2 # Unix SMB/CIFS implementation.
3 # Copyright (C) Stefan Metzmacher 2014,2015
5 # This program is free software; you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 3 of the License, or
8 # (at your option) any later version.
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
15 # You should have received a copy of the GNU General Public License
16 # along with this program. If not, see <http://www.gnu.org/licenses/>.
23 sys.path.insert(0, "bin/python")
24 os.environ["PYTHONUNBUFFERED"] = "1"
26 import samba.dcerpc.dcerpc as dcerpc
27 import samba.dcerpc.base as base
28 import samba.dcerpc.misc as misc
29 import samba.dcerpc.epmapper
30 import samba.dcerpc.mgmt
31 import samba.dcerpc.netlogon
33 from samba import gensec
34 from samba.tests.dcerpc.raw_testcase import RawDCERPCTest
36 global_ndr_print = False
37 global_hexdump = False
39 class TestDCERPC_BIND(RawDCERPCTest):
42 super(TestDCERPC_BIND, self).setUp()
43 self.do_ndr_print = global_ndr_print
44 self.do_hexdump = global_hexdump
46 def _test_no_auth_request_bind_pfc_flags(self, req_pfc_flags, rep_pfc_flags):
47 ndr32 = base.transfer_syntax_ndr()
50 ctx1 = dcerpc.ctx_list()
52 ctx1.num_transfer_syntaxes = len(tsf1_list)
53 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
54 ctx1.transfer_syntaxes = tsf1_list
56 req = self.generate_bind(call_id=0, pfc_flags=req_pfc_flags, ctx_list=[ctx1])
59 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
60 pfc_flags=rep_pfc_flags, auth_length=0)
61 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
62 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
63 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
64 self.assertEquals(rep.u.secondary_address_size, 4)
65 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
66 self.assertEquals(len(rep.u._pad1), 2)
67 # sometimes windows sends random bytes
68 # self.assertEquals(rep.u._pad1, '\0' * 2)
69 self.assertEquals(rep.u.num_results, 1)
70 self.assertEquals(rep.u.ctx_list[0].result,
71 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
72 self.assertEquals(rep.u.ctx_list[0].reason,
73 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
74 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
75 self.assertEquals(rep.u.auth_info, '\0' * 0)
77 # And now try a request
78 req = self.generate_request(call_id=1,
79 context_id=ctx1.context_id,
84 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
86 self.assertNotEquals(rep.u.alloc_hint, 0)
87 self.assertEquals(rep.u.context_id, req.u.context_id)
88 self.assertEquals(rep.u.cancel_count, 0)
89 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
91 def _test_no_auth_request_alter_pfc_flags(self, req_pfc_flags, rep_pfc_flags):
92 ndr32 = base.transfer_syntax_ndr()
95 ctx1 = dcerpc.ctx_list()
97 ctx1.num_transfer_syntaxes = len(tsf1_list)
98 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
99 ctx1.transfer_syntaxes = tsf1_list
101 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
103 rep = self.recv_pdu()
104 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
106 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
107 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
108 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
109 self.assertEquals(rep.u.secondary_address_size, 4)
110 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
111 self.assertEquals(len(rep.u._pad1), 2)
112 # sometimes windows sends random bytes
113 # self.assertEquals(rep.u._pad1, '\0' * 2)
114 self.assertEquals(rep.u.num_results, 1)
115 self.assertEquals(rep.u.ctx_list[0].result,
116 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
117 self.assertEquals(rep.u.ctx_list[0].reason,
118 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
119 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
120 self.assertEquals(rep.u.auth_info, '\0' * 0)
122 # And now try a alter context
123 req = self.generate_alter(call_id=0, pfc_flags=req_pfc_flags, ctx_list=[ctx1])
125 rep = self.recv_pdu()
126 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
127 pfc_flags=rep_pfc_flags, auth_length=0)
128 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
129 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
130 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
131 self.assertEquals(rep.u.secondary_address_size, 0)
132 self.assertEquals(rep.u.secondary_address, "")
133 self.assertEquals(len(rep.u._pad1), 2)
134 # sometimes windows sends random bytes
135 # self.assertEquals(rep.u._pad1, '\0' * 2)
136 self.assertEquals(rep.u.num_results, 1)
137 self.assertEquals(rep.u.ctx_list[0].result,
138 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
139 self.assertEquals(rep.u.ctx_list[0].reason,
140 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
141 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
142 self.assertEquals(rep.u.auth_info, '\0' * 0)
144 # And now try a request
145 req = self.generate_request(call_id=1,
146 context_id=ctx1.context_id,
150 rep = self.recv_pdu()
151 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
153 self.assertNotEquals(rep.u.alloc_hint, 0)
154 self.assertEquals(rep.u.context_id, req.u.context_id)
155 self.assertEquals(rep.u.cancel_count, 0)
156 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
158 def test_no_auth_request(self):
159 return self._test_no_auth_request_bind_pfc_flags(
161 dcerpc.DCERPC_PFC_FLAG_FIRST |
162 dcerpc.DCERPC_PFC_FLAG_LAST,
164 dcerpc.DCERPC_PFC_FLAG_FIRST |
165 dcerpc.DCERPC_PFC_FLAG_LAST)
167 def test_no_auth_request_bind_pfc_00(self):
168 return self._test_no_auth_request_bind_pfc_flags(
172 dcerpc.DCERPC_PFC_FLAG_FIRST |
173 dcerpc.DCERPC_PFC_FLAG_LAST)
175 def test_no_auth_request_bind_pfc_FIRST(self):
176 return self._test_no_auth_request_bind_pfc_flags(
178 dcerpc.DCERPC_PFC_FLAG_FIRST |
181 dcerpc.DCERPC_PFC_FLAG_FIRST |
182 dcerpc.DCERPC_PFC_FLAG_LAST)
184 def test_no_auth_request_bind_pfc_LAST(self):
185 return self._test_no_auth_request_bind_pfc_flags(
187 dcerpc.DCERPC_PFC_FLAG_LAST |
190 dcerpc.DCERPC_PFC_FLAG_FIRST |
191 dcerpc.DCERPC_PFC_FLAG_LAST)
193 # TODO: doesn't announce DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
194 # without authentication
195 def _test_no_auth_request_bind_pfc_HDR_SIGNING(self):
196 return self._test_no_auth_request_bind_pfc_flags(
198 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN |
201 dcerpc.DCERPC_PFC_FLAG_FIRST |
202 dcerpc.DCERPC_PFC_FLAG_LAST |
203 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)
205 def test_no_auth_request_bind_pfc_08(self):
206 return self._test_no_auth_request_bind_pfc_flags(
211 dcerpc.DCERPC_PFC_FLAG_FIRST |
212 dcerpc.DCERPC_PFC_FLAG_LAST)
214 def test_no_auth_request_bind_pfc_CONC_MPX(self):
215 return self._test_no_auth_request_bind_pfc_flags(
217 dcerpc.DCERPC_PFC_FLAG_CONC_MPX |
220 dcerpc.DCERPC_PFC_FLAG_FIRST |
221 dcerpc.DCERPC_PFC_FLAG_LAST |
222 dcerpc.DCERPC_PFC_FLAG_CONC_MPX)
224 def test_no_auth_request_bind_pfc_DID_NOT_EXECUTE(self):
225 return self._test_no_auth_request_bind_pfc_flags(
227 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE |
230 dcerpc.DCERPC_PFC_FLAG_FIRST |
231 dcerpc.DCERPC_PFC_FLAG_LAST)
233 def test_no_auth_request_bind_pfc_MAYBE(self):
234 return self._test_no_auth_request_bind_pfc_flags(
236 dcerpc.DCERPC_PFC_FLAG_MAYBE |
239 dcerpc.DCERPC_PFC_FLAG_FIRST |
240 dcerpc.DCERPC_PFC_FLAG_LAST)
242 def test_no_auth_request_bind_pfc_OBJECT_UUID(self):
243 return self._test_no_auth_request_bind_pfc_flags(
245 dcerpc.DCERPC_PFC_FLAG_OBJECT_UUID |
248 dcerpc.DCERPC_PFC_FLAG_FIRST |
249 dcerpc.DCERPC_PFC_FLAG_LAST)
251 # TODO: doesn't announce DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
252 # without authentication
253 # TODO: doesn't announce DCERPC_PFC_FLAG_CONC_MPX
255 def _test_no_auth_request_bind_pfc_ff(self):
256 return self._test_no_auth_request_bind_pfc_flags(
261 dcerpc.DCERPC_PFC_FLAG_FIRST |
262 dcerpc.DCERPC_PFC_FLAG_LAST |
263 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN |
264 dcerpc.DCERPC_PFC_FLAG_CONC_MPX)
266 def test_no_auth_request_alter_pfc_00(self):
267 return self._test_no_auth_request_alter_pfc_flags(
271 dcerpc.DCERPC_PFC_FLAG_FIRST |
272 dcerpc.DCERPC_PFC_FLAG_LAST)
274 def test_no_auth_request_alter_pfc_FIRST(self):
275 return self._test_no_auth_request_alter_pfc_flags(
277 dcerpc.DCERPC_PFC_FLAG_FIRST |
280 dcerpc.DCERPC_PFC_FLAG_FIRST |
281 dcerpc.DCERPC_PFC_FLAG_LAST)
283 def test_no_auth_request_alter_pfc_LAST(self):
284 return self._test_no_auth_request_alter_pfc_flags(
286 dcerpc.DCERPC_PFC_FLAG_LAST |
289 dcerpc.DCERPC_PFC_FLAG_FIRST |
290 dcerpc.DCERPC_PFC_FLAG_LAST)
292 # TODO: doesn't announce DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
293 # without authentication
294 def _test_no_auth_request_alter_pfc_HDR_SIGNING(self):
295 return self._test_no_auth_request_alter_pfc_flags(
297 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN |
300 dcerpc.DCERPC_PFC_FLAG_FIRST |
301 dcerpc.DCERPC_PFC_FLAG_LAST |
302 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)
304 def test_no_auth_request_alter_pfc_08(self):
305 return self._test_no_auth_request_alter_pfc_flags(
310 dcerpc.DCERPC_PFC_FLAG_FIRST |
311 dcerpc.DCERPC_PFC_FLAG_LAST)
313 def test_no_auth_request_alter_pfc_CONC_MPX(self):
314 return self._test_no_auth_request_alter_pfc_flags(
316 dcerpc.DCERPC_PFC_FLAG_CONC_MPX |
319 dcerpc.DCERPC_PFC_FLAG_FIRST |
320 dcerpc.DCERPC_PFC_FLAG_LAST)
322 def test_no_auth_request_alter_pfc_DID_NOT_EXECUTE(self):
323 return self._test_no_auth_request_alter_pfc_flags(
325 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE |
328 dcerpc.DCERPC_PFC_FLAG_FIRST |
329 dcerpc.DCERPC_PFC_FLAG_LAST)
331 def test_no_auth_request_alter_pfc_MAYBE(self):
332 return self._test_no_auth_request_alter_pfc_flags(
334 dcerpc.DCERPC_PFC_FLAG_MAYBE |
337 dcerpc.DCERPC_PFC_FLAG_FIRST |
338 dcerpc.DCERPC_PFC_FLAG_LAST)
340 def test_no_auth_request_alter_pfc_OBJECT_UUID(self):
341 return self._test_no_auth_request_alter_pfc_flags(
343 dcerpc.DCERPC_PFC_FLAG_OBJECT_UUID |
346 dcerpc.DCERPC_PFC_FLAG_FIRST |
347 dcerpc.DCERPC_PFC_FLAG_LAST)
349 # TODO: doesn't announce DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
350 # without authentication
351 def _test_no_auth_request_alter_pfc_ff(self):
352 return self._test_no_auth_request_alter_pfc_flags(
357 dcerpc.DCERPC_PFC_FLAG_FIRST |
358 dcerpc.DCERPC_PFC_FLAG_LAST |
359 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)
361 def test_no_auth_no_ctx(self):
362 # send an useless bind
363 req = self.generate_bind(call_id=0)
365 rep = self.recv_pdu()
366 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
368 self.assertEquals(rep.u.reject_reason,
369 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
370 self.assertEquals(rep.u.num_versions, 1)
371 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
372 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
373 self.assertEquals(len(rep.u._pad), 3)
374 self.assertEquals(rep.u._pad, '\0' * 3)
376 def test_invalid_auth_noctx(self):
377 req = self.generate_bind(call_id=0)
378 req.auth_length = dcerpc.DCERPC_AUTH_TRAILER_LENGTH
380 rep = self.recv_pdu()
381 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
383 self.assertEquals(rep.u.reject_reason,
384 dcerpc.DCERPC_BIND_NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED)
385 self.assertEquals(rep.u.num_versions, 1)
386 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
387 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
388 self.assertEquals(len(rep.u._pad), 3)
389 self.assertEquals(rep.u._pad, '\0' * 3)
391 def test_no_auth_valid_valid_request(self):
392 ndr32 = base.transfer_syntax_ndr()
395 ctx1 = dcerpc.ctx_list()
397 ctx1.num_transfer_syntaxes = len(tsf1_list)
398 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
399 ctx1.transfer_syntaxes = tsf1_list
401 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
403 rep = self.recv_pdu()
404 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
406 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
407 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
408 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
409 self.assertEquals(rep.u.secondary_address_size, 4)
410 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
411 self.assertEquals(len(rep.u._pad1), 2)
412 self.assertEquals(rep.u._pad1, '\0' * 2)
413 self.assertEquals(rep.u.num_results, 1)
414 self.assertEquals(rep.u.ctx_list[0].result,
415 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
416 self.assertEquals(rep.u.ctx_list[0].reason,
417 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
418 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
419 self.assertEquals(rep.u.auth_info, '\0' * 0)
423 ctx2 = dcerpc.ctx_list()
425 ctx2.num_transfer_syntaxes = len(tsf2_list)
426 ctx2.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
427 ctx2.transfer_syntaxes = tsf2_list
429 req = self.generate_bind(call_id=1, ctx_list=[ctx2])
431 rep = self.recv_pdu()
432 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
434 self.assertEquals(rep.u.reject_reason,
435 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
436 self.assertEquals(rep.u.num_versions, 1)
437 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
438 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
439 self.assertEquals(len(rep.u._pad), 3)
440 self.assertEquals(rep.u._pad, '\0' * 3)
442 # wait for a disconnect
443 rep = self.recv_pdu()
444 self.assertIsNone(rep)
445 self.assertNotConnected()
447 def test_no_auth_invalid_valid_request(self):
448 # send an useless bind
449 req = self.generate_bind(call_id=0)
451 rep = self.recv_pdu()
452 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
454 self.assertEquals(rep.u.reject_reason,
455 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
456 self.assertEquals(rep.u.num_versions, 1)
457 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
458 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
459 self.assertEquals(len(rep.u._pad), 3)
460 self.assertEquals(rep.u._pad, '\0' * 3)
462 # wait for a disconnect
463 rep = self.recv_pdu()
464 self.assertIsNone(rep)
465 self.assertNotConnected()
467 def test_alter_no_auth_no_ctx(self):
468 ndr32 = base.transfer_syntax_ndr()
471 ctx1 = dcerpc.ctx_list()
473 ctx1.num_transfer_syntaxes = len(tsf1_list)
474 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
475 ctx1.transfer_syntaxes = tsf1_list
477 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
479 rep = self.recv_pdu()
480 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
482 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
483 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
484 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
485 self.assertEquals(rep.u.secondary_address_size, 4)
486 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
487 self.assertEquals(len(rep.u._pad1), 2)
488 self.assertEquals(rep.u._pad1, '\0' * 2)
489 self.assertEquals(rep.u.num_results, 1)
490 self.assertEquals(rep.u.ctx_list[0].result,
491 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
492 self.assertEquals(rep.u.ctx_list[0].reason,
493 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
494 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
495 self.assertEquals(rep.u.auth_info, '\0' * 0)
498 req = self.generate_alter(call_id=1, ctx_list=[])
500 rep = self.recv_pdu()
501 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
502 pfc_flags=req.pfc_flags |
503 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
505 self.assertNotEquals(rep.u.alloc_hint, 0)
506 self.assertEquals(rep.u.context_id, 0)
507 self.assertEquals(rep.u.cancel_count, 0)
508 self.assertEquals(rep.u.flags, 0)
509 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
510 self.assertEquals(rep.u.reserved, 0)
511 self.assertEquals(len(rep.u.error_and_verifier), 0)
513 # wait for a disconnect
514 rep = self.recv_pdu()
515 self.assertIsNone(rep)
516 self.assertNotConnected()
518 def test_no_auth_presentation_ctx_valid1(self):
519 ndr32 = base.transfer_syntax_ndr()
521 zero_syntax = misc.ndr_syntax_id()
523 tsf1_list = [zero_syntax, ndr32]
524 ctx1 = dcerpc.ctx_list()
526 ctx1.num_transfer_syntaxes = len(tsf1_list)
527 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
528 ctx1.transfer_syntaxes = tsf1_list
530 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
532 rep = self.recv_pdu()
533 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
535 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
536 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
537 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
538 self.assertEquals(rep.u.secondary_address_size, 4)
539 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
540 self.assertEquals(len(rep.u._pad1), 2)
541 self.assertEquals(rep.u._pad1, '\0' * 2)
542 self.assertEquals(rep.u.num_results, 1)
543 self.assertEquals(rep.u.ctx_list[0].result,
544 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
545 self.assertEquals(rep.u.ctx_list[0].reason,
546 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
547 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
548 self.assertEquals(rep.u.auth_info, '\0' * 0)
551 req = self.generate_alter(call_id=1, ctx_list=[ctx1])
553 rep = self.recv_pdu()
554 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
556 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
557 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
558 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
559 self.assertEquals(rep.u.secondary_address_size, 0)
560 self.assertEquals(len(rep.u._pad1), 2)
561 #self.assertEquals(rep.u._pad1, '\0' * 2)
562 self.assertEquals(rep.u.num_results, 1)
563 self.assertEquals(rep.u.ctx_list[0].result,
564 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
565 self.assertEquals(rep.u.ctx_list[0].reason,
566 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
567 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
568 self.assertEquals(rep.u.auth_info, '\0' * 0)
570 req = self.generate_request(call_id=2,
571 context_id=ctx1.context_id,
575 rep = self.recv_pdu()
576 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
577 pfc_flags=req.pfc_flags |
578 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
580 self.assertNotEquals(rep.u.alloc_hint, 0)
581 self.assertEquals(rep.u.context_id, ctx1.context_id)
582 self.assertEquals(rep.u.cancel_count, 0)
583 self.assertEquals(rep.u.flags, 0)
584 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_OP_RNG_ERROR)
585 self.assertEquals(rep.u.reserved, 0)
586 self.assertEquals(len(rep.u.error_and_verifier), 0)
588 def test_no_auth_presentation_ctx_invalid1(self):
589 ndr32 = base.transfer_syntax_ndr()
591 zero_syntax = misc.ndr_syntax_id()
594 ctx1 = dcerpc.ctx_list()
596 ctx1.num_transfer_syntaxes = len(tsf1_list)
597 ctx1.abstract_syntax = ndr32
598 ctx1.transfer_syntaxes = tsf1_list
600 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
602 rep = self.recv_pdu()
603 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
605 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
606 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
607 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
608 self.assertEquals(rep.u.secondary_address_size, 4)
609 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
610 self.assertEquals(len(rep.u._pad1), 2)
611 self.assertEquals(rep.u._pad1, '\0' * 2)
612 self.assertEquals(rep.u.num_results, 1)
613 self.assertEquals(rep.u.ctx_list[0].result,
614 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
615 self.assertEquals(rep.u.ctx_list[0].reason,
616 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
617 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
618 self.assertEquals(rep.u.auth_info, '\0' * 0)
621 req = self.generate_alter(call_id=1, ctx_list=[ctx1])
623 rep = self.recv_pdu()
624 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
626 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
627 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
628 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
629 self.assertEquals(rep.u.secondary_address_size, 0)
630 self.assertEquals(len(rep.u._pad1), 2)
631 #self.assertEquals(rep.u._pad1, '\0' * 2)
632 self.assertEquals(rep.u.num_results, 1)
633 self.assertEquals(rep.u.ctx_list[0].result,
634 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
635 self.assertEquals(rep.u.ctx_list[0].reason,
636 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
637 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
638 self.assertEquals(rep.u.auth_info, '\0' * 0)
640 req = self.generate_request(call_id=2,
645 rep = self.recv_pdu()
646 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
647 pfc_flags=req.pfc_flags |
648 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
650 self.assertNotEquals(rep.u.alloc_hint, 0)
651 self.assertEquals(rep.u.context_id, 0)
652 self.assertEquals(rep.u.cancel_count, 0)
653 self.assertEquals(rep.u.flags, 0)
654 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_UNKNOWN_IF)
655 self.assertEquals(rep.u.reserved, 0)
656 self.assertEquals(len(rep.u.error_and_verifier), 0)
658 # Send a alter again to prove the connection is still alive
659 req = self.generate_alter(call_id=3, ctx_list=[ctx1])
661 rep = self.recv_pdu()
662 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
664 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
665 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
666 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
667 self.assertEquals(rep.u.secondary_address_size, 0)
668 self.assertEquals(len(rep.u._pad1), 2)
669 #self.assertEquals(rep.u._pad1, '\0' * 2)
670 self.assertEquals(rep.u.num_results, 1)
671 self.assertEquals(rep.u.ctx_list[0].result,
672 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
673 self.assertEquals(rep.u.ctx_list[0].reason,
674 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
675 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
676 self.assertEquals(rep.u.auth_info, '\0' * 0)
678 def test_no_auth_presentation_ctx_invalid2(self):
679 ndr32 = base.transfer_syntax_ndr()
681 zero_syntax = misc.ndr_syntax_id()
684 ctx1a = dcerpc.ctx_list()
686 ctx1a.num_transfer_syntaxes = len(tsf1a_list)
687 ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
688 ctx1a.transfer_syntaxes = tsf1a_list
690 req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
692 rep = self.recv_pdu()
693 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
695 self.assertEquals(rep.u.reject_reason,
696 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
697 self.assertEquals(rep.u.num_versions, 1)
698 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
699 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
700 self.assertEquals(len(rep.u._pad), 3)
701 self.assertEquals(rep.u._pad, '\0' * 3)
703 # wait for a disconnect
704 rep = self.recv_pdu()
705 self.assertIsNone(rep)
706 self.assertNotConnected()
708 def test_no_auth_presentation_ctx_invalid3(self):
709 ndr32 = base.transfer_syntax_ndr()
711 zero_syntax = misc.ndr_syntax_id()
713 tsf1a_list = [zero_syntax, ndr32, ndr32, ndr32]
714 ctx1a = dcerpc.ctx_list()
716 ctx1a.num_transfer_syntaxes = len(tsf1a_list)
717 ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
718 ctx1a.transfer_syntaxes = tsf1a_list
720 req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
722 rep = self.recv_pdu()
723 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
725 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
726 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
727 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
728 self.assertEquals(rep.u.secondary_address_size, 4)
729 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
730 self.assertEquals(len(rep.u._pad1), 2)
731 self.assertEquals(rep.u._pad1, '\0' * 2)
732 self.assertEquals(rep.u.num_results, 1)
733 self.assertEquals(rep.u.ctx_list[0].result,
734 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
735 self.assertEquals(rep.u.ctx_list[0].reason,
736 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
737 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
738 self.assertEquals(rep.u.auth_info, '\0' * 0)
741 ctx1b = dcerpc.ctx_list()
743 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
744 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
745 ctx1b.transfer_syntaxes = tsf1b_list
748 req = self.generate_alter(call_id=1, ctx_list=[ctx1b])
750 rep = self.recv_pdu()
751 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
752 pfc_flags=req.pfc_flags |
753 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
755 self.assertNotEquals(rep.u.alloc_hint, 0)
756 self.assertEquals(rep.u.context_id, 0)
757 self.assertEquals(rep.u.cancel_count, 0)
758 self.assertEquals(rep.u.flags, 0)
759 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
760 self.assertEquals(rep.u.reserved, 0)
761 self.assertEquals(len(rep.u.error_and_verifier), 0)
763 # wait for a disconnect
764 rep = self.recv_pdu()
765 self.assertIsNone(rep)
766 self.assertNotConnected()
768 def test_no_auth_presentation_ctx_invalid4(self):
769 ndr32 = base.transfer_syntax_ndr()
770 ndr64 = base.transfer_syntax_ndr64()
772 zero_syntax = misc.ndr_syntax_id()
774 tsf1a_list = [zero_syntax, ndr32, ndr32, ndr32]
775 ctx1a = dcerpc.ctx_list()
777 ctx1a.num_transfer_syntaxes = len(tsf1a_list)
778 ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
779 ctx1a.transfer_syntaxes = tsf1a_list
781 req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
783 rep = self.recv_pdu()
784 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
786 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
787 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
788 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
789 self.assertEquals(rep.u.secondary_address_size, 4)
790 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
791 self.assertEquals(len(rep.u._pad1), 2)
792 self.assertEquals(rep.u._pad1, '\0' * 2)
793 self.assertEquals(rep.u.num_results, 1)
794 self.assertEquals(rep.u.ctx_list[0].result,
795 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
796 self.assertEquals(rep.u.ctx_list[0].reason,
797 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
798 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
799 self.assertEquals(rep.u.auth_info, '\0' * 0)
801 # With a known but wrong syntax we get a protocol error
802 # see test_no_auth_presentation_ctx_valid2
803 tsf1b_list = [zero_syntax, samba.dcerpc.epmapper.abstract_syntax(), ndr64]
804 ctx1b = dcerpc.ctx_list()
806 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
807 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
808 ctx1b.transfer_syntaxes = tsf1b_list
811 req = self.generate_alter(call_id=1, ctx_list=[ctx1b])
813 rep = self.recv_pdu()
814 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
815 pfc_flags=req.pfc_flags |
816 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
818 self.assertNotEquals(rep.u.alloc_hint, 0)
819 self.assertEquals(rep.u.context_id, 0)
820 self.assertEquals(rep.u.cancel_count, 0)
821 self.assertEquals(rep.u.flags, 0)
822 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
823 self.assertEquals(rep.u.reserved, 0)
824 self.assertEquals(len(rep.u.error_and_verifier), 0)
826 # wait for a disconnect
827 rep = self.recv_pdu()
828 self.assertIsNone(rep)
829 self.assertNotConnected()
831 def test_no_auth_presentation_ctx_valid2(self):
832 ndr32 = base.transfer_syntax_ndr()
834 zero_syntax = misc.ndr_syntax_id()
836 tsf1a_list = [zero_syntax, ndr32, ndr32, ndr32]
837 ctx1a = dcerpc.ctx_list()
839 ctx1a.num_transfer_syntaxes = len(tsf1a_list)
840 ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
841 ctx1a.transfer_syntaxes = tsf1a_list
843 req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
845 rep = self.recv_pdu()
846 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
848 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
849 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
850 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
851 self.assertEquals(rep.u.secondary_address_size, 4)
852 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
853 self.assertEquals(len(rep.u._pad1), 2)
854 self.assertEquals(rep.u._pad1, '\0' * 2)
855 self.assertEquals(rep.u.num_results, 1)
856 self.assertEquals(rep.u.ctx_list[0].result,
857 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
858 self.assertEquals(rep.u.ctx_list[0].reason,
859 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
860 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
861 self.assertEquals(rep.u.auth_info, '\0' * 0)
863 # With a unknown but wrong syntaxes we get NO protocol error
864 # see test_no_auth_presentation_ctx_invalid4
865 tsf1b_list = [zero_syntax, samba.dcerpc.epmapper.abstract_syntax()]
866 ctx1b = dcerpc.ctx_list()
868 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
869 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
870 ctx1b.transfer_syntaxes = tsf1b_list
873 req = self.generate_alter(call_id=1, ctx_list=[ctx1b])
875 rep = self.recv_pdu()
876 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
878 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
879 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
880 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
881 self.assertEquals(rep.u.secondary_address_size, 0)
882 self.assertEquals(len(rep.u._pad1), 2)
883 #self.assertEquals(rep.u._pad1, '\0' * 2)
884 self.assertEquals(rep.u.num_results, 1)
885 self.assertEquals(rep.u.ctx_list[0].result,
886 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
887 self.assertEquals(rep.u.ctx_list[0].reason,
888 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
889 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
890 self.assertEquals(rep.u.auth_info, '\0' * 0)
892 req = self.generate_request(call_id=2,
893 context_id=ctx1a.context_id,
897 rep = self.recv_pdu()
898 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
899 pfc_flags=req.pfc_flags |
900 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
902 self.assertNotEquals(rep.u.alloc_hint, 0)
903 self.assertEquals(rep.u.context_id, ctx1a.context_id)
904 self.assertEquals(rep.u.cancel_count, 0)
905 self.assertEquals(rep.u.flags, 0)
906 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_OP_RNG_ERROR)
907 self.assertEquals(rep.u.reserved, 0)
908 self.assertEquals(len(rep.u.error_and_verifier), 0)
910 def test_no_auth_presentation_ctx_no_ndr64(self):
911 ndr32 = base.transfer_syntax_ndr()
912 zero_syntax = misc.ndr_syntax_id()
914 tsfZ_list = [zero_syntax]
915 ctxZ = dcerpc.ctx_list()
916 ctxZ.context_id = 54321
917 ctxZ.num_transfer_syntaxes = len(tsfZ_list)
918 ctxZ.abstract_syntax = zero_syntax
919 ctxZ.transfer_syntaxes = tsfZ_list
921 req = self.generate_bind(call_id=0, ctx_list=[ctxZ])
923 rep = self.recv_pdu()
924 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
926 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
927 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
928 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
929 self.assertEquals(rep.u.secondary_address_size, 4)
930 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
931 self.assertEquals(len(rep.u._pad1), 2)
932 self.assertEquals(rep.u._pad1, '\0' * 2)
933 self.assertEquals(rep.u.num_results, 1)
934 self.assertEquals(rep.u.ctx_list[0].result,
935 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
936 self.assertEquals(rep.u.ctx_list[0].reason,
937 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
938 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
939 self.assertEquals(rep.u.auth_info, '\0' * 0)
942 ctx0 = dcerpc.ctx_list()
944 ctx0.num_transfer_syntaxes = len(tsf0_list)
945 ctx0.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
946 ctx0.transfer_syntaxes = tsf0_list
948 req = self.generate_alter(call_id=0, ctx_list=[ctx0])
950 rep = self.recv_pdu()
951 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
953 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
954 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
955 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
956 self.assertEquals(rep.u.secondary_address_size, 0)
957 self.assertEquals(len(rep.u._pad1), 2)
958 #self.assertEquals(rep.u._pad1, '\0' * 2)
959 self.assertEquals(rep.u.num_results, 1)
960 self.assertEquals(rep.u.ctx_list[0].result,
961 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
962 self.assertEquals(rep.u.ctx_list[0].reason,
963 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
964 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
965 self.assertEquals(rep.u.auth_info, '\0' * 0)
967 req = self.generate_request(call_id=1,
968 context_id=ctx0.context_id,
972 rep = self.recv_pdu()
973 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
975 self.assertNotEquals(rep.u.alloc_hint, 0)
976 self.assertEquals(rep.u.context_id, req.u.context_id)
977 self.assertEquals(rep.u.cancel_count, 0)
978 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
980 tsf1_list = [zero_syntax, ndr32]
981 ctx1 = dcerpc.ctx_list()
983 ctx1.num_transfer_syntaxes = len(tsf1_list)
984 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
985 ctx1.transfer_syntaxes = tsf1_list
987 req = self.generate_alter(call_id=1, ctx_list=[ctx1])
989 rep = self.recv_pdu()
990 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
992 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
993 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
994 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
995 self.assertEquals(rep.u.secondary_address_size, 0)
996 self.assertEquals(len(rep.u._pad1), 2)
997 #self.assertEquals(rep.u._pad1, '\0' * 2)
998 self.assertEquals(rep.u.num_results, 1)
999 self.assertEquals(rep.u.ctx_list[0].result,
1000 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1001 self.assertEquals(rep.u.ctx_list[0].reason,
1002 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1003 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1004 self.assertEquals(rep.u.auth_info, '\0' * 0)
1006 req = self.generate_request(call_id=1,
1007 context_id=ctx1.context_id,
1011 rep = self.recv_pdu()
1012 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1014 self.assertNotEquals(rep.u.alloc_hint, 0)
1015 self.assertEquals(rep.u.context_id, req.u.context_id)
1016 self.assertEquals(rep.u.cancel_count, 0)
1017 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1019 tsf2_list = [ndr32, ndr32]
1020 ctx2 = dcerpc.ctx_list()
1022 ctx2.num_transfer_syntaxes = len(tsf2_list)
1023 ctx2.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1024 ctx2.transfer_syntaxes = tsf2_list
1026 req = self.generate_alter(call_id=2, ctx_list=[ctx2])
1028 rep = self.recv_pdu()
1029 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1031 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1032 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1033 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1034 self.assertEquals(rep.u.secondary_address_size, 0)
1035 self.assertEquals(len(rep.u._pad1), 2)
1036 #self.assertEquals(rep.u._pad1, '\0' * 2)
1037 self.assertEquals(rep.u.num_results, 1)
1038 self.assertEquals(rep.u.ctx_list[0].result,
1039 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1040 self.assertEquals(rep.u.ctx_list[0].reason,
1041 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1042 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1043 self.assertEquals(rep.u.auth_info, '\0' * 0)
1045 req = self.generate_request(call_id=1,
1046 context_id=ctx2.context_id,
1050 rep = self.recv_pdu()
1051 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1053 self.assertNotEquals(rep.u.alloc_hint, 0)
1054 self.assertEquals(rep.u.context_id, req.u.context_id)
1055 self.assertEquals(rep.u.cancel_count, 0)
1056 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1059 ctx3 = dcerpc.ctx_list()
1061 ctx3.num_transfer_syntaxes = len(tsf3_list)
1062 ctx3.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1063 ctx3.transfer_syntaxes = tsf3_list
1066 ctx4 = dcerpc.ctx_list()
1068 ctx4.num_transfer_syntaxes = len(tsf4_list)
1069 ctx4.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1070 ctx4.transfer_syntaxes = tsf4_list
1072 req = self.generate_alter(call_id=34, ctx_list=[ctx3, ctx4])
1074 rep = self.recv_pdu()
1075 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1077 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1078 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1079 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1080 self.assertEquals(rep.u.secondary_address_size, 0)
1081 self.assertEquals(len(rep.u._pad1), 2)
1082 #self.assertEquals(rep.u._pad1, '\0' * 2)
1083 self.assertEquals(rep.u.num_results, 2)
1084 self.assertEquals(rep.u.ctx_list[0].result,
1085 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1086 self.assertEquals(rep.u.ctx_list[0].reason,
1087 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1088 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1089 self.assertEquals(rep.u.ctx_list[1].result,
1090 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1091 self.assertEquals(rep.u.ctx_list[1].reason,
1092 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1093 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1094 self.assertEquals(rep.u.auth_info, '\0' * 0)
1096 req = self.generate_request(call_id=1,
1097 context_id=ctx3.context_id,
1101 rep = self.recv_pdu()
1102 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1104 self.assertNotEquals(rep.u.alloc_hint, 0)
1105 self.assertEquals(rep.u.context_id, req.u.context_id)
1106 self.assertEquals(rep.u.cancel_count, 0)
1107 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1109 req = self.generate_alter(call_id=43, ctx_list=[ctx4, ctx3])
1111 rep = self.recv_pdu()
1112 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1114 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1115 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1116 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1117 self.assertEquals(rep.u.secondary_address_size, 0)
1118 self.assertEquals(len(rep.u._pad1), 2)
1119 #self.assertEquals(rep.u._pad1, '\0' * 2)
1120 self.assertEquals(rep.u.num_results, 2)
1121 self.assertEquals(rep.u.ctx_list[0].result,
1122 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1123 self.assertEquals(rep.u.ctx_list[0].reason,
1124 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1125 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1126 self.assertEquals(rep.u.ctx_list[1].result,
1127 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1128 self.assertEquals(rep.u.ctx_list[1].reason,
1129 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1130 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1131 self.assertEquals(rep.u.auth_info, '\0' * 0)
1133 req = self.generate_request(call_id=1,
1134 context_id=ctx4.context_id,
1138 rep = self.recv_pdu()
1139 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1141 self.assertNotEquals(rep.u.alloc_hint, 0)
1142 self.assertEquals(rep.u.context_id, req.u.context_id)
1143 self.assertEquals(rep.u.cancel_count, 0)
1144 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1146 req = self.generate_request(call_id=1,
1147 context_id=ctx3.context_id,
1151 rep = self.recv_pdu()
1152 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1154 self.assertNotEquals(rep.u.alloc_hint, 0)
1155 self.assertEquals(rep.u.context_id, req.u.context_id)
1156 self.assertEquals(rep.u.cancel_count, 0)
1157 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1159 req = self.generate_alter(call_id=44, ctx_list=[ctx4, ctx4])
1161 rep = self.recv_pdu()
1162 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1164 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1165 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1166 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1167 self.assertEquals(rep.u.secondary_address_size, 0)
1168 self.assertEquals(len(rep.u._pad1), 2)
1169 #self.assertEquals(rep.u._pad1, '\0' * 2)
1170 self.assertEquals(rep.u.num_results, 2)
1171 self.assertEquals(rep.u.ctx_list[0].result,
1172 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1173 self.assertEquals(rep.u.ctx_list[0].reason,
1174 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1175 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1176 self.assertEquals(rep.u.ctx_list[1].result,
1177 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1178 self.assertEquals(rep.u.ctx_list[1].reason,
1179 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1180 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1181 self.assertEquals(rep.u.auth_info, '\0' * 0)
1183 req = self.generate_request(call_id=1,
1184 context_id=ctx4.context_id,
1188 rep = self.recv_pdu()
1189 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1191 self.assertNotEquals(rep.u.alloc_hint, 0)
1192 self.assertEquals(rep.u.context_id, req.u.context_id)
1193 self.assertEquals(rep.u.cancel_count, 0)
1194 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1196 req = self.generate_request(call_id=1,
1197 context_id=ctx3.context_id,
1201 rep = self.recv_pdu()
1202 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1204 self.assertNotEquals(rep.u.alloc_hint, 0)
1205 self.assertEquals(rep.u.context_id, req.u.context_id)
1206 self.assertEquals(rep.u.cancel_count, 0)
1207 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1209 tsf5mgmt_list = [ndr32]
1210 ctx5mgmt = dcerpc.ctx_list()
1211 ctx5mgmt.context_id = 5
1212 ctx5mgmt.num_transfer_syntaxes = len(tsf5mgmt_list)
1213 ctx5mgmt.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1214 ctx5mgmt.transfer_syntaxes = tsf5mgmt_list
1216 tsf5epm_list = [ndr32]
1217 ctx5epm = dcerpc.ctx_list()
1218 ctx5epm.context_id = 5
1219 ctx5epm.num_transfer_syntaxes = len(tsf5epm_list)
1220 ctx5epm.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1221 ctx5epm.transfer_syntaxes = tsf5epm_list
1223 req = self.generate_alter(call_id=55, ctx_list=[ctx5mgmt, ctx5epm])
1225 rep = self.recv_pdu()
1226 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1228 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1229 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1230 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1231 self.assertEquals(rep.u.secondary_address_size, 0)
1232 self.assertEquals(len(rep.u._pad1), 2)
1233 #self.assertEquals(rep.u._pad1, '\0' * 2)
1234 self.assertEquals(rep.u.num_results, 2)
1235 self.assertEquals(rep.u.ctx_list[0].result,
1236 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1237 self.assertEquals(rep.u.ctx_list[0].reason,
1238 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1239 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1240 self.assertEquals(rep.u.ctx_list[1].result,
1241 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1242 self.assertEquals(rep.u.ctx_list[1].reason,
1243 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1244 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1245 self.assertEquals(rep.u.auth_info, '\0' * 0)
1247 req = self.generate_request(call_id=1,
1248 context_id=ctx5mgmt.context_id,
1252 rep = self.recv_pdu()
1253 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1255 self.assertNotEquals(rep.u.alloc_hint, 0)
1256 self.assertEquals(rep.u.context_id, req.u.context_id)
1257 self.assertEquals(rep.u.cancel_count, 0)
1258 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1260 req = self.generate_alter(call_id=55, ctx_list=[ctx5mgmt, ctx5epm])
1262 rep = self.recv_pdu()
1263 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1265 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1266 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1267 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1268 self.assertEquals(rep.u.secondary_address_size, 0)
1269 self.assertEquals(len(rep.u._pad1), 2)
1270 #self.assertEquals(rep.u._pad1, '\0' * 2)
1271 self.assertEquals(rep.u.num_results, 2)
1272 self.assertEquals(rep.u.ctx_list[0].result,
1273 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1274 self.assertEquals(rep.u.ctx_list[0].reason,
1275 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1276 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1277 self.assertEquals(rep.u.ctx_list[1].result,
1278 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1279 self.assertEquals(rep.u.ctx_list[1].reason,
1280 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1281 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1282 self.assertEquals(rep.u.auth_info, '\0' * 0)
1284 req = self.generate_request(call_id=1,
1285 context_id=ctx5mgmt.context_id,
1289 rep = self.recv_pdu()
1290 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1292 self.assertNotEquals(rep.u.alloc_hint, 0)
1293 self.assertEquals(rep.u.context_id, req.u.context_id)
1294 self.assertEquals(rep.u.cancel_count, 0)
1295 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1297 def test_no_auth_bind_time_none_simple(self):
1299 btf = base.bind_time_features_syntax(features)
1301 zero_syntax = misc.ndr_syntax_id()
1304 ctx1 = dcerpc.ctx_list()
1306 ctx1.num_transfer_syntaxes = len(tsf1_list)
1307 ctx1.abstract_syntax = zero_syntax
1308 ctx1.transfer_syntaxes = tsf1_list
1310 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1312 rep = self.recv_pdu()
1313 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1315 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1316 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1317 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1318 self.assertEquals(rep.u.secondary_address_size, 4)
1319 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1320 self.assertEquals(len(rep.u._pad1), 2)
1321 self.assertEquals(rep.u._pad1, '\0' * 2)
1322 self.assertEquals(rep.u.num_results, 1)
1323 self.assertEquals(rep.u.ctx_list[0].result,
1324 dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1325 self.assertEquals(rep.u.ctx_list[0].reason, features)
1326 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1327 self.assertEquals(rep.u.auth_info, '\0' * 0)
1329 def test_no_auth_bind_time_none_ignore_additional(self):
1331 btf1 = base.bind_time_features_syntax(features1)
1333 features2 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1334 features2 |= dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1335 btf2 = base.bind_time_features_syntax(features2)
1337 zero_syntax = misc.ndr_syntax_id()
1338 ndr64 = base.transfer_syntax_ndr64()
1340 tsf1_list = [btf1, btf2, zero_syntax]
1341 ctx1 = dcerpc.ctx_list()
1343 ctx1.num_transfer_syntaxes = len(tsf1_list)
1344 ctx1.abstract_syntax = ndr64
1345 ctx1.transfer_syntaxes = tsf1_list
1347 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1349 rep = self.recv_pdu()
1350 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1352 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1353 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1354 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1355 self.assertEquals(rep.u.secondary_address_size, 4)
1356 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1357 self.assertEquals(len(rep.u._pad1), 2)
1358 self.assertEquals(rep.u._pad1, '\0' * 2)
1359 self.assertEquals(rep.u.num_results, 1)
1360 self.assertEquals(rep.u.ctx_list[0].result,
1361 dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1362 self.assertEquals(rep.u.ctx_list[0].reason, features1)
1363 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1364 self.assertEquals(rep.u.auth_info, '\0' * 0)
1366 def test_no_auth_bind_time_only_first(self):
1367 features1 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1368 btf1 = base.bind_time_features_syntax(features1)
1370 features2 = dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1371 btf2 = base.bind_time_features_syntax(features2)
1373 zero_syntax = misc.ndr_syntax_id()
1375 tsf1_list = [zero_syntax, btf1, btf2, zero_syntax]
1376 ctx1 = dcerpc.ctx_list()
1378 ctx1.num_transfer_syntaxes = len(tsf1_list)
1379 ctx1.abstract_syntax = zero_syntax
1380 ctx1.transfer_syntaxes = tsf1_list
1382 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1384 rep = self.recv_pdu()
1385 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1387 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1388 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1389 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1390 self.assertEquals(rep.u.secondary_address_size, 4)
1391 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1392 self.assertEquals(len(rep.u._pad1), 2)
1393 self.assertEquals(rep.u._pad1, '\0' * 2)
1394 self.assertEquals(rep.u.num_results, 1)
1395 self.assertEquals(rep.u.ctx_list[0].result,
1396 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1397 self.assertEquals(rep.u.ctx_list[0].reason,
1398 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
1399 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1400 self.assertEquals(rep.u.auth_info, '\0' * 0)
1402 def test_no_auth_bind_time_twice(self):
1403 features1 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1404 btf1 = base.bind_time_features_syntax(features1)
1406 features2 = dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1407 btf2 = base.bind_time_features_syntax(features2)
1409 zero_syntax = misc.ndr_syntax_id()
1412 ctx1 = dcerpc.ctx_list()
1414 ctx1.num_transfer_syntaxes = len(tsf1_list)
1415 ctx1.abstract_syntax = zero_syntax
1416 ctx1.transfer_syntaxes = tsf1_list
1419 ctx2 = dcerpc.ctx_list()
1421 ctx2.num_transfer_syntaxes = len(tsf2_list)
1422 ctx2.abstract_syntax = zero_syntax
1423 ctx2.transfer_syntaxes = tsf2_list
1425 req = self.generate_bind(call_id=0, ctx_list=[ctx1, ctx2])
1427 rep = self.recv_pdu()
1428 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
1430 self.assertEquals(rep.u.reject_reason,
1431 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1432 self.assertEquals(rep.u.num_versions, 1)
1433 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
1434 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
1435 self.assertEquals(len(rep.u._pad), 3)
1436 self.assertEquals(rep.u._pad, '\0' * 3)
1438 # wait for a disconnect
1439 rep = self.recv_pdu()
1440 self.assertIsNone(rep)
1441 self.assertNotConnected()
1443 def test_no_auth_bind_time_keep_on_orphan_simple(self):
1444 features = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1445 btf = base.bind_time_features_syntax(features)
1447 zero_syntax = misc.ndr_syntax_id()
1450 ctx1 = dcerpc.ctx_list()
1452 ctx1.num_transfer_syntaxes = len(tsf1_list)
1453 ctx1.abstract_syntax = zero_syntax
1454 ctx1.transfer_syntaxes = tsf1_list
1456 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1458 rep = self.recv_pdu()
1459 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1461 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1462 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1463 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1464 self.assertEquals(rep.u.secondary_address_size, 4)
1465 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1466 self.assertEquals(len(rep.u._pad1), 2)
1467 self.assertEquals(rep.u._pad1, '\0' * 2)
1468 self.assertEquals(rep.u.num_results, 1)
1469 self.assertEquals(rep.u.ctx_list[0].result,
1470 dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1471 self.assertEquals(rep.u.ctx_list[0].reason, features)
1472 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1473 self.assertEquals(rep.u.auth_info, '\0' * 0)
1475 def test_no_auth_bind_time_keep_on_orphan_ignore_additional(self):
1476 features1 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1477 btf1 = base.bind_time_features_syntax(features1)
1479 features2 = dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1480 btf2 = base.bind_time_features_syntax(features2)
1482 zero_syntax = misc.ndr_syntax_id()
1483 ndr64 = base.transfer_syntax_ndr64()
1485 tsf1_list = [btf1, btf2, zero_syntax]
1486 ctx1 = dcerpc.ctx_list()
1488 ctx1.num_transfer_syntaxes = len(tsf1_list)
1489 ctx1.abstract_syntax = ndr64
1490 ctx1.transfer_syntaxes = tsf1_list
1492 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1494 rep = self.recv_pdu()
1495 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1497 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1498 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1499 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1500 self.assertEquals(rep.u.secondary_address_size, 4)
1501 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1502 self.assertEquals(len(rep.u._pad1), 2)
1503 self.assertEquals(rep.u._pad1, '\0' * 2)
1504 self.assertEquals(rep.u.num_results, 1)
1505 self.assertEquals(rep.u.ctx_list[0].result,
1506 dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1507 self.assertEquals(rep.u.ctx_list[0].reason, features1)
1508 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1509 self.assertEquals(rep.u.auth_info, '\0' * 0)
1511 def _test_auth_type_level_bind_nak(self, auth_type, auth_level, creds=None,
1512 reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_AUTH_TYPE):
1513 ndr32 = base.transfer_syntax_ndr()
1516 ctx1 = dcerpc.ctx_list()
1518 ctx1.num_transfer_syntaxes = len(tsf1_list)
1519 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1520 ctx1.transfer_syntaxes = tsf1_list
1525 if creds is not None:
1526 # We always start with DCERPC_AUTH_LEVEL_INTEGRITY
1527 auth_context = self.get_auth_context_creds(creds,
1528 auth_type=auth_type,
1529 auth_level=auth_level,
1530 auth_context_id=auth_context_id,
1531 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
1533 (finished, to_server) = auth_context["gensec"].update(from_server)
1534 self.assertFalse(finished)
1536 auth_info = self.generate_auth(auth_type=auth_context["auth_type"],
1537 auth_level=auth_context["auth_level"],
1538 auth_context_id=auth_context["auth_context_id"],
1539 auth_blob=to_server)
1542 auth_info = self.generate_auth(auth_type=auth_type,
1543 auth_level=auth_level,
1544 auth_context_id=auth_context_id,
1545 auth_blob=to_server)
1547 req = self.generate_bind(call_id=0,
1549 auth_info=auth_info)
1551 rep = self.recv_pdu()
1552 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
1554 self.assertEquals(rep.u.reject_reason, reason)
1555 self.assertEquals(rep.u.num_versions, 1)
1556 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
1557 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
1558 self.assertEquals(len(rep.u._pad), 3)
1559 self.assertEquals(rep.u._pad, '\0' * 3)
1561 # wait for a disconnect
1562 rep = self.recv_pdu()
1563 self.assertIsNone(rep)
1564 self.assertNotConnected()
1566 def _test_auth_none_level_bind(self, auth_level,
1567 reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_AUTH_TYPE):
1568 return self._test_auth_type_level_bind_nak(auth_type=dcerpc.DCERPC_AUTH_LEVEL_NONE,
1569 auth_level=auth_level, reason=reason)
1571 def test_auth_none_none_bind(self):
1572 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_NONE,
1573 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1575 def test_auth_none_connect_bind(self):
1576 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_CONNECT)
1578 def test_auth_none_call_bind(self):
1579 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_CALL)
1581 def test_auth_none_packet_bind(self):
1582 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_PACKET)
1584 def test_auth_none_integrity_bind(self):
1585 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
1587 def test_auth_none_privacy_bind(self):
1588 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_PRIVACY)
1590 def test_auth_none_0_bind(self):
1591 return self._test_auth_none_level_bind(0,
1592 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1594 def test_auth_none_7_bind(self):
1595 return self._test_auth_none_level_bind(7,
1596 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1598 def test_auth_none_255_bind(self):
1599 return self._test_auth_none_level_bind(255,
1600 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1602 def _test_auth_none_level_request(self, auth_level):
1603 ndr32 = base.transfer_syntax_ndr()
1606 ctx1 = dcerpc.ctx_list()
1608 ctx1.num_transfer_syntaxes = len(tsf1_list)
1609 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1610 ctx1.transfer_syntaxes = tsf1_list
1613 auth_type = dcerpc.DCERPC_AUTH_TYPE_NONE
1616 req = self.generate_bind(call_id=0,
1620 rep = self.recv_pdu()
1621 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
1622 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1623 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1624 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1625 self.assertEquals(rep.u.secondary_address_size, 4)
1626 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1627 self.assertEquals(len(rep.u._pad1), 2)
1628 self.assertEquals(rep.u._pad1, '\0' * 2)
1629 self.assertEquals(rep.u.num_results, 1)
1630 self.assertEquals(rep.u.ctx_list[0].result,
1631 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1632 self.assertEquals(rep.u.ctx_list[0].reason,
1633 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1634 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1635 self.assertEquals(len(rep.u.auth_info), 0)
1637 # And now try a request without auth_info
1638 req = self.generate_request(call_id=2,
1639 context_id=ctx1.context_id,
1643 rep = self.recv_pdu()
1644 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1646 self.assertNotEquals(rep.u.alloc_hint, 0)
1647 self.assertEquals(rep.u.context_id, req.u.context_id)
1648 self.assertEquals(rep.u.cancel_count, 0)
1649 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1651 auth_info = self.generate_auth(auth_type=auth_type,
1652 auth_level=auth_level,
1653 auth_context_id=auth_context_id,
1656 req = self.generate_request(call_id=3,
1657 context_id=ctx1.context_id,
1660 auth_info=auth_info)
1662 rep = self.recv_pdu()
1663 # We get a fault back
1664 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
1666 self.assertNotEquals(rep.u.alloc_hint, 0)
1667 self.assertEquals(rep.u.context_id, req.u.context_id)
1668 self.assertEquals(rep.u.cancel_count, 0)
1669 self.assertEquals(rep.u.flags, 0)
1670 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
1671 self.assertEquals(rep.u.reserved, 0)
1672 self.assertEquals(len(rep.u.error_and_verifier), 0)
1674 # wait for a disconnect
1675 rep = self.recv_pdu()
1676 self.assertIsNone(rep)
1677 self.assertNotConnected()
1679 def test_auth_none_none_request(self):
1680 return self._test_auth_none_level_request(dcerpc.DCERPC_AUTH_LEVEL_NONE)
1682 def test_auth_none_connect_request(self):
1683 return self._test_auth_none_level_request(dcerpc.DCERPC_AUTH_LEVEL_CONNECT)
1685 def test_auth_none_call_request(self):
1686 return self._test_auth_none_level_request(dcerpc.DCERPC_AUTH_LEVEL_CALL)
1688 def _test_neg_xmit_check_values(self,
1694 ndr32 = base.transfer_syntax_ndr()
1697 ctx1 = dcerpc.ctx_list()
1699 ctx1.num_transfer_syntaxes = len(tsf1_list)
1700 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1701 ctx1.transfer_syntaxes = tsf1_list
1703 req = self.generate_bind(call_id=0,
1704 max_xmit_frag=req_xmit,
1705 max_recv_frag=req_recv,
1708 rep = self.recv_pdu()
1709 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1711 self.assertEquals(rep.u.max_xmit_frag, rep_both)
1712 self.assertEquals(rep.u.max_recv_frag, rep_both)
1713 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1714 self.assertEquals(rep.u.secondary_address_size, 4)
1715 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1716 self.assertEquals(len(rep.u._pad1), 2)
1717 self.assertEquals(rep.u._pad1, '\0' * 2)
1718 self.assertEquals(rep.u.num_results, 1)
1719 self.assertEquals(rep.u.ctx_list[0].result,
1720 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1721 self.assertEquals(rep.u.ctx_list[0].reason,
1722 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1723 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1724 self.assertEquals(rep.u.auth_info, '\0' * 0)
1726 assoc_group_id = rep.u.assoc_group_id
1727 if alter_xmit is None:
1728 alter_xmit = rep_both - 8
1729 if alter_recv is None:
1730 alter_recv = rep_both - 8
1732 # max_{xmit,recv}_frag and assoc_group_id are completely
1733 # ignored in alter_context requests
1734 req = self.generate_alter(call_id=1,
1735 max_xmit_frag=alter_xmit,
1736 max_recv_frag=alter_recv,
1737 assoc_group_id=0xffffffff - rep.u.assoc_group_id,
1740 rep = self.recv_pdu()
1741 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1743 self.assertEquals(rep.u.max_xmit_frag, rep_both)
1744 self.assertEquals(rep.u.max_recv_frag, rep_both)
1745 self.assertEquals(rep.u.assoc_group_id, rep.u.assoc_group_id)
1746 self.assertEquals(rep.u.secondary_address_size, 0)
1747 self.assertEquals(len(rep.u._pad1), 2)
1748 #self.assertEquals(rep.u._pad1, '\0' * 2)
1749 self.assertEquals(rep.u.num_results, 1)
1750 self.assertEquals(rep.u.ctx_list[0].result,
1751 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1752 self.assertEquals(rep.u.ctx_list[0].reason,
1753 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1754 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1755 self.assertEquals(rep.u.auth_info, '\0' * 0)
1757 chunk_size = rep_both - dcerpc.DCERPC_REQUEST_LENGTH
1758 req = self.generate_request(call_id=2,
1759 context_id=ctx1.context_id,
1761 alloc_hint=0xffffffff,
1762 stub="\00" * chunk_size)
1763 self.send_pdu(req, ndr_print=True, hexdump=True)
1764 rep = self.recv_pdu(ndr_print=True, hexdump=True)
1765 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1767 self.assertNotEquals(rep.u.alloc_hint, 0)
1768 self.assertEquals(rep.u.context_id, req.u.context_id)
1769 self.assertEquals(rep.u.cancel_count, 0)
1770 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1772 chunk_size = 5840 - dcerpc.DCERPC_REQUEST_LENGTH
1773 req = self.generate_request(call_id=2,
1774 context_id=ctx1.context_id,
1776 alloc_hint=0xffffffff,
1777 stub="\00" * chunk_size)
1779 rep = self.recv_pdu()
1780 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1782 self.assertNotEquals(rep.u.alloc_hint, 0)
1783 self.assertEquals(rep.u.context_id, req.u.context_id)
1784 self.assertEquals(rep.u.cancel_count, 0)
1785 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1788 req = self.generate_request(call_id=3,
1789 context_id=ctx1.context_id,
1791 alloc_hint=0xffffffff,
1792 stub="\00" * chunk_size)
1794 rep = self.recv_pdu()
1796 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
1798 self.assertNotEquals(rep.u.alloc_hint, 0)
1799 self.assertEquals(rep.u.context_id, 0)
1800 self.assertEquals(rep.u.cancel_count, 0)
1801 self.assertEquals(rep.u.flags, 0)
1802 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
1803 self.assertEquals(rep.u.reserved, 0)
1804 self.assertEquals(len(rep.u.error_and_verifier), 0)
1806 # wait for a disconnect
1807 rep = self.recv_pdu()
1808 self.assertIsNone(rep)
1809 self.assertNotConnected()
1811 def test_neg_xmit_ffff_ffff(self):
1812 return self._test_neg_xmit_check_values(req_xmit=0xffff,
1816 def test_neg_xmit_0_ffff(self):
1817 return self._test_neg_xmit_check_values(req_xmit=0,
1823 def test_neg_xmit_ffff_0(self):
1824 return self._test_neg_xmit_check_values(req_xmit=0xffff,
1828 def test_neg_xmit_0_0(self):
1829 return self._test_neg_xmit_check_values(req_xmit=0,
1835 def test_neg_xmit_3199_0(self):
1836 return self._test_neg_xmit_check_values(req_xmit=3199,
1840 def test_neg_xmit_0_3199(self):
1841 return self._test_neg_xmit_check_values(req_xmit=0,
1845 def test_neg_xmit_3199_ffff(self):
1846 return self._test_neg_xmit_check_values(req_xmit=3199,
1850 def test_neg_xmit_ffff_3199(self):
1851 return self._test_neg_xmit_check_values(req_xmit=0xffff,
1855 def test_alloc_hint(self):
1856 ndr32 = base.transfer_syntax_ndr()
1859 ctx = dcerpc.ctx_list()
1861 ctx.num_transfer_syntaxes = len(tsf1_list)
1862 ctx.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1863 ctx.transfer_syntaxes = tsf1_list
1865 req = self.generate_bind(call_id=0,
1868 rep = self.recv_pdu()
1869 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1871 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1872 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1873 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1874 self.assertEquals(rep.u.secondary_address_size, 4)
1875 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1876 self.assertEquals(len(rep.u._pad1), 2)
1877 self.assertEquals(rep.u._pad1, '\0' * 2)
1878 self.assertEquals(rep.u.num_results, 1)
1879 self.assertEquals(rep.u.ctx_list[0].result,
1880 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1881 self.assertEquals(rep.u.ctx_list[0].reason,
1882 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1883 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1884 self.assertEquals(rep.u.auth_info, '\0' * 0)
1886 # And now try a request without auth_info
1887 req = self.generate_request(call_id=2,
1888 context_id=ctx.context_id,
1890 alloc_hint=0xffffffff,
1893 rep = self.recv_pdu()
1894 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1896 self.assertNotEquals(rep.u.alloc_hint, 0)
1897 self.assertEquals(rep.u.context_id, req.u.context_id)
1898 self.assertEquals(rep.u.cancel_count, 0)
1899 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1901 req = self.generate_request(call_id=3,
1902 context_id=ctx.context_id,
1904 alloc_hint=0xffffffff,
1905 stub="\04\00\00\00\00\00\00\00")
1907 rep = self.recv_pdu()
1908 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1910 self.assertNotEquals(rep.u.alloc_hint, 0)
1911 self.assertEquals(rep.u.context_id, req.u.context_id)
1912 self.assertEquals(rep.u.cancel_count, 0)
1913 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1915 req = self.generate_request(call_id=4,
1916 context_id=ctx.context_id,
1919 stub="\04\00\00\00\00\00\00\00")
1921 rep = self.recv_pdu()
1922 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1924 self.assertNotEquals(rep.u.alloc_hint, 0)
1925 self.assertEquals(rep.u.context_id, req.u.context_id)
1926 self.assertEquals(rep.u.cancel_count, 0)
1927 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1929 def _get_netlogon_ctx(self):
1930 abstract = samba.dcerpc.netlogon.abstract_syntax()
1931 ndr32 = base.transfer_syntax_ndr()
1933 (ctx, ack) = self.prepare_presentation(abstract, ndr32, context_id=0,
1934 epmap=True, return_ack=True)
1936 server = '\\\\' + self.target_hostname
1937 server_utf16 = unicode(server, 'utf-8').encode('utf-16-le')
1938 computer = 'UNKNOWNCOMPUTER'
1939 computer_utf16 = unicode(computer, 'utf-8').encode('utf-16-le')
1941 real_stub = struct.pack('<IIII', 0x00200000,
1942 len(server) + 1, 0, len(server) + 1)
1943 real_stub += server_utf16 + '\x00\x00'
1944 mod_len = len(real_stub) % 4
1946 real_stub += '\x00' * (4 - mod_len)
1947 real_stub += struct.pack('<III',
1948 len(computer) + 1, 0, len(computer) + 1)
1949 real_stub += computer_utf16 + '\x00\x00'
1950 real_stub += '\x11\x22\x33\x44\x55\x66\x77\x88'
1952 return (ctx, ack, real_stub)
1954 def _test_fragmented_requests(self, remaining=None, alloc_hint=None,
1955 fault_first=None, fault_last=None):
1956 (ctx, rep, real_stub) = self._get_netlogon_ctx()
1958 chunk = rep.u.max_recv_frag - dcerpc.DCERPC_REQUEST_LENGTH
1962 while remaining > 0:
1963 thistime = min(remaining, chunk)
1964 remaining -= thistime
1969 pfc_flags |= dcerpc.DCERPC_PFC_FLAG_FIRST
1971 stub = real_stub + '\x00' * (thistime - len(real_stub))
1973 stub = "\x00" * thistime
1976 pfc_flags |= dcerpc.DCERPC_PFC_FLAG_LAST
1978 # And now try a request without auth_info
1979 # netr_ServerReqChallenge()
1980 req = self.generate_request(call_id=0x21234,
1981 pfc_flags=pfc_flags,
1982 context_id=ctx.context_id,
1984 alloc_hint=alloc_hint,
1986 if alloc_hint >= thistime:
1987 alloc_hint -= thistime
1990 self.send_pdu(req, hexdump=False)
1991 if fault_first is not None:
1992 rep = self.recv_pdu()
1993 # We get a fault back
1994 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
1996 self.assertNotEquals(rep.u.alloc_hint, 0)
1997 self.assertEquals(rep.u.context_id, req.u.context_id)
1998 self.assertEquals(rep.u.cancel_count, 0)
1999 self.assertEquals(rep.u.flags, 0)
2000 self.assertEquals(rep.u.status, fault_first)
2001 self.assertEquals(rep.u.reserved, 0)
2002 self.assertEquals(len(rep.u.error_and_verifier), 0)
2004 # wait for a disconnect
2005 rep = self.recv_pdu()
2006 self.assertIsNone(rep)
2007 self.assertNotConnected()
2011 if total >= 0x400000 and fault_last is not None:
2012 rep = self.recv_pdu()
2013 # We get a fault back
2014 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2016 self.assertNotEquals(rep.u.alloc_hint, 0)
2017 self.assertEquals(rep.u.context_id, req.u.context_id)
2018 self.assertEquals(rep.u.cancel_count, 0)
2019 self.assertEquals(rep.u.flags, 0)
2020 self.assertEquals(rep.u.status, fault_last)
2021 self.assertEquals(rep.u.reserved, 0)
2022 self.assertEquals(len(rep.u.error_and_verifier), 0)
2024 # wait for a disconnect
2025 rep = self.recv_pdu()
2026 self.assertIsNone(rep)
2027 self.assertNotConnected()
2029 rep = self.recv_pdu(timeout=0.01)
2030 self.assertIsNone(rep)
2031 self.assertIsConnected()
2033 if total >= 0x400000 and fault_last is not None:
2034 rep = self.recv_pdu()
2035 # We get a fault back
2036 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2038 self.assertNotEquals(rep.u.alloc_hint, 0)
2039 self.assertEquals(rep.u.context_id, req.u.context_id)
2040 self.assertEquals(rep.u.cancel_count, 0)
2041 self.assertEquals(rep.u.flags, 0)
2042 self.assertEquals(rep.u.status, fault_last)
2043 self.assertEquals(rep.u.reserved, 0)
2044 self.assertEquals(len(rep.u.error_and_verifier), 0)
2046 # wait for a disconnect
2047 rep = self.recv_pdu()
2048 self.assertIsNone(rep)
2049 self.assertNotConnected()
2051 rep = self.recv_pdu()
2052 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2054 self.assertNotEquals(rep.u.alloc_hint, 0)
2055 self.assertEquals(rep.u.context_id, req.u.context_id)
2056 self.assertEquals(rep.u.cancel_count, 0)
2057 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2059 self.assertEquals(len(rep.u.stub_and_verifier), 12)
2060 status = struct.unpack_from("<I", rep.u.stub_and_verifier, len(rep.u.stub_and_verifier) - 4)
2061 self.assertEquals(status[0], 0)
2063 def test_fragmented_requests01(self):
2064 return self._test_fragmented_requests(remaining=0x400000,
2065 alloc_hint=0x400000)
2067 def test_fragmented_requests02(self):
2068 return self._test_fragmented_requests(remaining=0x400000,
2069 alloc_hint=0x100000)
2071 def test_fragmented_requests03(self):
2072 return self._test_fragmented_requests(remaining=0x400000,
2075 def test_fragmented_requests04(self):
2076 return self._test_fragmented_requests(remaining=0x400000,
2077 alloc_hint=0x400001,
2078 fault_first=dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2080 def test_fragmented_requests05(self):
2081 return self._test_fragmented_requests(remaining=0x500001,
2083 fault_last=dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2085 def _test_same_requests(self, pfc_flags, fault_1st=False, fault_2nd=False):
2086 (ctx, rep, real_stub) = self._get_netlogon_ctx()
2088 # netr_ServerReqChallenge with given flags
2089 req = self.generate_request(call_id=2,
2090 pfc_flags=pfc_flags,
2091 context_id=ctx.context_id,
2096 rep = self.recv_pdu()
2097 # We get a fault back
2098 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2100 self.assertNotEquals(rep.u.alloc_hint, 0)
2101 self.assertEquals(rep.u.context_id, 0)
2102 self.assertEquals(rep.u.cancel_count, 0)
2103 self.assertEquals(rep.u.flags, 0)
2104 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2105 self.assertEquals(rep.u.reserved, 0)
2106 self.assertEquals(len(rep.u.error_and_verifier), 0)
2108 # wait for a disconnect
2109 rep = self.recv_pdu()
2110 self.assertIsNone(rep)
2111 self.assertNotConnected()
2113 rep = self.recv_pdu(timeout=0.1)
2114 self.assertIsNone(rep)
2115 self.assertIsConnected()
2117 # netr_ServerReqChallenge without DCERPC_PFC_FLAG_LAST
2118 # with the same call_id
2119 req = self.generate_request(call_id=2,
2120 pfc_flags=pfc_flags,
2121 context_id=ctx.context_id,
2126 rep = self.recv_pdu()
2127 # We get a fault back
2128 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2130 self.assertNotEquals(rep.u.alloc_hint, 0)
2131 self.assertEquals(rep.u.context_id, req.u.context_id)
2132 self.assertEquals(rep.u.cancel_count, 0)
2133 self.assertEquals(rep.u.flags, 0)
2134 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2135 self.assertEquals(rep.u.reserved, 0)
2136 self.assertEquals(len(rep.u.error_and_verifier), 0)
2138 # wait for a disconnect
2139 rep = self.recv_pdu()
2140 self.assertIsNone(rep)
2141 self.assertNotConnected()
2144 rep = self.recv_pdu(timeout=0.1)
2145 self.assertIsNone(rep)
2146 self.assertIsConnected()
2148 def test_first_only_requests(self):
2149 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2152 def test_none_only_requests(self):
2153 return self._test_same_requests(pfc_flags=0, fault_1st=True)
2155 def test_last_only_requests(self):
2156 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2159 def test_first_maybe_requests(self):
2160 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2161 dcerpc.DCERPC_PFC_FLAG_MAYBE,
2164 def test_first_didnot_requests(self):
2165 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2166 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
2169 def test_first_cmpx_requests(self):
2170 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2171 dcerpc.DCERPC_PFC_FLAG_CONC_MPX,
2174 def test_first_08_requests(self):
2175 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2179 def test_first_cancel_requests(self):
2180 (ctx, rep, real_stub) = self._get_netlogon_ctx()
2182 # netr_ServerReqChallenge with given flags
2183 req = self.generate_request(call_id=2,
2184 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2185 dcerpc.DCERPC_PFC_FLAG_PENDING_CANCEL,
2186 context_id=ctx.context_id,
2190 rep = self.recv_pdu()
2191 # We get a fault back
2192 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2193 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2194 dcerpc.DCERPC_PFC_FLAG_LAST |
2195 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
2197 self.assertNotEquals(rep.u.alloc_hint, 0)
2198 self.assertEquals(rep.u.context_id, 0)
2199 self.assertEquals(rep.u.cancel_count, 0)
2200 self.assertEquals(rep.u.flags, 0)
2201 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_NO_CALL_ACTIVE)
2202 self.assertEquals(rep.u.reserved, 0)
2203 self.assertEquals(len(rep.u.error_and_verifier), 0)
2205 # wait for a disconnect
2206 rep = self.recv_pdu()
2207 self.assertIsNone(rep)
2208 self.assertNotConnected()
2210 def test_2nd_cancel_requests(self):
2211 (ctx, rep, real_stub) = self._get_netlogon_ctx()
2213 # netr_ServerReqChallenge with given flags
2214 req = self.generate_request(call_id=2,
2215 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2216 context_id=ctx.context_id,
2220 rep = self.recv_pdu(timeout=0.1)
2221 self.assertIsNone(rep)
2222 self.assertIsConnected()
2224 # netr_ServerReqChallenge with given flags
2225 req = self.generate_request(call_id=2,
2226 pfc_flags=dcerpc.DCERPC_PFC_FLAG_PENDING_CANCEL,
2227 context_id=ctx.context_id,
2231 rep = self.recv_pdu(timeout=0.1)
2232 self.assertIsNone(rep)
2233 self.assertIsConnected()
2235 # netr_ServerReqChallenge with given flags
2236 req = self.generate_request(call_id=2,
2237 pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2238 context_id=ctx.context_id,
2242 rep = self.recv_pdu()
2243 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2245 self.assertNotEquals(rep.u.alloc_hint, 0)
2246 self.assertEquals(rep.u.context_id, req.u.context_id)
2247 self.assertEquals(rep.u.cancel_count, 0)
2248 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2250 self.assertEquals(len(rep.u.stub_and_verifier), 12)
2251 status = struct.unpack_from("<I", rep.u.stub_and_verifier, len(rep.u.stub_and_verifier) - 4)
2252 self.assertEquals(status[0], 0)
2254 def test_last_cancel_requests(self):
2255 (ctx, rep, real_stub) = self._get_netlogon_ctx()
2257 # netr_ServerReqChallenge with given flags
2258 req = self.generate_request(call_id=2,
2259 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2260 context_id=ctx.context_id,
2264 rep = self.recv_pdu(timeout=0.1)
2265 self.assertIsNone(rep)
2266 self.assertIsConnected()
2268 # netr_ServerReqChallenge with given flags
2269 req = self.generate_request(call_id=2,
2270 pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST |
2271 dcerpc.DCERPC_PFC_FLAG_PENDING_CANCEL,
2272 context_id=ctx.context_id,
2276 rep = self.recv_pdu()
2277 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2279 self.assertNotEquals(rep.u.alloc_hint, 0)
2280 self.assertEquals(rep.u.context_id, req.u.context_id)
2281 self.assertEquals(rep.u.cancel_count, 0)
2282 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2284 self.assertEquals(len(rep.u.stub_and_verifier), 12)
2285 status = struct.unpack_from("<I", rep.u.stub_and_verifier, len(rep.u.stub_and_verifier) - 4)
2286 self.assertEquals(status[0], 0)
2288 def test_mix_requests(self):
2289 (ctx, rep, real_stub) = self._get_netlogon_ctx()
2291 # netr_ServerReqChallenge with given flags
2292 req = self.generate_request(call_id=50,
2293 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2294 context_id=ctx.context_id,
2298 rep = self.recv_pdu(timeout=0.1)
2299 self.assertIsNone(rep)
2300 self.assertIsConnected()
2302 # netr_ServerReqChallenge with given flags
2303 req = self.generate_request(call_id=51,
2304 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2305 context_id=ctx.context_id,
2309 rep = self.recv_pdu()
2310 # We get a fault back
2311 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, 50,
2312 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2313 dcerpc.DCERPC_PFC_FLAG_LAST,
2315 self.assertNotEquals(rep.u.alloc_hint, 0)
2316 self.assertEquals(rep.u.context_id, req.u.context_id)
2317 self.assertEquals(rep.u.cancel_count, 0)
2318 self.assertEquals(rep.u.flags, 0)
2319 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2320 self.assertEquals(rep.u.reserved, 0)
2321 self.assertEquals(len(rep.u.error_and_verifier), 0)
2323 def test_co_cancel_no_request(self):
2324 ndr32 = base.transfer_syntax_ndr()
2325 abstract = samba.dcerpc.mgmt.abstract_syntax()
2326 ctx = self.prepare_presentation(abstract, ndr32, context_id=0xff)
2328 req = self.generate_co_cancel(call_id=3)
2330 rep = self.recv_pdu(timeout=0.01)
2331 self.assertIsNone(rep)
2332 self.assertIsConnected()
2334 # And now try a request
2335 req = self.generate_request(call_id=1,
2336 context_id=ctx.context_id,
2340 rep = self.recv_pdu()
2341 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2343 self.assertNotEquals(rep.u.alloc_hint, 0)
2344 self.assertEquals(rep.u.context_id, req.u.context_id)
2345 self.assertEquals(rep.u.cancel_count, 0)
2346 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2348 def test_co_cancel_request_after_first(self):
2349 ndr32 = base.transfer_syntax_ndr()
2350 abstract = samba.dcerpc.mgmt.abstract_syntax()
2351 ctx = self.prepare_presentation(abstract, ndr32, context_id=0xff)
2353 req = self.generate_request(call_id=1,
2354 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2355 context_id=ctx.context_id,
2359 rep = self.recv_pdu(timeout=0.01)
2360 self.assertIsNone(rep)
2361 self.assertIsConnected()
2363 req = self.generate_co_cancel(call_id=1)
2365 rep = self.recv_pdu(timeout=0.01)
2366 self.assertIsNone(rep)
2367 self.assertIsConnected()
2369 req = self.generate_request(call_id=1,
2370 pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2371 context_id=ctx.context_id,
2375 rep = self.recv_pdu()
2376 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2378 self.assertNotEquals(rep.u.alloc_hint, 0)
2379 self.assertEquals(rep.u.context_id, req.u.context_id)
2380 self.assertEquals(rep.u.cancel_count, 0)
2381 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2383 # And now try a request
2384 req = self.generate_request(call_id=2,
2385 context_id=ctx.context_id,
2389 rep = self.recv_pdu()
2390 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2392 self.assertNotEquals(rep.u.alloc_hint, 0)
2393 self.assertEquals(rep.u.context_id, req.u.context_id)
2394 self.assertEquals(rep.u.cancel_count, 0)
2395 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2397 def test_orphaned_no_request(self):
2398 ndr32 = base.transfer_syntax_ndr()
2399 abstract = samba.dcerpc.mgmt.abstract_syntax()
2400 ctx = self.prepare_presentation(abstract, ndr32)
2402 req = self.generate_orphaned(call_id=3)
2404 rep = self.recv_pdu(timeout=0.01)
2405 self.assertIsNone(rep)
2406 self.assertIsConnected()
2408 # And now try a request
2409 req = self.generate_request(call_id=1,
2410 context_id=ctx.context_id,
2414 rep = self.recv_pdu()
2415 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2417 self.assertNotEquals(rep.u.alloc_hint, 0)
2418 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2419 self.assertEquals(rep.u.cancel_count, 0)
2420 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2422 def test_orphaned_request_after_first_last(self):
2423 ndr32 = base.transfer_syntax_ndr()
2424 abstract = samba.dcerpc.mgmt.abstract_syntax()
2425 ctx = self.prepare_presentation(abstract, ndr32)
2427 req = self.generate_request(call_id=1,
2428 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2429 context_id=ctx.context_id,
2433 rep = self.recv_pdu(timeout=0.1)
2434 self.assertIsNone(rep)
2435 self.assertIsConnected()
2437 req = self.generate_orphaned(call_id=1)
2439 rep = self.recv_pdu(timeout=0.1)
2440 self.assertIsNone(rep)
2441 self.assertIsConnected()
2443 req = self.generate_request(call_id=1,
2444 pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2445 context_id=ctx.context_id,
2449 rep = self.recv_pdu()
2450 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2452 self.assertNotEquals(rep.u.alloc_hint, 0)
2453 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2454 self.assertEquals(rep.u.cancel_count, 0)
2455 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2457 # And now try a request
2458 req = self.generate_request(call_id=2,
2459 context_id=ctx.context_id,
2463 rep = self.recv_pdu()
2464 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2466 self.assertNotEquals(rep.u.alloc_hint, 0)
2467 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2468 self.assertEquals(rep.u.cancel_count, 0)
2469 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2471 def test_orphaned_request_after_first_mpx_last(self):
2472 ndr32 = base.transfer_syntax_ndr()
2473 abstract = samba.dcerpc.mgmt.abstract_syntax()
2475 pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST
2476 pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST
2477 pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_CONC_MPX
2478 ctx = self.prepare_presentation(abstract, ndr32, pfc_flags=pfc_flags)
2480 req = self.generate_request(call_id=1,
2481 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2482 context_id=ctx.context_id,
2486 rep = self.recv_pdu(timeout=0.1)
2487 self.assertIsNone(rep)
2488 self.assertIsConnected()
2490 req = self.generate_orphaned(call_id=1)
2492 rep = self.recv_pdu(timeout=0.1)
2493 self.assertIsNone(rep)
2494 self.assertIsConnected()
2496 req = self.generate_request(call_id=1,
2497 pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2498 context_id=ctx.context_id,
2502 rep = self.recv_pdu()
2503 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2505 self.assertNotEquals(rep.u.alloc_hint, 0)
2506 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2507 self.assertEquals(rep.u.cancel_count, 0)
2508 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2510 # And now try a request
2511 req = self.generate_request(call_id=2,
2512 context_id=ctx.context_id,
2516 rep = self.recv_pdu()
2517 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2519 self.assertNotEquals(rep.u.alloc_hint, 0)
2520 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2521 self.assertEquals(rep.u.cancel_count, 0)
2522 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2524 def test_orphaned_request_after_first_no_last(self):
2525 ndr32 = base.transfer_syntax_ndr()
2526 abstract = samba.dcerpc.mgmt.abstract_syntax()
2527 ctx = self.prepare_presentation(abstract, ndr32)
2529 req1 = self.generate_request(call_id=1,
2530 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2531 context_id=ctx.context_id,
2535 rep = self.recv_pdu(timeout=0.1)
2536 self.assertIsNone(rep)
2537 self.assertIsConnected()
2539 req = self.generate_orphaned(call_id=1)
2541 rep = self.recv_pdu(timeout=0.1)
2542 self.assertIsNone(rep)
2543 self.assertIsConnected()
2545 # And now try a new request
2546 req2 = self.generate_request(call_id=2,
2547 context_id=ctx.context_id,
2551 rep = self.recv_pdu()
2552 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req1.call_id,
2554 self.assertNotEquals(rep.u.alloc_hint, 0)
2555 self.assertEquals(rep.u.context_id, req1.u.context_id)
2556 self.assertEquals(rep.u.cancel_count, 0)
2557 self.assertEquals(rep.u.flags, 0)
2558 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2559 self.assertEquals(rep.u.reserved, 0)
2560 self.assertEquals(len(rep.u.error_and_verifier), 0)
2562 # wait for a disconnect
2563 rep = self.recv_pdu()
2564 self.assertIsNone(rep)
2565 self.assertNotConnected()
2567 def test_orphaned_request_after_first_mpx_no_last(self):
2568 ndr32 = base.transfer_syntax_ndr()
2569 abstract = samba.dcerpc.mgmt.abstract_syntax()
2571 pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST
2572 pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST
2573 pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_CONC_MPX
2574 ctx = self.prepare_presentation(abstract, ndr32,
2575 pfc_flags=pfc_flags)
2577 req1 = self.generate_request(call_id=1,
2578 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2579 context_id=ctx.context_id,
2583 rep = self.recv_pdu(timeout=0.1)
2584 self.assertIsNone(rep)
2585 self.assertIsConnected()
2587 req = self.generate_orphaned(call_id=1)
2589 rep = self.recv_pdu(timeout=0.1)
2590 self.assertIsNone(rep)
2591 self.assertIsConnected()
2593 # And now try a new request
2594 req2 = self.generate_request(call_id=2,
2595 context_id=ctx.context_id - 1,
2599 rep = self.recv_pdu()
2600 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req2.call_id,
2602 self.assertNotEquals(rep.u.alloc_hint, 0)
2603 self.assertEquals(rep.u.context_id, 0)
2604 self.assertEquals(rep.u.cancel_count, 0)
2605 self.assertEquals(rep.u.flags, 0)
2606 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2607 self.assertEquals(rep.u.reserved, 0)
2608 self.assertEquals(len(rep.u.error_and_verifier), 0)
2610 # wait for a disconnect
2611 rep = self.recv_pdu()
2612 self.assertIsNone(rep)
2613 self.assertNotConnected()
2615 def test_spnego_connect_request(self):
2616 ndr32 = base.transfer_syntax_ndr()
2619 ctx1 = dcerpc.ctx_list()
2621 ctx1.num_transfer_syntaxes = len(tsf1_list)
2622 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2623 ctx1.transfer_syntaxes = tsf1_list
2626 c = self.get_anon_creds()
2627 g = gensec.Security.start_client(self.settings)
2628 g.set_credentials(c)
2629 g.want_feature(gensec.FEATURE_DCE_STYLE)
2630 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2631 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
2633 g.start_mech_by_authtype(auth_type, auth_level)
2635 (finished, to_server) = g.update(from_server)
2636 self.assertFalse(finished)
2638 auth_info = self.generate_auth(auth_type=auth_type,
2639 auth_level=auth_level,
2640 auth_context_id=auth_context_id,
2641 auth_blob=to_server)
2643 req = self.generate_bind(call_id=0,
2645 auth_info=auth_info)
2648 rep = self.recv_pdu()
2649 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2650 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2651 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2652 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2653 self.assertEquals(rep.u.secondary_address_size, 4)
2654 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
2655 self.assertEquals(len(rep.u._pad1), 2)
2656 self.assertEquals(rep.u._pad1, '\0' * 2)
2657 self.assertEquals(rep.u.num_results, 1)
2658 self.assertEquals(rep.u.ctx_list[0].result,
2659 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2660 self.assertEquals(rep.u.ctx_list[0].reason,
2661 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2662 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2663 self.assertNotEquals(len(rep.u.auth_info), 0)
2664 a = self.parse_auth(rep.u.auth_info)
2666 from_server = a.credentials
2667 (finished, to_server) = g.update(from_server)
2668 self.assertFalse(finished)
2670 auth_info = self.generate_auth(auth_type=auth_type,
2671 auth_level=auth_level,
2672 auth_context_id=auth_context_id,
2673 auth_blob=to_server)
2675 req = self.generate_alter(call_id=0,
2677 assoc_group_id=rep.u.assoc_group_id,
2678 auth_info=auth_info)
2681 rep = self.recv_pdu()
2682 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
2683 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2684 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2685 self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2686 self.assertEquals(rep.u.secondary_address_size, 0)
2687 self.assertEquals(len(rep.u._pad1), 2)
2688 # Windows sends garbage
2689 #self.assertEquals(rep.u._pad1, '\0' * 2)
2690 self.assertEquals(rep.u.num_results, 1)
2691 self.assertEquals(rep.u.ctx_list[0].result,
2692 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2693 self.assertEquals(rep.u.ctx_list[0].reason,
2694 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2695 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2696 self.assertNotEquals(len(rep.u.auth_info), 0)
2697 a = self.parse_auth(rep.u.auth_info)
2699 from_server = a.credentials
2700 (finished, to_server) = g.update(from_server)
2701 self.assertTrue(finished)
2703 # And now try a request without auth_info
2704 req = self.generate_request(call_id=2,
2705 context_id=ctx1.context_id,
2709 rep = self.recv_pdu()
2710 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2712 self.assertNotEquals(rep.u.alloc_hint, 0)
2713 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2714 self.assertEquals(rep.u.cancel_count, 0)
2715 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2717 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
2718 auth_info = self.generate_auth(auth_type=auth_type,
2719 auth_level=auth_level,
2720 auth_context_id=auth_context_id,
2721 auth_blob="\x01" +"\x00" *15)
2722 req = self.generate_request(call_id=3,
2723 context_id=ctx1.context_id,
2726 auth_info=auth_info)
2728 rep = self.recv_pdu()
2729 # We don't get an auth_info back
2730 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2732 self.assertNotEquals(rep.u.alloc_hint, 0)
2733 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2734 self.assertEquals(rep.u.cancel_count, 0)
2735 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2737 # Now a request with auth_info DCERPC_AUTH_LEVEL_INTEGRITY
2738 auth_info = self.generate_auth(auth_type=auth_type,
2739 auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
2740 auth_context_id=auth_context_id,
2741 auth_blob="\x01" + "\x00" * 15)
2742 req = self.generate_request(call_id=4,
2743 context_id=ctx1.context_id,
2746 auth_info=auth_info)
2748 rep = self.recv_pdu()
2749 # We get a fault back
2750 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2752 self.assertNotEquals(rep.u.alloc_hint, 0)
2753 self.assertEquals(rep.u.context_id, req.u.context_id)
2754 self.assertEquals(rep.u.cancel_count, 0)
2755 self.assertEquals(rep.u.flags, 0)
2756 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2757 self.assertEquals(rep.u.reserved, 0)
2758 self.assertEquals(len(rep.u.error_and_verifier), 0)
2760 # wait for a disconnect
2761 rep = self.recv_pdu()
2762 self.assertIsNone(rep)
2763 self.assertNotConnected()
2765 def test_spnego_integrity_request(self):
2766 ndr32 = base.transfer_syntax_ndr()
2769 ctx1 = dcerpc.ctx_list()
2771 ctx1.num_transfer_syntaxes = len(tsf1_list)
2772 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2773 ctx1.transfer_syntaxes = tsf1_list
2776 c = self.get_anon_creds()
2777 g = gensec.Security.start_client(self.settings)
2778 g.set_credentials(c)
2779 g.want_feature(gensec.FEATURE_DCE_STYLE)
2780 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2781 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
2783 g.start_mech_by_authtype(auth_type, auth_level)
2785 (finished, to_server) = g.update(from_server)
2786 self.assertFalse(finished)
2788 auth_info = self.generate_auth(auth_type=auth_type,
2789 auth_level=auth_level,
2790 auth_context_id=auth_context_id,
2791 auth_blob=to_server)
2793 req = self.generate_bind(call_id=0,
2795 auth_info=auth_info)
2798 rep = self.recv_pdu()
2799 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2800 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2801 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2802 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2803 self.assertEquals(rep.u.secondary_address_size, 4)
2804 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
2805 self.assertEquals(len(rep.u._pad1), 2)
2806 self.assertEquals(rep.u._pad1, '\0' * 2)
2807 self.assertEquals(rep.u.num_results, 1)
2808 self.assertEquals(rep.u.ctx_list[0].result,
2809 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2810 self.assertEquals(rep.u.ctx_list[0].reason,
2811 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2812 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2813 self.assertNotEquals(len(rep.u.auth_info), 0)
2814 a = self.parse_auth(rep.u.auth_info)
2816 from_server = a.credentials
2817 (finished, to_server) = g.update(from_server)
2818 self.assertFalse(finished)
2820 auth_info = self.generate_auth(auth_type=auth_type,
2821 auth_level=auth_level,
2822 auth_context_id=auth_context_id,
2823 auth_blob=to_server)
2825 req = self.generate_alter(call_id=0,
2827 assoc_group_id=rep.u.assoc_group_id,
2828 auth_info=auth_info)
2831 rep = self.recv_pdu()
2832 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
2833 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2834 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2835 self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2836 self.assertEquals(rep.u.secondary_address_size, 0)
2837 self.assertEquals(len(rep.u._pad1), 2)
2838 # Windows sends garbage
2839 #self.assertEquals(rep.u._pad1, '\0' * 2)
2840 self.assertEquals(rep.u.num_results, 1)
2841 self.assertEquals(rep.u.ctx_list[0].result,
2842 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2843 self.assertEquals(rep.u.ctx_list[0].reason,
2844 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2845 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2846 self.assertNotEquals(len(rep.u.auth_info), 0)
2847 a = self.parse_auth(rep.u.auth_info)
2849 from_server = a.credentials
2850 (finished, to_server) = g.update(from_server)
2851 self.assertTrue(finished)
2853 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
2854 auth_info = self.generate_auth(auth_type=auth_type,
2855 auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
2856 auth_context_id=auth_context_id,
2857 auth_blob="\x01" + "\x00" * 15)
2858 req = self.generate_request(call_id=3,
2859 context_id=ctx1.context_id,
2862 auth_info=auth_info)
2864 rep = self.recv_pdu()
2865 # We get a fault back
2866 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2868 self.assertNotEquals(rep.u.alloc_hint, 0)
2869 self.assertEquals(rep.u.context_id, req.u.context_id)
2870 self.assertEquals(rep.u.cancel_count, 0)
2871 self.assertEquals(rep.u.flags, 0)
2872 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2873 self.assertEquals(rep.u.reserved, 0)
2874 self.assertEquals(len(rep.u.error_and_verifier), 0)
2876 # wait for a disconnect
2877 rep = self.recv_pdu()
2878 self.assertIsNone(rep)
2879 self.assertNotConnected()
2881 def test_spnego_unfinished_request(self):
2882 ndr32 = base.transfer_syntax_ndr()
2885 ctx1 = dcerpc.ctx_list()
2887 ctx1.num_transfer_syntaxes = len(tsf1_list)
2888 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2889 ctx1.transfer_syntaxes = tsf1_list
2892 c = self.get_anon_creds()
2893 g = gensec.Security.start_client(self.settings)
2894 g.set_credentials(c)
2895 g.want_feature(gensec.FEATURE_DCE_STYLE)
2896 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2897 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
2899 g.start_mech_by_authtype(auth_type, auth_level)
2901 (finished, to_server) = g.update(from_server)
2902 self.assertFalse(finished)
2904 auth_info = self.generate_auth(auth_type=auth_type,
2905 auth_level=auth_level,
2906 auth_context_id=auth_context_id,
2907 auth_blob=to_server)
2909 req = self.generate_bind(call_id=0,
2911 auth_info=auth_info)
2914 rep = self.recv_pdu()
2915 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2916 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2917 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2918 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2919 assoc_group_id = rep.u.assoc_group_id
2920 self.assertEquals(rep.u.secondary_address_size, 4)
2921 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
2922 self.assertEquals(len(rep.u._pad1), 2)
2923 self.assertEquals(rep.u._pad1, '\0' * 2)
2924 self.assertEquals(rep.u.num_results, 1)
2925 self.assertEquals(rep.u.ctx_list[0].result,
2926 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2927 self.assertEquals(rep.u.ctx_list[0].reason,
2928 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2929 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2930 self.assertNotEquals(len(rep.u.auth_info), 0)
2931 a = self.parse_auth(rep.u.auth_info)
2933 from_server = a.credentials
2934 (finished, to_server) = g.update(from_server)
2935 self.assertFalse(finished)
2937 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
2938 auth_info = self.generate_auth(auth_type=auth_type,
2939 auth_level=auth_level,
2940 auth_context_id=auth_context_id,
2941 auth_blob="\x01" + "\x00" * 15)
2942 req = self.generate_request(call_id=1,
2943 context_id=ctx1.context_id,
2946 auth_info=auth_info)
2948 rep = self.recv_pdu()
2950 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2951 pfc_flags=req.pfc_flags |
2952 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
2954 self.assertNotEquals(rep.u.alloc_hint, 0)
2955 self.assertEquals(rep.u.context_id, 0)
2956 self.assertEquals(rep.u.cancel_count, 0)
2957 self.assertEquals(rep.u.flags, 0)
2958 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2959 self.assertEquals(rep.u.reserved, 0)
2960 self.assertEquals(len(rep.u.error_and_verifier), 0)
2962 # wait for a disconnect
2963 rep = self.recv_pdu()
2964 self.assertIsNone(rep)
2965 self.assertNotConnected()
2967 def test_spnego_auth3(self):
2968 ndr32 = base.transfer_syntax_ndr()
2971 ctx1 = dcerpc.ctx_list()
2973 ctx1.num_transfer_syntaxes = len(tsf1_list)
2974 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2975 ctx1.transfer_syntaxes = tsf1_list
2978 c = self.get_anon_creds()
2979 g = gensec.Security.start_client(self.settings)
2980 g.set_credentials(c)
2981 g.want_feature(gensec.FEATURE_DCE_STYLE)
2982 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2983 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
2985 g.start_mech_by_authtype(auth_type, auth_level)
2987 (finished, to_server) = g.update(from_server)
2988 self.assertFalse(finished)
2990 auth_info = self.generate_auth(auth_type=auth_type,
2991 auth_level=auth_level,
2992 auth_context_id=auth_context_id,
2993 auth_blob=to_server)
2994 req = self.generate_bind(call_id=0,
2996 auth_info=auth_info)
2998 rep = self.recv_pdu()
2999 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3000 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3001 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3002 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3003 self.assertEquals(rep.u.secondary_address_size, 4)
3004 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3005 self.assertEquals(len(rep.u._pad1), 2)
3006 #self.assertEquals(rep.u._pad1, '\0' * 2)
3007 self.assertEquals(rep.u.num_results, 1)
3008 self.assertEquals(rep.u.ctx_list[0].result,
3009 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3010 self.assertEquals(rep.u.ctx_list[0].reason,
3011 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3012 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3013 self.assertNotEquals(len(rep.u.auth_info), 0)
3014 a = self.parse_auth(rep.u.auth_info)
3016 from_server = a.credentials
3017 (finished, to_server) = g.update(from_server)
3018 self.assertFalse(finished)
3020 auth_info = self.generate_auth(auth_type=auth_type,
3021 auth_level=auth_level,
3022 auth_context_id=auth_context_id,
3023 auth_blob=to_server)
3024 req = self.generate_auth3(call_id=0,
3025 auth_info=auth_info)
3027 rep = self.recv_pdu()
3028 self.assertIsNone(rep)
3029 self.assertIsConnected()
3031 # And now try a request without auth_info
3032 req = self.generate_request(call_id=2,
3033 context_id=ctx1.context_id,
3037 rep = self.recv_pdu()
3038 # We get a fault back
3039 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3041 self.assertNotEquals(rep.u.alloc_hint, 0)
3042 self.assertEquals(rep.u.context_id, req.u.context_id)
3043 self.assertEquals(rep.u.cancel_count, 0)
3044 self.assertEquals(rep.u.flags, 0)
3045 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
3046 self.assertEquals(rep.u.reserved, 0)
3047 self.assertEquals(len(rep.u.error_and_verifier), 0)
3049 # wait for a disconnect
3050 rep = self.recv_pdu()
3051 self.assertIsNone(rep)
3052 self.assertNotConnected()
3054 def test_spnego_connect_reauth_alter(self):
3055 ndr32 = base.transfer_syntax_ndr()
3056 ndr64 = base.transfer_syntax_ndr64()
3059 ctx1 = dcerpc.ctx_list()
3061 ctx1.num_transfer_syntaxes = len(tsf1_list)
3062 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3063 ctx1.transfer_syntaxes = tsf1_list
3066 c = self.get_anon_creds()
3067 g = gensec.Security.start_client(self.settings)
3068 g.set_credentials(c)
3069 g.want_feature(gensec.FEATURE_DCE_STYLE)
3070 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3071 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3073 g.start_mech_by_authtype(auth_type, auth_level)
3075 (finished, to_server) = g.update(from_server)
3076 self.assertFalse(finished)
3078 auth_info = self.generate_auth(auth_type=auth_type,
3079 auth_level=auth_level,
3080 auth_context_id=auth_context_id,
3081 auth_blob=to_server)
3083 req = self.generate_bind(call_id=0,
3085 auth_info=auth_info)
3088 rep = self.recv_pdu()
3089 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3090 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3091 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3092 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3093 self.assertEquals(rep.u.secondary_address_size, 4)
3094 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3095 self.assertEquals(len(rep.u._pad1), 2)
3096 self.assertEquals(rep.u._pad1, '\0' * 2)
3097 self.assertEquals(rep.u.num_results, 1)
3098 self.assertEquals(rep.u.ctx_list[0].result,
3099 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3100 self.assertEquals(rep.u.ctx_list[0].reason,
3101 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3102 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3103 self.assertNotEquals(len(rep.u.auth_info), 0)
3104 a = self.parse_auth(rep.u.auth_info)
3106 from_server = a.credentials
3107 (finished, to_server) = g.update(from_server)
3108 self.assertFalse(finished)
3110 auth_info = self.generate_auth(auth_type=auth_type,
3111 auth_level=auth_level,
3112 auth_context_id=auth_context_id,
3113 auth_blob=to_server)
3114 req = self.generate_alter(call_id=0,
3116 assoc_group_id=rep.u.assoc_group_id,
3117 auth_info=auth_info)
3119 rep = self.recv_pdu()
3120 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
3121 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3122 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3123 self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3124 self.assertEquals(rep.u.secondary_address_size, 0)
3125 self.assertEquals(len(rep.u._pad1), 2)
3126 # Windows sends garbage
3127 #self.assertEquals(rep.u._pad1, '\0' * 2)
3128 self.assertEquals(rep.u.num_results, 1)
3129 self.assertEquals(rep.u.ctx_list[0].result,
3130 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3131 self.assertEquals(rep.u.ctx_list[0].reason,
3132 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3133 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3134 self.assertNotEquals(len(rep.u.auth_info), 0)
3135 a = self.parse_auth(rep.u.auth_info)
3137 from_server = a.credentials
3138 (finished, to_server) = g.update(from_server)
3139 self.assertTrue(finished)
3141 # And now try a request without auth_info
3142 req = self.generate_request(call_id=2,
3143 context_id=ctx1.context_id,
3147 rep = self.recv_pdu()
3148 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3150 self.assertNotEquals(rep.u.alloc_hint, 0)
3151 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
3152 self.assertEquals(rep.u.cancel_count, 0)
3153 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3155 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
3156 auth_info = self.generate_auth(auth_type=auth_type,
3157 auth_level=auth_level,
3158 auth_context_id=auth_context_id,
3159 auth_blob="\x01" + "\x00" * 15)
3160 req = self.generate_request(call_id=3,
3161 context_id=ctx1.context_id,
3164 auth_info=auth_info)
3166 rep = self.recv_pdu()
3167 # We don't get an auth_info back
3168 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3170 self.assertNotEquals(rep.u.alloc_hint, 0)
3171 self.assertEquals(rep.u.context_id, req.u.context_id)
3172 self.assertEquals(rep.u.cancel_count, 0)
3173 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3177 g = gensec.Security.start_client(self.settings)
3178 g.set_credentials(c)
3179 g.want_feature(gensec.FEATURE_DCE_STYLE)
3180 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3181 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3183 g.start_mech_by_authtype(auth_type, auth_level)
3185 (finished, to_server) = g.update(from_server)
3186 self.assertFalse(finished)
3188 auth_info = self.generate_auth(auth_type=auth_type,
3189 auth_level=auth_level,
3190 auth_context_id=auth_context_id,
3191 auth_blob=to_server)
3192 req = self.generate_alter(call_id=0,
3194 auth_info=auth_info)
3196 rep = self.recv_pdu()
3198 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3199 pfc_flags=req.pfc_flags |
3200 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3202 self.assertNotEquals(rep.u.alloc_hint, 0)
3203 self.assertEquals(rep.u.context_id, 0)
3204 self.assertEquals(rep.u.cancel_count, 0)
3205 self.assertEquals(rep.u.flags, 0)
3206 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
3207 self.assertEquals(rep.u.reserved, 0)
3208 self.assertEquals(len(rep.u.error_and_verifier), 0)
3210 # wait for a disconnect
3211 rep = self.recv_pdu()
3212 self.assertIsNone(rep)
3213 self.assertNotConnected()
3215 def test_spnego_connect_reauth_auth3(self):
3216 ndr32 = base.transfer_syntax_ndr()
3217 ndr64 = base.transfer_syntax_ndr64()
3220 ctx1 = dcerpc.ctx_list()
3222 ctx1.num_transfer_syntaxes = len(tsf1_list)
3223 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3224 ctx1.transfer_syntaxes = tsf1_list
3227 c = self.get_anon_creds()
3228 g = gensec.Security.start_client(self.settings)
3229 g.set_credentials(c)
3230 g.want_feature(gensec.FEATURE_DCE_STYLE)
3231 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3232 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3234 g.start_mech_by_authtype(auth_type, auth_level)
3236 (finished, to_server) = g.update(from_server)
3237 self.assertFalse(finished)
3239 auth_info = self.generate_auth(auth_type=auth_type,
3240 auth_level=auth_level,
3241 auth_context_id=auth_context_id,
3242 auth_blob=to_server)
3244 req = self.generate_bind(call_id=0,
3246 auth_info=auth_info)
3249 rep = self.recv_pdu()
3250 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3251 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3252 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3253 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3254 self.assertEquals(rep.u.secondary_address_size, 4)
3255 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3256 self.assertEquals(len(rep.u._pad1), 2)
3257 self.assertEquals(rep.u._pad1, '\0' * 2)
3258 self.assertEquals(rep.u.num_results, 1)
3259 self.assertEquals(rep.u.ctx_list[0].result,
3260 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3261 self.assertEquals(rep.u.ctx_list[0].reason,
3262 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3263 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3264 self.assertNotEquals(len(rep.u.auth_info), 0)
3265 a = self.parse_auth(rep.u.auth_info)
3267 from_server = a.credentials
3268 (finished, to_server) = g.update(from_server)
3269 self.assertFalse(finished)
3271 auth_info = self.generate_auth(auth_type=auth_type,
3272 auth_level=auth_level,
3273 auth_context_id=auth_context_id,
3274 auth_blob=to_server)
3275 req = self.generate_alter(call_id=0,
3277 assoc_group_id=rep.u.assoc_group_id,
3278 auth_info=auth_info)
3280 rep = self.recv_pdu()
3281 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
3282 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3283 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3284 self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3285 self.assertEquals(rep.u.secondary_address_size, 0)
3286 self.assertEquals(len(rep.u._pad1), 2)
3287 # Windows sends garbage
3288 #self.assertEquals(rep.u._pad1, '\0' * 2)
3289 self.assertEquals(rep.u.num_results, 1)
3290 self.assertEquals(rep.u.ctx_list[0].result,
3291 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3292 self.assertEquals(rep.u.ctx_list[0].reason,
3293 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3294 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3295 self.assertNotEquals(len(rep.u.auth_info), 0)
3296 a = self.parse_auth(rep.u.auth_info)
3298 from_server = a.credentials
3299 (finished, to_server) = g.update(from_server)
3300 self.assertTrue(finished)
3302 # And now try a request without auth_info
3303 req = self.generate_request(call_id=2,
3304 context_id=ctx1.context_id,
3308 rep = self.recv_pdu()
3309 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3311 self.assertNotEquals(rep.u.alloc_hint, 0)
3312 self.assertEquals(rep.u.context_id, req.u.context_id)
3313 self.assertEquals(rep.u.cancel_count, 0)
3314 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3316 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
3317 auth_info = self.generate_auth(auth_type=auth_type,
3318 auth_level=auth_level,
3319 auth_context_id=auth_context_id,
3320 auth_blob="\x01" + "\x00" * 15)
3321 req = self.generate_request(call_id=3,
3322 context_id=ctx1.context_id,
3325 auth_info=auth_info)
3327 rep = self.recv_pdu()
3328 # We don't get an auth_info back
3329 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3331 self.assertNotEquals(rep.u.alloc_hint, 0)
3332 self.assertEquals(rep.u.context_id, req.u.context_id)
3333 self.assertEquals(rep.u.cancel_count, 0)
3334 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3338 g = gensec.Security.start_client(self.settings)
3339 g.set_credentials(c)
3340 g.want_feature(gensec.FEATURE_DCE_STYLE)
3341 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3342 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3344 g.start_mech_by_authtype(auth_type, auth_level)
3346 (finished, to_server) = g.update(from_server)
3347 self.assertFalse(finished)
3349 auth_info = self.generate_auth(auth_type=auth_type,
3350 auth_level=auth_level,
3351 auth_context_id=auth_context_id,
3352 auth_blob=to_server)
3353 req = self.generate_auth3(call_id=0,
3354 auth_info=auth_info)
3356 rep = self.recv_pdu()
3358 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3359 pfc_flags=req.pfc_flags |
3360 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3362 self.assertNotEquals(rep.u.alloc_hint, 0)
3363 self.assertEquals(rep.u.context_id, 0)
3364 self.assertEquals(rep.u.cancel_count, 0)
3365 self.assertEquals(rep.u.flags, 0)
3366 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
3367 self.assertEquals(rep.u.reserved, 0)
3368 self.assertEquals(len(rep.u.error_and_verifier), 0)
3370 # wait for a disconnect
3371 rep = self.recv_pdu()
3372 self.assertIsNone(rep)
3373 self.assertNotConnected()
3375 def test_spnego_change_auth_level(self):
3376 ndr32 = base.transfer_syntax_ndr()
3379 ctx1 = dcerpc.ctx_list()
3381 ctx1.num_transfer_syntaxes = len(tsf1_list)
3382 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3383 ctx1.transfer_syntaxes = tsf1_list
3385 c = self.get_anon_creds()
3386 g = gensec.Security.start_client(self.settings)
3387 g.set_credentials(c)
3388 g.want_feature(gensec.FEATURE_DCE_STYLE)
3389 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3390 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3392 g.start_mech_by_authtype(auth_type, auth_level)
3394 (finished, to_server) = g.update(from_server)
3395 self.assertFalse(finished)
3397 auth_info = self.generate_auth(auth_type=auth_type,
3398 auth_level=auth_level,
3399 auth_context_id=auth_context_id,
3400 auth_blob=to_server)
3401 req = self.generate_bind(call_id=0,
3403 auth_info=auth_info)
3405 rep = self.recv_pdu()
3406 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3407 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3408 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3409 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3410 self.assertEquals(rep.u.secondary_address_size, 4)
3411 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3412 self.assertEquals(len(rep.u._pad1), 2)
3413 self.assertEquals(rep.u._pad1, '\0' * 2)
3414 self.assertEquals(rep.u.num_results, 1)
3415 self.assertEquals(rep.u.ctx_list[0].result,
3416 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3417 self.assertEquals(rep.u.ctx_list[0].reason,
3418 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3419 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3420 self.assertNotEquals(len(rep.u.auth_info), 0)
3421 a = self.parse_auth(rep.u.auth_info)
3423 from_server = a.credentials
3424 (finished, to_server) = g.update(from_server)
3425 self.assertFalse(finished)
3427 auth_info = self.generate_auth(auth_type=auth_type,
3428 auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
3429 auth_context_id=auth_context_id,
3430 auth_blob=to_server)
3431 req = self.generate_alter(call_id=0,
3433 assoc_group_id=rep.u.assoc_group_id,
3434 auth_info=auth_info)
3436 rep = self.recv_pdu()
3437 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3438 pfc_flags=req.pfc_flags |
3439 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3441 self.assertNotEquals(rep.u.alloc_hint, 0)
3442 self.assertEquals(rep.u.context_id, 0)
3443 self.assertEquals(rep.u.cancel_count, 0)
3444 self.assertEquals(rep.u.flags, 0)
3445 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
3446 self.assertEquals(rep.u.reserved, 0)
3447 self.assertEquals(len(rep.u.error_and_verifier), 0)
3449 # wait for a disconnect
3450 rep = self.recv_pdu()
3451 self.assertIsNone(rep)
3452 self.assertNotConnected()
3454 def test_spnego_change_abstract(self):
3455 ndr32 = base.transfer_syntax_ndr()
3458 ctx1 = dcerpc.ctx_list()
3460 ctx1.num_transfer_syntaxes = len(tsf1_list)
3461 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3462 ctx1.transfer_syntaxes = tsf1_list
3464 ctx1b = dcerpc.ctx_list()
3465 ctx1b.context_id = 1
3466 ctx1b.num_transfer_syntaxes = len(tsf1_list)
3467 ctx1b.abstract_syntax = samba.dcerpc.epmapper.abstract_syntax()
3468 ctx1b.transfer_syntaxes = tsf1_list
3470 c = self.get_anon_creds()
3471 g = gensec.Security.start_client(self.settings)
3472 g.set_credentials(c)
3473 g.want_feature(gensec.FEATURE_DCE_STYLE)
3474 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3475 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3477 g.start_mech_by_authtype(auth_type, auth_level)
3479 (finished, to_server) = g.update(from_server)
3480 self.assertFalse(finished)
3482 auth_info = self.generate_auth(auth_type=auth_type,
3483 auth_level=auth_level,
3484 auth_context_id=auth_context_id,
3485 auth_blob=to_server)
3486 req = self.generate_bind(call_id=0,
3488 auth_info=auth_info)
3490 rep = self.recv_pdu()
3491 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3492 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3493 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3494 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3495 self.assertEquals(rep.u.secondary_address_size, 4)
3496 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3497 self.assertEquals(len(rep.u._pad1), 2)
3498 #self.assertEquals(rep.u._pad1, '\0' * 2)
3499 self.assertEquals(rep.u.num_results, 1)
3500 self.assertEquals(rep.u.ctx_list[0].result,
3501 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3502 self.assertEquals(rep.u.ctx_list[0].reason,
3503 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3504 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3505 self.assertNotEquals(len(rep.u.auth_info), 0)
3506 a = self.parse_auth(rep.u.auth_info)
3508 from_server = a.credentials
3509 (finished, to_server) = g.update(from_server)
3510 self.assertFalse(finished)
3512 auth_info = self.generate_auth(auth_type=auth_type,
3513 auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
3514 auth_context_id=auth_context_id,
3515 auth_blob=to_server)
3516 req = self.generate_alter(call_id=0,
3518 assoc_group_id=rep.u.assoc_group_id,
3519 auth_info=auth_info)
3521 rep = self.recv_pdu()
3522 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3523 pfc_flags=req.pfc_flags |
3524 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3526 self.assertNotEquals(rep.u.alloc_hint, 0)
3527 self.assertEquals(rep.u.context_id, 0)
3528 self.assertEquals(rep.u.cancel_count, 0)
3529 self.assertEquals(rep.u.flags, 0)
3530 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
3531 self.assertEquals(rep.u.reserved, 0)
3532 self.assertEquals(len(rep.u.error_and_verifier), 0)
3534 # wait for a disconnect
3535 rep = self.recv_pdu()
3536 self.assertIsNone(rep)
3537 self.assertNotConnected()
3539 def test_spnego_change_transfer(self):
3540 ndr32 = base.transfer_syntax_ndr()
3541 ndr64 = base.transfer_syntax_ndr64()
3544 ctx1 = dcerpc.ctx_list()
3546 ctx1.num_transfer_syntaxes = len(tsf1_list)
3547 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3548 ctx1.transfer_syntaxes = tsf1_list
3550 tsf1b_list = [ndr32, ndr64]
3551 ctx1b = dcerpc.ctx_list()
3552 ctx1b.context_id = 1
3553 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
3554 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3555 ctx1b.transfer_syntaxes = tsf1b_list
3557 c = self.get_anon_creds()
3558 g = gensec.Security.start_client(self.settings)
3559 g.set_credentials(c)
3560 g.want_feature(gensec.FEATURE_DCE_STYLE)
3561 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3562 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3564 g.start_mech_by_authtype(auth_type, auth_level)
3566 (finished, to_server) = g.update(from_server)
3567 self.assertFalse(finished)
3569 auth_info = self.generate_auth(auth_type=auth_type,
3570 auth_level=auth_level,
3571 auth_context_id=auth_context_id,
3572 auth_blob=to_server)
3573 req = self.generate_bind(call_id=0,
3575 auth_info=auth_info)
3577 rep = self.recv_pdu()
3578 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3579 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3580 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3581 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3582 self.assertEquals(rep.u.secondary_address_size, 4)
3583 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3584 self.assertEquals(len(rep.u._pad1), 2)
3585 #self.assertEquals(rep.u._pad1, '\0' * 2)
3586 self.assertEquals(rep.u.num_results, 1)
3587 self.assertEquals(rep.u.ctx_list[0].result,
3588 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3589 self.assertEquals(rep.u.ctx_list[0].reason,
3590 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3591 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3592 self.assertNotEquals(len(rep.u.auth_info), 0)
3593 a = self.parse_auth(rep.u.auth_info)
3595 from_server = a.credentials
3596 (finished, to_server) = g.update(from_server)
3597 self.assertFalse(finished)
3599 # We change ctx_list and auth_level
3600 auth_info = self.generate_auth(auth_type=auth_type,
3601 auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
3602 auth_context_id=auth_context_id,
3603 auth_blob=to_server)
3604 req = self.generate_alter(call_id=0,
3606 assoc_group_id=rep.u.assoc_group_id,
3607 auth_info=auth_info)
3609 rep = self.recv_pdu()
3610 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3611 pfc_flags=req.pfc_flags |
3612 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3614 self.assertNotEquals(rep.u.alloc_hint, 0)
3615 self.assertEquals(rep.u.context_id, 0)
3616 self.assertEquals(rep.u.cancel_count, 0)
3617 self.assertEquals(rep.u.flags, 0)
3618 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
3619 self.assertEquals(rep.u.reserved, 0)
3620 self.assertEquals(len(rep.u.error_and_verifier), 0)
3622 # wait for a disconnect
3623 rep = self.recv_pdu()
3624 self.assertIsNone(rep)
3625 self.assertNotConnected()
3627 def test_spnego_change_auth_type1(self):
3628 ndr32 = base.transfer_syntax_ndr()
3629 ndr64 = base.transfer_syntax_ndr64()
3632 ctx1 = dcerpc.ctx_list()
3634 ctx1.num_transfer_syntaxes = len(tsf1_list)
3635 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3636 ctx1.transfer_syntaxes = tsf1_list
3638 c = self.get_anon_creds()
3639 g = gensec.Security.start_client(self.settings)
3640 g.set_credentials(c)
3641 g.want_feature(gensec.FEATURE_DCE_STYLE)
3642 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3643 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3645 g.start_mech_by_authtype(auth_type, auth_level)
3647 (finished, to_server) = g.update(from_server)
3648 self.assertFalse(finished)
3650 auth_info = self.generate_auth(auth_type=auth_type,
3651 auth_level=auth_level,
3652 auth_context_id=auth_context_id,
3653 auth_blob=to_server)
3654 req = self.generate_bind(call_id=0,
3656 auth_info=auth_info)
3658 rep = self.recv_pdu()
3659 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3660 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3661 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3662 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3663 self.assertEquals(rep.u.secondary_address_size, 4)
3664 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3665 self.assertEquals(len(rep.u._pad1), 2)
3666 #self.assertEquals(rep.u._pad1, '\0' * 2)
3667 self.assertEquals(rep.u.num_results, 1)
3668 self.assertEquals(rep.u.ctx_list[0].result,
3669 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3670 self.assertEquals(rep.u.ctx_list[0].reason,
3671 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3672 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3673 self.assertNotEquals(len(rep.u.auth_info), 0)
3674 a = self.parse_auth(rep.u.auth_info)
3676 from_server = a.credentials
3677 (finished, to_server) = g.update(from_server)
3678 self.assertFalse(finished)
3680 # We change ctx_list and auth_level
3681 auth_info = self.generate_auth(auth_type=dcerpc.DCERPC_AUTH_TYPE_KRB5,
3682 auth_level=auth_level,
3683 auth_context_id=auth_context_id,
3684 auth_blob=to_server)
3685 req = self.generate_alter(call_id=0,
3687 assoc_group_id=rep.u.assoc_group_id,
3688 auth_info=auth_info)
3690 rep = self.recv_pdu()
3691 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3692 pfc_flags=req.pfc_flags |
3693 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3695 self.assertNotEquals(rep.u.alloc_hint, 0)
3696 self.assertEquals(rep.u.context_id, 0)
3697 self.assertEquals(rep.u.cancel_count, 0)
3698 self.assertEquals(rep.u.flags, 0)
3699 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
3700 self.assertEquals(rep.u.reserved, 0)
3701 self.assertEquals(len(rep.u.error_and_verifier), 0)
3703 # wait for a disconnect
3704 rep = self.recv_pdu()
3705 self.assertIsNone(rep)
3706 self.assertNotConnected()
3708 def test_spnego_change_auth_type2(self):
3709 ndr32 = base.transfer_syntax_ndr()
3710 ndr64 = base.transfer_syntax_ndr64()
3713 ctx1 = dcerpc.ctx_list()
3715 ctx1.num_transfer_syntaxes = len(tsf1_list)
3716 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3717 ctx1.transfer_syntaxes = tsf1_list
3719 tsf1b_list = [ndr32, ndr64]
3720 ctx1b = dcerpc.ctx_list()
3721 ctx1b.context_id = 1
3722 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
3723 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3724 ctx1b.transfer_syntaxes = tsf1b_list
3726 c = self.get_anon_creds()
3727 g = gensec.Security.start_client(self.settings)
3728 g.set_credentials(c)
3729 g.want_feature(gensec.FEATURE_DCE_STYLE)
3730 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3731 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3733 g.start_mech_by_authtype(auth_type, auth_level)
3735 (finished, to_server) = g.update(from_server)
3736 self.assertFalse(finished)
3738 auth_info = self.generate_auth(auth_type=auth_type,
3739 auth_level=auth_level,
3740 auth_context_id=auth_context_id,
3741 auth_blob=to_server)
3742 req = self.generate_bind(call_id=0,
3744 auth_info=auth_info)
3746 rep = self.recv_pdu()
3747 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3748 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3749 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3750 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3751 self.assertEquals(rep.u.secondary_address_size, 4)
3752 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3753 self.assertEquals(len(rep.u._pad1), 2)
3754 #self.assertEquals(rep.u._pad1, '\0' * 2)
3755 self.assertEquals(rep.u.num_results, 1)
3756 self.assertEquals(rep.u.ctx_list[0].result,
3757 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3758 self.assertEquals(rep.u.ctx_list[0].reason,
3759 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3760 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3761 self.assertNotEquals(len(rep.u.auth_info), 0)
3762 a = self.parse_auth(rep.u.auth_info)
3764 from_server = a.credentials
3765 (finished, to_server) = g.update(from_server)
3766 self.assertFalse(finished)
3768 # We change ctx_list and auth_level
3769 auth_info = self.generate_auth(auth_type=dcerpc.DCERPC_AUTH_TYPE_KRB5,
3770 auth_level=auth_level,
3771 auth_context_id=auth_context_id,
3772 auth_blob=to_server)
3773 req = self.generate_alter(call_id=0,
3775 assoc_group_id=rep.u.assoc_group_id,
3776 auth_info=auth_info)
3778 rep = self.recv_pdu()
3779 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3780 pfc_flags=req.pfc_flags |
3781 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3783 self.assertNotEquals(rep.u.alloc_hint, 0)
3784 self.assertEquals(rep.u.context_id, 0)
3785 self.assertEquals(rep.u.cancel_count, 0)
3786 self.assertEquals(rep.u.flags, 0)
3787 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
3788 self.assertEquals(rep.u.reserved, 0)
3789 self.assertEquals(len(rep.u.error_and_verifier), 0)
3791 # wait for a disconnect
3792 rep = self.recv_pdu()
3793 self.assertIsNone(rep)
3794 self.assertNotConnected()
3796 def test_spnego_change_auth_type3(self):
3797 ndr32 = base.transfer_syntax_ndr()
3798 ndr64 = base.transfer_syntax_ndr64()
3801 ctx1 = dcerpc.ctx_list()
3803 ctx1.num_transfer_syntaxes = len(tsf1_list)
3804 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3805 ctx1.transfer_syntaxes = tsf1_list
3807 tsf1b_list = [ndr32, ndr64]
3808 ctx1b = dcerpc.ctx_list()
3809 ctx1b.context_id = 1
3810 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
3811 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3812 ctx1b.transfer_syntaxes = tsf1b_list
3814 c = self.get_anon_creds()
3815 g = gensec.Security.start_client(self.settings)
3816 g.set_credentials(c)
3817 g.want_feature(gensec.FEATURE_DCE_STYLE)
3818 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3819 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3821 g.start_mech_by_authtype(auth_type, auth_level)
3823 (finished, to_server) = g.update(from_server)
3824 self.assertFalse(finished)
3826 auth_info = self.generate_auth(auth_type=auth_type,
3827 auth_level=auth_level,
3828 auth_context_id=auth_context_id,
3829 auth_blob=to_server)
3830 req = self.generate_bind(call_id=0,
3832 auth_info=auth_info)
3834 rep = self.recv_pdu()
3835 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3836 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3837 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3838 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3839 self.assertEquals(rep.u.secondary_address_size, 4)
3840 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3841 self.assertEquals(len(rep.u._pad1), 2)
3842 #self.assertEquals(rep.u._pad1, '\0' * 2)
3843 self.assertEquals(rep.u.num_results, 1)
3844 self.assertEquals(rep.u.ctx_list[0].result,
3845 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3846 self.assertEquals(rep.u.ctx_list[0].reason,
3847 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3848 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3849 self.assertNotEquals(len(rep.u.auth_info), 0)
3850 a = self.parse_auth(rep.u.auth_info)
3852 from_server = a.credentials
3853 (finished, to_server) = g.update(from_server)
3854 self.assertFalse(finished)
3856 # We change ctx_list and auth_level
3857 auth_info = self.generate_auth(auth_type=dcerpc.DCERPC_AUTH_TYPE_NONE,
3858 auth_level=auth_level,
3859 auth_context_id=auth_context_id,
3860 auth_blob=to_server)
3861 req = self.generate_alter(call_id=0,
3863 assoc_group_id=rep.u.assoc_group_id,
3864 auth_info=auth_info)
3866 rep = self.recv_pdu()
3867 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3868 pfc_flags=req.pfc_flags |
3869 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3871 self.assertNotEquals(rep.u.alloc_hint, 0)
3872 self.assertEquals(rep.u.context_id, 0)
3873 self.assertEquals(rep.u.cancel_count, 0)
3874 self.assertEquals(rep.u.flags, 0)
3875 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
3876 self.assertEquals(rep.u.reserved, 0)
3877 self.assertEquals(len(rep.u.error_and_verifier), 0)
3879 # wait for a disconnect
3880 rep = self.recv_pdu()
3881 self.assertIsNone(rep)
3882 self.assertNotConnected()
3884 def test_spnego_auth_pad_ok(self):
3885 ndr32 = base.transfer_syntax_ndr()
3888 ctx1 = dcerpc.ctx_list()
3890 ctx1.num_transfer_syntaxes = len(tsf1_list)
3891 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3892 ctx1.transfer_syntaxes = tsf1_list
3895 c = self.get_anon_creds()
3896 g = gensec.Security.start_client(self.settings)
3897 g.set_credentials(c)
3898 g.want_feature(gensec.FEATURE_DCE_STYLE)
3899 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3900 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3902 g.start_mech_by_authtype(auth_type, auth_level)
3904 (finished, to_server) = g.update(from_server)
3905 self.assertFalse(finished)
3907 auth_info = self.generate_auth(auth_type=auth_type,
3908 auth_level=auth_level,
3909 auth_context_id=auth_context_id,
3910 auth_blob=to_server)
3912 req = self.generate_bind(call_id=0,
3914 auth_info=auth_info)
3915 req_pdu = samba.ndr.ndr_pack(req)
3917 auth_pad_ok = len(req_pdu)
3918 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
3919 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
3920 auth_pad_ok -= len(to_server)
3922 auth_info = self.generate_auth(auth_type=auth_type,
3923 auth_level=auth_level,
3924 auth_context_id=auth_context_id,
3925 auth_pad_length=auth_pad_ok,
3926 auth_blob=to_server)
3928 req = self.generate_bind(call_id=0,
3930 auth_info=auth_info)
3932 rep = self.recv_pdu()
3933 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3934 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3935 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3936 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3937 self.assertEquals(rep.u.secondary_address_size, 4)
3938 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3939 self.assertEquals(len(rep.u._pad1), 2)
3940 #self.assertEquals(rep.u._pad1, '\0' * 2)
3941 self.assertEquals(rep.u.num_results, 1)
3942 self.assertEquals(rep.u.ctx_list[0].result,
3943 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3944 self.assertEquals(rep.u.ctx_list[0].reason,
3945 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3946 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3947 self.assertNotEquals(len(rep.u.auth_info), 0)
3948 a = self.parse_auth(rep.u.auth_info)
3950 from_server = a.credentials
3951 (finished, to_server) = g.update(from_server)
3952 self.assertFalse(finished)
3954 auth_info = self.generate_auth(auth_type=auth_type,
3955 auth_level=auth_level,
3956 auth_context_id=auth_context_id,
3957 auth_blob=to_server)
3958 req = self.generate_alter(call_id=0,
3960 assoc_group_id=rep.u.assoc_group_id,
3961 auth_info=auth_info)
3962 req_pdu = samba.ndr.ndr_pack(req)
3964 auth_pad_ok = len(req_pdu)
3965 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
3966 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
3967 auth_pad_ok -= len(to_server)
3968 auth_info = self.generate_auth(auth_type=auth_type,
3969 auth_level=auth_level,
3970 auth_context_id=auth_context_id,
3971 auth_pad_length=auth_pad_ok,
3972 auth_blob=to_server)
3973 req = self.generate_alter(call_id=0,
3975 assoc_group_id=rep.u.assoc_group_id,
3976 auth_info=auth_info)
3978 rep = self.recv_pdu()
3979 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
3980 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3981 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3982 self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3983 self.assertEquals(rep.u.secondary_address_size, 0)
3984 self.assertEquals(len(rep.u._pad1), 2)
3985 # Windows sends garbage
3986 #self.assertEquals(rep.u._pad1, '\0' * 2)
3987 self.assertEquals(rep.u.num_results, 1)
3988 self.assertEquals(rep.u.ctx_list[0].result,
3989 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3990 self.assertEquals(rep.u.ctx_list[0].reason,
3991 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3992 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3993 self.assertNotEquals(len(rep.u.auth_info), 0)
3994 a = self.parse_auth(rep.u.auth_info)
3996 from_server = a.credentials
3997 (finished, to_server) = g.update(from_server)
3998 self.assertTrue(finished)
4000 # And now try a request without auth_info
4001 req = self.generate_request(call_id=2,
4002 context_id=ctx1.context_id,
4006 rep = self.recv_pdu()
4007 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4009 self.assertNotEquals(rep.u.alloc_hint, 0)
4010 self.assertEquals(rep.u.context_id, req.u.context_id)
4011 self.assertEquals(rep.u.cancel_count, 0)
4012 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4014 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
4015 auth_info = self.generate_auth(auth_type=auth_type,
4016 auth_level=auth_level,
4017 auth_context_id=auth_context_id,
4018 auth_blob="\x01" + "\x00" * 15)
4019 req = self.generate_request(call_id=3,
4020 context_id=ctx1.context_id,
4023 auth_info=auth_info)
4025 rep = self.recv_pdu()
4026 # We don't get an auth_info back
4027 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4029 self.assertNotEquals(rep.u.alloc_hint, 0)
4030 self.assertEquals(rep.u.context_id, req.u.context_id)
4031 self.assertEquals(rep.u.cancel_count, 0)
4032 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4034 self._disconnect("disconnect")
4035 self.assertNotConnected()
4037 def test_spnego_auth_pad_fail_bind(self):
4038 ndr32 = base.transfer_syntax_ndr()
4041 ctx1 = dcerpc.ctx_list()
4043 ctx1.num_transfer_syntaxes = len(tsf1_list)
4044 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4045 ctx1.transfer_syntaxes = tsf1_list
4048 c = self.get_anon_creds()
4049 g = gensec.Security.start_client(self.settings)
4050 g.set_credentials(c)
4051 g.want_feature(gensec.FEATURE_DCE_STYLE)
4052 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
4053 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
4055 g.start_mech_by_authtype(auth_type, auth_level)
4057 (finished, to_server) = g.update(from_server)
4058 self.assertFalse(finished)
4060 auth_info = self.generate_auth(auth_type=auth_type,
4061 auth_level=auth_level,
4062 auth_context_id=auth_context_id,
4063 auth_blob=to_server)
4065 req = self.generate_bind(call_id=0,
4067 auth_info=auth_info)
4068 req_pdu = samba.ndr.ndr_pack(req)
4070 auth_pad_ok = len(req_pdu)
4071 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
4072 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4073 auth_pad_ok -= len(to_server)
4074 auth_pad_bad = auth_pad_ok + 1
4075 auth_info = self.generate_auth(auth_type=auth_type,
4076 auth_level=auth_level,
4077 auth_context_id=auth_context_id,
4078 auth_pad_length=auth_pad_bad,
4079 auth_blob=to_server)
4081 req = self.generate_bind(call_id=0,
4083 auth_info=auth_info)
4085 rep = self.recv_pdu()
4086 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
4088 self.assertEquals(rep.u.reject_reason,
4089 dcerpc.DCERPC_BIND_NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED)
4090 self.assertEquals(rep.u.num_versions, 1)
4091 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
4092 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
4093 self.assertEquals(len(rep.u._pad), 3)
4094 self.assertEquals(rep.u._pad, '\0' * 3)
4096 # wait for a disconnect
4097 rep = self.recv_pdu()
4098 self.assertIsNone(rep)
4099 self.assertNotConnected()
4101 def test_spnego_auth_pad_fail_alter(self):
4102 ndr32 = base.transfer_syntax_ndr()
4105 ctx1 = dcerpc.ctx_list()
4107 ctx1.num_transfer_syntaxes = len(tsf1_list)
4108 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4109 ctx1.transfer_syntaxes = tsf1_list
4112 c = self.get_anon_creds()
4113 g = gensec.Security.start_client(self.settings)
4114 g.set_credentials(c)
4115 g.want_feature(gensec.FEATURE_DCE_STYLE)
4116 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
4117 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
4119 g.start_mech_by_authtype(auth_type, auth_level)
4121 (finished, to_server) = g.update(from_server)
4122 self.assertFalse(finished)
4124 auth_info = self.generate_auth(auth_type=auth_type,
4125 auth_level=auth_level,
4126 auth_context_id=auth_context_id,
4127 auth_blob=to_server)
4129 req = self.generate_bind(call_id=0,
4131 auth_info=auth_info)
4132 req_pdu = samba.ndr.ndr_pack(req)
4134 auth_pad_ok = len(req_pdu)
4135 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
4136 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4137 auth_pad_ok -= len(to_server)
4139 auth_info = self.generate_auth(auth_type=auth_type,
4140 auth_level=auth_level,
4141 auth_context_id=auth_context_id,
4142 auth_pad_length=auth_pad_ok,
4143 auth_blob=to_server)
4145 req = self.generate_bind(call_id=0,
4147 auth_info=auth_info)
4149 rep = self.recv_pdu()
4150 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
4151 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
4152 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
4153 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
4154 self.assertEquals(rep.u.secondary_address_size, 4)
4155 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
4156 self.assertEquals(len(rep.u._pad1), 2)
4157 #self.assertEquals(rep.u._pad1, '\0' * 2)
4158 self.assertEquals(rep.u.num_results, 1)
4159 self.assertEquals(rep.u.ctx_list[0].result,
4160 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
4161 self.assertEquals(rep.u.ctx_list[0].reason,
4162 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
4163 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
4164 self.assertNotEquals(len(rep.u.auth_info), 0)
4165 a = self.parse_auth(rep.u.auth_info)
4167 from_server = a.credentials
4168 (finished, to_server) = g.update(from_server)
4169 self.assertFalse(finished)
4171 auth_info = self.generate_auth(auth_type=auth_type,
4172 auth_level=auth_level,
4173 auth_context_id=auth_context_id,
4174 auth_blob=to_server)
4175 req = self.generate_alter(call_id=0,
4177 assoc_group_id=rep.u.assoc_group_id,
4178 auth_info=auth_info)
4179 req_pdu = samba.ndr.ndr_pack(req)
4181 auth_pad_ok = len(req_pdu)
4182 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
4183 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4184 auth_pad_ok -= len(to_server)
4185 auth_pad_bad = auth_pad_ok + 1
4186 auth_info = self.generate_auth(auth_type=auth_type,
4187 auth_level=auth_level,
4188 auth_context_id=auth_context_id,
4189 auth_pad_length=auth_pad_bad,
4190 auth_blob=to_server)
4191 req = self.generate_alter(call_id=0,
4193 assoc_group_id=rep.u.assoc_group_id,
4194 auth_info=auth_info)
4196 rep = self.recv_pdu()
4197 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
4198 pfc_flags=req.pfc_flags |
4199 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
4201 self.assertNotEquals(rep.u.alloc_hint, 0)
4202 self.assertEquals(rep.u.context_id, 0)
4203 self.assertEquals(rep.u.cancel_count, 0)
4204 self.assertEquals(rep.u.flags, 0)
4205 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
4206 self.assertEquals(rep.u.reserved, 0)
4207 self.assertEquals(len(rep.u.error_and_verifier), 0)
4209 # wait for a disconnect
4210 rep = self.recv_pdu()
4211 self.assertIsNone(rep)
4212 self.assertNotConnected()
4214 def test_ntlmssp_auth_pad_ok(self):
4215 ndr32 = base.transfer_syntax_ndr()
4218 ctx1 = dcerpc.ctx_list()
4220 ctx1.num_transfer_syntaxes = len(tsf1_list)
4221 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4222 ctx1.transfer_syntaxes = tsf1_list
4225 c = self.get_anon_creds()
4226 g = gensec.Security.start_client(self.settings)
4227 g.set_credentials(c)
4228 g.want_feature(gensec.FEATURE_DCE_STYLE)
4229 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
4230 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
4232 g.start_mech_by_authtype(auth_type, auth_level)
4234 (finished, to_server) = g.update(from_server)
4235 self.assertFalse(finished)
4237 auth_info = self.generate_auth(auth_type=auth_type,
4238 auth_level=auth_level,
4239 auth_context_id=auth_context_id,
4240 auth_blob=to_server)
4242 req = self.generate_bind(call_id=0,
4244 auth_info=auth_info)
4245 req_pdu = samba.ndr.ndr_pack(req)
4247 auth_pad_ok = len(req_pdu)
4248 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
4249 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4250 auth_pad_ok -= len(to_server)
4252 auth_info = self.generate_auth(auth_type=auth_type,
4253 auth_level=auth_level,
4254 auth_context_id=auth_context_id,
4255 auth_pad_length=auth_pad_ok,
4256 auth_blob=to_server)
4258 req = self.generate_bind(call_id=0,
4260 auth_info=auth_info)
4262 rep = self.recv_pdu()
4263 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
4264 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
4265 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
4266 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
4267 self.assertEquals(rep.u.secondary_address_size, 4)
4268 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
4269 self.assertEquals(len(rep.u._pad1), 2)
4270 #self.assertEquals(rep.u._pad1, '\0' * 2)
4271 self.assertEquals(rep.u.num_results, 1)
4272 self.assertEquals(rep.u.ctx_list[0].result,
4273 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
4274 self.assertEquals(rep.u.ctx_list[0].reason,
4275 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
4276 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
4277 self.assertNotEquals(len(rep.u.auth_info), 0)
4278 a = self.parse_auth(rep.u.auth_info)
4280 from_server = a.credentials
4281 (finished, to_server) = g.update(from_server)
4282 self.assertTrue(finished)
4285 auth_info = self.generate_auth(auth_type=auth_type,
4286 auth_level=auth_level,
4287 auth_context_id=auth_context_id,
4288 auth_pad_length=auth_pad_ok,
4289 auth_blob=to_server)
4290 req = self.generate_auth3(call_id=0,
4291 auth_info=auth_info)
4293 self.assertIsConnected()
4295 # And now try a request without auth_info
4296 req = self.generate_request(call_id=2,
4297 context_id=ctx1.context_id,
4301 rep = self.recv_pdu()
4302 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4304 self.assertNotEquals(rep.u.alloc_hint, 0)
4305 self.assertEquals(rep.u.context_id, req.u.context_id)
4306 self.assertEquals(rep.u.cancel_count, 0)
4307 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4309 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
4310 auth_info = self.generate_auth(auth_type=auth_type,
4311 auth_level=auth_level,
4312 auth_context_id=auth_context_id,
4313 auth_blob="\x01" + "\x00" * 15)
4314 req = self.generate_request(call_id=3,
4315 context_id=ctx1.context_id,
4318 auth_info=auth_info)
4320 rep = self.recv_pdu()
4321 # We don't get an auth_info back
4322 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4324 self.assertNotEquals(rep.u.alloc_hint, 0)
4325 self.assertEquals(rep.u.context_id, req.u.context_id)
4326 self.assertEquals(rep.u.cancel_count, 0)
4327 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4329 self._disconnect("disconnect")
4330 self.assertNotConnected()
4332 def test_ntlmssp_auth_pad_fail_auth3(self):
4333 ndr32 = base.transfer_syntax_ndr()
4336 ctx1 = dcerpc.ctx_list()
4338 ctx1.num_transfer_syntaxes = len(tsf1_list)
4339 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4340 ctx1.transfer_syntaxes = tsf1_list
4343 c = self.get_anon_creds()
4344 g = gensec.Security.start_client(self.settings)
4345 g.set_credentials(c)
4346 g.want_feature(gensec.FEATURE_DCE_STYLE)
4347 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
4348 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
4350 g.start_mech_by_authtype(auth_type, auth_level)
4352 (finished, to_server) = g.update(from_server)
4353 self.assertFalse(finished)
4355 auth_info = self.generate_auth(auth_type=auth_type,
4356 auth_level=auth_level,
4357 auth_context_id=auth_context_id,
4358 auth_blob=to_server)
4360 req = self.generate_bind(call_id=0,
4362 auth_info=auth_info)
4363 req_pdu = samba.ndr.ndr_pack(req)
4365 auth_pad_ok = len(req_pdu)
4366 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
4367 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4368 auth_pad_ok -= len(to_server)
4370 auth_info = self.generate_auth(auth_type=auth_type,
4371 auth_level=auth_level,
4372 auth_context_id=auth_context_id,
4373 auth_pad_length=auth_pad_ok,
4374 auth_blob=to_server)
4376 req = self.generate_bind(call_id=0,
4378 auth_info=auth_info)
4380 rep = self.recv_pdu()
4381 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
4382 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
4383 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
4384 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
4385 self.assertEquals(rep.u.secondary_address_size, 4)
4386 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
4387 self.assertEquals(len(rep.u._pad1), 2)
4388 #self.assertEquals(rep.u._pad1, '\0' * 2)
4389 self.assertEquals(rep.u.num_results, 1)
4390 self.assertEquals(rep.u.ctx_list[0].result,
4391 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
4392 self.assertEquals(rep.u.ctx_list[0].reason,
4393 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
4394 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
4395 self.assertNotEquals(len(rep.u.auth_info), 0)
4396 a = self.parse_auth(rep.u.auth_info)
4398 from_server = a.credentials
4399 (finished, to_server) = g.update(from_server)
4400 self.assertTrue(finished)
4403 auth_info = self.generate_auth(auth_type=auth_type,
4404 auth_level=auth_level,
4405 auth_context_id=auth_context_id,
4406 auth_pad_length=auth_pad_bad,
4407 auth_blob=to_server)
4408 req = self.generate_auth3(call_id=0,
4409 auth_info=auth_info)
4411 rep = self.recv_pdu()
4412 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
4413 pfc_flags=req.pfc_flags |
4414 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
4416 self.assertNotEquals(rep.u.alloc_hint, 0)
4417 self.assertEquals(rep.u.context_id, 0)
4418 self.assertEquals(rep.u.cancel_count, 0)
4419 self.assertEquals(rep.u.flags, 0)
4420 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_FAULT_REMOTE_NO_MEMORY)
4421 self.assertEquals(rep.u.reserved, 0)
4422 self.assertEquals(len(rep.u.error_and_verifier), 0)
4424 # wait for a disconnect
4425 rep = self.recv_pdu()
4426 self.assertIsNone(rep)
4427 self.assertNotConnected()
4429 def _test_spnego_bind_auth_level(self, auth_level, auth_context_id, ctx,
4430 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4432 creds = self.get_user_creds()
4433 auth_context = self.get_auth_context_creds(creds=creds,
4434 auth_type=dcerpc.DCERPC_AUTH_TYPE_SPNEGO,
4435 auth_level=auth_level,
4436 auth_context_id=auth_context_id,
4437 g_auth_level=g_auth_level)
4438 if auth_context is None:
4440 ack = self.do_generic_bind(ctx=ctx,
4441 auth_context=auth_context,
4442 alter_fault=alter_fault)
4445 return auth_context["gensec"]
4447 def _test_spnego_level_bind_nak(self, auth_level,
4448 reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_CHECKSUM):
4449 c = self.get_user_creds()
4450 return self._test_auth_type_level_bind_nak(auth_type=dcerpc.DCERPC_AUTH_TYPE_SPNEGO,
4451 auth_level=auth_level, creds=c, reason=reason)
4453 def _test_spnego_level_bind(self, auth_level,
4454 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4457 response_fault_flags=0):
4458 ndr32 = base.transfer_syntax_ndr()
4461 ctx1 = dcerpc.ctx_list()
4462 ctx1.context_id = 0x1001
4463 ctx1.num_transfer_syntaxes = len(tsf1_list)
4464 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4465 ctx1.transfer_syntaxes = tsf1_list
4467 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
4470 g = self._test_spnego_bind_auth_level(auth_level=auth_level,
4471 auth_context_id=auth_context_id,
4473 g_auth_level=g_auth_level,
4474 alter_fault=alter_fault)
4476 if request_fault is None:
4479 self.assertIsNotNone(g)
4481 stub_bin = '\x00' * 17
4482 mod_len = len(stub_bin) % dcerpc.DCERPC_AUTH_PAD_ALIGNMENT
4485 auth_pad_length = dcerpc.DCERPC_AUTH_PAD_ALIGNMENT - mod_len
4486 stub_bin += '\x00' * auth_pad_length
4488 if g_auth_level >= dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY:
4489 sig_size = g.sig_size(len(stub_bin))
4492 zero_sig = "\x00" * sig_size
4494 auth_info = self.generate_auth(auth_type=auth_type,
4495 auth_level=auth_level,
4496 auth_pad_length=auth_pad_length,
4497 auth_context_id=auth_context_id,
4499 req = self.generate_request(call_id=4,
4500 context_id=ctx1.context_id,
4503 auth_info=auth_info)
4504 if g_auth_level >= dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY:
4505 req_blob = samba.ndr.ndr_pack(req)
4506 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4507 ofs_sig = len(req_blob) - req.auth_length
4508 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4509 req_data = req_blob[ofs_stub:ofs_trailer]
4510 req_whole = req_blob[0:ofs_sig]
4511 sig = g.sign_packet(req_data, req_whole)
4512 auth_info = self.generate_auth(auth_type=auth_type,
4513 auth_level=auth_level,
4514 auth_pad_length=auth_pad_length,
4515 auth_context_id=auth_context_id,
4517 req = self.generate_request(call_id=4,
4518 context_id=ctx1.context_id,
4521 auth_info=auth_info)
4523 rep = self.recv_pdu()
4524 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
4525 pfc_flags=req.pfc_flags | response_fault_flags,
4527 self.assertNotEquals(rep.u.alloc_hint, 0)
4528 self.assertEquals(rep.u.context_id, ctx1.context_id)
4529 self.assertEquals(rep.u.cancel_count, 0)
4530 self.assertEquals(rep.u.flags, 0)
4531 self.assertEquals(rep.u.status, request_fault)
4532 self.assertEquals(rep.u.reserved, 0)
4533 self.assertEquals(len(rep.u.error_and_verifier), 0)
4535 if response_fault_flags & dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE:
4538 # wait for a disconnect
4539 rep = self.recv_pdu()
4540 self.assertIsNone(rep)
4541 self.assertNotConnected()
4543 def test_spnego_none_bind(self):
4544 return self._test_spnego_level_bind_nak(dcerpc.DCERPC_AUTH_LEVEL_NONE,
4545 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
4547 def test_spnego_call_bind(self):
4548 return self._test_spnego_level_bind_nak(dcerpc.DCERPC_AUTH_LEVEL_CALL,
4549 reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_CHECKSUM)
4551 def test_spnego_0_bind(self):
4552 return self._test_spnego_level_bind_nak(0,
4553 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
4555 def test_spnego_7_bind(self):
4556 return self._test_spnego_level_bind_nak(7,
4557 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
4559 def test_spnego_255_bind(self):
4560 return self._test_spnego_level_bind_nak(255,
4561 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
4563 def test_spnego_connect_bind_none(self):
4564 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
4565 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT)
4567 def test_spnego_connect_bind_sign(self):
4568 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
4569 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
4571 def test_spnego_connect_bind_seal(self):
4572 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
4573 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY)
4575 def test_spnego_packet_bind_none(self):
4576 # DCERPC_AUTH_LEVEL_PACKET is handled as alias of
4577 # DCERPC_AUTH_LEVEL_INTEGRITY
4578 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PACKET,
4579 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
4580 request_fault=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
4582 def test_spnego_packet_bind_sign(self):
4583 # DCERPC_AUTH_LEVEL_PACKET is handled as alias of
4584 # DCERPC_AUTH_LEVEL_INTEGRITY
4585 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PACKET,
4586 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4587 request_fault=dcerpc.DCERPC_NCA_S_OP_RNG_ERROR,
4588 response_fault_flags=dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE)
4590 def test_spnego_packet_bind_sign(self):
4591 # DCERPC_AUTH_LEVEL_PACKET is handled as alias of
4592 # DCERPC_AUTH_LEVEL_INTEGRITY
4593 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PACKET,
4594 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
4595 request_fault=dcerpc.DCERPC_NCA_S_OP_RNG_ERROR,
4596 response_fault_flags=dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE)
4598 def test_spnego_integrity_bind_none(self):
4599 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4600 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
4601 request_fault=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
4603 def test_spnego_integrity_bind_sign(self):
4604 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4605 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4606 request_fault=dcerpc.DCERPC_NCA_S_OP_RNG_ERROR,
4607 response_fault_flags=dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE)
4609 def test_spnego_integrity_bind_seal(self):
4610 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4611 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
4612 request_fault=dcerpc.DCERPC_NCA_S_OP_RNG_ERROR,
4613 response_fault_flags=dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE)
4615 def test_spnego_privacy_bind_none(self):
4617 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
4618 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
4619 alter_fault=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
4621 def test_spnego_privacy_bind_sign(self):
4623 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
4624 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4625 alter_fault=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
4627 def test_spnego_privacy_bind_seal(self):
4628 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
4629 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY)
4633 def _test_spnego_signing_auth_level_request(self, auth_level):
4634 ndr32 = base.transfer_syntax_ndr()
4637 ctx1 = dcerpc.ctx_list()
4638 ctx1.context_id = 0x1001
4639 ctx1.num_transfer_syntaxes = len(tsf1_list)
4640 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4641 ctx1.transfer_syntaxes = tsf1_list
4644 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
4647 g = self._test_spnego_bind_auth_level(auth_level=auth_level,
4648 auth_context_id=auth_context_id,
4651 stub_bin = '\x00' * 0
4652 mod_len = len(stub_bin) % dcerpc.DCERPC_AUTH_PAD_ALIGNMENT
4655 auth_pad_length = dcerpc.DCERPC_AUTH_PAD_ALIGNMENT - mod_len
4656 stub_bin += '\x00' * auth_pad_length
4658 sig_size = g.sig_size(len(stub_bin))
4659 zero_sig = "\x00" * sig_size
4661 auth_info = self.generate_auth(auth_type=auth_type,
4662 auth_level=auth_level,
4663 auth_pad_length=auth_pad_length,
4664 auth_context_id=auth_context_id,
4666 req = self.generate_request(call_id=3,
4667 context_id=ctx1.context_id,
4670 auth_info=auth_info)
4671 req_blob = samba.ndr.ndr_pack(req)
4672 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4673 ofs_sig = len(req_blob) - req.auth_length
4674 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4675 req_data = req_blob[ofs_stub:ofs_trailer]
4676 req_whole = req_blob[0:ofs_sig]
4677 sig = g.sign_packet(req_data, req_whole)
4678 auth_info = self.generate_auth(auth_type=auth_type,
4679 auth_level=auth_level,
4680 auth_pad_length=auth_pad_length,
4681 auth_context_id=auth_context_id,
4683 req = self.generate_request(call_id=3,
4684 context_id=ctx1.context_id,
4687 auth_info=auth_info)
4689 (rep, rep_blob) = self.recv_pdu_raw()
4690 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4691 auth_length=sig_size)
4692 self.assertNotEquals(rep.u.alloc_hint, 0)
4693 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
4694 self.assertEquals(rep.u.cancel_count, 0)
4695 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4696 self.assertEquals(rep.auth_length, sig_size)
4698 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4699 ofs_sig = rep.frag_length - rep.auth_length
4700 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4701 rep_data = rep_blob[ofs_stub:ofs_trailer]
4702 rep_whole = rep_blob[0:ofs_sig]
4703 rep_sig = rep_blob[ofs_sig:]
4704 rep_auth_info_blob = rep_blob[ofs_trailer:]
4706 rep_auth_info = self.parse_auth(rep_auth_info_blob)
4707 self.assertEquals(rep_auth_info.auth_type, auth_type)
4708 self.assertEquals(rep_auth_info.auth_level, auth_level)
4709 # mgmt_inq_if_ids() returns no fixed size results
4710 #self.assertEquals(rep_auth_info.auth_pad_length, 0)
4711 self.assertEquals(rep_auth_info.auth_reserved, 0)
4712 self.assertEquals(rep_auth_info.auth_context_id, auth_context_id)
4713 self.assertEquals(rep_auth_info.credentials, rep_sig)
4715 g.check_packet(rep_data, rep_whole, rep_sig)
4717 stub_bin = '\x00' * 17
4718 mod_len = len(stub_bin) % dcerpc.DCERPC_AUTH_PAD_ALIGNMENT
4721 auth_pad_length = dcerpc.DCERPC_AUTH_PAD_ALIGNMENT - mod_len
4722 stub_bin += '\x00' * auth_pad_length
4724 sig_size = g.sig_size(len(stub_bin))
4725 zero_sig = "\x00" * sig_size
4727 auth_info = self.generate_auth(auth_type=auth_type,
4728 auth_level=auth_level,
4729 auth_pad_length=auth_pad_length,
4730 auth_context_id=auth_context_id,
4732 req = self.generate_request(call_id=4,
4733 context_id=ctx1.context_id,
4736 auth_info=auth_info)
4737 req_blob = samba.ndr.ndr_pack(req)
4738 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4739 ofs_sig = len(req_blob) - req.auth_length
4740 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4741 req_data = req_blob[ofs_stub:ofs_trailer]
4742 req_whole = req_blob[0:ofs_sig]
4743 sig = g.sign_packet(req_data, req_whole)
4744 auth_info = self.generate_auth(auth_type=auth_type,
4745 auth_level=auth_level,
4746 auth_pad_length=auth_pad_length,
4747 auth_context_id=auth_context_id,
4749 req = self.generate_request(call_id=4,
4750 context_id=ctx1.context_id,
4753 auth_info=auth_info)
4755 rep = self.recv_pdu()
4756 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
4757 pfc_flags=req.pfc_flags |
4758 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
4760 self.assertNotEquals(rep.u.alloc_hint, 0)
4761 self.assertEquals(rep.u.context_id, ctx1.context_id)
4762 self.assertEquals(rep.u.cancel_count, 0)
4763 self.assertEquals(rep.u.flags, 0)
4764 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_OP_RNG_ERROR)
4765 self.assertEquals(rep.u.reserved, 0)
4766 self.assertEquals(len(rep.u.error_and_verifier), 0)
4768 stub_bin = '\x00' * 8
4769 mod_len = len(stub_bin) % dcerpc.DCERPC_AUTH_PAD_ALIGNMENT
4772 auth_pad_length = dcerpc.DCERPC_AUTH_PAD_ALIGNMENT - mod_len
4773 stub_bin += '\x00' * auth_pad_length
4775 sig_size = g.sig_size(len(stub_bin))
4776 zero_sig = "\x00" * sig_size
4778 auth_info = self.generate_auth(auth_type=auth_type,
4779 auth_level=auth_level,
4780 auth_pad_length=auth_pad_length,
4781 auth_context_id=auth_context_id,
4783 req = self.generate_request(call_id=5,
4784 context_id=ctx1.context_id,
4787 auth_info=auth_info)
4788 req_blob = samba.ndr.ndr_pack(req)
4789 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4790 ofs_sig = len(req_blob) - req.auth_length
4791 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4792 req_data = req_blob[ofs_stub:ofs_trailer]
4793 req_whole = req_blob[0:ofs_sig]
4794 sig = g.sign_packet(req_data, req_whole)
4795 auth_info = self.generate_auth(auth_type=auth_type,
4796 auth_level=auth_level,
4797 auth_pad_length=auth_pad_length,
4798 auth_context_id=auth_context_id,
4800 req = self.generate_request(call_id=5,
4801 context_id=ctx1.context_id,
4804 auth_info=auth_info)
4806 (rep, rep_blob) = self.recv_pdu_raw()
4807 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4808 auth_length=sig_size)
4809 self.assertNotEquals(rep.u.alloc_hint, 0)
4810 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
4811 self.assertEquals(rep.u.cancel_count, 0)
4812 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4813 self.assertEquals(rep.auth_length, sig_size)
4815 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4816 ofs_sig = rep.frag_length - rep.auth_length
4817 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4818 rep_data = rep_blob[ofs_stub:ofs_trailer]
4819 rep_whole = rep_blob[0:ofs_sig]
4820 rep_sig = rep_blob[ofs_sig:]
4821 rep_auth_info_blob = rep_blob[ofs_trailer:]
4823 rep_auth_info = self.parse_auth(rep_auth_info_blob)
4824 self.assertEquals(rep_auth_info.auth_type, auth_type)
4825 self.assertEquals(rep_auth_info.auth_level, auth_level)
4826 self.assertEquals(rep_auth_info.auth_pad_length, 4)
4827 self.assertEquals(rep_auth_info.auth_reserved, 0)
4828 self.assertEquals(rep_auth_info.auth_context_id, auth_context_id)
4829 self.assertEquals(rep_auth_info.credentials, rep_sig)
4831 g.check_packet(rep_data, rep_whole, rep_sig)
4833 stub_bin = '\x00' * 8
4834 mod_len = len(stub_bin) % dcerpc.DCERPC_AUTH_PAD_ALIGNMENT
4837 auth_pad_length = dcerpc.DCERPC_AUTH_PAD_ALIGNMENT - mod_len
4838 stub_bin += '\x00' * auth_pad_length
4840 sig_size = g.sig_size(len(stub_bin))
4841 zero_sig = "\x00" * sig_size
4843 auth_info = self.generate_auth(auth_type=auth_type,
4844 auth_level=auth_level,
4845 auth_pad_length=auth_pad_length,
4846 auth_context_id=auth_context_id,
4848 req = self.generate_request(call_id=6,
4849 context_id=ctx1.context_id,
4852 auth_info=auth_info)
4853 req_blob = samba.ndr.ndr_pack(req)
4854 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4855 ofs_sig = len(req_blob) - req.auth_length
4856 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4857 req_data = req_blob[ofs_stub:ofs_trailer]
4858 req_whole = req_blob[0:ofs_sig]
4859 sig = g.sign_packet(req_data, req_whole)
4860 auth_info = self.generate_auth(auth_type=auth_type,
4861 auth_level=auth_level,
4862 auth_pad_length=auth_pad_length,
4863 auth_context_id=auth_context_id,
4865 req = self.generate_request(call_id=6,
4866 context_id=ctx1.context_id,
4869 auth_info=auth_info)
4871 (rep, rep_blob) = self.recv_pdu_raw()
4872 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4873 auth_length=sig_size)
4874 self.assertNotEquals(rep.u.alloc_hint, 0)
4875 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
4876 self.assertEquals(rep.u.cancel_count, 0)
4877 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4878 self.assertEquals(rep.auth_length, sig_size)
4880 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4881 ofs_sig = rep.frag_length - rep.auth_length
4882 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4883 rep_data = rep_blob[ofs_stub:ofs_trailer]
4884 rep_whole = rep_blob[0:ofs_sig]
4885 rep_sig = rep_blob[ofs_sig:]
4886 rep_auth_info_blob = rep_blob[ofs_trailer:]
4888 rep_auth_info = self.parse_auth(rep_auth_info_blob)
4889 self.assertEquals(rep_auth_info.auth_type, auth_type)
4890 self.assertEquals(rep_auth_info.auth_level, auth_level)
4891 self.assertEquals(rep_auth_info.auth_pad_length, 12)
4892 self.assertEquals(rep_auth_info.auth_reserved, 0)
4893 self.assertEquals(rep_auth_info.auth_context_id, auth_context_id)
4894 self.assertEquals(rep_auth_info.credentials, rep_sig)
4896 g.check_packet(rep_data, rep_whole, rep_sig)
4898 def test_spnego_signing_packet(self):
4899 # DCERPC_AUTH_LEVEL_PACKET is handled as alias of
4900 # DCERPC_AUTH_LEVEL_INTEGRITY
4901 return self._test_spnego_signing_auth_level_request(dcerpc.DCERPC_AUTH_LEVEL_PACKET)
4903 def test_spnego_signing_integrity(self):
4904 return self._test_spnego_signing_auth_level_request(dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
4907 def test_assoc_group_fail1(self):
4908 abstract = samba.dcerpc.mgmt.abstract_syntax()
4909 transfer = base.transfer_syntax_ndr()
4911 tsf1_list = [transfer]
4912 ctx = samba.dcerpc.dcerpc.ctx_list()
4914 ctx.num_transfer_syntaxes = len(tsf1_list)
4915 ctx.abstract_syntax = abstract
4916 ctx.transfer_syntaxes = tsf1_list
4918 ack = self.do_generic_bind(ctx=ctx, assoc_group_id=1,
4919 nak_reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
4922 def test_assoc_group_fail2(self):
4923 abstract = samba.dcerpc.mgmt.abstract_syntax()
4924 transfer = base.transfer_syntax_ndr()
4926 tsf1_list = [transfer]
4927 ctx = samba.dcerpc.dcerpc.ctx_list()
4929 ctx.num_transfer_syntaxes = len(tsf1_list)
4930 ctx.abstract_syntax = abstract
4931 ctx.transfer_syntaxes = tsf1_list
4933 ack = self.do_generic_bind(ctx=ctx)
4935 self._disconnect("test_assoc_group_fail2")
4936 self.assertNotConnected()
4940 ack2 = self.do_generic_bind(ctx=ctx, assoc_group_id=ack.u.assoc_group_id,
4941 nak_reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
4944 def test_assoc_group_diff1(self):
4945 abstract = samba.dcerpc.mgmt.abstract_syntax()
4946 transfer = base.transfer_syntax_ndr()
4948 (ctx1, ack1) = self.prepare_presentation(abstract, transfer,
4949 context_id=1, return_ack=True)
4951 conn2 = self.second_connection()
4952 (ctx2, ack2) = conn2.prepare_presentation(abstract, transfer,
4953 context_id=2, return_ack=True)
4954 self.assertNotEqual(ack2.u.assoc_group_id, ack1.u.assoc_group_id)
4958 def test_assoc_group_ok1(self):
4959 abstract = samba.dcerpc.mgmt.abstract_syntax()
4960 transfer = base.transfer_syntax_ndr()
4962 (ctx1, ack1) = self.prepare_presentation(abstract, transfer,
4963 context_id=1, return_ack=True)
4965 conn2 = self.second_connection()
4966 (ctx2, ack2) = conn2.prepare_presentation(abstract, transfer,
4967 assoc_group_id=ack1.u.assoc_group_id,
4968 context_id=2, return_ack=True)
4970 inq_if_ids = samba.dcerpc.mgmt.inq_if_ids()
4971 self.do_single_request(call_id=1, ctx=ctx1, io=inq_if_ids)
4972 conn2.do_single_request(call_id=1, ctx=ctx2, io=inq_if_ids)
4974 conn2.do_single_request(call_id=1, ctx=ctx1, io=inq_if_ids,
4975 fault_pfc_flags=samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST |
4976 samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST |
4977 samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
4978 fault_status=dcerpc.DCERPC_NCA_S_UNKNOWN_IF,
4981 self.do_single_request(call_id=1, ctx=ctx1, io=inq_if_ids)
4982 conn2.do_single_request(call_id=1, ctx=ctx2, io=inq_if_ids)
4985 if __name__ == "__main__":
4986 global_ndr_print = True
4987 global_hexdump = True