=1,
1047 context_id=ctx2.context_id,
1051 rep = self.recv_pdu()
1052 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1054 self.assertNotEquals(rep.u.alloc_hint, 0)
1055 self.assertEquals(rep.u.context_id, req.u.context_id)
1056 self.assertEquals(rep.u.cancel_count, 0)
1057 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1060 ctx3 = dcerpc.ctx_list()
1062 ctx3.num_transfer_syntaxes = len(tsf3_list)
1063 ctx3.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1064 ctx3.transfer_syntaxes = tsf3_list
1067 ctx4 = dcerpc.ctx_list()
1069 ctx4.num_transfer_syntaxes = len(tsf4_list)
1070 ctx4.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1071 ctx4.transfer_syntaxes = tsf4_list
1073 req = self.generate_alter(call_id=34, ctx_list=[ctx3, ctx4])
1075 rep = self.recv_pdu()
1076 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1078 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1079 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1080 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1081 self.assertEquals(rep.u.secondary_address_size, 0)
1082 self.assertEquals(len(rep.u._pad1), 2)
1083 #self.assertEquals(rep.u._pad1, '\0' * 2)
1084 self.assertEquals(rep.u.num_results, 2)
1085 self.assertEquals(rep.u.ctx_list[0].result,
1086 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1087 self.assertEquals(rep.u.ctx_list[0].reason,
1088 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1089 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1090 self.assertEquals(rep.u.ctx_list[1].result,
1091 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1092 self.assertEquals(rep.u.ctx_list[1].reason,
1093 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1094 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1095 self.assertEquals(rep.u.auth_info, '\0' * 0)
1097 req = self.generate_request(call_id=1,
1098 context_id=ctx3.context_id,
1102 rep = self.recv_pdu()
1103 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1105 self.assertNotEquals(rep.u.alloc_hint, 0)
1106 self.assertEquals(rep.u.context_id, req.u.context_id)
1107 self.assertEquals(rep.u.cancel_count, 0)
1108 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1110 req = self.generate_alter(call_id=43, ctx_list=[ctx4, ctx3])
1112 rep = self.recv_pdu()
1113 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1115 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1116 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1117 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1118 self.assertEquals(rep.u.secondary_address_size, 0)
1119 self.assertEquals(len(rep.u._pad1), 2)
1120 #self.assertEquals(rep.u._pad1, '\0' * 2)
1121 self.assertEquals(rep.u.num_results, 2)
1122 self.assertEquals(rep.u.ctx_list[0].result,
1123 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1124 self.assertEquals(rep.u.ctx_list[0].reason,
1125 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1126 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1127 self.assertEquals(rep.u.ctx_list[1].result,
1128 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1129 self.assertEquals(rep.u.ctx_list[1].reason,
1130 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1131 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1132 self.assertEquals(rep.u.auth_info, '\0' * 0)
1134 req = self.generate_request(call_id=1,
1135 context_id=ctx4.context_id,
1139 rep = self.recv_pdu()
1140 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1142 self.assertNotEquals(rep.u.alloc_hint, 0)
1143 self.assertEquals(rep.u.context_id, req.u.context_id)
1144 self.assertEquals(rep.u.cancel_count, 0)
1145 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1147 req = self.generate_request(call_id=1,
1148 context_id=ctx3.context_id,
1152 rep = self.recv_pdu()
1153 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1155 self.assertNotEquals(rep.u.alloc_hint, 0)
1156 self.assertEquals(rep.u.context_id, req.u.context_id)
1157 self.assertEquals(rep.u.cancel_count, 0)
1158 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1160 req = self.generate_alter(call_id=44, ctx_list=[ctx4, ctx4])
1162 rep = self.recv_pdu()
1163 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1165 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1166 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1167 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1168 self.assertEquals(rep.u.secondary_address_size, 0)
1169 self.assertEquals(len(rep.u._pad1), 2)
1170 #self.assertEquals(rep.u._pad1, '\0' * 2)
1171 self.assertEquals(rep.u.num_results, 2)
1172 self.assertEquals(rep.u.ctx_list[0].result,
1173 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1174 self.assertEquals(rep.u.ctx_list[0].reason,
1175 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1176 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1177 self.assertEquals(rep.u.ctx_list[1].result,
1178 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1179 self.assertEquals(rep.u.ctx_list[1].reason,
1180 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1181 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1182 self.assertEquals(rep.u.auth_info, '\0' * 0)
1184 req = self.generate_request(call_id=1,
1185 context_id=ctx4.context_id,
1189 rep = self.recv_pdu()
1190 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1192 self.assertNotEquals(rep.u.alloc_hint, 0)
1193 self.assertEquals(rep.u.context_id, req.u.context_id)
1194 self.assertEquals(rep.u.cancel_count, 0)
1195 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1197 req = self.generate_request(call_id=1,
1198 context_id=ctx3.context_id,
1202 rep = self.recv_pdu()
1203 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1205 self.assertNotEquals(rep.u.alloc_hint, 0)
1206 self.assertEquals(rep.u.context_id, req.u.context_id)
1207 self.assertEquals(rep.u.cancel_count, 0)
1208 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1210 tsf5mgmt_list = [ndr32]
1211 ctx5mgmt = dcerpc.ctx_list()
1212 ctx5mgmt.context_id = 5
1213 ctx5mgmt.num_transfer_syntaxes = len(tsf5mgmt_list)
1214 ctx5mgmt.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1215 ctx5mgmt.transfer_syntaxes = tsf5mgmt_list
1217 tsf5epm_list = [ndr32]
1218 ctx5epm = dcerpc.ctx_list()
1219 ctx5epm.context_id = 5
1220 ctx5epm.num_transfer_syntaxes = len(tsf5epm_list)
1221 ctx5epm.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1222 ctx5epm.transfer_syntaxes = tsf5epm_list
1224 req = self.generate_alter(call_id=55, ctx_list=[ctx5mgmt, ctx5epm])
1226 rep = self.recv_pdu()
1227 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1229 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1230 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1231 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1232 self.assertEquals(rep.u.secondary_address_size, 0)
1233 self.assertEquals(len(rep.u._pad1), 2)
1234 #self.assertEquals(rep.u._pad1, '\0' * 2)
1235 self.assertEquals(rep.u.num_results, 2)
1236 self.assertEquals(rep.u.ctx_list[0].result,
1237 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1238 self.assertEquals(rep.u.ctx_list[0].reason,
1239 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1240 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1241 self.assertEquals(rep.u.ctx_list[1].result,
1242 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1243 self.assertEquals(rep.u.ctx_list[1].reason,
1244 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1245 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1246 self.assertEquals(rep.u.auth_info, '\0' * 0)
1248 req = self.generate_request(call_id=1,
1249 context_id=ctx5mgmt.context_id,
1253 rep = self.recv_pdu()
1254 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1256 self.assertNotEquals(rep.u.alloc_hint, 0)
1257 self.assertEquals(rep.u.context_id, req.u.context_id)
1258 self.assertEquals(rep.u.cancel_count, 0)
1259 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1261 req = self.generate_alter(call_id=55, ctx_list=[ctx5mgmt, ctx5epm])
1263 rep = self.recv_pdu()
1264 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1266 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1267 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1268 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1269 self.assertEquals(rep.u.secondary_address_size, 0)
1270 self.assertEquals(len(rep.u._pad1), 2)
1271 #self.assertEquals(rep.u._pad1, '\0' * 2)
1272 self.assertEquals(rep.u.num_results, 2)
1273 self.assertEquals(rep.u.ctx_list[0].result,
1274 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1275 self.assertEquals(rep.u.ctx_list[0].reason,
1276 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1277 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1278 self.assertEquals(rep.u.ctx_list[1].result,
1279 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1280 self.assertEquals(rep.u.ctx_list[1].reason,
1281 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1282 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1283 self.assertEquals(rep.u.auth_info, '\0' * 0)
1285 req = self.generate_request(call_id=1,
1286 context_id=ctx5mgmt.context_id,
1290 rep = self.recv_pdu()
1291 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1293 self.assertNotEquals(rep.u.alloc_hint, 0)
1294 self.assertEquals(rep.u.context_id, req.u.context_id)
1295 self.assertEquals(rep.u.cancel_count, 0)
1296 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1298 def test_no_auth_bind_time_none_simple(self):
1300 btf = base.bind_time_features_syntax(features)
1302 zero_syntax = misc.ndr_syntax_id()
1305 ctx1 = dcerpc.ctx_list()
1307 ctx1.num_transfer_syntaxes = len(tsf1_list)
1308 ctx1.abstract_syntax = zero_syntax
1309 ctx1.transfer_syntaxes = tsf1_list
1311 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1313 rep = self.recv_pdu()
1314 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1316 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1317 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1318 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1319 self.assertEquals(rep.u.secondary_address_size, 4)
1320 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1321 self.assertEquals(len(rep.u._pad1), 2)
1322 self.assertEquals(rep.u._pad1, '\0' * 2)
1323 self.assertEquals(rep.u.num_results, 1)
1324 self.assertEquals(rep.u.ctx_list[0].result,
1325 dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1326 self.assertEquals(rep.u.ctx_list[0].reason, features)
1327 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1328 self.assertEquals(rep.u.auth_info, '\0' * 0)
1330 def test_no_auth_bind_time_none_ignore_additional(self):
1332 btf1 = base.bind_time_features_syntax(features1)
1334 features2 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1335 features2 |= dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1336 btf2 = base.bind_time_features_syntax(features2)
1338 zero_syntax = misc.ndr_syntax_id()
1339 ndr64 = base.transfer_syntax_ndr64()
1341 tsf1_list = [btf1, btf2, zero_syntax]
1342 ctx1 = dcerpc.ctx_list()
1344 ctx1.num_transfer_syntaxes = len(tsf1_list)
1345 ctx1.abstract_syntax = ndr64
1346 ctx1.transfer_syntaxes = tsf1_list
1348 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1350 rep = self.recv_pdu()
1351 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1353 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1354 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1355 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1356 self.assertEquals(rep.u.secondary_address_size, 4)
1357 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1358 self.assertEquals(len(rep.u._pad1), 2)
1359 self.assertEquals(rep.u._pad1, '\0' * 2)
1360 self.assertEquals(rep.u.num_results, 1)
1361 self.assertEquals(rep.u.ctx_list[0].result,
1362 dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1363 self.assertEquals(rep.u.ctx_list[0].reason, features1)
1364 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1365 self.assertEquals(rep.u.auth_info, '\0' * 0)
1367 def test_no_auth_bind_time_only_first(self):
1368 features1 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1369 btf1 = base.bind_time_features_syntax(features1)
1371 features2 = dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1372 btf2 = base.bind_time_features_syntax(features2)
1374 zero_syntax = misc.ndr_syntax_id()
1376 tsf1_list = [zero_syntax, btf1, btf2, zero_syntax]
1377 ctx1 = dcerpc.ctx_list()
1379 ctx1.num_transfer_syntaxes = len(tsf1_list)
1380 ctx1.abstract_syntax = zero_syntax
1381 ctx1.transfer_syntaxes = tsf1_list
1383 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1385 rep = self.recv_pdu()
1386 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1388 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1389 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1390 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1391 self.assertEquals(rep.u.secondary_address_size, 4)
1392 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1393 self.assertEquals(len(rep.u._pad1), 2)
1394 self.assertEquals(rep.u._pad1, '\0' * 2)
1395 self.assertEquals(rep.u.num_results, 1)
1396 self.assertEquals(rep.u.ctx_list[0].result,
1397 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1398 self.assertEquals(rep.u.ctx_list[0].reason,
1399 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
1400 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1401 self.assertEquals(rep.u.auth_info, '\0' * 0)
1403 def test_no_auth_bind_time_twice(self):
1404 features1 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1405 btf1 = base.bind_time_features_syntax(features1)
1407 features2 = dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1408 btf2 = base.bind_time_features_syntax(features2)
1410 zero_syntax = misc.ndr_syntax_id()
1413 ctx1 = dcerpc.ctx_list()
1415 ctx1.num_transfer_syntaxes = len(tsf1_list)
1416 ctx1.abstract_syntax = zero_syntax
1417 ctx1.transfer_syntaxes = tsf1_list
1420 ctx2 = dcerpc.ctx_list()
1422 ctx2.num_transfer_syntaxes = len(tsf2_list)
1423 ctx2.abstract_syntax = zero_syntax
1424 ctx2.transfer_syntaxes = tsf2_list
1426 req = self.generate_bind(call_id=0, ctx_list=[ctx1, ctx2])
1428 rep = self.recv_pdu()
1429 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
1431 self.assertEquals(rep.u.reject_reason,
1432 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1433 self.assertEquals(rep.u.num_versions, 1)
1434 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
1435 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
1436 self.assertEquals(len(rep.u._pad), 3)
1437 self.assertEquals(rep.u._pad, '\0' * 3)
1439 # wait for a disconnect
1440 rep = self.recv_pdu()
1441 self.assertIsNone(rep)
1442 self.assertNotConnected()
1444 def test_no_auth_bind_time_keep_on_orphan_simple(self):
1445 features = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1446 btf = base.bind_time_features_syntax(features)
1448 zero_syntax = misc.ndr_syntax_id()
1451 ctx1 = dcerpc.ctx_list()
1453 ctx1.num_transfer_syntaxes = len(tsf1_list)
1454 ctx1.abstract_syntax = zero_syntax
1455 ctx1.transfer_syntaxes = tsf1_list
1457 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1459 rep = self.recv_pdu()
1460 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1462 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1463 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1464 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1465 self.assertEquals(rep.u.secondary_address_size, 4)
1466 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1467 self.assertEquals(len(rep.u._pad1), 2)
1468 self.assertEquals(rep.u._pad1, '\0' * 2)
1469 self.assertEquals(rep.u.num_results, 1)
1470 self.assertEquals(rep.u.ctx_list[0].result,
1471 dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1472 self.assertEquals(rep.u.ctx_list[0].reason, features)
1473 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1474 self.assertEquals(rep.u.auth_info, '\0' * 0)
1476 def test_no_auth_bind_time_keep_on_orphan_ignore_additional(self):
1477 features1 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1478 btf1 = base.bind_time_features_syntax(features1)
1480 features2 = dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1481 btf2 = base.bind_time_features_syntax(features2)
1483 zero_syntax = misc.ndr_syntax_id()
1484 ndr64 = base.transfer_syntax_ndr64()
1486 tsf1_list = [btf1, btf2, zero_syntax]
1487 ctx1 = dcerpc.ctx_list()
1489 ctx1.num_transfer_syntaxes = len(tsf1_list)
1490 ctx1.abstract_syntax = ndr64
1491 ctx1.transfer_syntaxes = tsf1_list
1493 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1495 rep = self.recv_pdu()
1496 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1498 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1499 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1500 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1501 self.assertEquals(rep.u.secondary_address_size, 4)
1502 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1503 self.assertEquals(len(rep.u._pad1), 2)
1504 self.assertEquals(rep.u._pad1, '\0' * 2)
1505 self.assertEquals(rep.u.num_results, 1)
1506 self.assertEquals(rep.u.ctx_list[0].result,
1507 dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1508 self.assertEquals(rep.u.ctx_list[0].reason, features1)
1509 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1510 self.assertEquals(rep.u.auth_info, '\0' * 0)
1512 def _test_auth_type_level_bind_nak(self, auth_type, auth_level, creds=None,
1513 reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_AUTH_TYPE):
1514 ndr32 = base.transfer_syntax_ndr()
1517 ctx1 = dcerpc.ctx_list()
1519 ctx1.num_transfer_syntaxes = len(tsf1_list)
1520 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1521 ctx1.transfer_syntaxes = tsf1_list
1526 if creds is not None:
1527 # We always start with DCERPC_AUTH_LEVEL_INTEGRITY
1528 auth_context = self.get_auth_context_creds(creds,
1529 auth_type=auth_type,
1530 auth_level=auth_level,
1531 auth_context_id=auth_context_id,
1532 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
1534 (finished, to_server) = auth_context["gensec"].update(from_server)
1535 self.assertFalse(finished)
1537 auth_info = self.generate_auth(auth_type=auth_context["auth_type"],
1538 auth_level=auth_context["auth_level"],
1539 auth_context_id=auth_context["auth_context_id"],
1540 auth_blob=to_server)
1543 auth_info = self.generate_auth(auth_type=auth_type,
1544 auth_level=auth_level,
1545 auth_context_id=auth_context_id,
1546 auth_blob=to_server)
1548 req = self.generate_bind(call_id=0,
1550 auth_info=auth_info)
1552 rep = self.recv_pdu()
1553 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
1555 self.assertEquals(rep.u.reject_reason, reason)
1556 self.assertEquals(rep.u.num_versions, 1)
1557 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
1558 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
1559 self.assertEquals(len(rep.u._pad), 3)
1560 self.assertEquals(rep.u._pad, '\0' * 3)
1562 # wait for a disconnect
1563 rep = self.recv_pdu()
1564 self.assertIsNone(rep)
1565 self.assertNotConnected()
1567 def _test_auth_none_level_bind(self, auth_level,
1568 reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_AUTH_TYPE):
1569 return self._test_auth_type_level_bind_nak(auth_type=dcerpc.DCERPC_AUTH_LEVEL_NONE,
1570 auth_level=auth_level, reason=reason)
1572 def test_auth_none_none_bind(self):
1573 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_NONE,
1574 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1576 def test_auth_none_connect_bind(self):
1577 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_CONNECT)
1579 def test_auth_none_call_bind(self):
1580 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_CALL)
1582 def test_auth_none_packet_bind(self):
1583 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_PACKET)
1585 def test_auth_none_integrity_bind(self):
1586 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
1588 def test_auth_none_privacy_bind(self):
1589 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_PRIVACY)
1591 def test_auth_none_0_bind(self):
1592 return self._test_auth_none_level_bind(0,
1593 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1595 def test_auth_none_7_bind(self):
1596 return self._test_auth_none_level_bind(7,
1597 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1599 def test_auth_none_255_bind(self):
1600 return self._test_auth_none_level_bind(255,
1601 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1603 def _test_auth_none_level_request(self, auth_level):
1604 ndr32 = base.transfer_syntax_ndr()
1607 ctx1 = dcerpc.ctx_list()
1609 ctx1.num_transfer_syntaxes = len(tsf1_list)
1610 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1611 ctx1.transfer_syntaxes = tsf1_list
1614 auth_type = dcerpc.DCERPC_AUTH_TYPE_NONE
1617 req = self.generate_bind(call_id=0,
1621 rep = self.recv_pdu()
1622 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
1623 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1624 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1625 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1626 self.assertEquals(rep.u.secondary_address_size, 4)
1627 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1628 self.assertEquals(len(rep.u._pad1), 2)
1629 self.assertEquals(rep.u._pad1, '\0' * 2)
1630 self.assertEquals(rep.u.num_results, 1)
1631 self.assertEquals(rep.u.ctx_list[0].result,
1632 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1633 self.assertEquals(rep.u.ctx_list[0].reason,
1634 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1635 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1636 self.assertEquals(len(rep.u.auth_info), 0)
1638 # And now try a request without auth_info
1639 req = self.generate_request(call_id=2,
1640 context_id=ctx1.context_id,
1644 rep = self.recv_pdu()
1645 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1647 self.assertNotEquals(rep.u.alloc_hint, 0)
1648 self.assertEquals(rep.u.context_id, req.u.context_id)
1649 self.assertEquals(rep.u.cancel_count, 0)
1650 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1652 auth_info = self.generate_auth(auth_type=auth_type,
1653 auth_level=auth_level,
1654 auth_context_id=auth_context_id,
1657 req = self.generate_request(call_id=3,
1658 context_id=ctx1.context_id,
1661 auth_info=auth_info)
1663 rep = self.recv_pdu()
1664 # We get a fault back
1665 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
1667 self.assertNotEquals(rep.u.alloc_hint, 0)
1668 self.assertEquals(rep.u.context_id, req.u.context_id)
1669 self.assertEquals(rep.u.cancel_count, 0)
1670 self.assertEquals(rep.u.flags, 0)
1671 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
1672 self.assertEquals(rep.u.reserved, 0)
1673 self.assertEquals(len(rep.u.error_and_verifier), 0)
1675 # wait for a disconnect
1676 rep = self.recv_pdu()
1677 self.assertIsNone(rep)
1678 self.assertNotConnected()
1680 def test_auth_none_none_request(self):
1681 return self._test_auth_none_level_request(dcerpc.DCERPC_AUTH_LEVEL_NONE)
1683 def test_auth_none_connect_request(self):
1684 return self._test_auth_none_level_request(dcerpc.DCERPC_AUTH_LEVEL_CONNECT)
1686 def test_auth_none_call_request(self):
1687 return self._test_auth_none_level_request(dcerpc.DCERPC_AUTH_LEVEL_CALL)
1689 def _test_neg_xmit_check_values(self,
1695 ndr32 = base.transfer_syntax_ndr()
1698 ctx1 = dcerpc.ctx_list()
1700 ctx1.num_transfer_syntaxes = len(tsf1_list)
1701 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1702 ctx1.transfer_syntaxes = tsf1_list
1704 req = self.generate_bind(call_id=0,
1705 max_xmit_frag=req_xmit,
1706 max_recv_frag=req_recv,
1709 rep = self.recv_pdu()
1710 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1712 self.assertEquals(rep.u.max_xmit_frag, rep_both)
1713 self.assertEquals(rep.u.max_recv_frag, rep_both)
1714 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1715 self.assertEquals(rep.u.secondary_address_size, 4)
1716 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1717 self.assertEquals(len(rep.u._pad1), 2)
1718 self.assertEquals(rep.u._pad1, '\0' * 2)
1719 self.assertEquals(rep.u.num_results, 1)
1720 self.assertEquals(rep.u.ctx_list[0].result,
1721 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1722 self.assertEquals(rep.u.ctx_list[0].reason,
1723 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1724 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1725 self.assertEquals(rep.u.auth_info, '\0' * 0)
1727 assoc_group_id = rep.u.assoc_group_id
1728 if alter_xmit is None:
1729 alter_xmit = rep_both - 8
1730 if alter_recv is None:
1731 alter_recv = rep_both - 8
1733 # max_{xmit,recv}_frag and assoc_group_id are completely
1734 # ignored in alter_context requests
1735 req = self.generate_alter(call_id=1,
1736 max_xmit_frag=alter_xmit,
1737 max_recv_frag=alter_recv,
1738 assoc_group_id=0xffffffff - rep.u.assoc_group_id,
1741 rep = self.recv_pdu()
1742 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1744 self.assertEquals(rep.u.max_xmit_frag, rep_both)
1745 self.assertEquals(rep.u.max_recv_frag, rep_both)
1746 self.assertEquals(rep.u.assoc_group_id, rep.u.assoc_group_id)
1747 self.assertEquals(rep.u.secondary_address_size, 0)
1748 self.assertEquals(len(rep.u._pad1), 2)
1749 #self.assertEquals(rep.u._pad1, '\0' * 2)
1750 self.assertEquals(rep.u.num_results, 1)
1751 self.assertEquals(rep.u.ctx_list[0].result,
1752 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1753 self.assertEquals(rep.u.ctx_list[0].reason,
1754 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1755 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1756 self.assertEquals(rep.u.auth_info, '\0' * 0)
1758 chunk_size = rep_both - dcerpc.DCERPC_REQUEST_LENGTH
1759 req = self.generate_request(call_id=2,
1760 context_id=ctx1.context_id,
1762 alloc_hint=0xffffffff,
1763 stub="\00" * chunk_size)
1764 self.send_pdu(req, ndr_print=True, hexdump=True)
1765 rep = self.recv_pdu(ndr_print=True, hexdump=True)
1766 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1768 self.assertNotEquals(rep.u.alloc_hint, 0)
1769 self.assertEquals(rep.u.context_id, req.u.context_id)
1770 self.assertEquals(rep.u.cancel_count, 0)
1771 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1773 chunk_size = 5840 - dcerpc.DCERPC_REQUEST_LENGTH
1774 req = self.generate_request(call_id=2,
1775 context_id=ctx1.context_id,
1777 alloc_hint=0xffffffff,
1778 stub="\00" * chunk_size)
1780 rep = self.recv_pdu()
1781 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1783 self.assertNotEquals(rep.u.alloc_hint, 0)
1784 self.assertEquals(rep.u.context_id, req.u.context_id)
1785 self.assertEquals(rep.u.cancel_count, 0)
1786 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1789 req = self.generate_request(call_id=3,
1790 context_id=ctx1.context_id,
1792 alloc_hint=0xffffffff,
1793 stub="\00" * chunk_size)
1795 rep = self.recv_pdu()
1797 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
1799 self.assertNotEquals(rep.u.alloc_hint, 0)
1800 self.assertEquals(rep.u.context_id, 0)
1801 self.assertEquals(rep.u.cancel_count, 0)
1802 self.assertEquals(rep.u.flags, 0)
1803 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
1804 self.assertEquals(rep.u.reserved, 0)
1805 self.assertEquals(len(rep.u.error_and_verifier), 0)
1807 # wait for a disconnect
1808 rep = self.recv_pdu()
1809 self.assertIsNone(rep)
1810 self.assertNotConnected()
1812 def test_neg_xmit_ffff_ffff(self):
1813 return self._test_neg_xmit_check_values(req_xmit=0xffff,
1817 def test_neg_xmit_0_ffff(self):
1818 return self._test_neg_xmit_check_values(req_xmit=0,
1824 def test_neg_xmit_ffff_0(self):
1825 return self._test_neg_xmit_check_values(req_xmit=0xffff,
1829 def test_neg_xmit_0_0(self):
1830 return self._test_neg_xmit_check_values(req_xmit=0,
1836 def test_neg_xmit_3199_0(self):
1837 return self._test_neg_xmit_check_values(req_xmit=3199,
1841 def test_neg_xmit_0_3199(self):
1842 return self._test_neg_xmit_check_values(req_xmit=0,
1846 def test_neg_xmit_3199_ffff(self):
1847 return self._test_neg_xmit_check_values(req_xmit=3199,
1851 def test_neg_xmit_ffff_3199(self):
1852 return self._test_neg_xmit_check_values(req_xmit=0xffff,
1856 def test_alloc_hint(self):
1857 ndr32 = base.transfer_syntax_ndr()
1860 ctx = dcerpc.ctx_list()
1862 ctx.num_transfer_syntaxes = len(tsf1_list)
1863 ctx.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1864 ctx.transfer_syntaxes = tsf1_list
1866 req = self.generate_bind(call_id=0,
1869 rep = self.recv_pdu()
1870 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1872 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1873 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1874 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1875 self.assertEquals(rep.u.secondary_address_size, 4)
1876 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1877 self.assertEquals(len(rep.u._pad1), 2)
1878 self.assertEquals(rep.u._pad1, '\0' * 2)
1879 self.assertEquals(rep.u.num_results, 1)
1880 self.assertEquals(rep.u.ctx_list[0].result,
1881 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1882 self.assertEquals(rep.u.ctx_list[0].reason,
1883 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1884 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1885 self.assertEquals(rep.u.auth_info, '\0' * 0)
1887 # And now try a request without auth_info
1888 req = self.generate_request(call_id=2,
1889 context_id=ctx.context_id,
1891 alloc_hint=0xffffffff,
1894 rep = self.recv_pdu()
1895 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1897 self.assertNotEquals(rep.u.alloc_hint, 0)
1898 self.assertEquals(rep.u.context_id, req.u.context_id)
1899 self.assertEquals(rep.u.cancel_count, 0)
1900 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1902 req = self.generate_request(call_id=3,
1903 context_id=ctx.context_id,
1905 alloc_hint=0xffffffff,
1906 stub="\04\00\00\00\00\00\00\00")
1908 rep = self.recv_pdu()
1909 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1911 self.assertNotEquals(rep.u.alloc_hint, 0)
1912 self.assertEquals(rep.u.context_id, req.u.context_id)
1913 self.assertEquals(rep.u.cancel_count, 0)
1914 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1916 req = self.generate_request(call_id=4,
1917 context_id=ctx.context_id,
1920 stub="\04\00\00\00\00\00\00\00")
1922 rep = self.recv_pdu()
1923 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1925 self.assertNotEquals(rep.u.alloc_hint, 0)
1926 self.assertEquals(rep.u.context_id, req.u.context_id)
1927 self.assertEquals(rep.u.cancel_count, 0)
1928 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1930 def _get_netlogon_ctx(self):
1931 abstract = samba.dcerpc.netlogon.abstract_syntax()
1932 ndr32 = base.transfer_syntax_ndr()
1934 (ctx, ack) = self.prepare_presentation(abstract, ndr32, context_id=0,
1935 epmap=True, return_ack=True)
1937 server = '\\\\' + self.target_hostname
1938 server_utf16 = unicode(server, 'utf-8').encode('utf-16-le')
1939 computer = 'UNKNOWNCOMPUTER'
1940 computer_utf16 = unicode(computer, 'utf-8').encode('utf-16-le')
1942 real_stub = struct.pack('<IIII', 0x00200000,
1943 len(server) + 1, 0, len(server) + 1)
1944 real_stub += server_utf16 + '\x00\x00'
1945 mod_len = len(real_stub) % 4
1947 real_stub += '\x00' * (4 - mod_len)
1948 real_stub += struct.pack('<III',
1949 len(computer) + 1, 0, len(computer) + 1)
1950 real_stub += computer_utf16 + '\x00\x00'
1951 real_stub += '\x11\x22\x33\x44\x55\x66\x77\x88'
1953 return (ctx, ack, real_stub)
1955 def _test_fragmented_requests(self, remaining=None, alloc_hint=None,
1956 fault_first=None, fault_last=None):
1957 (ctx, rep, real_stub) = self._get_netlogon_ctx()
1959 chunk = rep.u.max_recv_frag - dcerpc.DCERPC_REQUEST_LENGTH
1963 while remaining > 0:
1964 thistime = min(remaining, chunk)
1965 remaining -= thistime
1970 pfc_flags |= dcerpc.DCERPC_PFC_FLAG_FIRST
1972 stub = real_stub + '\x00' * (thistime - len(real_stub))
1974 stub = "\x00" * thistime
1977 pfc_flags |= dcerpc.DCERPC_PFC_FLAG_LAST
1979 # And now try a request without auth_info
1980 # netr_ServerReqChallenge()
1981 req = self.generate_request(call_id=0x21234,
1982 pfc_flags=pfc_flags,
1983 context_id=ctx.context_id,
1985 alloc_hint=alloc_hint,
1987 if alloc_hint >= thistime:
1988 alloc_hint -= thistime
1991 self.send_pdu(req, hexdump=False)
1992 if fault_first is not None:
1993 rep = self.recv_pdu()
1994 # We get a fault back
1995 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
1997 self.assertNotEquals(rep.u.alloc_hint, 0)
1998 self.assertEquals(rep.u.context_id, req.u.context_id)
1999 self.assertEquals(rep.u.cancel_count, 0)
2000 self.assertEquals(rep.u.flags, 0)
2001 self.assertEquals(rep.u.status, fault_first)
2002 self.assertEquals(rep.u.reserved, 0)
2003 self.assertEquals(len(rep.u.error_and_verifier), 0)
2005 # wait for a disconnect
2006 rep = self.recv_pdu()
2007 self.assertIsNone(rep)
2008 self.assertNotConnected()
2012 if total >= 0x400000 and fault_last is not None:
2013 rep = self.recv_pdu()
2014 # We get a fault back
2015 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2017 self.assertNotEquals(rep.u.alloc_hint, 0)
2018 self.assertEquals(rep.u.context_id, req.u.context_id)
2019 self.assertEquals(rep.u.cancel_count, 0)
2020 self.assertEquals(rep.u.flags, 0)
2021 self.assertEquals(rep.u.status, fault_last)
2022 self.assertEquals(rep.u.reserved, 0)
2023 self.assertEquals(len(rep.u.error_and_verifier), 0)
2025 # wait for a disconnect
2026 rep = self.recv_pdu()
2027 self.assertIsNone(rep)
2028 self.assertNotConnected()
2030 rep = self.recv_pdu(timeout=0.01)
2031 self.assertIsNone(rep)
2032 self.assertIsConnected()
2034 if total >= 0x400000 and fault_last is not None:
2035 rep = self.recv_pdu()
2036 # We get a fault back
2037 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2039 self.assertNotEquals(rep.u.alloc_hint, 0)
2040 self.assertEquals(rep.u.context_id, req.u.context_id)
2041 self.assertEquals(rep.u.cancel_count, 0)
2042 self.assertEquals(rep.u.flags, 0)
2043 self.assertEquals(rep.u.status, fault_last)
2044 self.assertEquals(rep.u.reserved, 0)
2045 self.assertEquals(len(rep.u.error_and_verifier), 0)
2047 # wait for a disconnect
2048 rep = self.recv_pdu()
2049 self.assertIsNone(rep)
2050 self.assertNotConnected()
2052 rep = self.recv_pdu()
2053 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2055 self.assertNotEquals(rep.u.alloc_hint, 0)
2056 self.assertEquals(rep.u.context_id, req.u.context_id)
2057 self.assertEquals(rep.u.cancel_count, 0)
2058 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2060 self.assertEquals(len(rep.u.stub_and_verifier), 12)
2061 status = struct.unpack_from("<I", rep.u.stub_and_verifier, len(rep.u.stub_and_verifier) - 4)
2062 self.assertEquals(status[0], 0)
2064 def test_fragmented_requests01(self):
2065 return self._test_fragmented_requests(remaining=0x400000,
2066 alloc_hint=0x400000)
2068 def test_fragmented_requests02(self):
2069 return self._test_fragmented_requests(remaining=0x400000,
2070 alloc_hint=0x100000)
2072 def test_fragmented_requests03(self):
2073 return self._test_fragmented_requests(remaining=0x400000,
2076 def test_fragmented_requests04(self):
2077 return self._test_fragmented_requests(remaining=0x400000,
2078 alloc_hint=0x400001,
2079 fault_first=dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2081 def test_fragmented_requests05(self):
2082 return self._test_fragmented_requests(remaining=0x500001,
2084 fault_last=dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2086 def _test_same_requests(self, pfc_flags, fault_1st=False, fault_2nd=False):
2087 (ctx, rep, real_stub) = self._get_netlogon_ctx()
2089 # netr_ServerReqChallenge with given flags
2090 req = self.generate_request(call_id=2,
2091 pfc_flags=pfc_flags,
2092 context_id=ctx.context_id,
2097 rep = self.recv_pdu()
2098 # We get a fault back
2099 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2101 self.assertNotEquals(rep.u.alloc_hint, 0)
2102 self.assertEquals(rep.u.context_id, 0)
2103 self.assertEquals(rep.u.cancel_count, 0)
2104 self.assertEquals(rep.u.flags, 0)
2105 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2106 self.assertEquals(rep.u.reserved, 0)
2107 self.assertEquals(len(rep.u.error_and_verifier), 0)
2109 # wait for a disconnect
2110 rep = self.recv_pdu()
2111 self.assertIsNone(rep)
2112 self.assertNotConnected()
2114 rep = self.recv_pdu(timeout=0.1)
2115 self.assertIsNone(rep)
2116 self.assertIsConnected()
2118 # netr_ServerReqChallenge without DCERPC_PFC_FLAG_LAST
2119 # with the same call_id
2120 req = self.generate_request(call_id=2,
2121 pfc_flags=pfc_flags,
2122 context_id=ctx.context_id,
2127 rep = self.recv_pdu()
2128 # We get a fault back
2129 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2131 self.assertNotEquals(rep.u.alloc_hint, 0)
2132 self.assertEquals(rep.u.context_id, req.u.context_id)
2133 self.assertEquals(rep.u.cancel_count, 0)
2134 self.assertEquals(rep.u.flags, 0)
2135 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2136 self.assertEquals(rep.u.reserved, 0)
2137 self.assertEquals(len(rep.u.error_and_verifier), 0)
2139 # wait for a disconnect
2140 rep = self.recv_pdu()
2141 self.assertIsNone(rep)
2142 self.assertNotConnected()
2145 rep = self.recv_pdu(timeout=0.1)
2146 self.assertIsNone(rep)
2147 self.assertIsConnected()
2149 def test_first_only_requests(self):
2150 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2153 def test_none_only_requests(self):
2154 return self._test_same_requests(pfc_flags=0, fault_1st=True)
2156 def test_last_only_requests(self):
2157 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2160 def test_first_maybe_requests(self):
2161 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2162 dcerpc.DCERPC_PFC_FLAG_MAYBE,
2165 def test_first_didnot_requests(self):
2166 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2167 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
2170 def test_first_cmpx_requests(self):
2171 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2172 dcerpc.DCERPC_PFC_FLAG_CONC_MPX,
2175 def test_first_08_requests(self):
2176 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2180 def test_first_cancel_requests(self):
2181 (ctx, rep, real_stub) = self._get_netlogon_ctx()
2183 # netr_ServerReqChallenge with given flags
2184 req = self.generate_request(call_id=2,
2185 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2186 dcerpc.DCERPC_PFC_FLAG_PENDING_CANCEL,
2187 context_id=ctx.context_id,
2191 rep = self.recv_pdu()
2192 # We get a fault back
2193 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2194 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2195 dcerpc.DCERPC_PFC_FLAG_LAST |
2196 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
2198 self.assertNotEquals(rep.u.alloc_hint, 0)
2199 self.assertEquals(rep.u.context_id, 0)
2200 self.assertEquals(rep.u.cancel_count, 0)
2201 self.assertEquals(rep.u.flags, 0)
2202 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_NO_CALL_ACTIVE)
2203 self.assertEquals(rep.u.reserved, 0)
2204 self.assertEquals(len(rep.u.error_and_verifier), 0)
2206 # wait for a disconnect
2207 rep = self.recv_pdu()
2208 self.assertIsNone(rep)
2209 self.assertNotConnected()
2211 def test_2nd_cancel_requests(self):
2212 (ctx, rep, real_stub) = self._get_netlogon_ctx()
2214 # netr_ServerReqChallenge with given flags
2215 req = self.generate_request(call_id=2,
2216 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2217 context_id=ctx.context_id,
2221 rep = self.recv_pdu(timeout=0.1)
2222 self.assertIsNone(rep)
2223 self.assertIsConnected()
2225 # netr_ServerReqChallenge with given flags
2226 req = self.generate_request(call_id=2,
2227 pfc_flags=dcerpc.DCERPC_PFC_FLAG_PENDING_CANCEL,
2228 context_id=ctx.context_id,
2232 rep = self.recv_pdu(timeout=0.1)
2233 self.assertIsNone(rep)
2234 self.assertIsConnected()
2236 # netr_ServerReqChallenge with given flags
2237 req = self.generate_request(call_id=2,
2238 pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2239 context_id=ctx.context_id,
2243 rep = self.recv_pdu()
2244 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2246 self.assertNotEquals(rep.u.alloc_hint, 0)
2247 self.assertEquals(rep.u.context_id, req.u.context_id)
2248 self.assertEquals(rep.u.cancel_count, 0)
2249 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2251 self.assertEquals(len(rep.u.stub_and_verifier), 12)
2252 status = struct.unpack_from("<I", rep.u.stub_and_verifier, len(rep.u.stub_and_verifier) - 4)
2253 self.assertEquals(status[0], 0)
2255 def test_last_cancel_requests(self):
2256 (ctx, rep, real_stub) = self._get_netlogon_ctx()
2258 # netr_ServerReqChallenge with given flags
2259 req = self.generate_request(call_id=2,
2260 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2261 context_id=ctx.context_id,
2265 rep = self.recv_pdu(timeout=0.1)
2266 self.assertIsNone(rep)
2267 self.assertIsConnected()
2269 # netr_ServerReqChallenge with given flags
2270 req = self.generate_request(call_id=2,
2271 pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST |
2272 dcerpc.DCERPC_PFC_FLAG_PENDING_CANCEL,
2273 context_id=ctx.context_id,
2277 rep = self.recv_pdu()
2278 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2280 self.assertNotEquals(rep.u.alloc_hint, 0)
2281 self.assertEquals(rep.u.context_id, req.u.context_id)
2282 self.assertEquals(rep.u.cancel_count, 0)
2283 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2285 self.assertEquals(len(rep.u.stub_and_verifier), 12)
2286 status = struct.unpack_from("<I", rep.u.stub_and_verifier, len(rep.u.stub_and_verifier) - 4)
2287 self.assertEquals(status[0], 0)
2289 def test_mix_requests(self):
2290 (ctx, rep, real_stub) = self._get_netlogon_ctx()
2292 # netr_ServerReqChallenge with given flags
2293 req = self.generate_request(call_id=50,
2294 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2295 context_id=ctx.context_id,
2299 rep = self.recv_pdu(timeout=0.1)
2300 self.assertIsNone(rep)
2301 self.assertIsConnected()
2303 # netr_ServerReqChallenge with given flags
2304 req = self.generate_request(call_id=51,
2305 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2306 context_id=ctx.context_id,
2310 rep = self.recv_pdu()
2311 # We get a fault back
2312 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, 50,
2313 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2314 dcerpc.DCERPC_PFC_FLAG_LAST,
2316 self.assertNotEquals(rep.u.alloc_hint, 0)
2317 self.assertEquals(rep.u.context_id, req.u.context_id)
2318 self.assertEquals(rep.u.cancel_count, 0)
2319 self.assertEquals(rep.u.flags, 0)
2320 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2321 self.assertEquals(rep.u.reserved, 0)
2322 self.assertEquals(len(rep.u.error_and_verifier), 0)
2324 def test_co_cancel_no_request(self):
2325 ndr32 = base.transfer_syntax_ndr()
2326 abstract = samba.dcerpc.mgmt.abstract_syntax()
2327 ctx = self.prepare_presentation(abstract, ndr32, context_id=0xff)
2329 req = self.generate_co_cancel(call_id=3)
2331 rep = self.recv_pdu(timeout=0.01)
2332 self.assertIsNone(rep)
2333 self.assertIsConnected()
2335 # And now try a request
2336 req = self.generate_request(call_id=1,
2337 context_id=ctx.context_id,
2341 rep = self.recv_pdu()
2342 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2344 self.assertNotEquals(rep.u.alloc_hint, 0)
2345 self.assertEquals(rep.u.context_id, req.u.context_id)
2346 self.assertEquals(rep.u.cancel_count, 0)
2347 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2349 def test_co_cancel_request_after_first(self):
2350 ndr32 = base.transfer_syntax_ndr()
2351 abstract = samba.dcerpc.mgmt.abstract_syntax()
2352 ctx = self.prepare_presentation(abstract, ndr32, context_id=0xff)
2354 req = self.generate_request(call_id=1,
2355 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2356 context_id=ctx.context_id,
2360 rep = self.recv_pdu(timeout=0.01)
2361 self.assertIsNone(rep)
2362 self.assertIsConnected()
2364 req = self.generate_co_cancel(call_id=1)
2366 rep = self.recv_pdu(timeout=0.01)
2367 self.assertIsNone(rep)
2368 self.assertIsConnected()
2370 req = self.generate_request(call_id=1,
2371 pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2372 context_id=ctx.context_id,
2376 rep = self.recv_pdu()
2377 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2379 self.assertNotEquals(rep.u.alloc_hint, 0)
2380 self.assertEquals(rep.u.context_id, req.u.context_id)
2381 self.assertEquals(rep.u.cancel_count, 0)
2382 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2384 # And now try a request
2385 req = self.generate_request(call_id=2,
2386 context_id=ctx.context_id,
2390 rep = self.recv_pdu()
2391 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2393 self.assertNotEquals(rep.u.alloc_hint, 0)
2394 self.assertEquals(rep.u.context_id, req.u.context_id)
2395 self.assertEquals(rep.u.cancel_count, 0)
2396 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2398 def test_orphaned_no_request(self):
2399 ndr32 = base.transfer_syntax_ndr()
2400 abstract = samba.dcerpc.mgmt.abstract_syntax()
2401 ctx = self.prepare_presentation(abstract, ndr32)
2403 req = self.generate_orphaned(call_id=3)
2405 rep = self.recv_pdu(timeout=0.01)
2406 self.assertIsNone(rep)
2407 self.assertIsConnected()
2409 # And now try a request
2410 req = self.generate_request(call_id=1,
2411 context_id=ctx.context_id,
2415 rep = self.recv_pdu()
2416 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2418 self.assertNotEquals(rep.u.alloc_hint, 0)
2419 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2420 self.assertEquals(rep.u.cancel_count, 0)
2421 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2423 def test_orphaned_request_after_first_last(self):
2424 ndr32 = base.transfer_syntax_ndr()
2425 abstract = samba.dcerpc.mgmt.abstract_syntax()
2426 ctx = self.prepare_presentation(abstract, ndr32)
2428 req = self.generate_request(call_id=1,
2429 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2430 context_id=ctx.context_id,
2434 rep = self.recv_pdu(timeout=0.1)
2435 self.assertIsNone(rep)
2436 self.assertIsConnected()
2438 req = self.generate_orphaned(call_id=1)
2440 rep = self.recv_pdu(timeout=0.1)
2441 self.assertIsNone(rep)
2442 self.assertIsConnected()
2444 req = self.generate_request(call_id=1,
2445 pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2446 context_id=ctx.context_id,
2450 rep = self.recv_pdu()
2451 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2453 self.assertNotEquals(rep.u.alloc_hint, 0)
2454 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2455 self.assertEquals(rep.u.cancel_count, 0)
2456 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2458 # And now try a request
2459 req = self.generate_request(call_id=2,
2460 context_id=ctx.context_id,
2464 rep = self.recv_pdu()
2465 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2467 self.assertNotEquals(rep.u.alloc_hint, 0)
2468 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2469 self.assertEquals(rep.u.cancel_count, 0)
2470 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2472 def test_orphaned_request_after_first_mpx_last(self):
2473 ndr32 = base.transfer_syntax_ndr()
2474 abstract = samba.dcerpc.mgmt.abstract_syntax()
2476 pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST
2477 pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST
2478 pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_CONC_MPX
2479 ctx = self.prepare_presentation(abstract, ndr32, pfc_flags=pfc_flags)
2481 req = self.generate_request(call_id=1,
2482 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2483 context_id=ctx.context_id,
2487 rep = self.recv_pdu(timeout=0.1)
2488 self.assertIsNone(rep)
2489 self.assertIsConnected()
2491 req = self.generate_orphaned(call_id=1)
2493 rep = self.recv_pdu(timeout=0.1)
2494 self.assertIsNone(rep)
2495 self.assertIsConnected()
2497 req = self.generate_request(call_id=1,
2498 pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2499 context_id=ctx.context_id,
2503 rep = self.recv_pdu()
2504 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2506 self.assertNotEquals(rep.u.alloc_hint, 0)
2507 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2508 self.assertEquals(rep.u.cancel_count, 0)
2509 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2511 # And now try a request
2512 req = self.generate_request(call_id=2,
2513 context_id=ctx.context_id,
2517 rep = self.recv_pdu()
2518 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2520 self.assertNotEquals(rep.u.alloc_hint, 0)
2521 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2522 self.assertEquals(rep.u.cancel_count, 0)
2523 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2525 def test_orphaned_request_after_first_no_last(self):
2526 ndr32 = base.transfer_syntax_ndr()
2527 abstract = samba.dcerpc.mgmt.abstract_syntax()
2528 ctx = self.prepare_presentation(abstract, ndr32)
2530 req1 = self.generate_request(call_id=1,
2531 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2532 context_id=ctx.context_id,
2536 rep = self.recv_pdu(timeout=0.1)
2537 self.assertIsNone(rep)
2538 self.assertIsConnected()
2540 req = self.generate_orphaned(call_id=1)
2542 rep = self.recv_pdu(timeout=0.1)
2543 self.assertIsNone(rep)
2544 self.assertIsConnected()
2546 # And now try a new request
2547 req2 = self.generate_request(call_id=2,
2548 context_id=ctx.context_id,
2552 rep = self.recv_pdu()
2553 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req1.call_id,
2555 self.assertNotEquals(rep.u.alloc_hint, 0)
2556 self.assertEquals(rep.u.context_id, req1.u.context_id)
2557 self.assertEquals(rep.u.cancel_count, 0)
2558 self.assertEquals(rep.u.flags, 0)
2559 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2560 self.assertEquals(rep.u.reserved, 0)
2561 self.assertEquals(len(rep.u.error_and_verifier), 0)
2563 # wait for a disconnect
2564 rep = self.recv_pdu()
2565 self.assertIsNone(rep)
2566 self.assertNotConnected()
2568 def test_orphaned_request_after_first_mpx_no_last(self):
2569 ndr32 = base.transfer_syntax_ndr()
2570 abstract = samba.dcerpc.mgmt.abstract_syntax()
2572 pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST
2573 pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST
2574 pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_CONC_MPX
2575 ctx = self.prepare_presentation(abstract, ndr32,
2576 pfc_flags=pfc_flags)
2578 req1 = self.generate_request(call_id=1,
2579 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2580 context_id=ctx.context_id,
2584 rep = self.recv_pdu(timeout=0.1)
2585 self.assertIsNone(rep)
2586 self.assertIsConnected()
2588 req = self.generate_orphaned(call_id=1)
2590 rep = self.recv_pdu(timeout=0.1)
2591 self.assertIsNone(rep)
2592 self.assertIsConnected()
2594 # And now try a new request
2595 req2 = self.generate_request(call_id=2,
2596 context_id=ctx.context_id - 1,
2600 rep = self.recv_pdu()
2601 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req2.call_id,
2603 self.assertNotEquals(rep.u.alloc_hint, 0)
2604 self.assertEquals(rep.u.context_id, 0)
2605 self.assertEquals(rep.u.cancel_count, 0)
2606 self.assertEquals(rep.u.flags, 0)
2607 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2608 self.assertEquals(rep.u.reserved, 0)
2609 self.assertEquals(len(rep.u.error_and_verifier), 0)
2611 # wait for a disconnect
2612 rep = self.recv_pdu()
2613 self.assertIsNone(rep)
2614 self.assertNotConnected()
2616 def test_spnego_connect_request(self):
2617 ndr32 = base.transfer_syntax_ndr()
2620 ctx1 = dcerpc.ctx_list()
2622 ctx1.num_transfer_syntaxes = len(tsf1_list)
2623 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2624 ctx1.transfer_syntaxes = tsf1_list
2627 c = self.get_anon_creds()
2628 g = gensec.Security.start_client(self.settings)
2629 g.set_credentials(c)
2630 g.want_feature(gensec.FEATURE_DCE_STYLE)
2631 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2632 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
2634 g.start_mech_by_authtype(auth_type, auth_level)
2636 (finished, to_server) = g.update(from_server)
2637 self.assertFalse(finished)
2639 auth_info = self.generate_auth(auth_type=auth_type,
2640 auth_level=auth_level,
2641 auth_context_id=auth_context_id,
2642 auth_blob=to_server)
2644 req = self.generate_bind(call_id=0,
2646 auth_info=auth_info)
2649 rep = self.recv_pdu()
2650 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2651 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2652 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2653 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2654 self.assertEquals(rep.u.secondary_address_size, 4)
2655 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
2656 self.assertEquals(len(rep.u._pad1), 2)
2657 self.assertEquals(rep.u._pad1, '\0' * 2)
2658 self.assertEquals(rep.u.num_results, 1)
2659 self.assertEquals(rep.u.ctx_list[0].result,
2660 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2661 self.assertEquals(rep.u.ctx_list[0].reason,
2662 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2663 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2664 self.assertNotEquals(len(rep.u.auth_info), 0)
2665 a = self.parse_auth(rep.u.auth_info)
2667 from_server = a.credentials
2668 (finished, to_server) = g.update(from_server)
2669 self.assertFalse(finished)
2671 auth_info = self.generate_auth(auth_type=auth_type,
2672 auth_level=auth_level,
2673 auth_context_id=auth_context_id,
2674 auth_blob=to_server)
2676 req = self.generate_alter(call_id=0,
2678 assoc_group_id=rep.u.assoc_group_id,
2679 auth_info=auth_info)
2682 rep = self.recv_pdu()
2683 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
2684 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2685 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2686 self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2687 self.assertEquals(rep.u.secondary_address_size, 0)
2688 self.assertEquals(len(rep.u._pad1), 2)
2689 # Windows sends garbage
2690 #self.assertEquals(rep.u._pad1, '\0' * 2)
2691 self.assertEquals(rep.u.num_results, 1)
2692 self.assertEquals(rep.u.ctx_list[0].result,
2693 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2694 self.assertEquals(rep.u.ctx_list[0].reason,
2695 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2696 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2697 self.assertNotEquals(len(rep.u.auth_info), 0)
2698 a = self.parse_auth(rep.u.auth_info)
2700 from_server = a.credentials
2701 (finished, to_server) = g.update(from_server)
2702 self.assertTrue(finished)
2704 # And now try a request without auth_info
2705 req = self.generate_request(call_id=2,
2706 context_id=ctx1.context_id,
2710 rep = self.recv_pdu()
2711 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2713 self.assertNotEquals(rep.u.alloc_hint, 0)
2714 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2715 self.assertEquals(rep.u.cancel_count, 0)
2716 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2718 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
2719 auth_info = self.generate_auth(auth_type=auth_type,
2720 auth_level=auth_level,
2721 auth_context_id=auth_context_id,
2722 auth_blob="\x01" +"\x00" *15)
2723 req = self.generate_request(call_id=3,
2724 context_id=ctx1.context_id,
2727 auth_info=auth_info)
2729 rep = self.recv_pdu()
2730 # We don't get an auth_info back
2731 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2733 self.assertNotEquals(rep.u.alloc_hint, 0)
2734 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2735 self.assertEquals(rep.u.cancel_count, 0)
2736 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2738 # Now a request with auth_info DCERPC_AUTH_LEVEL_INTEGRITY
2739 auth_info = self.generate_auth(auth_type=auth_type,
2740 auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
2741 auth_context_id=auth_context_id,
2742 auth_blob="\x01" + "\x00" * 15)
2743 req = self.generate_request(call_id=4,
2744 context_id=ctx1.context_id,
2747 auth_info=auth_info)
2749 rep = self.recv_pdu()
2750 # We get a fault back
2751 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2753 self.assertNotEquals(rep.u.alloc_hint, 0)
2754 self.assertEquals(rep.u.context_id, req.u.context_id)
2755 self.assertEquals(rep.u.cancel_count, 0)
2756 self.assertEquals(rep.u.flags, 0)
2757 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2758 self.assertEquals(rep.u.reserved, 0)
2759 self.assertEquals(len(rep.u.error_and_verifier), 0)
2761 # wait for a disconnect
2762 rep = self.recv_pdu()
2763 self.assertIsNone(rep)
2764 self.assertNotConnected()
2766 def test_spnego_integrity_request(self):
2767 ndr32 = base.transfer_syntax_ndr()
2770 ctx1 = dcerpc.ctx_list()
2772 ctx1.num_transfer_syntaxes = len(tsf1_list)
2773 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2774 ctx1.transfer_syntaxes = tsf1_list
2777 c = self.get_anon_creds()
2778 g = gensec.Security.start_client(self.settings)
2779 g.set_credentials(c)
2780 g.want_feature(gensec.FEATURE_DCE_STYLE)
2781 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2782 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
2784 g.start_mech_by_authtype(auth_type, auth_level)
2786 (finished, to_server) = g.update(from_server)
2787 self.assertFalse(finished)
2789 auth_info = self.generate_auth(auth_type=auth_type,
2790 auth_level=auth_level,
2791 auth_context_id=auth_context_id,
2792 auth_blob=to_server)
2794 req = self.generate_bind(call_id=0,
2796 auth_info=auth_info)
2799 rep = self.recv_pdu()
2800 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2801 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2802 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2803 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2804 self.assertEquals(rep.u.secondary_address_size, 4)
2805 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
2806 self.assertEquals(len(rep.u._pad1), 2)
2807 self.assertEquals(rep.u._pad1, '\0' * 2)
2808 self.assertEquals(rep.u.num_results, 1)
2809 self.assertEquals(rep.u.ctx_list[0].result,
2810 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2811 self.assertEquals(rep.u.ctx_list[0].reason,
2812 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2813 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2814 self.assertNotEquals(len(rep.u.auth_info), 0)
2815 a = self.parse_auth(rep.u.auth_info)
2817 from_server = a.credentials
2818 (finished, to_server) = g.update(from_server)
2819 self.assertFalse(finished)
2821 auth_info = self.generate_auth(auth_type=auth_type,
2822 auth_level=auth_level,
2823 auth_context_id=auth_context_id,
2824 auth_blob=to_server)
2826 req = self.generate_alter(call_id=0,
2828 assoc_group_id=rep.u.assoc_group_id,
2829 auth_info=auth_info)
2832 rep = self.recv_pdu()
2833 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
2834 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2835 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2836 self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2837 self.assertEquals(rep.u.secondary_address_size, 0)
2838 self.assertEquals(len(rep.u._pad1), 2)
2839 # Windows sends garbage
2840 #self.assertEquals(rep.u._pad1, '\0' * 2)
2841 self.assertEquals(rep.u.num_results, 1)
2842 self.assertEquals(rep.u.ctx_list[0].result,
2843 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2844 self.assertEquals(rep.u.ctx_list[0].reason,
2845 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2846 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2847 self.assertNotEquals(len(rep.u.auth_info), 0)
2848 a = self.parse_auth(rep.u.auth_info)
2850 from_server = a.credentials
2851 (finished, to_server) = g.update(from_server)
2852 self.assertTrue(finished)
2854 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
2855 auth_info = self.generate_auth(auth_type=auth_type,
2856 auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
2857 auth_context_id=auth_context_id,
2858 auth_blob="\x01" + "\x00" * 15)
2859 req = self.generate_request(call_id=3,
2860 context_id=ctx1.context_id,
2863 auth_info=auth_info)
2865 rep = self.recv_pdu()
2866 # We get a fault back
2867 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2869 self.assertNotEquals(rep.u.alloc_hint, 0)
2870 self.assertEquals(rep.u.context_id, req.u.context_id)
2871 self.assertEquals(rep.u.cancel_count, 0)
2872 self.assertEquals(rep.u.flags, 0)
2873 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2874 self.assertEquals(rep.u.reserved, 0)
2875 self.assertEquals(len(rep.u.error_and_verifier), 0)
2877 # wait for a disconnect
2878 rep = self.recv_pdu()
2879 self.assertIsNone(rep)
2880 self.assertNotConnected()
2882 def test_spnego_unfinished_request(self):
2883 ndr32 = base.transfer_syntax_ndr()
2886 ctx1 = dcerpc.ctx_list()
2888 ctx1.num_transfer_syntaxes = len(tsf1_list)
2889 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2890 ctx1.transfer_syntaxes = tsf1_list
2893 c = self.get_anon_creds()
2894 g = gensec.Security.start_client(self.settings)
2895 g.set_credentials(c)
2896 g.want_feature(gensec.FEATURE_DCE_STYLE)
2897 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2898 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
2900 g.start_mech_by_authtype(auth_type, auth_level)
2902 (finished, to_server) = g.update(from_server)
2903 self.assertFalse(finished)
2905 auth_info = self.generate_auth(auth_type=auth_type,
2906 auth_level=auth_level,
2907 auth_context_id=auth_context_id,
2908 auth_blob=to_server)
2910 req = self.generate_bind(call_id=0,
2912 auth_info=auth_info)
2915 rep = self.recv_pdu()
2916 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2917 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2918 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2919 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2920 assoc_group_id = rep.u.assoc_group_id
2921 self.assertEquals(rep.u.secondary_address_size, 4)
2922 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
2923 self.assertEquals(len(rep.u._pad1), 2)
2924 self.assertEquals(rep.u._pad1, '\0' * 2)
2925 self.assertEquals(rep.u.num_results, 1)
2926 self.assertEquals(rep.u.ctx_list[0].result,
2927 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2928 self.assertEquals(rep.u.ctx_list[0].reason,
2929 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2930 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2931 self.assertNotEquals(len(rep.u.auth_info), 0)
2932 a = self.parse_auth(rep.u.auth_info)
2934 from_server = a.credentials
2935 (finished, to_server) = g.update(from_server)
2936 self.assertFalse(finished)
2938 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
2939 auth_info = self.generate_auth(auth_type=auth_type,
2940 auth_level=auth_level,
2941 auth_context_id=auth_context_id,
2942 auth_blob="\x01" + "\x00" * 15)
2943 req = self.generate_request(call_id=1,
2944 context_id=ctx1.context_id,
2947 auth_info=auth_info)
2949 rep = self.recv_pdu()
2951 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2952 pfc_flags=req.pfc_flags |
2953 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
2955 self.assertNotEquals(rep.u.alloc_hint, 0)
2956 self.assertEquals(rep.u.context_id, 0)
2957 self.assertEquals(rep.u.cancel_count, 0)
2958 self.assertEquals(rep.u.flags, 0)
2959 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2960 self.assertEquals(rep.u.reserved, 0)
2961 self.assertEquals(len(rep.u.error_and_verifier), 0)
2963 # wait for a disconnect
2964 rep = self.recv_pdu()
2965 self.assertIsNone(rep)
2966 self.assertNotConnected()
2968 def test_spnego_auth3(self):
2969 ndr32 = base.transfer_syntax_ndr()
2972 ctx1 = dcerpc.ctx_list()
2974 ctx1.num_transfer_syntaxes = len(tsf1_list)
2975 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2976 ctx1.transfer_syntaxes = tsf1_list
2979 c = self.get_anon_creds()
2980 g = gensec.Security.start_client(self.settings)
2981 g.set_credentials(c)
2982 g.want_feature(gensec.FEATURE_DCE_STYLE)
2983 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2984 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
2986 g.start_mech_by_authtype(auth_type, auth_level)
2988 (finished, to_server) = g.update(from_server)
2989 self.assertFalse(finished)
2991 auth_info = self.generate_auth(auth_type=auth_type,
2992 auth_level=auth_level,
2993 auth_context_id=auth_context_id,
2994 auth_blob=to_server)
2995 req = self.generate_bind(call_id=0,
2997 auth_info=auth_info)
2999 rep = self.recv_pdu()
3000 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3001 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3002 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3003 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3004 self.assertEquals(rep.u.secondary_address_size, 4)
3005 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3006 self.assertEquals(len(rep.u._pad1), 2)
3007 #self.assertEquals(rep.u._pad1, '\0' * 2)
3008 self.assertEquals(rep.u.num_results, 1)
3009 self.assertEquals(rep.u.ctx_list[0].result,
3010 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3011 self.assertEquals(rep.u.ctx_list[0].reason,
3012 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3013 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3014 self.assertNotEquals(len(rep.u.auth_info), 0)
3015 a = self.parse_auth(rep.u.auth_info)
3017 from_server = a.credentials
3018 (finished, to_server) = g.update(from_server)
3019 self.assertFalse(finished)
3021 auth_info = self.generate_auth(auth_type=auth_type,
3022 auth_level=auth_level,
3023 auth_context_id=auth_context_id,
3024 auth_blob=to_server)
3025 req = self.generate_auth3(call_id=0,
3026 auth_info=auth_info)
3028 rep = self.recv_pdu()
3029 self.assertIsNone(rep)
3030 self.assertIsConnected()
3032 # And now try a request without auth_info
3033 req = self.generate_request(call_id=2,
3034 context_id=ctx1.context_id,
3038 rep = self.recv_pdu()
3039 # We get a fault back
3040 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3042 self.assertNotEquals(rep.u.alloc_hint, 0)
3043 self.assertEquals(rep.u.context_id, req.u.context_id)
3044 self.assertEquals(rep.u.cancel_count, 0)
3045 self.assertEquals(rep.u.flags, 0)
3046 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
3047 self.assertEquals(rep.u.reserved, 0)
3048 self.assertEquals(len(rep.u.error_and_verifier), 0)
3050 # wait for a disconnect
3051 rep = self.recv_pdu()
3052 self.assertIsNone(rep)
3053 self.assertNotConnected()
3055 def test_spnego_connect_reauth_alter(self):
3056 ndr32 = base.transfer_syntax_ndr()
3057 ndr64 = base.transfer_syntax_ndr64()
3060 ctx1 = dcerpc.ctx_list()
3062 ctx1.num_transfer_syntaxes = len(tsf1_list)
3063 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3064 ctx1.transfer_syntaxes = tsf1_list
3067 c = self.get_anon_creds()
3068 g = gensec.Security.start_client(self.settings)
3069 g.set_credentials(c)
3070 g.want_feature(gensec.FEATURE_DCE_STYLE)
3071 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3072 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3074 g.start_mech_by_authtype(auth_type, auth_level)
3076 (finished, to_server) = g.update(from_server)
3077 self.assertFalse(finished)
3079 auth_info = self.generate_auth(auth_type=auth_type,
3080 auth_level=auth_level,
3081 auth_context_id=auth_context_id,
3082 auth_blob=to_server)
3084 req = self.generate_bind(call_id=0,
3086 auth_info=auth_info)
3089 rep = self.recv_pdu()
3090 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3091 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3092 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3093 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3094 self.assertEquals(rep.u.secondary_address_size, 4)
3095 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3096 self.assertEquals(len(rep.u._pad1), 2)
3097 self.assertEquals(rep.u._pad1, '\0' * 2)
3098 self.assertEquals(rep.u.num_results, 1)
3099 self.assertEquals(rep.u.ctx_list[0].result,
3100 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3101 self.assertEquals(rep.u.ctx_list[0].reason,
3102 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3103 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3104 self.assertNotEquals(len(rep.u.auth_info), 0)
3105 a = self.parse_auth(rep.u.auth_info)
3107 from_server = a.credentials
3108 (finished, to_server) = g.update(from_server)
3109 self.assertFalse(finished)
3111 auth_info = self.generate_auth(auth_type=auth_type,
3112 auth_level=auth_level,
3113 auth_context_id=auth_context_id,
3114 auth_blob=to_server)
3115 req = self.generate_alter(call_id=0,
3117 assoc_group_id=rep.u.assoc_group_id,
3118 auth_info=auth_info)
3120 rep = self.recv_pdu()
3121 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
3122 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3123 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3124 self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3125 self.assertEquals(rep.u.secondary_address_size, 0)
3126 self.assertEquals(len(rep.u._pad1), 2)
3127 # Windows sends garbage
3128 #self.assertEquals(rep.u._pad1, '\0' * 2)
3129 self.assertEquals(rep.u.num_results, 1)
3130 self.assertEquals(rep.u.ctx_list[0].result,
3131 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3132 self.assertEquals(rep.u.ctx_list[0].reason,
3133 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3134 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3135 self.assertNotEquals(len(rep.u.auth_info), 0)
3136 a = self.parse_auth(rep.u.auth_info)
3138 from_server = a.credentials
3139 (finished, to_server) = g.update(from_server)
3140 self.assertTrue(finished)
3142 # And now try a request without auth_info
3143 req = self.generate_request(call_id=2,
3144 context_id=ctx1.context_id,
3148 rep = self.recv_pdu()
3149 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3151 self.assertNotEquals(rep.u.alloc_hint, 0)
3152 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
3153 self.assertEquals(rep.u.cancel_count, 0)
3154 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3156 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
3157 auth_info = self.generate_auth(auth_type=auth_type,
3158 auth_level=auth_level,
3159 auth_context_id=auth_context_id,
3160 auth_blob="\x01" + "\x00" * 15)
3161 req = self.generate_request(call_id=3,
3162 context_id=ctx1.context_id,
3165 auth_info=auth_info)
3167 rep = self.recv_pdu()
3168 # We don't get an auth_info back
3169 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3171 self.assertNotEquals(rep.u.alloc_hint, 0)
3172 self.assertEquals(rep.u.context_id, req.u.context_id)
3173 self.assertEquals(rep.u.cancel_count, 0)
3174 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3178 g = gensec.Security.start_client(self.settings)
3179 g.set_credentials(c)
3180 g.want_feature(gensec.FEATURE_DCE_STYLE)
3181 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3182 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3184 g.start_mech_by_authtype(auth_type, auth_level)
3186 (finished, to_server) = g.update(from_server)
3187 self.assertFalse(finished)
3189 auth_info = self.generate_auth(auth_type=auth_type,
3190 auth_level=auth_level,
3191 auth_context_id=auth_context_id,
3192 auth_blob=to_server)
3193 req = self.generate_alter(call_id=0,
3195 auth_info=auth_info)
3197 rep = self.recv_pdu()
3199 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3200 pfc_flags=req.pfc_flags |
3201 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3203 self.assertNotEquals(rep.u.alloc_hint, 0)
3204 self.assertEquals(rep.u.context_id, 0)
3205 self.assertEquals(rep.u.cancel_count, 0)
3206 self.assertEquals(rep.u.flags, 0)
3207 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
3208 self.assertEquals(rep.u.reserved, 0)
3209 self.assertEquals(len(rep.u.error_and_verifier), 0)
3211 # wait for a disconnect
3212 rep = self.recv_pdu()
3213 self.assertIsNone(rep)
3214 self.assertNotConnected()
3216 def test_spnego_connect_reauth_auth3(self):
3217 ndr32 = base.transfer_syntax_ndr()
3218 ndr64 = base.transfer_syntax_ndr64()
3221 ctx1 = dcerpc.ctx_list()
3223 ctx1.num_transfer_syntaxes = len(tsf1_list)
3224 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3225 ctx1.transfer_syntaxes = tsf1_list
3228 c = self.get_anon_creds()
3229 g = gensec.Security.start_client(self.settings)
3230 g.set_credentials(c)
3231 g.want_feature(gensec.FEATURE_DCE_STYLE)
3232 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3233 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3235 g.start_mech_by_authtype(auth_type, auth_level)
3237 (finished, to_server) = g.update(from_server)
3238 self.assertFalse(finished)
3240 auth_info = self.generate_auth(auth_type=auth_type,
3241 auth_level=auth_level,
3242 auth_context_id=auth_context_id,
3243 auth_blob=to_server)
3245 req = self.generate_bind(call_id=0,
3247 auth_info=auth_info)
3250 rep = self.recv_pdu()
3251 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3252 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3253 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3254 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3255 self.assertEquals(rep.u.secondary_address_size, 4)
3256 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3257 self.assertEquals(len(rep.u._pad1), 2)
3258 self.assertEquals(rep.u._pad1, '\0' * 2)
3259 self.assertEquals(rep.u.num_results, 1)
3260 self.assertEquals(rep.u.ctx_list[0].result,
3261 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3262 self.assertEquals(rep.u.ctx_list[0].reason,
3263 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3264 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3265 self.assertNotEquals(len(rep.u.auth_info), 0)
3266 a = self.parse_auth(rep.u.auth_info)
3268 from_server = a.credentials
3269 (finished, to_server) = g.update(from_server)
3270 self.assertFalse(finished)
3272 auth_info = self.generate_auth(auth_type=auth_type,
3273 auth_level=auth_level,
3274 auth_context_id=auth_context_id,
3275 auth_blob=to_server)
3276 req = self.generate_alter(call_id=0,
3278 assoc_group_id=rep.u.assoc_group_id,
3279 auth_info=auth_info)
3281 rep = self.recv_pdu()
3282 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
3283 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3284 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3285 self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3286 self.assertEquals(rep.u.secondary_address_size, 0)
3287 self.assertEquals(len(rep.u._pad1), 2)
3288 # Windows sends garbage
3289 #self.assertEquals(rep.u._pad1, '\0' * 2)
3290 self.assertEquals(rep.u.num_results, 1)
3291 self.assertEquals(rep.u.ctx_list[0].result,
3292 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3293 self.assertEquals(rep.u.ctx_list[0].reason,
3294 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3295 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3296 self.assertNotEquals(len(rep.u.auth_info), 0)
3297 a = self.parse_auth(rep.u.auth_info)
3299 from_server = a.credentials
3300 (finished, to_server) = g.update(from_server)
3301 self.assertTrue(finished)
3303 # And now try a request without auth_info
3304 req = self.generate_request(call_id=2,
3305 context_id=ctx1.context_id,
3309 rep = self.recv_pdu()
3310 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3312 self.assertNotEquals(rep.u.alloc_hint, 0)
3313 self.assertEquals(rep.u.context_id, req.u.context_id)
3314 self.assertEquals(rep.u.cancel_count, 0)
3315 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3317 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
3318 auth_info = self.generate_auth(auth_type=auth_type,
3319 auth_level=auth_level,
3320 auth_context_id=auth_context_id,
3321 auth_blob="\x01" + "\x00" * 15)
3322 req = self.generate_request(call_id=3,
3323 context_id=ctx1.context_id,
3326 auth_info=auth_info)
3328 rep = self.recv_pdu()
3329 # We don't get an auth_info back
3330 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3332 self.assertNotEquals(rep.u.alloc_hint, 0)
3333 self.assertEquals(rep.u.context_id, req.u.context_id)
3334 self.assertEquals(rep.u.cancel_count, 0)
3335 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3339 g = gensec.Security.start_client(self.settings)
3340 g.set_credentials(c)
3341 g.want_feature(gensec.FEATURE_DCE_STYLE)
3342 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3343 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3345 g.start_mech_by_authtype(auth_type, auth_level)
3347 (finished, to_server) = g.update(from_server)
3348 self.assertFalse(finished)
3350 auth_info = self.generate_auth(auth_type=auth_type,
3351 auth_level=auth_level,
3352 auth_context_id=auth_context_id,
3353 auth_blob=to_server)
3354 req = self.generate_auth3(call_id=0,
3355 auth_info=auth_info)
3357 rep = self.recv_pdu()
3359 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3360 pfc_flags=req.pfc_flags |
3361 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3363 self.assertNotEquals(rep.u.alloc_hint, 0)
3364 self.assertEquals(rep.u.context_id, 0)
3365 self.assertEquals(rep.u.cancel_count, 0)
3366 self.assertEquals(rep.u.flags, 0)
3367 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
3368 self.assertEquals(rep.u.reserved, 0)
3369 self.assertEquals(len(rep.u.error_and_verifier), 0)
3371 # wait for a disconnect
3372 rep = self.recv_pdu()
3373 self.assertIsNone(rep)
3374 self.assertNotConnected()
3376 def test_spnego_change_auth_level(self):
3377 ndr32 = base.transfer_syntax_ndr()
3380 ctx1 = dcerpc.ctx_list()
3382 ctx1.num_transfer_syntaxes = len(tsf1_list)
3383 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3384 ctx1.transfer_syntaxes = tsf1_list
3386 c = self.get_anon_creds()
3387 g = gensec.Security.start_client(self.settings)
3388 g.set_credentials(c)
3389 g.want_feature(gensec.FEATURE_DCE_STYLE)
3390 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3391 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3393 g.start_mech_by_authtype(auth_type, auth_level)
3395 (finished, to_server) = g.update(from_server)
3396 self.assertFalse(finished)
3398 auth_info = self.generate_auth(auth_type=auth_type,
3399 auth_level=auth_level,
3400 auth_context_id=auth_context_id,
3401 auth_blob=to_server)
3402 req = self.generate_bind(call_id=0,
3404 auth_info=auth_info)
3406 rep = self.recv_pdu()
3407 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3408 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3409 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3410 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3411 self.assertEquals(rep.u.secondary_address_size, 4)
3412 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3413 self.assertEquals(len(rep.u._pad1), 2)
3414 self.assertEquals(rep.u._pad1, '\0' * 2)
3415 self.assertEquals(rep.u.num_results, 1)
3416 self.assertEquals(rep.u.ctx_list[0].result,
3417 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3418 self.assertEquals(rep.u.ctx_list[0].reason,
3419 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3420 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3421 self.assertNotEquals(len(rep.u.auth_info), 0)
3422 a = self.parse_auth(rep.u.auth_info)
3424 from_server = a.credentials
3425 (finished, to_server) = g.update(from_server)
3426 self.assertFalse(finished)
3428 auth_info = self.generate_auth(auth_type=auth_type,
3429 auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
3430 auth_context_id=auth_context_id,
3431 auth_blob=to_server)
3432 req = self.generate_alter(call_id=0,
3434 assoc_group_id=rep.u.assoc_group_id,
3435 auth_info=auth_info)
3437 rep = self.recv_pdu()
3438 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3439 pfc_flags=req.pfc_flags |
3440 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3442 self.assertNotEquals(rep.u.alloc_hint, 0)
3443 self.assertEquals(rep.u.context_id, 0)
3444 self.assertEquals(rep.u.cancel_count, 0)
3445 self.assertEquals(rep.u.flags, 0)
3446 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
3447 self.assertEquals(rep.u.reserved, 0)
3448 self.assertEquals(len(rep.u.error_and_verifier), 0)
3450 # wait for a disconnect
3451 rep = self.recv_pdu()
3452 self.assertIsNone(rep)
3453 self.assertNotConnected()
3455 def test_spnego_change_abstract(self):
3456 ndr32 = base.transfer_syntax_ndr()
3459 ctx1 = dcerpc.ctx_list()
3461 ctx1.num_transfer_syntaxes = len(tsf1_list)
3462 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3463 ctx1.transfer_syntaxes = tsf1_list
3465 ctx1b = dcerpc.ctx_list()
3466 ctx1b.context_id = 1
3467 ctx1b.num_transfer_syntaxes = len(tsf1_list)
3468 ctx1b.abstract_syntax = samba.dcerpc.epmapper.abstract_syntax()
3469 ctx1b.transfer_syntaxes = tsf1_list
3471 c = self.get_anon_creds()
3472 g = gensec.Security.start_client(self.settings)
3473 g.set_credentials(c)
3474 g.want_feature(gensec.FEATURE_DCE_STYLE)
3475 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3476 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3478 g.start_mech_by_authtype(auth_type, auth_level)
3480 (finished, to_server) = g.update(from_server)
3481 self.assertFalse(finished)
3483 auth_info = self.generate_auth(auth_type=auth_type,
3484 auth_level=auth_level,
3485 auth_context_id=auth_context_id,
3486 auth_blob=to_server)
3487 req = self.generate_bind(call_id=0,
3489 auth_info=auth_info)
3491 rep = self.recv_pdu()
3492 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3493 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3494 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3495 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3496 self.assertEquals(rep.u.secondary_address_size, 4)
3497 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3498 self.assertEquals(len(rep.u._pad1), 2)
3499 #self.assertEquals(rep.u._pad1, '\0' * 2)
3500 self.assertEquals(rep.u.num_results, 1)
3501 self.assertEquals(rep.u.ctx_list[0].result,
3502 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3503 self.assertEquals(rep.u.ctx_list[0].reason,
3504 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3505 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3506 self.assertNotEquals(len(rep.u.auth_info), 0)
3507 a = self.parse_auth(rep.u.auth_info)
3509 from_server = a.credentials
3510 (finished, to_server) = g.update(from_server)
3511 self.assertFalse(finished)
3513 auth_info = self.generate_auth(auth_type=auth_type,
3514 auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
3515 auth_context_id=auth_context_id,
3516 auth_blob=to_server)
3517 req = self.generate_alter(call_id=0,
3519 assoc_group_id=rep.u.assoc_group_id,
3520 auth_info=auth_info)
3522 rep = self.recv_pdu()
3523 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3524 pfc_flags=req.pfc_flags |
3525 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3527 self.assertNotEquals(rep.u.alloc_hint, 0)
3528 self.assertEquals(rep.u.context_id, 0)
3529 self.assertEquals(rep.u.cancel_count, 0)
3530 self.assertEquals(rep.u.flags, 0)
3531 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
3532 self.assertEquals(rep.u.reserved, 0)
3533 self.assertEquals(len(rep.u.error_and_verifier), 0)
3535 # wait for a disconnect
3536 rep = self.recv_pdu()
3537 self.assertIsNone(rep)
3538 self.assertNotConnected()
3540 def test_spnego_change_transfer(self):
3541 ndr32 = base.transfer_syntax_ndr()
3542 ndr64 = base.transfer_syntax_ndr64()
3545 ctx1 = dcerpc.ctx_list()
3547 ctx1.num_transfer_syntaxes = len(tsf1_list)
3548 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3549 ctx1.transfer_syntaxes = tsf1_list
3551 tsf1b_list = [ndr32, ndr64]
3552 ctx1b = dcerpc.ctx_list()
3553 ctx1b.context_id = 1
3554 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
3555 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3556 ctx1b.transfer_syntaxes = tsf1b_list
3558 c = self.get_anon_creds()
3559 g = gensec.Security.start_client(self.settings)
3560 g.set_credentials(c)
3561 g.want_feature(gensec.FEATURE_DCE_STYLE)
3562 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3563 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3565 g.start_mech_by_authtype(auth_type, auth_level)
3567 (finished, to_server) = g.update(from_server)
3568 self.assertFalse(finished)
3570 auth_info = self.generate_auth(auth_type=auth_type,
3571 auth_level=auth_level,
3572 auth_context_id=auth_context_id,
3573 auth_blob=to_server)
3574 req = self.generate_bind(call_id=0,
3576 auth_info=auth_info)
3578 rep = self.recv_pdu()
3579 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3580 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3581 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3582 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3583 self.assertEquals(rep.u.secondary_address_size, 4)
3584 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3585 self.assertEquals(len(rep.u._pad1), 2)
3586 #self.assertEquals(rep.u._pad1, '\0' * 2)
3587 self.assertEquals(rep.u.num_results, 1)
3588 self.assertEquals(rep.u.ctx_list[0].result,
3589 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3590 self.assertEquals(rep.u.ctx_list[0].reason,
3591 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3592 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3593 self.assertNotEquals(len(rep.u.auth_info), 0)
3594 a = self.parse_auth(rep.u.auth_info)
3596 from_server = a.credentials
3597 (finished, to_server) = g.update(from_server)
3598 self.assertFalse(finished)
3600 # We change ctx_list and auth_level
3601 auth_info = self.generate_auth(auth_type=auth_type,
3602 auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
3603 auth_context_id=auth_context_id,
3604 auth_blob=to_server)
3605 req = self.generate_alter(call_id=0,
3607 assoc_group_id=rep.u.assoc_group_id,
3608 auth_info=auth_info)
3610 rep = self.recv_pdu()
3611 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3612 pfc_flags=req.pfc_flags |
3613 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3615 self.assertNotEquals(rep.u.alloc_hint, 0)
3616 self.assertEquals(rep.u.context_id, 0)
3617 self.assertEquals(rep.u.cancel_count, 0)
3618 self.assertEquals(rep.u.flags, 0)
3619 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
3620 self.assertEquals(rep.u.reserved, 0)
3621 self.assertEquals(len(rep.u.error_and_verifier), 0)
3623 # wait for a disconnect
3624 rep = self.recv_pdu()
3625 self.assertIsNone(rep)
3626 self.assertNotConnected()
3628 def test_spnego_change_auth_type1(self):
3629 ndr32 = base.transfer_syntax_ndr()
3630 ndr64 = base.transfer_syntax_ndr64()
3633 ctx1 = dcerpc.ctx_list()
3635 ctx1.num_transfer_syntaxes = len(tsf1_list)
3636 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3637 ctx1.transfer_syntaxes = tsf1_list
3639 c = self.get_anon_creds()
3640 g = gensec.Security.start_client(self.settings)
3641 g.set_credentials(c)
3642 g.want_feature(gensec.FEATURE_DCE_STYLE)
3643 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3644 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3646 g.start_mech_by_authtype(auth_type, auth_level)
3648 (finished, to_server) = g.update(from_server)
3649 self.assertFalse(finished)
3651 auth_info = self.generate_auth(auth_type=auth_type,
3652 auth_level=auth_level,
3653 auth_context_id=auth_context_id,
3654 auth_blob=to_server)
3655 req = self.generate_bind(call_id=0,
3657 auth_info=auth_info)
3659 rep = self.recv_pdu()
3660 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3661 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3662 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3663 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3664 self.assertEquals(rep.u.secondary_address_size, 4)
3665 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3666 self.assertEquals(len(rep.u._pad1), 2)
3667 #self.assertEquals(rep.u._pad1, '\0' * 2)
3668 self.assertEquals(rep.u.num_results, 1)
3669 self.assertEquals(rep.u.ctx_list[0].result,
3670 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3671 self.assertEquals(rep.u.ctx_list[0].reason,
3672 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3673 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3674 self.assertNotEquals(len(rep.u.auth_info), 0)
3675 a = self.parse_auth(rep.u.auth_info)
3677 from_server = a.credentials
3678 (finished, to_server) = g.update(from_server)
3679 self.assertFalse(finished)
3681 # We change ctx_list and auth_level
3682 auth_info = self.generate_auth(auth_type=dcerpc.DCERPC_AUTH_TYPE_KRB5,
3683 auth_level=auth_level,
3684 auth_context_id=auth_context_id,
3685 auth_blob=to_server)
3686 req = self.generate_alter(call_id=0,
3688 assoc_group_id=rep.u.assoc_group_id,
3689 auth_info=auth_info)
3691 rep = self.recv_pdu()
3692 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3693 pfc_flags=req.pfc_flags |
3694 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3696 self.assertNotEquals(rep.u.alloc_hint, 0)
3697 self.assertEquals(rep.u.context_id, 0)
3698 self.assertEquals(rep.u.cancel_count, 0)
3699 self.assertEquals(rep.u.flags, 0)
3700 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
3701 self.assertEquals(rep.u.reserved, 0)
3702 self.assertEquals(len(rep.u.error_and_verifier), 0)
3704 # wait for a disconnect
3705 rep = self.recv_pdu()
3706 self.assertIsNone(rep)
3707 self.assertNotConnected()
3709 def test_spnego_change_auth_type2(self):
3710 ndr32 = base.transfer_syntax_ndr()
3711 ndr64 = base.transfer_syntax_ndr64()
3714 ctx1 = dcerpc.ctx_list()
3716 ctx1.num_transfer_syntaxes = len(tsf1_list)
3717 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3718 ctx1.transfer_syntaxes = tsf1_list
3720 tsf1b_list = [ndr32, ndr64]
3721 ctx1b = dcerpc.ctx_list()
3722 ctx1b.context_id = 1
3723 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
3724 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3725 ctx1b.transfer_syntaxes = tsf1b_list
3727 c = self.get_anon_creds()
3728 g = gensec.Security.start_client(self.settings)
3729 g.set_credentials(c)
3730 g.want_feature(gensec.FEATURE_DCE_STYLE)
3731 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3732 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3734 g.start_mech_by_authtype(auth_type, auth_level)
3736 (finished, to_server) = g.update(from_server)
3737 self.assertFalse(finished)
3739 auth_info = self.generate_auth(auth_type=auth_type,
3740 auth_level=auth_level,
3741 auth_context_id=auth_context_id,
3742 auth_blob=to_server)
3743 req = self.generate_bind(call_id=0,
3745 auth_info=auth_info)
3747 rep = self.recv_pdu()
3748 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3749 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3750 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3751 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3752 self.assertEquals(rep.u.secondary_address_size, 4)
3753 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3754 self.assertEquals(len(rep.u._pad1), 2)
3755 #self.assertEquals(rep.u._pad1, '\0' * 2)
3756 self.assertEquals(rep.u.num_results, 1)
3757 self.assertEquals(rep.u.ctx_list[0].result,
3758 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3759 self.assertEquals(rep.u.ctx_list[0].reason,
3760 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3761 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3762 self.assertNotEquals(len(rep.u.auth_info), 0)
3763 a = self.parse_auth(rep.u.auth_info)
3765 from_server = a.credentials
3766 (finished, to_server) = g.update(from_server)
3767 self.assertFalse(finished)
3769 # We change ctx_list and auth_level
3770 auth_info = self.generate_auth(auth_type=dcerpc.DCERPC_AUTH_TYPE_KRB5,
3771 auth_level=auth_level,
3772 auth_context_id=auth_context_id,
3773 auth_blob=to_server)
3774 req = self.generate_alter(call_id=0,
3776 assoc_group_id=rep.u.assoc_group_id,
3777 auth_info=auth_info)
3779 rep = self.recv_pdu()
3780 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3781 pfc_flags=req.pfc_flags |
3782 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3784 self.assertNotEquals(rep.u.alloc_hint, 0)
3785 self.assertEquals(rep.u.context_id, 0)
3786 self.assertEquals(rep.u.cancel_count, 0)
3787 self.assertEquals(rep.u.flags, 0)
3788 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
3789 self.assertEquals(rep.u.reserved, 0)
3790 self.assertEquals(len(rep.u.error_and_verifier), 0)
3792 # wait for a disconnect
3793 rep = self.recv_pdu()
3794 self.assertIsNone(rep)
3795 self.assertNotConnected()
3797 def test_spnego_change_auth_type3(self):
3798 ndr32 = base.transfer_syntax_ndr()
3799 ndr64 = base.transfer_syntax_ndr64()
3802 ctx1 = dcerpc.ctx_list()
3804 ctx1.num_transfer_syntaxes = len(tsf1_list)
3805 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3806 ctx1.transfer_syntaxes = tsf1_list
3808 tsf1b_list = [ndr32, ndr64]
3809 ctx1b = dcerpc.ctx_list()
3810 ctx1b.context_id = 1
3811 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
3812 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3813 ctx1b.transfer_syntaxes = tsf1b_list
3815 c = self.get_anon_creds()
3816 g = gensec.Security.start_client(self.settings)
3817 g.set_credentials(c)
3818 g.want_feature(gensec.FEATURE_DCE_STYLE)
3819 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3820 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3822 g.start_mech_by_authtype(auth_type, auth_level)
3824 (finished, to_server) = g.update(from_server)
3825 self.assertFalse(finished)
3827 auth_info = self.generate_auth(auth_type=auth_type,
3828 auth_level=auth_level,
3829 auth_context_id=auth_context_id,
3830 auth_blob=to_server)
3831 req = self.generate_bind(call_id=0,
3833 auth_info=auth_info)
3835 rep = self.recv_pdu()
3836 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3837 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3838 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3839 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3840 self.assertEquals(rep.u.secondary_address_size, 4)
3841 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3842 self.assertEquals(len(rep.u._pad1), 2)
3843 #self.assertEquals(rep.u._pad1, '\0' * 2)
3844 self.assertEquals(rep.u.num_results, 1)
3845 self.assertEquals(rep.u.ctx_list[0].result,
3846 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3847 self.assertEquals(rep.u.ctx_list[0].reason,
3848 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3849 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3850 self.assertNotEquals(len(rep.u.auth_info), 0)
3851 a = self.parse_auth(rep.u.auth_info)
3853 from_server = a.credentials
3854 (finished, to_server) = g.update(from_server)
3855 self.assertFalse(finished)
3857 # We change ctx_list and auth_level
3858 auth_info = self.generate_auth(auth_type=dcerpc.DCERPC_AUTH_TYPE_NONE,
3859 auth_level=auth_level,
3860 auth_context_id=auth_context_id,
3861 auth_blob=to_server)
3862 req = self.generate_alter(call_id=0,
3864 assoc_group_id=rep.u.assoc_group_id,
3865 auth_info=auth_info)
3867 rep = self.recv_pdu()
3868 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3869 pfc_flags=req.pfc_flags |
3870 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3872 self.assertNotEquals(rep.u.alloc_hint, 0)
3873 self.assertEquals(rep.u.context_id, 0)
3874 self.assertEquals(rep.u.cancel_count, 0)
3875 self.assertEquals(rep.u.flags, 0)
3876 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
3877 self.assertEquals(rep.u.reserved, 0)
3878 self.assertEquals(len(rep.u.error_and_verifier), 0)
3880 # wait for a disconnect
3881 rep = self.recv_pdu()
3882 self.assertIsNone(rep)
3883 self.assertNotConnected()
3885 def test_spnego_auth_pad_ok(self):
3886 ndr32 = base.transfer_syntax_ndr()
3889 ctx1 = dcerpc.ctx_list()
3891 ctx1.num_transfer_syntaxes = len(tsf1_list)
3892 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3893 ctx1.transfer_syntaxes = tsf1_list
3896 c = self.get_anon_creds()
3897 g = gensec.Security.start_client(self.settings)
3898 g.set_credentials(c)
3899 g.want_feature(gensec.FEATURE_DCE_STYLE)
3900 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3901 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3903 g.start_mech_by_authtype(auth_type, auth_level)
3905 (finished, to_server) = g.update(from_server)
3906 self.assertFalse(finished)
3908 auth_info = self.generate_auth(auth_type=auth_type,
3909 auth_level=auth_level,
3910 auth_context_id=auth_context_id,
3911 auth_blob=to_server)
3913 req = self.generate_bind(call_id=0,
3915 auth_info=auth_info)
3916 req_pdu = samba.ndr.ndr_pack(req)
3918 auth_pad_ok = len(req_pdu)
3919 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
3920 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
3921 auth_pad_ok -= len(to_server)
3923 auth_info = self.generate_auth(auth_type=auth_type,
3924 auth_level=auth_level,
3925 auth_context_id=auth_context_id,
3926 auth_pad_length=auth_pad_ok,
3927 auth_blob=to_server)
3929 req = self.generate_bind(call_id=0,
3931 auth_info=auth_info)
3933 rep = self.recv_pdu()
3934 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3935 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3936 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3937 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3938 self.assertEquals(rep.u.secondary_address_size, 4)
3939 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3940 self.assertEquals(len(rep.u._pad1), 2)
3941 #self.assertEquals(rep.u._pad1, '\0' * 2)
3942 self.assertEquals(rep.u.num_results, 1)
3943 self.assertEquals(rep.u.ctx_list[0].result,
3944 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3945 self.assertEquals(rep.u.ctx_list[0].reason,
3946 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3947 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3948 self.assertNotEquals(len(rep.u.auth_info), 0)
3949 a = self.parse_auth(rep.u.auth_info)
3951 from_server = a.credentials
3952 (finished, to_server) = g.update(from_server)
3953 self.assertFalse(finished)
3955 auth_info = self.generate_auth(auth_type=auth_type,
3956 auth_level=auth_level,
3957 auth_context_id=auth_context_id,
3958 auth_blob=to_server)
3959 req = self.generate_alter(call_id=0,
3961 assoc_group_id=rep.u.assoc_group_id,
3962 auth_info=auth_info)
3963 req_pdu = samba.ndr.ndr_pack(req)
3965 auth_pad_ok = len(req_pdu)
3966 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
3967 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
3968 auth_pad_ok -= len(to_server)
3969 auth_info = self.generate_auth(auth_type=auth_type,
3970 auth_level=auth_level,
3971 auth_context_id=auth_context_id,
3972 auth_pad_length=auth_pad_ok,
3973 auth_blob=to_server)
3974 req = self.generate_alter(call_id=0,
3976 assoc_group_id=rep.u.assoc_group_id,
3977 auth_info=auth_info)
3979 rep = self.recv_pdu()
3980 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
3981 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3982 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3983 self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3984 self.assertEquals(rep.u.secondary_address_size, 0)
3985 self.assertEquals(len(rep.u._pad1), 2)
3986 # Windows sends garbage
3987 #self.assertEquals(rep.u._pad1, '\0' * 2)
3988 self.assertEquals(rep.u.num_results, 1)
3989 self.assertEquals(rep.u.ctx_list[0].result,
3990 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3991 self.assertEquals(rep.u.ctx_list[0].reason,
3992 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3993 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3994 self.assertNotEquals(len(rep.u.auth_info), 0)
3995 a = self.parse_auth(rep.u.auth_info)
3997 from_server = a.credentials
3998 (finished, to_server) = g.update(from_server)
3999 self.assertTrue(finished)
4001 # And now try a request without auth_info
4002 req = self.generate_request(call_id=2,
4003 context_id=ctx1.context_id,
4007 rep = self.recv_pdu()
4008 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4010 self.assertNotEquals(rep.u.alloc_hint, 0)
4011 self.assertEquals(rep.u.context_id, req.u.context_id)
4012 self.assertEquals(rep.u.cancel_count, 0)
4013 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4015 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
4016 auth_info = self.generate_auth(auth_type=auth_type,
4017 auth_level=auth_level,
4018 auth_context_id=auth_context_id,
4019 auth_blob="\x01" + "\x00" * 15)
4020 req = self.generate_request(call_id=3,
4021 context_id=ctx1.context_id,
4024 auth_info=auth_info)
4026 rep = self.recv_pdu()
4027 # We don't get an auth_info back
4028 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4030 self.assertNotEquals(rep.u.alloc_hint, 0)
4031 self.assertEquals(rep.u.context_id, req.u.context_id)
4032 self.assertEquals(rep.u.cancel_count, 0)
4033 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4035 self._disconnect("disconnect")
4036 self.assertNotConnected()
4038 def test_spnego_auth_pad_fail_bind(self):
4039 ndr32 = base.transfer_syntax_ndr()
4042 ctx1 = dcerpc.ctx_list()
4044 ctx1.num_transfer_syntaxes = len(tsf1_list)
4045 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4046 ctx1.transfer_syntaxes = tsf1_list
4049 c = self.get_anon_creds()
4050 g = gensec.Security.start_client(self.settings)
4051 g.set_credentials(c)
4052 g.want_feature(gensec.FEATURE_DCE_STYLE)
4053 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
4054 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
4056 g.start_mech_by_authtype(auth_type, auth_level)
4058 (finished, to_server) = g.update(from_server)
4059 self.assertFalse(finished)
4061 auth_info = self.generate_auth(auth_type=auth_type,
4062 auth_level=auth_level,
4063 auth_context_id=auth_context_id,
4064 auth_blob=to_server)
4066 req = self.generate_bind(call_id=0,
4068 auth_info=auth_info)
4069 req_pdu = samba.ndr.ndr_pack(req)
4071 auth_pad_ok = len(req_pdu)
4072 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
4073 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4074 auth_pad_ok -= len(to_server)
4075 auth_pad_bad = auth_pad_ok + 1
4076 auth_info = self.generate_auth(auth_type=auth_type,
4077 auth_level=auth_level,
4078 auth_context_id=auth_context_id,
4079 auth_pad_length=auth_pad_bad,
4080 auth_blob=to_server)
4082 req = self.generate_bind(call_id=0,
4084 auth_info=auth_info)
4086 rep = self.recv_pdu()
4087 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
4089 self.assertEquals(rep.u.reject_reason,
4090 dcerpc.DCERPC_BIND_NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED)
4091 self.assertEquals(rep.u.num_versions, 1)
4092 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
4093 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
4094 self.assertEquals(len(rep.u._pad), 3)
4095 self.assertEquals(rep.u._pad, '\0' * 3)
4097 # wait for a disconnect
4098 rep = self.recv_pdu()
4099 self.assertIsNone(rep)
4100 self.assertNotConnected()
4102 def test_spnego_auth_pad_fail_alter(self):
4103 ndr32 = base.transfer_syntax_ndr()
4106 ctx1 = dcerpc.ctx_list()
4108 ctx1.num_transfer_syntaxes = len(tsf1_list)
4109 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4110 ctx1.transfer_syntaxes = tsf1_list
4113 c = self.get_anon_creds()
4114 g = gensec.Security.start_client(self.settings)
4115 g.set_credentials(c)
4116 g.want_feature(gensec.FEATURE_DCE_STYLE)
4117 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
4118 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
4120 g.start_mech_by_authtype(auth_type, auth_level)
4122 (finished, to_server) = g.update(from_server)
4123 self.assertFalse(finished)
4125 auth_info = self.generate_auth(auth_type=auth_type,
4126 auth_level=auth_level,
4127 auth_context_id=auth_context_id,
4128 auth_blob=to_server)
4130 req = self.generate_bind(call_id=0,
4132 auth_info=auth_info)
4133 req_pdu = samba.ndr.ndr_pack(req)
4135 auth_pad_ok = len(req_pdu)
4136 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
4137 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4138 auth_pad_ok -= len(to_server)
4140 auth_info = self.generate_auth(auth_type=auth_type,
4141 auth_level=auth_level,
4142 auth_context_id=auth_context_id,
4143 auth_pad_length=auth_pad_ok,
4144 auth_blob=to_server)
4146 req = self.generate_bind(call_id=0,
4148 auth_info=auth_info)
4150 rep = self.recv_pdu()
4151 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
4152 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
4153 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
4154 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
4155 self.assertEquals(rep.u.secondary_address_size, 4)
4156 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
4157 self.assertEquals(len(rep.u._pad1), 2)
4158 #self.assertEquals(rep.u._pad1, '\0' * 2)
4159 self.assertEquals(rep.u.num_results, 1)
4160 self.assertEquals(rep.u.ctx_list[0].result,
4161 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
4162 self.assertEquals(rep.u.ctx_list[0].reason,
4163 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
4164 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
4165 self.assertNotEquals(len(rep.u.auth_info), 0)
4166 a = self.parse_auth(rep.u.auth_info)
4168 from_server = a.credentials
4169 (finished, to_server) = g.update(from_server)
4170 self.assertFalse(finished)
4172 auth_info = self.generate_auth(auth_type=auth_type,
4173 auth_level=auth_level,
4174 auth_context_id=auth_context_id,
4175 auth_blob=to_server)
4176 req = self.generate_alter(call_id=0,
4178 assoc_group_id=rep.u.assoc_group_id,
4179 auth_info=auth_info)
4180 req_pdu = samba.ndr.ndr_pack(req)
4182 auth_pad_ok = len(req_pdu)
4183 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
4184 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4185 auth_pad_ok -= len(to_server)
4186 auth_pad_bad = auth_pad_ok + 1
4187 auth_info = self.generate_auth(auth_type=auth_type,
4188 auth_level=auth_level,
4189 auth_context_id=auth_context_id,
4190 auth_pad_length=auth_pad_bad,
4191 auth_blob=to_server)
4192 req = self.generate_alter(call_id=0,
4194 assoc_group_id=rep.u.assoc_group_id,
4195 auth_info=auth_info)
4197 rep = self.recv_pdu()
4198 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
4199 pfc_flags=req.pfc_flags |
4200 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
4202 self.assertNotEquals(rep.u.alloc_hint, 0)
4203 self.assertEquals(rep.u.context_id, 0)
4204 self.assertEquals(rep.u.cancel_count, 0)
4205 self.assertEquals(rep.u.flags, 0)
4206 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
4207 self.assertEquals(rep.u.reserved, 0)
4208 self.assertEquals(len(rep.u.error_and_verifier), 0)
4210 # wait for a disconnect
4211 rep = self.recv_pdu()
4212 self.assertIsNone(rep)
4213 self.assertNotConnected()
4215 def test_ntlmssp_auth_pad_ok(self):
4216 ndr32 = base.transfer_syntax_ndr()
4219 ctx1 = dcerpc.ctx_list()
4221 ctx1.num_transfer_syntaxes = len(tsf1_list)
4222 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4223 ctx1.transfer_syntaxes = tsf1_list
4226 c = self.get_anon_creds()
4227 g = gensec.Security.start_client(self.settings)
4228 g.set_credentials(c)
4229 g.want_feature(gensec.FEATURE_DCE_STYLE)
4230 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
4231 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
4233 g.start_mech_by_authtype(auth_type, auth_level)
4235 (finished, to_server) = g.update(from_server)
4236 self.assertFalse(finished)
4238 auth_info = self.generate_auth(auth_type=auth_type,
4239 auth_level=auth_level,
4240 auth_context_id=auth_context_id,
4241 auth_blob=to_server)
4243 req = self.generate_bind(call_id=0,
4245 auth_info=auth_info)
4246 req_pdu = samba.ndr.ndr_pack(req)
4248 auth_pad_ok = len(req_pdu)
4249 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
4250 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4251 auth_pad_ok -= len(to_server)
4253 auth_info = self.generate_auth(auth_type=auth_type,
4254 auth_level=auth_level,
4255 auth_context_id=auth_context_id,
4256 auth_pad_length=auth_pad_ok,
4257 auth_blob=to_server)
4259 req = self.generate_bind(call_id=0,
4261 auth_info=auth_info)
4263 rep = self.recv_pdu()
4264 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
4265 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
4266 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
4267 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
4268 self.assertEquals(rep.u.secondary_address_size, 4)
4269 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
4270 self.assertEquals(len(rep.u._pad1), 2)
4271 #self.assertEquals(rep.u._pad1, '\0' * 2)
4272 self.assertEquals(rep.u.num_results, 1)
4273 self.assertEquals(rep.u.ctx_list[0].result,
4274 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
4275 self.assertEquals(rep.u.ctx_list[0].reason,
4276 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
4277 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
4278 self.assertNotEquals(len(rep.u.auth_info), 0)
4279 a = self.parse_auth(rep.u.auth_info)
4281 from_server = a.credentials
4282 (finished, to_server) = g.update(from_server)
4283 self.assertTrue(finished)
4286 auth_info = self.generate_auth(auth_type=auth_type,
4287 auth_level=auth_level,
4288 auth_context_id=auth_context_id,
4289 auth_pad_length=auth_pad_ok,
4290 auth_blob=to_server)
4291 req = self.generate_auth3(call_id=0,
4292 auth_info=auth_info)
4294 self.assertIsConnected()
4296 # And now try a request without auth_info
4297 req = self.generate_request(call_id=2,
4298 context_id=ctx1.context_id,
4302 rep = self.recv_pdu()
4303 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4305 self.assertNotEquals(rep.u.alloc_hint, 0)
4306 self.assertEquals(rep.u.context_id, req.u.context_id)
4307 self.assertEquals(rep.u.cancel_count, 0)
4308 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4310 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
4311 auth_info = self.generate_auth(auth_type=auth_type,
4312 auth_level=auth_level,
4313 auth_context_id=auth_context_id,
4314 auth_blob="\x01" + "\x00" * 15)
4315 req = self.generate_request(call_id=3,
4316 context_id=ctx1.context_id,
4319 auth_info=auth_info)
4321 rep = self.recv_pdu()
4322 # We don't get an auth_info back
4323 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4325 self.assertNotEquals(rep.u.alloc_hint, 0)
4326 self.assertEquals(rep.u.context_id, req.u.context_id)
4327 self.assertEquals(rep.u.cancel_count, 0)
4328 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4330 self._disconnect("disconnect")
4331 self.assertNotConnected()
4333 def test_ntlmssp_auth_pad_fail_auth3(self):
4334 ndr32 = base.transfer_syntax_ndr()
4337 ctx1 = dcerpc.ctx_list()
4339 ctx1.num_transfer_syntaxes = len(tsf1_list)
4340 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4341 ctx1.transfer_syntaxes = tsf1_list
4344 c = self.get_anon_creds()
4345 g = gensec.Security.start_client(self.settings)
4346 g.set_credentials(c)
4347 g.want_feature(gensec.FEATURE_DCE_STYLE)
4348 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
4349 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
4351 g.start_mech_by_authtype(auth_type, auth_level)
4353 (finished, to_server) = g.update(from_server)
4354 self.assertFalse(finished)
4356 auth_info = self.generate_auth(auth_type=auth_type,
4357 auth_level=auth_level,
4358 auth_context_id=auth_context_id,
4359 auth_blob=to_server)
4361 req = self.generate_bind(call_id=0,
4363 auth_info=auth_info)
4364 req_pdu = samba.ndr.ndr_pack(req)
4366 auth_pad_ok = len(req_pdu)
4367 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
4368 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4369 auth_pad_ok -= len(to_server)
4371 auth_info = self.generate_auth(auth_type=auth_type,
4372 auth_level=auth_level,
4373 auth_context_id=auth_context_id,
4374 auth_pad_length=auth_pad_ok,
4375 auth_blob=to_server)
4377 req = self.generate_bind(call_id=0,
4379 auth_info=auth_info)
4381 rep = self.recv_pdu()
4382 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
4383 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
4384 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
4385 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
4386 self.assertEquals(rep.u.secondary_address_size, 4)
4387 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
4388 self.assertEquals(len(rep.u._pad1), 2)
4389 #self.assertEquals(rep.u._pad1, '\0' * 2)
4390 self.assertEquals(rep.u.num_results, 1)
4391 self.assertEquals(rep.u.ctx_list[0].result,
4392 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
4393 self.assertEquals(rep.u.ctx_list[0].reason,
4394 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
4395 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
4396 self.assertNotEquals(len(rep.u.auth_info), 0)
4397 a = self.parse_auth(rep.u.auth_info)
4399 from_server = a.credentials
4400 (finished, to_server) = g.update(from_server)
4401 self.assertTrue(finished)
4404 auth_info = self.generate_auth(auth_type=auth_type,
4405 auth_level=auth_level,
4406 auth_context_id=auth_context_id,
4407 auth_pad_length=auth_pad_bad,
4408 auth_blob=to_server)
4409 req = self.generate_auth3(call_id=0,
4410 auth_info=auth_info)
4412 rep = self.recv_pdu()
4413 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
4414 pfc_flags=req.pfc_flags |
4415 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
4417 self.assertNotEquals(rep.u.alloc_hint, 0)
4418 self.assertEquals(rep.u.context_id, 0)
4419 self.assertEquals(rep.u.cancel_count, 0)
4420 self.assertEquals(rep.u.flags, 0)
4421 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_FAULT_REMOTE_NO_MEMORY)
4422 self.assertEquals(rep.u.reserved, 0)
4423 self.assertEquals(len(rep.u.error_and_verifier), 0)
4425 # wait for a disconnect
4426 rep = self.recv_pdu()
4427 self.assertIsNone(rep)
4428 self.assertNotConnected()
4430 def _test_spnego_bind_auth_level(self, auth_level, auth_context_id, ctx,
4431 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4433 creds = self.get_user_creds()
4434 auth_context = self.get_auth_context_creds(creds=creds,
4435 auth_type=dcerpc.DCERPC_AUTH_TYPE_SPNEGO,
4436 auth_level=auth_level,
4437 auth_context_id=auth_context_id,
4438 g_auth_level=g_auth_level)
4439 if auth_context is None:
4441 ack = self.do_generic_bind(ctx=ctx,
4442 auth_context=auth_context,
4443 alter_fault=alter_fault)
4446 return auth_context["gensec"]
4448 def _test_spnego_level_bind_nak(self, auth_level,
4449 reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_CHECKSUM):
4450 c = self.get_user_creds()
4451 return self._test_auth_type_level_bind_nak(auth_type=dcerpc.DCERPC_AUTH_TYPE_SPNEGO,
4452 auth_level=auth_level, creds=c, reason=reason)
4454 def _test_spnego_level_bind(self, auth_level,
4455 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4458 response_fault_flags=0):
4459 ndr32 = base.transfer_syntax_ndr()
4462 ctx1 = dcerpc.ctx_list()
4463 ctx1.context_id = 0x1001
4464 ctx1.num_transfer_syntaxes = len(tsf1_list)
4465 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4466 ctx1.transfer_syntaxes = tsf1_list
4468 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
4471 g = self._test_spnego_bind_auth_level(auth_level=auth_level,
4472 auth_context_id=auth_context_id,
4474 g_auth_level=g_auth_level,
4475 alter_fault=alter_fault)
4477 if request_fault is None:
4480 self.assertIsNotNone(g)
4482 stub_bin = '\x00' * 17
4483 mod_len = len(stub_bin) % dcerpc.DCERPC_AUTH_PAD_ALIGNMENT
4486 auth_pad_length = dcerpc.DCERPC_AUTH_PAD_ALIGNMENT - mod_len
4487 stub_bin += '\x00' * auth_pad_length
4489 if g_auth_level >= dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY:
4490 sig_size = g.sig_size(len(stub_bin))
4493 zero_sig = "\x00" * sig_size
4495 auth_info = self.generate_auth(auth_type=auth_type,
4496 auth_level=auth_level,
4497 auth_pad_length=auth_pad_length,
4498 auth_context_id=auth_context_id,
4500 req = self.generate_request(call_id=4,
4501 context_id=ctx1.context_id,
4504 auth_info=auth_info)
4505 if g_auth_level >= dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY:
4506 req_blob = samba.ndr.ndr_pack(req)
4507 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4508 ofs_sig = len(req_blob) - req.auth_length
4509 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4510 req_data = req_blob[ofs_stub:ofs_trailer]
4511 req_whole = req_blob[0:ofs_sig]
4512 sig = g.sign_packet(req_data, req_whole)
4513 auth_info = self.generate_auth(auth_type=auth_type,
4514 auth_level=auth_level,
4515 auth_pad_length=auth_pad_length,
4516 auth_context_id=auth_context_id,
4518 req = self.generate_request(call_id=4,
4519 context_id=ctx1.context_id,
4522 auth_info=auth_info)
4524 rep = self.recv_pdu()
4525 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
4526 pfc_flags=req.pfc_flags | response_fault_flags,
4528 self.assertNotEquals(rep.u.alloc_hint, 0)
4529 self.assertEquals(rep.u.context_id, ctx1.context_id)
4530 self.assertEquals(rep.u.cancel_count, 0)
4531 self.assertEquals(rep.u.flags, 0)
4532 self.assertEquals(rep.u.status, request_fault)
4533 self.assertEquals(rep.u.reserved, 0)
4534 self.assertEquals(len(rep.u.error_and_verifier), 0)
4536 if response_fault_flags & dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE:
4539 # wait for a disconnect
4540 rep = self.recv_pdu()
4541 self.assertIsNone(rep)
4542 self.assertNotConnected()
4544 def test_spnego_none_bind(self):
4545 return self._test_spnego_level_bind_nak(dcerpc.DCERPC_AUTH_LEVEL_NONE,
4546 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
4548 def test_spnego_call_bind(self):
4549 return self._test_spnego_level_bind_nak(dcerpc.DCERPC_AUTH_LEVEL_CALL,
4550 reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_CHECKSUM)
4552 def test_spnego_0_bind(self):
4553 return self._test_spnego_level_bind_nak(0,
4554 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
4556 def test_spnego_7_bind(self):
4557 return self._test_spnego_level_bind_nak(7,
4558 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
4560 def test_spnego_255_bind(self):
4561 return self._test_spnego_level_bind_nak(255,
4562 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
4564 def test_spnego_connect_bind_none(self):
4565 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
4566 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT)
4568 def test_spnego_connect_bind_sign(self):
4569 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
4570 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
4572 def test_spnego_connect_bind_seal(self):
4573 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
4574 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY)
4576 def test_spnego_packet_bind_none(self):
4577 # DCERPC_AUTH_LEVEL_PACKET is handled as alias of
4578 # DCERPC_AUTH_LEVEL_INTEGRITY
4579 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PACKET,
4580 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
4581 request_fault=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
4583 def test_spnego_packet_bind_sign(self):
4584 # DCERPC_AUTH_LEVEL_PACKET is handled as alias of
4585 # DCERPC_AUTH_LEVEL_INTEGRITY
4586 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PACKET,
4587 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4588 request_fault=dcerpc.DCERPC_NCA_S_OP_RNG_ERROR,
4589 response_fault_flags=dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE)
4591 def test_spnego_packet_bind_sign(self):
4592 # DCERPC_AUTH_LEVEL_PACKET is handled as alias of
4593 # DCERPC_AUTH_LEVEL_INTEGRITY
4594 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PACKET,
4595 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
4596 request_fault=dcerpc.DCERPC_NCA_S_OP_RNG_ERROR,
4597 response_fault_flags=dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE)
4599 def test_spnego_integrity_bind_none(self):
4600 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4601 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
4602 request_fault=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
4604 def test_spnego_integrity_bind_sign(self):
4605 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4606 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4607 request_fault=dcerpc.DCERPC_NCA_S_OP_RNG_ERROR,
4608 response_fault_flags=dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE)
4610 def test_spnego_integrity_bind_seal(self):
4611 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4612 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
4613 request_fault=dcerpc.DCERPC_NCA_S_OP_RNG_ERROR,
4614 response_fault_flags=dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE)
4616 def test_spnego_privacy_bind_none(self):
4618 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
4619 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
4620 alter_fault=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
4622 def test_spnego_privacy_bind_sign(self):
4624 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
4625 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4626 alter_fault=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
4628 def test_spnego_privacy_bind_seal(self):
4629 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
4630 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY)
4632 def _test_spnego_signing_auth_level_request(self, auth_level):
4633 ndr32 = base.transfer_syntax_ndr()
4636 ctx1 = dcerpc.ctx_list()
4637 ctx1.context_id = 0x1001
4638 ctx1.num_transfer_syntaxes = len(tsf1_list)
4639 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4640 ctx1.transfer_syntaxes = tsf1_list
4643 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
4646 g = self._test_spnego_bind_auth_level(auth_level=auth_level,
4647 auth_context_id=auth_context_id,
4650 stub_bin = '\x00' * 0
4651 mod_len = len(stub_bin) % dcerpc.DCERPC_AUTH_PAD_ALIGNMENT
4654 auth_pad_length = dcerpc.DCERPC_AUTH_PAD_ALIGNMENT - mod_len
4655 stub_bin += '\x00' * auth_pad_length
4657 sig_size = g.sig_size(len(stub_bin))
4658 zero_sig = "\x00" * sig_size
4660 auth_info = self.generate_auth(auth_type=auth_type,
4661 auth_level=auth_level,
4662 auth_pad_length=auth_pad_length,
4663 auth_context_id=auth_context_id,
4665 req = self.generate_request(call_id=3,
4666 context_id=ctx1.context_id,
4669 auth_info=auth_info)
4670 req_blob = samba.ndr.ndr_pack(req)
4671 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4672 ofs_sig = len(req_blob) - req.auth_length
4673 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4674 req_data = req_blob[ofs_stub:ofs_trailer]
4675 req_whole = req_blob[0:ofs_sig]
4676 sig = g.sign_packet(req_data, req_whole)
4677 auth_info = self.generate_auth(auth_type=auth_type,
4678 auth_level=auth_level,
4679 auth_pad_length=auth_pad_length,
4680 auth_context_id=auth_context_id,
4682 req = self.generate_request(call_id=3,
4683 context_id=ctx1.context_id,
4686 auth_info=auth_info)
4688 (rep, rep_blob) = self.recv_pdu_raw()
4689 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4690 auth_length=sig_size)
4691 self.assertNotEquals(rep.u.alloc_hint, 0)
4692 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
4693 self.assertEquals(rep.u.cancel_count, 0)
4694 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4695 self.assertEquals(rep.auth_length, sig_size)
4697 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4698 ofs_sig = rep.frag_length - rep.auth_length
4699 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4700 rep_data = rep_blob[ofs_stub:ofs_trailer]
4701 rep_whole = rep_blob[0:ofs_sig]
4702 rep_sig = rep_blob[ofs_sig:]
4703 rep_auth_info_blob = rep_blob[ofs_trailer:]
4705 rep_auth_info = self.parse_auth(rep_auth_info_blob)
4706 self.assertEquals(rep_auth_info.auth_type, auth_type)
4707 self.assertEquals(rep_auth_info.auth_level, auth_level)
4708 # mgmt_inq_if_ids() returns no fixed size results
4709 #self.assertEquals(rep_auth_info.auth_pad_length, 0)
4710 self.assertEquals(rep_auth_info.auth_reserved, 0)
4711 self.assertEquals(rep_auth_info.auth_context_id, auth_context_id)
4712 self.assertEquals(rep_auth_info.credentials, rep_sig)
4714 g.check_packet(rep_data, rep_whole, rep_sig)
4716 stub_bin = '\x00' * 17
4717 mod_len = len(stub_bin) % dcerpc.DCERPC_AUTH_PAD_ALIGNMENT
4720 auth_pad_length = dcerpc.DCERPC_AUTH_PAD_ALIGNMENT - mod_len
4721 stub_bin += '\x00' * auth_pad_length
4723 sig_size = g.sig_size(len(stub_bin))
4724 zero_sig = "\x00" * sig_size
4726 auth_info = self.generate_auth(auth_type=auth_type,
4727 auth_level=auth_level,
4728 auth_pad_length=auth_pad_length,
4729 auth_context_id=auth_context_id,
4731 req = self.generate_request(call_id=4,
4732 context_id=ctx1.context_id,
4735 auth_info=auth_info)
4736 req_blob = samba.ndr.ndr_pack(req)
4737 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4738 ofs_sig = len(req_blob) - req.auth_length
4739 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4740 req_data = req_blob[ofs_stub:ofs_trailer]
4741 req_whole = req_blob[0:ofs_sig]
4742 sig = g.sign_packet(req_data, req_whole)
4743 auth_info = self.generate_auth(auth_type=auth_type,
4744 auth_level=auth_level,
4745 auth_pad_length=auth_pad_length,
4746 auth_context_id=auth_context_id,
4748 req = self.generate_request(call_id=4,
4749 context_id=ctx1.context_id,
4752 auth_info=auth_info)
4754 rep = self.recv_pdu()
4755 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
4756 pfc_flags=req.pfc_flags |
4757 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
4759 self.assertNotEquals(rep.u.alloc_hint, 0)
4760 self.assertEquals(rep.u.context_id, ctx1.context_id)
4761 self.assertEquals(rep.u.cancel_count, 0)
4762 self.assertEquals(rep.u.flags, 0)
4763 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_OP_RNG_ERROR)
4764 self.assertEquals(rep.u.reserved, 0)
4765 self.assertEquals(len(rep.u.error_and_verifier), 0)
4767 stub_bin = '\x00' * 8
4768 mod_len = len(stub_bin) % dcerpc.DCERPC_AUTH_PAD_ALIGNMENT
4771 auth_pad_length = dcerpc.DCERPC_AUTH_PAD_ALIGNMENT - mod_len
4772 stub_bin += '\x00' * auth_pad_length
4774 sig_size = g.sig_size(len(stub_bin))
4775 zero_sig = "\x00" * sig_size
4777 auth_info = self.generate_auth(auth_type=auth_type,
4778 auth_level=auth_level,
4779 auth_pad_length=auth_pad_length,
4780 auth_context_id=auth_context_id,
4782 req = self.generate_request(call_id=5,
4783 context_id=ctx1.context_id,
4786 auth_info=auth_info)
4787 req_blob = samba.ndr.ndr_pack(req)
4788 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4789 ofs_sig = len(req_blob) - req.auth_length
4790 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4791 req_data = req_blob[ofs_stub:ofs_trailer]
4792 req_whole = req_blob[0:ofs_sig]
4793 sig = g.sign_packet(req_data, req_whole)
4794 auth_info = self.generate_auth(auth_type=auth_type,
4795 auth_level=auth_level,
4796 auth_pad_length=auth_pad_length,
4797 auth_context_id=auth_context_id,
4799 req = self.generate_request(call_id=5,
4800 context_id=ctx1.context_id,
4803 auth_info=auth_info)
4805 (rep, rep_blob) = self.recv_pdu_raw()
4806 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4807 auth_length=sig_size)
4808 self.assertNotEquals(rep.u.alloc_hint, 0)
4809 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
4810 self.assertEquals(rep.u.cancel_count, 0)
4811 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4812 self.assertEquals(rep.auth_length, sig_size)
4814 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4815 ofs_sig = rep.frag_length - rep.auth_length
4816 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4817 rep_data = rep_blob[ofs_stub:ofs_trailer]
4818 rep_whole = rep_blob[0:ofs_sig]
4819 rep_sig = rep_blob[ofs_sig:]
4820 rep_auth_info_blob = rep_blob[ofs_trailer:]
4822 rep_auth_info = self.parse_auth(rep_auth_info_blob)
4823 self.assertEquals(rep_auth_info.auth_type, auth_type)
4824 self.assertEquals(rep_auth_info.auth_level, auth_level)
4825 self.assertEquals(rep_auth_info.auth_pad_length, 4)
4826 self.assertEquals(rep_auth_info.auth_reserved, 0)
4827 self.assertEquals(rep_auth_info.auth_context_id, auth_context_id)
4828 self.assertEquals(rep_auth_info.credentials, rep_sig)
4830 g.check_packet(rep_data, rep_whole, rep_sig)
4832 stub_bin = '\x00' * 8
4833 mod_len = len(stub_bin) % dcerpc.DCERPC_AUTH_PAD_ALIGNMENT
4836 auth_pad_length = dcerpc.DCERPC_AUTH_PAD_ALIGNMENT - mod_len
4837 stub_bin += '\x00' * auth_pad_length
4839 sig_size = g.sig_size(len(stub_bin))
4840 zero_sig = "\x00" * sig_size
4842 auth_info = self.generate_auth(auth_type=auth_type,
4843 auth_level=auth_level,
4844 auth_pad_length=auth_pad_length,
4845 auth_context_id=auth_context_id,
4847 req = self.generate_request(call_id=6,
4848 context_id=ctx1.context_id,
4851 auth_info=auth_info)
4852 req_blob = samba.ndr.ndr_pack(req)
4853 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4854 ofs_sig = len(req_blob) - req.auth_length
4855 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4856 req_data = req_blob[ofs_stub:ofs_trailer]
4857 req_whole = req_blob[0:ofs_sig]
4858 sig = g.sign_packet(req_data, req_whole)
4859 auth_info = self.generate_auth(auth_type=auth_type,
4860 auth_level=auth_level,
4861 auth_pad_length=auth_pad_length,
4862 auth_context_id=auth_context_id,
4864 req = self.generate_request(call_id=6,
4865 context_id=ctx1.context_id,
4868 auth_info=auth_info)
4870 (rep, rep_blob) = self.recv_pdu_raw()
4871 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4872 auth_length=sig_size)
4873 self.assertNotEquals(rep.u.alloc_hint, 0)
4874 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
4875 self.assertEquals(rep.u.cancel_count, 0)
4876 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4877 self.assertEquals(rep.auth_length, sig_size)
4879 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4880 ofs_sig = rep.frag_length - rep.auth_length
4881 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4882 rep_data = rep_blob[ofs_stub:ofs_trailer]
4883 rep_whole = rep_blob[0:ofs_sig]
4884 rep_sig = rep_blob[ofs_sig:]
4885 rep_auth_info_blob = rep_blob[ofs_trailer:]
4887 rep_auth_info = self.parse_auth(rep_auth_info_blob)
4888 self.assertEquals(rep_auth_info.auth_type, auth_type)
4889 self.assertEquals(rep_auth_info.auth_level, auth_level)
4890 self.assertEquals(rep_auth_info.auth_pad_length, 12)
4891 self.assertEquals(rep_auth_info.auth_reserved, 0)
4892 self.assertEquals(rep_auth_info.auth_context_id, auth_context_id)
4893 self.assertEquals(rep_auth_info.credentials, rep_sig)
4895 g.check_packet(rep_data, rep_whole, rep_sig)
4897 def test_spnego_signing_packet(self):
4898 # DCERPC_AUTH_LEVEL_PACKET is handled as alias of
4899 # DCERPC_AUTH_LEVEL_INTEGRITY
4900 return self._test_spnego_signing_auth_level_request(dcerpc.DCERPC_AUTH_LEVEL_PACKET)
4902 def test_spnego_signing_integrity(self):
4903 return self._test_spnego_signing_auth_level_request(dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
4905 def test_assoc_group_fail1(self):
4906 abstract = samba.dcerpc.mgmt.abstract_syntax()
4907 transfer = base.transfer_syntax_ndr()
4909 tsf1_list = [transfer]
4910 ctx = samba.dcerpc.dcerpc.ctx_list()
4912 ctx.num_transfer_syntaxes = len(tsf1_list)
4913 ctx.abstract_syntax = abstract
4914 ctx.transfer_syntaxes = tsf1_list
4916 ack = self.do_generic_bind(ctx=ctx, assoc_group_id=1,
4917 nak_reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
4920 def test_assoc_group_fail2(self):
4921 abstract = samba.dcerpc.mgmt.abstract_syntax()
4922 transfer = base.transfer_syntax_ndr()
4924 tsf1_list = [transfer]
4925 ctx = samba.dcerpc.dcerpc.ctx_list()
4927 ctx.num_transfer_syntaxes = len(tsf1_list)
4928 ctx.abstract_syntax = abstract
4929 ctx.transfer_syntaxes = tsf1_list
4931 ack = self.do_generic_bind(ctx=ctx)
4933 self._disconnect("test_assoc_group_fail2")
4934 self.assertNotConnected()
4938 ack2 = self.do_generic_bind(ctx=ctx, assoc_group_id=ack.u.assoc_group_id,
4939 nak_reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
4942 def test_assoc_group_diff1(self):
4943 abstract = samba.dcerpc.mgmt.abstract_syntax()
4944 transfer = base.transfer_syntax_ndr()
4946 (ctx1, ack1) = self.prepare_presentation(abstract, transfer,
4947 context_id=1, return_ack=True)
4949 conn2 = self.second_connection()
4950 (ctx2, ack2) = conn2.prepare_presentation(abstract, transfer,
4951 context_id=2, return_ack=True)
4952 self.assertNotEqual(ack2.u.assoc_group_id, ack1.u.assoc_group_id)
4956 def test_assoc_group_ok1(self):
4957 abstract = samba.dcerpc.mgmt.abstract_syntax()
4958 transfer = base.transfer_syntax_ndr()
4960 (ctx1, ack1) = self.prepare_presentation(abstract, transfer,
4961 context_id=1, return_ack=True)
4963 conn2 = self.second_connection()
4964 (ctx2, ack2) = conn2.prepare_presentation(abstract, transfer,
4965 assoc_group_id=ack1.u.assoc_group_id,
4966 context_id=2, return_ack=True)
4968 inq_if_ids = samba.dcerpc.mgmt.inq_if_ids()
4969 self.do_single_request(call_id=1, ctx=ctx1, io=inq_if_ids)
4970 conn2.do_single_request(call_id=1, ctx=ctx2, io=inq_if_ids)
4972 conn2.do_single_request(call_id=1, ctx=ctx1, io=inq_if_ids,
4973 fault_pfc_flags=samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST |
4974 samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST |
4975 samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
4976 fault_status=dcerpc.DCERPC_NCA_S_UNKNOWN_IF,
4979 self.do_single_request(call_id=1, ctx=ctx1, io=inq_if_ids)
4980 conn2.do_single_request(call_id=1, ctx=ctx2, io=inq_if_ids)
4984 if __name__ == "__main__":
4985 global_ndr_print = True
4986 global_hexdump = True