search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
python/tests: add simple dcerpc co_cancel tests
[Samba.git] / python / samba / tests / dcerpc / raw_protocol.py
blob9220f06a56fd5aa81a55c6511de07b8b98cd069f
1 #!/usr/bin/env python
2 # Unix SMB/CIFS implementation.
3 # Copyright (C) Stefan Metzmacher 2014,2015
4 #
5 # This program is free software; you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 3 of the License, or
8 # (at your option) any later version.
9 #
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
14 #
15 # You should have received a copy of the GNU General Public License
16 # along with this program. If not, see <http://www.gnu.org/licenses/>.
17 #
18
19 import sys
20 import os
21
22 sys.path.insert(0, "bin/python")
23 os.environ["PYTHONUNBUFFERED"] = "1"
24
25 import samba.dcerpc.dcerpc as dcerpc
26 import samba.dcerpc.base as base
27 import samba.dcerpc.misc as misc
28 import samba.dcerpc.epmapper
29 import samba.dcerpc.mgmt
30 import samba.dcerpc.netlogon
31 import struct
32 from samba import gensec
33 from samba.tests import RawDCERPCTest
34
35 global_ndr_print = False
36 global_hexdump = False
37
38 class TestDCERPC_BIND(RawDCERPCTest):
39
40 def setUp(self):
41 super(TestDCERPC_BIND, self).setUp()
42 self.do_ndr_print = global_ndr_print
43 self.do_hexdump = global_hexdump
44
45 def _test_no_auth_request_bind_pfc_flags(self, req_pfc_flags, rep_pfc_flags):
46 ndr32 = base.transfer_syntax_ndr()
47
48 tsf1_list = [ndr32]
49 ctx1 = dcerpc.ctx_list()
50 ctx1.context_id = 1
51 ctx1.num_transfer_syntaxes = len(tsf1_list)
52 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
53 ctx1.transfer_syntaxes = tsf1_list
54
55 req = self.generate_bind(call_id=0, pfc_flags=req_pfc_flags, ctx_list=[ctx1])
56 self.send_pdu(req)
57 rep = self.recv_pdu()
58 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
59 pfc_flags=rep_pfc_flags, auth_length=0)
60 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
61 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
62 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
63 self.assertEquals(rep.u.secondary_address_size, 4)
64 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
65 self.assertEquals(len(rep.u._pad1), 2)
66 # sometimes windows sends random bytes
67 # self.assertEquals(rep.u._pad1, '\0' * 2)
68 self.assertEquals(rep.u.num_results, 1)
69 self.assertEquals(rep.u.ctx_list[0].result,
70 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
71 self.assertEquals(rep.u.ctx_list[0].reason,
72 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
73 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
74 self.assertEquals(rep.u.auth_info, '\0' * 0)
75
76 # And now try a request
77 req = self.generate_request(call_id = 1,
78 context_id=ctx1.context_id,
79 opnum=0,
80 stub="")
81 self.send_pdu(req)
82 rep = self.recv_pdu()
83 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
84 auth_length=0)
85 self.assertNotEquals(rep.u.alloc_hint, 0)
86 self.assertEquals(rep.u.context_id, req.u.context_id)
87 self.assertEquals(rep.u.cancel_count, 0)
88 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
89
90 def _test_no_auth_request_alter_pfc_flags(self, req_pfc_flags, rep_pfc_flags):
91 ndr32 = base.transfer_syntax_ndr()
92
93 tsf1_list = [ndr32]
94 ctx1 = dcerpc.ctx_list()
95 ctx1.context_id = 1
96 ctx1.num_transfer_syntaxes = len(tsf1_list)
97 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
98 ctx1.transfer_syntaxes = tsf1_list
99
100 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
101 self.send_pdu(req)
102 rep = self.recv_pdu()
103 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
104 auth_length=0)
105 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
106 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
107 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
108 self.assertEquals(rep.u.secondary_address_size, 4)
109 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
110 self.assertEquals(len(rep.u._pad1), 2)
111 # sometimes windows sends random bytes
112 # self.assertEquals(rep.u._pad1, '\0' * 2)
113 self.assertEquals(rep.u.num_results, 1)
114 self.assertEquals(rep.u.ctx_list[0].result,
115 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
116 self.assertEquals(rep.u.ctx_list[0].reason,
117 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
118 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
119 self.assertEquals(rep.u.auth_info, '\0' * 0)
120
121 # And now try a alter context
122 req = self.generate_alter(call_id=0, pfc_flags=req_pfc_flags, ctx_list=[ctx1])
123 self.send_pdu(req)
124 rep = self.recv_pdu()
125 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
126 pfc_flags=rep_pfc_flags, auth_length=0)
127 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
128 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
129 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
130 self.assertEquals(rep.u.secondary_address_size, 0)
131 self.assertEquals(rep.u.secondary_address, "")
132 self.assertEquals(len(rep.u._pad1), 2)
133 # sometimes windows sends random bytes
134 # self.assertEquals(rep.u._pad1, '\0' * 2)
135 self.assertEquals(rep.u.num_results, 1)
136 self.assertEquals(rep.u.ctx_list[0].result,
137 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
138 self.assertEquals(rep.u.ctx_list[0].reason,
139 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
140 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
141 self.assertEquals(rep.u.auth_info, '\0' * 0)
142
143 # And now try a request
144 req = self.generate_request(call_id = 1,
145 context_id=ctx1.context_id,
146 opnum=0,
147 stub="")
148 self.send_pdu(req)
149 rep = self.recv_pdu()
150 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
151 auth_length=0)
152 self.assertNotEquals(rep.u.alloc_hint, 0)
153 self.assertEquals(rep.u.context_id, req.u.context_id)
154 self.assertEquals(rep.u.cancel_count, 0)
155 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
156
157 def test_no_auth_request(self):
158 return self._test_no_auth_request_bind_pfc_flags(
159 req_pfc_flags=0 |
160 dcerpc.DCERPC_PFC_FLAG_FIRST |
161 dcerpc.DCERPC_PFC_FLAG_LAST,
162 rep_pfc_flags=0 |
163 dcerpc.DCERPC_PFC_FLAG_FIRST |
164 dcerpc.DCERPC_PFC_FLAG_LAST)
165
166 def test_no_auth_request_bind_pfc_00(self):
167 return self._test_no_auth_request_bind_pfc_flags(
168 req_pfc_flags=0 |
169 0,
170 rep_pfc_flags=0 |
171 dcerpc.DCERPC_PFC_FLAG_FIRST |
172 dcerpc.DCERPC_PFC_FLAG_LAST)
173
174 def test_no_auth_request_bind_pfc_FIRST(self):
175 return self._test_no_auth_request_bind_pfc_flags(
176 req_pfc_flags=0 |
177 dcerpc.DCERPC_PFC_FLAG_FIRST |
178 0,
179 rep_pfc_flags=0 |
180 dcerpc.DCERPC_PFC_FLAG_FIRST |
181 dcerpc.DCERPC_PFC_FLAG_LAST)
182
183 def test_no_auth_request_bind_pfc_LAST(self):
184 return self._test_no_auth_request_bind_pfc_flags(
185 req_pfc_flags=0 |
186 dcerpc.DCERPC_PFC_FLAG_LAST |
187 0,
188 rep_pfc_flags=0 |
189 dcerpc.DCERPC_PFC_FLAG_FIRST |
190 dcerpc.DCERPC_PFC_FLAG_LAST)
191
192 # TODO: doesn't announce DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
193 # without authentication
194 def _test_no_auth_request_bind_pfc_HDR_SIGNING(self):
195 return self._test_no_auth_request_bind_pfc_flags(
196 req_pfc_flags=0 |
197 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN |
198 0,
199 rep_pfc_flags=0 |
200 dcerpc.DCERPC_PFC_FLAG_FIRST |
201 dcerpc.DCERPC_PFC_FLAG_LAST |
202 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)
203
204 def test_no_auth_request_bind_pfc_08(self):
205 return self._test_no_auth_request_bind_pfc_flags(
206 req_pfc_flags=0 |
207 8 |
208 0,
209 rep_pfc_flags=0 |
210 dcerpc.DCERPC_PFC_FLAG_FIRST |
211 dcerpc.DCERPC_PFC_FLAG_LAST)
212
213 def test_no_auth_request_bind_pfc_CONC_MPX(self):
214 return self._test_no_auth_request_bind_pfc_flags(
215 req_pfc_flags=0 |
216 dcerpc.DCERPC_PFC_FLAG_CONC_MPX |
217 0,
218 rep_pfc_flags=0 |
219 dcerpc.DCERPC_PFC_FLAG_FIRST |
220 dcerpc.DCERPC_PFC_FLAG_LAST |
221 dcerpc.DCERPC_PFC_FLAG_CONC_MPX)
222
223 def test_no_auth_request_bind_pfc_DID_NOT_EXECUTE(self):
224 return self._test_no_auth_request_bind_pfc_flags(
225 req_pfc_flags=0 |
226 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE |
227 0,
228 rep_pfc_flags=0 |
229 dcerpc.DCERPC_PFC_FLAG_FIRST |
230 dcerpc.DCERPC_PFC_FLAG_LAST)
231
232 def test_no_auth_request_bind_pfc_MAYBE(self):
233 return self._test_no_auth_request_bind_pfc_flags(
234 req_pfc_flags=0 |
235 dcerpc.DCERPC_PFC_FLAG_MAYBE |
236 0,
237 rep_pfc_flags=0 |
238 dcerpc.DCERPC_PFC_FLAG_FIRST |
239 dcerpc.DCERPC_PFC_FLAG_LAST)
240
241 def test_no_auth_request_bind_pfc_OBJECT_UUID(self):
242 return self._test_no_auth_request_bind_pfc_flags(
243 req_pfc_flags=0 |
244 dcerpc.DCERPC_PFC_FLAG_OBJECT_UUID |
245 0,
246 rep_pfc_flags=0 |
247 dcerpc.DCERPC_PFC_FLAG_FIRST |
248 dcerpc.DCERPC_PFC_FLAG_LAST)
249
250 # TODO: doesn't announce DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
251 # without authentication
252 # TODO: doesn't announce DCERPC_PFC_FLAG_CONC_MPX
253 # by default
254 def _test_no_auth_request_bind_pfc_ff(self):
255 return self._test_no_auth_request_bind_pfc_flags(
256 req_pfc_flags=0 |
257 0xff |
258 0,
259 rep_pfc_flags=0 |
260 dcerpc.DCERPC_PFC_FLAG_FIRST |
261 dcerpc.DCERPC_PFC_FLAG_LAST |
262 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN |
263 dcerpc.DCERPC_PFC_FLAG_CONC_MPX)
264
265 def test_no_auth_request_alter_pfc_00(self):
266 return self._test_no_auth_request_alter_pfc_flags(
267 req_pfc_flags=0 |
268 0,
269 rep_pfc_flags=0 |
270 dcerpc.DCERPC_PFC_FLAG_FIRST |
271 dcerpc.DCERPC_PFC_FLAG_LAST)
272
273 def test_no_auth_request_alter_pfc_FIRST(self):
274 return self._test_no_auth_request_alter_pfc_flags(
275 req_pfc_flags=0 |
276 dcerpc.DCERPC_PFC_FLAG_FIRST |
277 0,
278 rep_pfc_flags=0 |
279 dcerpc.DCERPC_PFC_FLAG_FIRST |
280 dcerpc.DCERPC_PFC_FLAG_LAST)
281
282 def test_no_auth_request_alter_pfc_LAST(self):
283 return self._test_no_auth_request_alter_pfc_flags(
284 req_pfc_flags=0 |
285 dcerpc.DCERPC_PFC_FLAG_LAST |
286 0,
287 rep_pfc_flags=0 |
288 dcerpc.DCERPC_PFC_FLAG_FIRST |
289 dcerpc.DCERPC_PFC_FLAG_LAST)
290
291 # TODO: doesn't announce DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
292 # without authentication
293 def _test_no_auth_request_alter_pfc_HDR_SIGNING(self):
294 return self._test_no_auth_request_alter_pfc_flags(
295 req_pfc_flags=0 |
296 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN |
297 0,
298 rep_pfc_flags=0 |
299 dcerpc.DCERPC_PFC_FLAG_FIRST |
300 dcerpc.DCERPC_PFC_FLAG_LAST |
301 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)
302
303 def test_no_auth_request_alter_pfc_08(self):
304 return self._test_no_auth_request_alter_pfc_flags(
305 req_pfc_flags=0 |
306 8 |
307 0,
308 rep_pfc_flags=0 |
309 dcerpc.DCERPC_PFC_FLAG_FIRST |
310 dcerpc.DCERPC_PFC_FLAG_LAST)
311
312 def test_no_auth_request_alter_pfc_CONC_MPX(self):
313 return self._test_no_auth_request_alter_pfc_flags(
314 req_pfc_flags=0 |
315 dcerpc.DCERPC_PFC_FLAG_CONC_MPX |
316 0,
317 rep_pfc_flags=0 |
318 dcerpc.DCERPC_PFC_FLAG_FIRST |
319 dcerpc.DCERPC_PFC_FLAG_LAST)
320
321 def test_no_auth_request_alter_pfc_DID_NOT_EXECUTE(self):
322 return self._test_no_auth_request_alter_pfc_flags(
323 req_pfc_flags=0 |
324 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE |
325 0,
326 rep_pfc_flags=0 |
327 dcerpc.DCERPC_PFC_FLAG_FIRST |
328 dcerpc.DCERPC_PFC_FLAG_LAST)
329
330 def test_no_auth_request_alter_pfc_MAYBE(self):
331 return self._test_no_auth_request_alter_pfc_flags(
332 req_pfc_flags=0 |
333 dcerpc.DCERPC_PFC_FLAG_MAYBE |
334 0,
335 rep_pfc_flags=0 |
336 dcerpc.DCERPC_PFC_FLAG_FIRST |
337 dcerpc.DCERPC_PFC_FLAG_LAST)
338
339 def test_no_auth_request_alter_pfc_OBJECT_UUID(self):
340 return self._test_no_auth_request_alter_pfc_flags(
341 req_pfc_flags=0 |
342 dcerpc.DCERPC_PFC_FLAG_OBJECT_UUID |
343 0,
344 rep_pfc_flags=0 |
345 dcerpc.DCERPC_PFC_FLAG_FIRST |
346 dcerpc.DCERPC_PFC_FLAG_LAST)
347
348 # TODO: doesn't announce DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
349 # without authentication
350 def _test_no_auth_request_alter_pfc_ff(self):
351 return self._test_no_auth_request_alter_pfc_flags(
352 req_pfc_flags=0 |
353 0xff |
354 0,
355 rep_pfc_flags=0 |
356 dcerpc.DCERPC_PFC_FLAG_FIRST |
357 dcerpc.DCERPC_PFC_FLAG_LAST |
358 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)
359
360 def test_no_auth_no_ctx(self):
361 # send an useless bind
362 req = self.generate_bind(call_id=0)
363 self.send_pdu(req)
364 rep = self.recv_pdu()
365 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
366 auth_length=0)
367 self.assertEquals(rep.u.reject_reason,
368 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
369 self.assertEquals(rep.u.num_versions, 1)
370 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
371 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
372 self.assertEquals(len(rep.u._pad), 3)
373 self.assertEquals(rep.u._pad, '\0' * 3)
374
375 def test_invalid_auth_noctx(self):
376 req = self.generate_bind(call_id=0)
377 req.auth_length = dcerpc.DCERPC_AUTH_TRAILER_LENGTH
378 self.send_pdu(req)
379 rep = self.recv_pdu()
380 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
381 auth_length=0)
382 self.assertEquals(rep.u.reject_reason,
383 dcerpc.DCERPC_BIND_NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED)
384 self.assertEquals(rep.u.num_versions, 1)
385 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
386 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
387 self.assertEquals(len(rep.u._pad), 3)
388 self.assertEquals(rep.u._pad, '\0' * 3)
389
390 def test_no_auth_valid_valid_request(self):
391 ndr32 = base.transfer_syntax_ndr()
392
393 tsf1_list = [ndr32]
394 ctx1 = dcerpc.ctx_list()
395 ctx1.context_id = 1
396 ctx1.num_transfer_syntaxes = len(tsf1_list)
397 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
398 ctx1.transfer_syntaxes = tsf1_list
399
400 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
401 self.send_pdu(req)
402 rep = self.recv_pdu()
403 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
404 auth_length=0)
405 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
406 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
407 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
408 self.assertEquals(rep.u.secondary_address_size, 4)
409 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
410 self.assertEquals(len(rep.u._pad1), 2)
411 self.assertEquals(rep.u._pad1, '\0' * 2)
412 self.assertEquals(rep.u.num_results, 1)
413 self.assertEquals(rep.u.ctx_list[0].result,
414 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
415 self.assertEquals(rep.u.ctx_list[0].reason,
416 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
417 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
418 self.assertEquals(rep.u.auth_info, '\0' * 0)
419
420 # Send a bind again
421 tsf2_list = [ndr32]
422 ctx2 = dcerpc.ctx_list()
423 ctx2.context_id = 2
424 ctx2.num_transfer_syntaxes = len(tsf2_list)
425 ctx2.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
426 ctx2.transfer_syntaxes = tsf2_list
427
428 req = self.generate_bind(call_id=1, ctx_list=[ctx2])
429 self.send_pdu(req)
430 rep = self.recv_pdu()
431 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
432 auth_length=0)
433 self.assertEquals(rep.u.reject_reason,
434 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
435 self.assertEquals(rep.u.num_versions, 1)
436 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
437 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
438 self.assertEquals(len(rep.u._pad), 3)
439 self.assertEquals(rep.u._pad, '\0' * 3)
440
441 # wait for a disconnect
442 rep = self.recv_pdu()
443 self.assertIsNone(rep)
444 self.assertNotConnected()
445
446 def test_no_auth_invalid_valid_request(self):
447 # send an useless bind
448 req = self.generate_bind(call_id=0)
449 self.send_pdu(req)
450 rep = self.recv_pdu()
451 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
452 auth_length=0)
453 self.assertEquals(rep.u.reject_reason,
454 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
455 self.assertEquals(rep.u.num_versions, 1)
456 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
457 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
458 self.assertEquals(len(rep.u._pad), 3)
459 self.assertEquals(rep.u._pad, '\0' * 3)
460
461 # wait for a disconnect
462 rep = self.recv_pdu()
463 self.assertIsNone(rep)
464 self.assertNotConnected()
465
466 def test_alter_no_auth_no_ctx(self):
467 ndr32 = base.transfer_syntax_ndr()
468
469 tsf1_list = [ndr32]
470 ctx1 = dcerpc.ctx_list()
471 ctx1.context_id = 1
472 ctx1.num_transfer_syntaxes = len(tsf1_list)
473 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
474 ctx1.transfer_syntaxes = tsf1_list
475
476 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
477 self.send_pdu(req)
478 rep = self.recv_pdu()
479 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
480 auth_length=0)
481 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
482 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
483 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
484 self.assertEquals(rep.u.secondary_address_size, 4)
485 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
486 self.assertEquals(len(rep.u._pad1), 2)
487 self.assertEquals(rep.u._pad1, '\0' * 2)
488 self.assertEquals(rep.u.num_results, 1)
489 self.assertEquals(rep.u.ctx_list[0].result,
490 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
491 self.assertEquals(rep.u.ctx_list[0].reason,
492 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
493 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
494 self.assertEquals(rep.u.auth_info, '\0' * 0)
495
496 # Send a alter
497 req = self.generate_alter(call_id=1, ctx_list=[])
498 self.send_pdu(req)
499 rep = self.recv_pdu()
500 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
501 pfc_flags=req.pfc_flags |
502 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
503 auth_length=0)
504 self.assertNotEquals(rep.u.alloc_hint, 0)
505 self.assertEquals(rep.u.context_id, 0)
506 self.assertEquals(rep.u.cancel_count, 0)
507 self.assertEquals(rep.u.flags, 0)
508 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
509 self.assertEquals(rep.u.reserved, 0)
510 self.assertEquals(len(rep.u.error_and_verifier), 0)
511
512 # wait for a disconnect
513 rep = self.recv_pdu()
514 self.assertIsNone(rep)
515 self.assertNotConnected()
516
517 def test_no_auth_presentation_ctx_valid1(self):
518 ndr32 = base.transfer_syntax_ndr()
519
520 zero_syntax = misc.ndr_syntax_id()
521
522 tsf1_list = [zero_syntax, ndr32]
523 ctx1 = dcerpc.ctx_list()
524 ctx1.context_id = 1
525 ctx1.num_transfer_syntaxes = len(tsf1_list)
526 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
527 ctx1.transfer_syntaxes = tsf1_list
528
529 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
530 self.send_pdu(req)
531 rep = self.recv_pdu()
532 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
533 auth_length=0)
534 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
535 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
536 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
537 self.assertEquals(rep.u.secondary_address_size, 4)
538 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
539 self.assertEquals(len(rep.u._pad1), 2)
540 self.assertEquals(rep.u._pad1, '\0' * 2)
541 self.assertEquals(rep.u.num_results, 1)
542 self.assertEquals(rep.u.ctx_list[0].result,
543 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
544 self.assertEquals(rep.u.ctx_list[0].reason,
545 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
546 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
547 self.assertEquals(rep.u.auth_info, '\0' * 0)
548
549 # Send a alter
550 req = self.generate_alter(call_id=1, ctx_list=[ctx1])
551 self.send_pdu(req)
552 rep = self.recv_pdu()
553 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
554 auth_length=0)
555 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
556 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
557 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
558 self.assertEquals(rep.u.secondary_address_size, 0)
559 self.assertEquals(len(rep.u._pad1), 2)
560 #self.assertEquals(rep.u._pad1, '\0' * 2)
561 self.assertEquals(rep.u.num_results, 1)
562 self.assertEquals(rep.u.ctx_list[0].result,
563 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
564 self.assertEquals(rep.u.ctx_list[0].reason,
565 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
566 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
567 self.assertEquals(rep.u.auth_info, '\0' * 0)
568
569 req = self.generate_request(call_id = 2,
570 context_id=ctx1.context_id,
571 opnum=0xffff,
572 stub="")
573 self.send_pdu(req)
574 rep = self.recv_pdu()
575 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
576 pfc_flags=req.pfc_flags |
577 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
578 auth_length=0)
579 self.assertNotEquals(rep.u.alloc_hint, 0)
580 self.assertEquals(rep.u.context_id, ctx1.context_id)
581 self.assertEquals(rep.u.cancel_count, 0)
582 self.assertEquals(rep.u.flags, 0)
583 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_OP_RNG_ERROR)
584 self.assertEquals(rep.u.reserved, 0)
585 self.assertEquals(len(rep.u.error_and_verifier), 0)
586
587 def test_no_auth_presentation_ctx_invalid1(self):
588 ndr32 = base.transfer_syntax_ndr()
589
590 zero_syntax = misc.ndr_syntax_id()
591
592 tsf1_list = [ndr32]
593 ctx1 = dcerpc.ctx_list()
594 ctx1.context_id = 1
595 ctx1.num_transfer_syntaxes = len(tsf1_list)
596 ctx1.abstract_syntax = ndr32
597 ctx1.transfer_syntaxes = tsf1_list
598
599 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
600 self.send_pdu(req)
601 rep = self.recv_pdu()
602 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
603 auth_length=0)
604 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
605 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
606 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
607 self.assertEquals(rep.u.secondary_address_size, 4)
608 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
609 self.assertEquals(len(rep.u._pad1), 2)
610 self.assertEquals(rep.u._pad1, '\0' * 2)
611 self.assertEquals(rep.u.num_results, 1)
612 self.assertEquals(rep.u.ctx_list[0].result,
613 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
614 self.assertEquals(rep.u.ctx_list[0].reason,
615 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
616 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
617 self.assertEquals(rep.u.auth_info, '\0' * 0)
618
619 # Send a alter
620 req = self.generate_alter(call_id=1, ctx_list=[ctx1])
621 self.send_pdu(req)
622 rep = self.recv_pdu()
623 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
624 auth_length=0)
625 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
626 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
627 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
628 self.assertEquals(rep.u.secondary_address_size, 0)
629 self.assertEquals(len(rep.u._pad1), 2)
630 #self.assertEquals(rep.u._pad1, '\0' * 2)
631 self.assertEquals(rep.u.num_results, 1)
632 self.assertEquals(rep.u.ctx_list[0].result,
633 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
634 self.assertEquals(rep.u.ctx_list[0].reason,
635 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
636 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
637 self.assertEquals(rep.u.auth_info, '\0' * 0)
638
639 req = self.generate_request(call_id = 2,
640 context_id=12345,
641 opnum=0,
642 stub="")
643 self.send_pdu(req)
644 rep = self.recv_pdu()
645 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
646 pfc_flags=req.pfc_flags |
647 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
648 auth_length=0)
649 self.assertNotEquals(rep.u.alloc_hint, 0)
650 self.assertEquals(rep.u.context_id, 0)
651 self.assertEquals(rep.u.cancel_count, 0)
652 self.assertEquals(rep.u.flags, 0)
653 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_UNKNOWN_IF)
654 self.assertEquals(rep.u.reserved, 0)
655 self.assertEquals(len(rep.u.error_and_verifier), 0)
656
657 # Send a alter again to prove the connection is still alive
658 req = self.generate_alter(call_id=3, ctx_list=[ctx1])
659 self.send_pdu(req)
660 rep = self.recv_pdu()
661 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
662 auth_length=0)
663 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
664 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
665 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
666 self.assertEquals(rep.u.secondary_address_size, 0)
667 self.assertEquals(len(rep.u._pad1), 2)
668 #self.assertEquals(rep.u._pad1, '\0' * 2)
669 self.assertEquals(rep.u.num_results, 1)
670 self.assertEquals(rep.u.ctx_list[0].result,
671 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
672 self.assertEquals(rep.u.ctx_list[0].reason,
673 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
674 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
675 self.assertEquals(rep.u.auth_info, '\0' * 0)
676
677 def test_no_auth_presentation_ctx_invalid2(self):
678 ndr32 = base.transfer_syntax_ndr()
679
680 zero_syntax = misc.ndr_syntax_id()
681
682 tsf1a_list = []
683 ctx1a = dcerpc.ctx_list()
684 ctx1a.context_id = 1
685 ctx1a.num_transfer_syntaxes = len(tsf1a_list)
686 ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
687 ctx1a.transfer_syntaxes = tsf1a_list
688
689 req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
690 self.send_pdu(req)
691 rep = self.recv_pdu()
692 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
693 auth_length=0)
694 self.assertEquals(rep.u.reject_reason,
695 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
696 self.assertEquals(rep.u.num_versions, 1)
697 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
698 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
699 self.assertEquals(len(rep.u._pad), 3)
700 self.assertEquals(rep.u._pad, '\0' * 3)
701
702 # wait for a disconnect
703 rep = self.recv_pdu()
704 self.assertIsNone(rep)
705 self.assertNotConnected()
706
707 def test_no_auth_presentation_ctx_invalid3(self):
708 ndr32 = base.transfer_syntax_ndr()
709
710 zero_syntax = misc.ndr_syntax_id()
711
712 tsf1a_list = [zero_syntax, ndr32, ndr32, ndr32]
713 ctx1a = dcerpc.ctx_list()
714 ctx1a.context_id = 1
715 ctx1a.num_transfer_syntaxes = len(tsf1a_list)
716 ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
717 ctx1a.transfer_syntaxes = tsf1a_list
718
719 req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
720 self.send_pdu(req)
721 rep = self.recv_pdu()
722 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
723 auth_length=0)
724 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
725 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
726 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
727 self.assertEquals(rep.u.secondary_address_size, 4)
728 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
729 self.assertEquals(len(rep.u._pad1), 2)
730 self.assertEquals(rep.u._pad1, '\0' * 2)
731 self.assertEquals(rep.u.num_results, 1)
732 self.assertEquals(rep.u.ctx_list[0].result,
733 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
734 self.assertEquals(rep.u.ctx_list[0].reason,
735 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
736 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
737 self.assertEquals(rep.u.auth_info, '\0' * 0)
738
739 tsf1b_list = []
740 ctx1b = dcerpc.ctx_list()
741 ctx1b.context_id = 1
742 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
743 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
744 ctx1b.transfer_syntaxes = tsf1b_list
745
746 # Send a alter
747 req = self.generate_alter(call_id=1, ctx_list=[ctx1b])
748 self.send_pdu(req)
749 rep = self.recv_pdu()
750 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
751 pfc_flags=req.pfc_flags |
752 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
753 auth_length=0)
754 self.assertNotEquals(rep.u.alloc_hint, 0)
755 self.assertEquals(rep.u.context_id, 0)
756 self.assertEquals(rep.u.cancel_count, 0)
757 self.assertEquals(rep.u.flags, 0)
758 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
759 self.assertEquals(rep.u.reserved, 0)
760 self.assertEquals(len(rep.u.error_and_verifier), 0)
761
762 # wait for a disconnect
763 rep = self.recv_pdu()
764 self.assertIsNone(rep)
765 self.assertNotConnected()
766
767 def test_no_auth_presentation_ctx_invalid4(self):
768 ndr32 = base.transfer_syntax_ndr()
769 ndr64 = base.transfer_syntax_ndr64()
770
771 zero_syntax = misc.ndr_syntax_id()
772
773 tsf1a_list = [zero_syntax, ndr32, ndr32, ndr32]
774 ctx1a = dcerpc.ctx_list()
775 ctx1a.context_id = 1
776 ctx1a.num_transfer_syntaxes = len(tsf1a_list)
777 ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
778 ctx1a.transfer_syntaxes = tsf1a_list
779
780 req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
781 self.send_pdu(req)
782 rep = self.recv_pdu()
783 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
784 auth_length=0)
785 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
786 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
787 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
788 self.assertEquals(rep.u.secondary_address_size, 4)
789 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
790 self.assertEquals(len(rep.u._pad1), 2)
791 self.assertEquals(rep.u._pad1, '\0' * 2)
792 self.assertEquals(rep.u.num_results, 1)
793 self.assertEquals(rep.u.ctx_list[0].result,
794 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
795 self.assertEquals(rep.u.ctx_list[0].reason,
796 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
797 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
798 self.assertEquals(rep.u.auth_info, '\0' * 0)
799
800 # With a known but wrong syntax we get a protocol error
801 # see test_no_auth_presentation_ctx_valid2
802 tsf1b_list = [zero_syntax,samba.dcerpc.epmapper.abstract_syntax(),ndr64]
803 ctx1b = dcerpc.ctx_list()
804 ctx1b.context_id = 1
805 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
806 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
807 ctx1b.transfer_syntaxes = tsf1b_list
808
809 # Send a alter
810 req = self.generate_alter(call_id=1, ctx_list=[ctx1b])
811 self.send_pdu(req)
812 rep = self.recv_pdu()
813 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
814 pfc_flags=req.pfc_flags |
815 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
816 auth_length=0)
817 self.assertNotEquals(rep.u.alloc_hint, 0)
818 self.assertEquals(rep.u.context_id, 0)
819 self.assertEquals(rep.u.cancel_count, 0)
820 self.assertEquals(rep.u.flags, 0)
821 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
822 self.assertEquals(rep.u.reserved, 0)
823 self.assertEquals(len(rep.u.error_and_verifier), 0)
824
825 # wait for a disconnect
826 rep = self.recv_pdu()
827 self.assertIsNone(rep)
828 self.assertNotConnected()
829
830 def test_no_auth_presentation_ctx_valid2(self):
831 ndr32 = base.transfer_syntax_ndr()
832
833 zero_syntax = misc.ndr_syntax_id()
834
835 tsf1a_list = [zero_syntax, ndr32, ndr32, ndr32]
836 ctx1a = dcerpc.ctx_list()
837 ctx1a.context_id = 1
838 ctx1a.num_transfer_syntaxes = len(tsf1a_list)
839 ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
840 ctx1a.transfer_syntaxes = tsf1a_list
841
842 req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
843 self.send_pdu(req)
844 rep = self.recv_pdu()
845 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
846 auth_length=0)
847 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
848 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
849 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
850 self.assertEquals(rep.u.secondary_address_size, 4)
851 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
852 self.assertEquals(len(rep.u._pad1), 2)
853 self.assertEquals(rep.u._pad1, '\0' * 2)
854 self.assertEquals(rep.u.num_results, 1)
855 self.assertEquals(rep.u.ctx_list[0].result,
856 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
857 self.assertEquals(rep.u.ctx_list[0].reason,
858 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
859 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
860 self.assertEquals(rep.u.auth_info, '\0' * 0)
861
862 # With a unknown but wrong syntaxes we get NO protocol error
863 # see test_no_auth_presentation_ctx_invalid4
864 tsf1b_list = [zero_syntax,samba.dcerpc.epmapper.abstract_syntax()]
865 ctx1b = dcerpc.ctx_list()
866 ctx1b.context_id = 1
867 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
868 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
869 ctx1b.transfer_syntaxes = tsf1b_list
870
871 # Send a alter
872 req = self.generate_alter(call_id=1, ctx_list=[ctx1b])
873 self.send_pdu(req)
874 rep = self.recv_pdu()
875 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
876 auth_length=0)
877 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
878 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
879 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
880 self.assertEquals(rep.u.secondary_address_size, 0)
881 self.assertEquals(len(rep.u._pad1), 2)
882 #self.assertEquals(rep.u._pad1, '\0' * 2)
883 self.assertEquals(rep.u.num_results, 1)
884 self.assertEquals(rep.u.ctx_list[0].result,
885 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
886 self.assertEquals(rep.u.ctx_list[0].reason,
887 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
888 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
889 self.assertEquals(rep.u.auth_info, '\0' * 0)
890
891 req = self.generate_request(call_id = 2,
892 context_id=ctx1a.context_id,
893 opnum=0xffff,
894 stub="")
895 self.send_pdu(req)
896 rep = self.recv_pdu()
897 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
898 pfc_flags=req.pfc_flags |
899 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
900 auth_length=0)
901 self.assertNotEquals(rep.u.alloc_hint, 0)
902 self.assertEquals(rep.u.context_id, ctx1a.context_id)
903 self.assertEquals(rep.u.cancel_count, 0)
904 self.assertEquals(rep.u.flags, 0)
905 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_OP_RNG_ERROR)
906 self.assertEquals(rep.u.reserved, 0)
907 self.assertEquals(len(rep.u.error_and_verifier), 0)
908
909 def test_no_auth_presentation_ctx_no_ndr64(self):
910 ndr32 = base.transfer_syntax_ndr()
911 zero_syntax = misc.ndr_syntax_id()
912
913 tsfZ_list = [zero_syntax]
914 ctxZ = dcerpc.ctx_list()
915 ctxZ.context_id = 54321
916 ctxZ.num_transfer_syntaxes = len(tsfZ_list)
917 ctxZ.abstract_syntax = zero_syntax
918 ctxZ.transfer_syntaxes = tsfZ_list
919
920 req = self.generate_bind(call_id=0, ctx_list=[ctxZ])
921 self.send_pdu(req)
922 rep = self.recv_pdu()
923 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
924 auth_length=0)
925 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
926 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
927 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
928 self.assertEquals(rep.u.secondary_address_size, 4)
929 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
930 self.assertEquals(len(rep.u._pad1), 2)
931 self.assertEquals(rep.u._pad1, '\0' * 2)
932 self.assertEquals(rep.u.num_results, 1)
933 self.assertEquals(rep.u.ctx_list[0].result,
934 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
935 self.assertEquals(rep.u.ctx_list[0].reason,
936 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
937 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
938 self.assertEquals(rep.u.auth_info, '\0' * 0)
939
940 tsf0_list = [ndr32]
941 ctx0 = dcerpc.ctx_list()
942 ctx0.context_id = 0
943 ctx0.num_transfer_syntaxes = len(tsf0_list)
944 ctx0.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
945 ctx0.transfer_syntaxes = tsf0_list
946
947 req = self.generate_alter(call_id=0, ctx_list=[ctx0])
948 self.send_pdu(req)
949 rep = self.recv_pdu()
950 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
951 auth_length=0)
952 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
953 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
954 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
955 self.assertEquals(rep.u.secondary_address_size, 0)
956 self.assertEquals(len(rep.u._pad1), 2)
957 #self.assertEquals(rep.u._pad1, '\0' * 2)
958 self.assertEquals(rep.u.num_results, 1)
959 self.assertEquals(rep.u.ctx_list[0].result,
960 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
961 self.assertEquals(rep.u.ctx_list[0].reason,
962 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
963 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
964 self.assertEquals(rep.u.auth_info, '\0' * 0)
965
966 req = self.generate_request(call_id = 1,
967 context_id=ctx0.context_id,
968 opnum=0,
969 stub="")
970 self.send_pdu(req)
971 rep = self.recv_pdu()
972 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
973 auth_length=0)
974 self.assertNotEquals(rep.u.alloc_hint, 0)
975 self.assertEquals(rep.u.context_id, req.u.context_id)
976 self.assertEquals(rep.u.cancel_count, 0)
977 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
978
979 tsf1_list = [zero_syntax,ndr32]
980 ctx1 = dcerpc.ctx_list()
981 ctx1.context_id = 1
982 ctx1.num_transfer_syntaxes = len(tsf1_list)
983 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
984 ctx1.transfer_syntaxes = tsf1_list
985
986 req = self.generate_alter(call_id=1, ctx_list=[ctx1])
987 self.send_pdu(req)
988 rep = self.recv_pdu()
989 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
990 auth_length=0)
991 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
992 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
993 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
994 self.assertEquals(rep.u.secondary_address_size, 0)
995 self.assertEquals(len(rep.u._pad1), 2)
996 #self.assertEquals(rep.u._pad1, '\0' * 2)
997 self.assertEquals(rep.u.num_results, 1)
998 self.assertEquals(rep.u.ctx_list[0].result,
999 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1000 self.assertEquals(rep.u.ctx_list[0].reason,
1001 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1002 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1003 self.assertEquals(rep.u.auth_info, '\0' * 0)
1004
1005 req = self.generate_request(call_id = 1,
1006 context_id=ctx1.context_id,
1007 opnum=0,
1008 stub="")
1009 self.send_pdu(req)
1010 rep = self.recv_pdu()
1011 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1012 auth_length=0)
1013 self.assertNotEquals(rep.u.alloc_hint, 0)
1014 self.assertEquals(rep.u.context_id, req.u.context_id)
1015 self.assertEquals(rep.u.cancel_count, 0)
1016 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1017
1018 tsf2_list = [ndr32,ndr32]
1019 ctx2 = dcerpc.ctx_list()
1020 ctx2.context_id = 2
1021 ctx2.num_transfer_syntaxes = len(tsf2_list)
1022 ctx2.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1023 ctx2.transfer_syntaxes = tsf2_list
1024
1025 req = self.generate_alter(call_id=2, ctx_list=[ctx2])
1026 self.send_pdu(req)
1027 rep = self.recv_pdu()
1028 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1029 auth_length=0)
1030 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1031 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1032 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1033 self.assertEquals(rep.u.secondary_address_size, 0)
1034 self.assertEquals(len(rep.u._pad1), 2)
1035 #self.assertEquals(rep.u._pad1, '\0' * 2)
1036 self.assertEquals(rep.u.num_results, 1)
1037 self.assertEquals(rep.u.ctx_list[0].result,
1038 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1039 self.assertEquals(rep.u.ctx_list[0].reason,
1040 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1041 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1042 self.assertEquals(rep.u.auth_info, '\0' * 0)
1043
1044 req = self.generate_request(call_id = 1,
1045 context_id=ctx2.context_id,
1046 opnum=0,
1047 stub="")
1048 self.send_pdu(req)
1049 rep = self.recv_pdu()
1050 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1051 auth_length=0)
1052 self.assertNotEquals(rep.u.alloc_hint, 0)
1053 self.assertEquals(rep.u.context_id, req.u.context_id)
1054 self.assertEquals(rep.u.cancel_count, 0)
1055 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1056
1057 tsf3_list = [ndr32]
1058 ctx3 = dcerpc.ctx_list()
1059 ctx3.context_id = 3
1060 ctx3.num_transfer_syntaxes = len(tsf3_list)
1061 ctx3.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1062 ctx3.transfer_syntaxes = tsf3_list
1063
1064 tsf4_list = [ndr32]
1065 ctx4 = dcerpc.ctx_list()
1066 ctx4.context_id = 4
1067 ctx4.num_transfer_syntaxes = len(tsf4_list)
1068 ctx4.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1069 ctx4.transfer_syntaxes = tsf4_list
1070
1071 req = self.generate_alter(call_id=34, ctx_list=[ctx3,ctx4])
1072 self.send_pdu(req)
1073 rep = self.recv_pdu()
1074 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1075 auth_length=0)
1076 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1077 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1078 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1079 self.assertEquals(rep.u.secondary_address_size, 0)
1080 self.assertEquals(len(rep.u._pad1), 2)
1081 #self.assertEquals(rep.u._pad1, '\0' * 2)
1082 self.assertEquals(rep.u.num_results, 2)
1083 self.assertEquals(rep.u.ctx_list[0].result,
1084 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1085 self.assertEquals(rep.u.ctx_list[0].reason,
1086 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1087 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1088 self.assertEquals(rep.u.ctx_list[1].result,
1089 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1090 self.assertEquals(rep.u.ctx_list[1].reason,
1091 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1092 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1093 self.assertEquals(rep.u.auth_info, '\0' * 0)
1094
1095 req = self.generate_request(call_id = 1,
1096 context_id=ctx3.context_id,
1097 opnum=0,
1098 stub="")
1099 self.send_pdu(req)
1100 rep = self.recv_pdu()
1101 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1102 auth_length=0)
1103 self.assertNotEquals(rep.u.alloc_hint, 0)
1104 self.assertEquals(rep.u.context_id, req.u.context_id)
1105 self.assertEquals(rep.u.cancel_count, 0)
1106 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1107
1108 req = self.generate_alter(call_id=43, ctx_list=[ctx4,ctx3])
1109 self.send_pdu(req)
1110 rep = self.recv_pdu()
1111 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1112 auth_length=0)
1113 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1114 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1115 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1116 self.assertEquals(rep.u.secondary_address_size, 0)
1117 self.assertEquals(len(rep.u._pad1), 2)
1118 #self.assertEquals(rep.u._pad1, '\0' * 2)
1119 self.assertEquals(rep.u.num_results, 2)
1120 self.assertEquals(rep.u.ctx_list[0].result,
1121 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1122 self.assertEquals(rep.u.ctx_list[0].reason,
1123 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1124 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1125 self.assertEquals(rep.u.ctx_list[1].result,
1126 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1127 self.assertEquals(rep.u.ctx_list[1].reason,
1128 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1129 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1130 self.assertEquals(rep.u.auth_info, '\0' * 0)
1131
1132 req = self.generate_request(call_id = 1,
1133 context_id=ctx4.context_id,
1134 opnum=0,
1135 stub="")
1136 self.send_pdu(req)
1137 rep = self.recv_pdu()
1138 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1139 auth_length=0)
1140 self.assertNotEquals(rep.u.alloc_hint, 0)
1141 self.assertEquals(rep.u.context_id, req.u.context_id)
1142 self.assertEquals(rep.u.cancel_count, 0)
1143 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1144
1145 req = self.generate_request(call_id = 1,
1146 context_id=ctx3.context_id,
1147 opnum=0,
1148 stub="")
1149 self.send_pdu(req)
1150 rep = self.recv_pdu()
1151 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1152 auth_length=0)
1153 self.assertNotEquals(rep.u.alloc_hint, 0)
1154 self.assertEquals(rep.u.context_id, req.u.context_id)
1155 self.assertEquals(rep.u.cancel_count, 0)
1156 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1157
1158 req = self.generate_alter(call_id=44, ctx_list=[ctx4,ctx4])
1159 self.send_pdu(req)
1160 rep = self.recv_pdu()
1161 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1162 auth_length=0)
1163 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1164 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1165 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1166 self.assertEquals(rep.u.secondary_address_size, 0)
1167 self.assertEquals(len(rep.u._pad1), 2)
1168 #self.assertEquals(rep.u._pad1, '\0' * 2)
1169 self.assertEquals(rep.u.num_results, 2)
1170 self.assertEquals(rep.u.ctx_list[0].result,
1171 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1172 self.assertEquals(rep.u.ctx_list[0].reason,
1173 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1174 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1175 self.assertEquals(rep.u.ctx_list[1].result,
1176 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1177 self.assertEquals(rep.u.ctx_list[1].reason,
1178 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1179 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1180 self.assertEquals(rep.u.auth_info, '\0' * 0)
1181
1182 req = self.generate_request(call_id = 1,
1183 context_id=ctx4.context_id,
1184 opnum=0,
1185 stub="")
1186 self.send_pdu(req)
1187 rep = self.recv_pdu()
1188 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1189 auth_length=0)
1190 self.assertNotEquals(rep.u.alloc_hint, 0)
1191 self.assertEquals(rep.u.context_id, req.u.context_id)
1192 self.assertEquals(rep.u.cancel_count, 0)
1193 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1194
1195 req = self.generate_request(call_id = 1,
1196 context_id=ctx3.context_id,
1197 opnum=0,
1198 stub="")
1199 self.send_pdu(req)
1200 rep = self.recv_pdu()
1201 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1202 auth_length=0)
1203 self.assertNotEquals(rep.u.alloc_hint, 0)
1204 self.assertEquals(rep.u.context_id, req.u.context_id)
1205 self.assertEquals(rep.u.cancel_count, 0)
1206 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1207
1208 tsf5mgmt_list = [ndr32]
1209 ctx5mgmt = dcerpc.ctx_list()
1210 ctx5mgmt.context_id = 5
1211 ctx5mgmt.num_transfer_syntaxes = len(tsf5mgmt_list)
1212 ctx5mgmt.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1213 ctx5mgmt.transfer_syntaxes = tsf5mgmt_list
1214
1215 tsf5epm_list = [ndr32]
1216 ctx5epm = dcerpc.ctx_list()
1217 ctx5epm.context_id = 5
1218 ctx5epm.num_transfer_syntaxes = len(tsf5epm_list)
1219 ctx5epm.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1220 ctx5epm.transfer_syntaxes = tsf5epm_list
1221
1222 req = self.generate_alter(call_id=55, ctx_list=[ctx5mgmt,ctx5epm])
1223 self.send_pdu(req)
1224 rep = self.recv_pdu()
1225 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1226 auth_length=0)
1227 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1228 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1229 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1230 self.assertEquals(rep.u.secondary_address_size, 0)
1231 self.assertEquals(len(rep.u._pad1), 2)
1232 #self.assertEquals(rep.u._pad1, '\0' * 2)
1233 self.assertEquals(rep.u.num_results, 2)
1234 self.assertEquals(rep.u.ctx_list[0].result,
1235 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1236 self.assertEquals(rep.u.ctx_list[0].reason,
1237 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1238 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1239 self.assertEquals(rep.u.ctx_list[1].result,
1240 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1241 self.assertEquals(rep.u.ctx_list[1].reason,
1242 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1243 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1244 self.assertEquals(rep.u.auth_info, '\0' * 0)
1245
1246 req = self.generate_request(call_id = 1,
1247 context_id=ctx5mgmt.context_id,
1248 opnum=0,
1249 stub="")
1250 self.send_pdu(req)
1251 rep = self.recv_pdu()
1252 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1253 auth_length=0)
1254 self.assertNotEquals(rep.u.alloc_hint, 0)
1255 self.assertEquals(rep.u.context_id, req.u.context_id)
1256 self.assertEquals(rep.u.cancel_count, 0)
1257 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1258
1259 req = self.generate_alter(call_id=55, ctx_list=[ctx5mgmt,ctx5epm])
1260 self.send_pdu(req)
1261 rep = self.recv_pdu()
1262 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1263 auth_length=0)
1264 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1265 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1266 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1267 self.assertEquals(rep.u.secondary_address_size, 0)
1268 self.assertEquals(len(rep.u._pad1), 2)
1269 #self.assertEquals(rep.u._pad1, '\0' * 2)
1270 self.assertEquals(rep.u.num_results, 2)
1271 self.assertEquals(rep.u.ctx_list[0].result,
1272 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1273 self.assertEquals(rep.u.ctx_list[0].reason,
1274 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1275 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1276 self.assertEquals(rep.u.ctx_list[1].result,
1277 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1278 self.assertEquals(rep.u.ctx_list[1].reason,
1279 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1280 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1281 self.assertEquals(rep.u.auth_info, '\0' * 0)
1282
1283 req = self.generate_request(call_id = 1,
1284 context_id=ctx5mgmt.context_id,
1285 opnum=0,
1286 stub="")
1287 self.send_pdu(req)
1288 rep = self.recv_pdu()
1289 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1290 auth_length=0)
1291 self.assertNotEquals(rep.u.alloc_hint, 0)
1292 self.assertEquals(rep.u.context_id, req.u.context_id)
1293 self.assertEquals(rep.u.cancel_count, 0)
1294 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1295
1296 def test_no_auth_bind_time_none_simple(self):
1297 features = 0
1298 btf = base.bind_time_features_syntax(features)
1299
1300 zero_syntax = misc.ndr_syntax_id()
1301
1302 tsf1_list = [btf]
1303 ctx1 = dcerpc.ctx_list()
1304 ctx1.context_id = 1
1305 ctx1.num_transfer_syntaxes = len(tsf1_list)
1306 ctx1.abstract_syntax = zero_syntax
1307 ctx1.transfer_syntaxes = tsf1_list
1308
1309 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1310 self.send_pdu(req)
1311 rep = self.recv_pdu()
1312 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1313 auth_length=0)
1314 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1315 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1316 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1317 self.assertEquals(rep.u.secondary_address_size, 4)
1318 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1319 self.assertEquals(len(rep.u._pad1), 2)
1320 self.assertEquals(rep.u._pad1, '\0' * 2)
1321 self.assertEquals(rep.u.num_results, 1)
1322 self.assertEquals(rep.u.ctx_list[0].result,
1323 dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1324 self.assertEquals(rep.u.ctx_list[0].reason, features)
1325 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1326 self.assertEquals(rep.u.auth_info, '\0' * 0)
1327
1328 def test_no_auth_bind_time_none_ignore_additional(self):
1329 features1 = 0
1330 btf1 = base.bind_time_features_syntax(features1)
1331
1332 features2 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1333 features2 |= dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1334 btf2 = base.bind_time_features_syntax(features2)
1335
1336 zero_syntax = misc.ndr_syntax_id()
1337 ndr64 = base.transfer_syntax_ndr64()
1338
1339 tsf1_list = [btf1,btf2,zero_syntax]
1340 ctx1 = dcerpc.ctx_list()
1341 ctx1.context_id = 1
1342 ctx1.num_transfer_syntaxes = len(tsf1_list)
1343 ctx1.abstract_syntax = ndr64
1344 ctx1.transfer_syntaxes = tsf1_list
1345
1346 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1347 self.send_pdu(req)
1348 rep = self.recv_pdu()
1349 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1350 auth_length=0)
1351 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1352 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1353 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1354 self.assertEquals(rep.u.secondary_address_size, 4)
1355 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1356 self.assertEquals(len(rep.u._pad1), 2)
1357 self.assertEquals(rep.u._pad1, '\0' * 2)
1358 self.assertEquals(rep.u.num_results, 1)
1359 self.assertEquals(rep.u.ctx_list[0].result,
1360 dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1361 self.assertEquals(rep.u.ctx_list[0].reason, features1)
1362 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1363 self.assertEquals(rep.u.auth_info, '\0' * 0)
1364
1365 def test_no_auth_bind_time_only_first(self):
1366 features1 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1367 btf1 = base.bind_time_features_syntax(features1)
1368
1369 features2 = dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1370 btf2 = base.bind_time_features_syntax(features2)
1371
1372 zero_syntax = misc.ndr_syntax_id()
1373
1374 tsf1_list = [zero_syntax,btf1,btf2,zero_syntax]
1375 ctx1 = dcerpc.ctx_list()
1376 ctx1.context_id = 1
1377 ctx1.num_transfer_syntaxes = len(tsf1_list)
1378 ctx1.abstract_syntax = zero_syntax
1379 ctx1.transfer_syntaxes = tsf1_list
1380
1381 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1382 self.send_pdu(req)
1383 rep = self.recv_pdu()
1384 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1385 auth_length=0)
1386 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1387 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1388 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1389 self.assertEquals(rep.u.secondary_address_size, 4)
1390 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1391 self.assertEquals(len(rep.u._pad1), 2)
1392 self.assertEquals(rep.u._pad1, '\0' * 2)
1393 self.assertEquals(rep.u.num_results, 1)
1394 self.assertEquals(rep.u.ctx_list[0].result,
1395 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1396 self.assertEquals(rep.u.ctx_list[0].reason,
1397 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
1398 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1399 self.assertEquals(rep.u.auth_info, '\0' * 0)
1400
1401 def test_no_auth_bind_time_twice(self):
1402 features1 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1403 btf1 = base.bind_time_features_syntax(features1)
1404
1405 features2 = dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1406 btf2 = base.bind_time_features_syntax(features2)
1407
1408 zero_syntax = misc.ndr_syntax_id()
1409
1410 tsf1_list = [btf1]
1411 ctx1 = dcerpc.ctx_list()
1412 ctx1.context_id = 1
1413 ctx1.num_transfer_syntaxes = len(tsf1_list)
1414 ctx1.abstract_syntax = zero_syntax
1415 ctx1.transfer_syntaxes = tsf1_list
1416
1417 tsf2_list = [btf2]
1418 ctx2 = dcerpc.ctx_list()
1419 ctx2.context_id = 2
1420 ctx2.num_transfer_syntaxes = len(tsf2_list)
1421 ctx2.abstract_syntax = zero_syntax
1422 ctx2.transfer_syntaxes = tsf2_list
1423
1424 req = self.generate_bind(call_id=0, ctx_list=[ctx1,ctx2])
1425 self.send_pdu(req)
1426 rep = self.recv_pdu()
1427 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
1428 auth_length=0)
1429 self.assertEquals(rep.u.reject_reason,
1430 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1431 self.assertEquals(rep.u.num_versions, 1)
1432 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
1433 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
1434 self.assertEquals(len(rep.u._pad), 3)
1435 self.assertEquals(rep.u._pad, '\0' * 3)
1436
1437 # wait for a disconnect
1438 rep = self.recv_pdu()
1439 self.assertIsNone(rep)
1440 self.assertNotConnected()
1441
1442 def test_no_auth_bind_time_keep_on_orphan_simple(self):
1443 features = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1444 btf = base.bind_time_features_syntax(features)
1445
1446 zero_syntax = misc.ndr_syntax_id()
1447
1448 tsf1_list = [btf]
1449 ctx1 = dcerpc.ctx_list()
1450 ctx1.context_id = 1
1451 ctx1.num_transfer_syntaxes = len(tsf1_list)
1452 ctx1.abstract_syntax = zero_syntax
1453 ctx1.transfer_syntaxes = tsf1_list
1454
1455 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1456 self.send_pdu(req)
1457 rep = self.recv_pdu()
1458 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1459 auth_length=0)
1460 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1461 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1462 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1463 self.assertEquals(rep.u.secondary_address_size, 4)
1464 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1465 self.assertEquals(len(rep.u._pad1), 2)
1466 self.assertEquals(rep.u._pad1, '\0' * 2)
1467 self.assertEquals(rep.u.num_results, 1)
1468 self.assertEquals(rep.u.ctx_list[0].result,
1469 dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1470 self.assertEquals(rep.u.ctx_list[0].reason, features)
1471 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1472 self.assertEquals(rep.u.auth_info, '\0' * 0)
1473
1474 def test_no_auth_bind_time_keep_on_orphan_ignore_additional(self):
1475 features1 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1476 btf1 = base.bind_time_features_syntax(features1)
1477
1478 features2 = dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1479 btf2 = base.bind_time_features_syntax(features2)
1480
1481 zero_syntax = misc.ndr_syntax_id()
1482 ndr64 = base.transfer_syntax_ndr64()
1483
1484 tsf1_list = [btf1,btf2,zero_syntax]
1485 ctx1 = dcerpc.ctx_list()
1486 ctx1.context_id = 1
1487 ctx1.num_transfer_syntaxes = len(tsf1_list)
1488 ctx1.abstract_syntax = ndr64
1489 ctx1.transfer_syntaxes = tsf1_list
1490
1491 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1492 self.send_pdu(req)
1493 rep = self.recv_pdu()
1494 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1495 auth_length=0)
1496 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1497 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1498 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1499 self.assertEquals(rep.u.secondary_address_size, 4)
1500 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1501 self.assertEquals(len(rep.u._pad1), 2)
1502 self.assertEquals(rep.u._pad1, '\0' * 2)
1503 self.assertEquals(rep.u.num_results, 1)
1504 self.assertEquals(rep.u.ctx_list[0].result,
1505 dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1506 self.assertEquals(rep.u.ctx_list[0].reason, features1)
1507 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1508 self.assertEquals(rep.u.auth_info, '\0' * 0)
1509
1510 def _test_auth_type_level_bind_nak(self, auth_type, auth_level, creds=None,
1511 reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_AUTH_TYPE):
1512 ndr32 = base.transfer_syntax_ndr()
1513
1514 tsf1_list = [ndr32]
1515 ctx1 = dcerpc.ctx_list()
1516 ctx1.context_id = 1
1517 ctx1.num_transfer_syntaxes = len(tsf1_list)
1518 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1519 ctx1.transfer_syntaxes = tsf1_list
1520 ctx_list = [ctx1]
1521
1522 auth_context_id = 0
1523
1524 if creds is not None:
1525 # We always start with DCERPC_AUTH_LEVEL_INTEGRITY
1526 auth_context = self.get_auth_context_creds(creds,
1527 auth_type=auth_type,
1528 auth_level=auth_level,
1529 auth_context_id=auth_context_id,
1530 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
1531 from_server = ""
1532 (finished, to_server) = auth_context["gensec"].update(from_server)
1533 self.assertFalse(finished)
1534
1535 auth_info = self.generate_auth(auth_type=auth_context["auth_type"],
1536 auth_level=auth_context["auth_level"],
1537 auth_context_id=auth_context["auth_context_id"],
1538 auth_blob=to_server)
1539 else:
1540 to_server = "none"
1541 auth_info = self.generate_auth(auth_type=auth_type,
1542 auth_level=auth_level,
1543 auth_context_id=auth_context_id,
1544 auth_blob=to_server)
1545
1546 req = self.generate_bind(call_id=0,
1547 ctx_list=ctx_list,
1548 auth_info=auth_info)
1549 self.send_pdu(req)
1550 rep = self.recv_pdu()
1551 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
1552 auth_length=0)
1553 self.assertEquals(rep.u.reject_reason, reason)
1554 self.assertEquals(rep.u.num_versions, 1)
1555 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
1556 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
1557 self.assertEquals(len(rep.u._pad), 3)
1558 self.assertEquals(rep.u._pad, '\0' * 3)
1559
1560 # wait for a disconnect
1561 rep = self.recv_pdu()
1562 self.assertIsNone(rep)
1563 self.assertNotConnected()
1564
1565 def _test_auth_none_level_bind(self, auth_level,
1566 reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_AUTH_TYPE):
1567 return self._test_auth_type_level_bind_nak(auth_type=dcerpc.DCERPC_AUTH_LEVEL_NONE,
1568 auth_level=auth_level, reason=reason)
1569
1570 def test_auth_none_none_bind(self):
1571 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_NONE,
1572 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1573
1574 def test_auth_none_connect_bind(self):
1575 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_CONNECT)
1576
1577 def test_auth_none_call_bind(self):
1578 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_CALL)
1579
1580 def test_auth_none_packet_bind(self):
1581 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_PACKET)
1582
1583 def test_auth_none_integrity_bind(self):
1584 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
1585
1586 def test_auth_none_privacy_bind(self):
1587 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_PRIVACY)
1588
1589 def test_auth_none_0_bind(self):
1590 return self._test_auth_none_level_bind(0,
1591 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1592
1593 def test_auth_none_7_bind(self):
1594 return self._test_auth_none_level_bind(7,
1595 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1596
1597 def test_auth_none_255_bind(self):
1598 return self._test_auth_none_level_bind(255,
1599 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1600
1601 def _test_auth_none_level_request(self, auth_level):
1602 ndr32 = base.transfer_syntax_ndr()
1603
1604 tsf1_list = [ndr32]
1605 ctx1 = dcerpc.ctx_list()
1606 ctx1.context_id = 1
1607 ctx1.num_transfer_syntaxes = len(tsf1_list)
1608 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1609 ctx1.transfer_syntaxes = tsf1_list
1610 ctx_list = [ctx1]
1611
1612 auth_type = dcerpc.DCERPC_AUTH_TYPE_NONE
1613 auth_context_id = 0
1614
1615 req = self.generate_bind(call_id=0,
1616 ctx_list=ctx_list)
1617
1618 self.send_pdu(req)
1619 rep = self.recv_pdu()
1620 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
1621 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1622 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1623 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1624 self.assertEquals(rep.u.secondary_address_size, 4)
1625 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1626 self.assertEquals(len(rep.u._pad1), 2)
1627 self.assertEquals(rep.u._pad1, '\0' * 2)
1628 self.assertEquals(rep.u.num_results, 1)
1629 self.assertEquals(rep.u.ctx_list[0].result,
1630 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1631 self.assertEquals(rep.u.ctx_list[0].reason,
1632 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1633 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1634 self.assertEquals(len(rep.u.auth_info), 0)
1635
1636 # And now try a request without auth_info
1637 req = self.generate_request(call_id = 2,
1638 context_id=ctx1.context_id,
1639 opnum=0,
1640 stub="")
1641 self.send_pdu(req)
1642 rep = self.recv_pdu()
1643 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1644 auth_length=0)
1645 self.assertNotEquals(rep.u.alloc_hint, 0)
1646 self.assertEquals(rep.u.context_id, req.u.context_id)
1647 self.assertEquals(rep.u.cancel_count, 0)
1648 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1649
1650 auth_info = self.generate_auth(auth_type=auth_type,
1651 auth_level=auth_level,
1652 auth_context_id=auth_context_id,
1653 auth_blob="none")
1654
1655 req = self.generate_request(call_id = 3,
1656 context_id=ctx1.context_id,
1657 opnum=0,
1658 stub="",
1659 auth_info=auth_info)
1660 self.send_pdu(req)
1661 rep = self.recv_pdu()
1662 # We get a fault back
1663 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
1664 auth_length=0)
1665 self.assertNotEquals(rep.u.alloc_hint, 0)
1666 self.assertEquals(rep.u.context_id, req.u.context_id)
1667 self.assertEquals(rep.u.cancel_count, 0)
1668 self.assertEquals(rep.u.flags, 0)
1669 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
1670 self.assertEquals(rep.u.reserved, 0)
1671 self.assertEquals(len(rep.u.error_and_verifier), 0)
1672
1673 # wait for a disconnect
1674 rep = self.recv_pdu()
1675 self.assertIsNone(rep)
1676 self.assertNotConnected()
1677
1678 def test_auth_none_none_request(self):
1679 return self._test_auth_none_level_request(dcerpc.DCERPC_AUTH_LEVEL_NONE)
1680
1681 def test_auth_none_connect_request(self):
1682 return self._test_auth_none_level_request(dcerpc.DCERPC_AUTH_LEVEL_CONNECT)
1683
1684 def test_auth_none_call_request(self):
1685 return self._test_auth_none_level_request(dcerpc.DCERPC_AUTH_LEVEL_CALL)
1686
1687 def _test_neg_xmit_check_values(self,
1688 req_xmit=None,
1689 req_recv=None,
1690 rep_both=None,
1691 alter_xmit=None,
1692 alter_recv=None):
1693 ndr32 = base.transfer_syntax_ndr()
1694
1695 tsf1_list = [ndr32]
1696 ctx1 = dcerpc.ctx_list()
1697 ctx1.context_id = 1
1698 ctx1.num_transfer_syntaxes = len(tsf1_list)
1699 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1700 ctx1.transfer_syntaxes = tsf1_list
1701
1702 req = self.generate_bind(call_id=0,
1703 max_xmit_frag=req_xmit,
1704 max_recv_frag=req_recv,
1705 ctx_list=[ctx1])
1706 self.send_pdu(req)
1707 rep = self.recv_pdu()
1708 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1709 auth_length=0)
1710 self.assertEquals(rep.u.max_xmit_frag, rep_both)
1711 self.assertEquals(rep.u.max_recv_frag, rep_both)
1712 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1713 self.assertEquals(rep.u.secondary_address_size, 4)
1714 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1715 self.assertEquals(len(rep.u._pad1), 2)
1716 self.assertEquals(rep.u._pad1, '\0' * 2)
1717 self.assertEquals(rep.u.num_results, 1)
1718 self.assertEquals(rep.u.ctx_list[0].result,
1719 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1720 self.assertEquals(rep.u.ctx_list[0].reason,
1721 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1722 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1723 self.assertEquals(rep.u.auth_info, '\0' * 0)
1724
1725 assoc_group_id = rep.u.assoc_group_id
1726 if alter_xmit is None:
1727 alter_xmit = rep_both - 8
1728 if alter_recv is None:
1729 alter_recv = rep_both - 8
1730
1731 # max_{xmit,recv}_frag and assoc_group_id are completely
1732 # ignored in alter_context requests
1733 req = self.generate_alter(call_id=1,
1734 max_xmit_frag=alter_xmit,
1735 max_recv_frag=alter_recv,
1736 assoc_group_id=0xffffffff-rep.u.assoc_group_id,
1737 ctx_list=[ctx1])
1738 self.send_pdu(req)
1739 rep = self.recv_pdu()
1740 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1741 auth_length=0)
1742 self.assertEquals(rep.u.max_xmit_frag, rep_both)
1743 self.assertEquals(rep.u.max_recv_frag, rep_both)
1744 self.assertEquals(rep.u.assoc_group_id, rep.u.assoc_group_id)
1745 self.assertEquals(rep.u.secondary_address_size, 0)
1746 self.assertEquals(len(rep.u._pad1), 2)
1747 #self.assertEquals(rep.u._pad1, '\0' * 2)
1748 self.assertEquals(rep.u.num_results, 1)
1749 self.assertEquals(rep.u.ctx_list[0].result,
1750 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1751 self.assertEquals(rep.u.ctx_list[0].reason,
1752 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1753 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1754 self.assertEquals(rep.u.auth_info, '\0' * 0)
1755
1756 chunk_size = rep_both - dcerpc.DCERPC_REQUEST_LENGTH
1757 req = self.generate_request(call_id = 2,
1758 context_id=ctx1.context_id,
1759 opnum=0,
1760 alloc_hint=0xffffffff,
1761 stub="\00" * chunk_size)
1762 self.send_pdu(req,ndr_print=True,hexdump=True)
1763 rep = self.recv_pdu(ndr_print=True,hexdump=True)
1764 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1765 auth_length=0)
1766 self.assertNotEquals(rep.u.alloc_hint, 0)
1767 self.assertEquals(rep.u.context_id, req.u.context_id)
1768 self.assertEquals(rep.u.cancel_count, 0)
1769 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1770
1771 chunk_size = 5840 - dcerpc.DCERPC_REQUEST_LENGTH
1772 req = self.generate_request(call_id = 2,
1773 context_id=ctx1.context_id,
1774 opnum=0,
1775 alloc_hint=0xffffffff,
1776 stub="\00" * chunk_size)
1777 self.send_pdu(req)
1778 rep = self.recv_pdu()
1779 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1780 auth_length=0)
1781 self.assertNotEquals(rep.u.alloc_hint, 0)
1782 self.assertEquals(rep.u.context_id, req.u.context_id)
1783 self.assertEquals(rep.u.cancel_count, 0)
1784 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1785
1786 chunk_size += 1
1787 req = self.generate_request(call_id = 3,
1788 context_id=ctx1.context_id,
1789 opnum=0,
1790 alloc_hint=0xffffffff,
1791 stub="\00" * chunk_size)
1792 self.send_pdu(req)
1793 rep = self.recv_pdu()
1794 # We get a fault
1795 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
1796 auth_length=0)
1797 self.assertNotEquals(rep.u.alloc_hint, 0)
1798 self.assertEquals(rep.u.context_id, 0)
1799 self.assertEquals(rep.u.cancel_count, 0)
1800 self.assertEquals(rep.u.flags, 0)
1801 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
1802 self.assertEquals(rep.u.reserved, 0)
1803 self.assertEquals(len(rep.u.error_and_verifier), 0)
1804
1805 # wait for a disconnect
1806 rep = self.recv_pdu()
1807 self.assertIsNone(rep)
1808 self.assertNotConnected()
1809
1810 def test_neg_xmit_ffff_ffff(self):
1811 return self._test_neg_xmit_check_values(req_xmit=0xffff,
1812 req_recv=0xffff,
1813 rep_both=5840)
1814
1815 def test_neg_xmit_0_ffff(self):
1816 return self._test_neg_xmit_check_values(req_xmit=0,
1817 req_recv=0xffff,
1818 rep_both=2048,
1819 alter_xmit=0xffff,
1820 alter_recv=0xffff)
1821
1822 def test_neg_xmit_ffff_0(self):
1823 return self._test_neg_xmit_check_values(req_xmit=0xffff,
1824 req_recv=0,
1825 rep_both=2048)
1826
1827 def test_neg_xmit_0_0(self):
1828 return self._test_neg_xmit_check_values(req_xmit=0,
1829 req_recv=0,
1830 rep_both=2048,
1831 alter_xmit=0xffff,
1832 alter_recv=0xffff)
1833
1834 def test_neg_xmit_3199_0(self):
1835 return self._test_neg_xmit_check_values(req_xmit=3199,
1836 req_recv=0,
1837 rep_both=2048)
1838 def test_neg_xmit_0_3199(self):
1839 return self._test_neg_xmit_check_values(req_xmit=0,
1840 req_recv=3199,
1841 rep_both=2048)
1842
1843 def test_neg_xmit_3199_ffff(self):
1844 return self._test_neg_xmit_check_values(req_xmit=3199,
1845 req_recv=0xffff,
1846 rep_both=3192)
1847 def test_neg_xmit_ffff_3199(self):
1848 return self._test_neg_xmit_check_values(req_xmit=0xffff,
1849 req_recv=3199,
1850 rep_both=3192)
1851
1852 def test_alloc_hint(self):
1853 ndr32 = base.transfer_syntax_ndr()
1854
1855 tsf1_list = [ndr32]
1856 ctx = dcerpc.ctx_list()
1857 ctx.context_id = 0
1858 ctx.num_transfer_syntaxes = len(tsf1_list)
1859 ctx.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1860 ctx.transfer_syntaxes = tsf1_list
1861
1862 req = self.generate_bind(call_id=0,
1863 ctx_list=[ctx])
1864 self.send_pdu(req)
1865 rep = self.recv_pdu()
1866 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1867 auth_length=0)
1868 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1869 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1870 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1871 self.assertEquals(rep.u.secondary_address_size, 4)
1872 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1873 self.assertEquals(len(rep.u._pad1), 2)
1874 self.assertEquals(rep.u._pad1, '\0' * 2)
1875 self.assertEquals(rep.u.num_results, 1)
1876 self.assertEquals(rep.u.ctx_list[0].result,
1877 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1878 self.assertEquals(rep.u.ctx_list[0].reason,
1879 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1880 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1881 self.assertEquals(rep.u.auth_info, '\0' * 0)
1882
1883 # And now try a request without auth_info
1884 req = self.generate_request(call_id = 2,
1885 context_id=ctx.context_id,
1886 opnum=0,
1887 alloc_hint=0xffffffff,
1888 stub="")
1889 self.send_pdu(req)
1890 rep = self.recv_pdu()
1891 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1892 auth_length=0)
1893 self.assertNotEquals(rep.u.alloc_hint, 0)
1894 self.assertEquals(rep.u.context_id, req.u.context_id)
1895 self.assertEquals(rep.u.cancel_count, 0)
1896 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1897
1898 req = self.generate_request(call_id = 3,
1899 context_id=ctx.context_id,
1900 opnum=1,
1901 alloc_hint=0xffffffff,
1902 stub="\04\00\00\00\00\00\00\00")
1903 self.send_pdu(req)
1904 rep = self.recv_pdu()
1905 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1906 auth_length=0)
1907 self.assertNotEquals(rep.u.alloc_hint, 0)
1908 self.assertEquals(rep.u.context_id, req.u.context_id)
1909 self.assertEquals(rep.u.cancel_count, 0)
1910 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1911
1912 req = self.generate_request(call_id = 4,
1913 context_id=ctx.context_id,
1914 opnum=1,
1915 alloc_hint=1,
1916 stub="\04\00\00\00\00\00\00\00")
1917 self.send_pdu(req)
1918 rep = self.recv_pdu()
1919 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1920 auth_length=0)
1921 self.assertNotEquals(rep.u.alloc_hint, 0)
1922 self.assertEquals(rep.u.context_id, req.u.context_id)
1923 self.assertEquals(rep.u.cancel_count, 0)
1924 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1925
1926 def _get_netlogon_ctx(self):
1927 abstract = samba.dcerpc.netlogon.abstract_syntax()
1928 ndr32 = base.transfer_syntax_ndr()
1929
1930 (ctx, ack) = self.prepare_presentation(abstract, ndr32, context_id=0,
1931 epmap=True, return_ack=True)
1932
1933 server = '\\\\' + self.target_hostname
1934 server_utf16 = unicode(server, 'utf-8').encode('utf-16-le')
1935 computer = 'UNKNOWNCOMPUTER'
1936 computer_utf16 = unicode(computer, 'utf-8').encode('utf-16-le')
1937
1938 real_stub = struct.pack('<IIII', 0x00200000,
1939 len(server)+1, 0, len(server)+1)
1940 real_stub += server_utf16 + '\x00\x00'
1941 mod_len = len(real_stub) % 4
1942 if mod_len != 0:
1943 real_stub += '\x00' * (4 - mod_len)
1944 real_stub += struct.pack('<III',
1945 len(computer)+1, 0, len(computer)+1)
1946 real_stub += computer_utf16 + '\x00\x00'
1947 real_stub += '\x11\x22\x33\x44\x55\x66\x77\x88'
1948
1949 return (ctx, ack, real_stub)
1950
1951 def _test_fragmented_requests(self, remaining=None, alloc_hint=None,
1952 fault_first=None, fault_last=None):
1953 (ctx, rep, real_stub) = self._get_netlogon_ctx()
1954
1955 chunk = rep.u.max_recv_frag - dcerpc.DCERPC_REQUEST_LENGTH
1956
1957 total = 0
1958 first = True
1959 while remaining > 0:
1960 thistime = min(remaining, chunk)
1961 remaining -= thistime
1962 total += thistime
1963
1964 pfc_flags = 0
1965 if first:
1966 pfc_flags |= dcerpc.DCERPC_PFC_FLAG_FIRST
1967 first = False
1968 stub = real_stub + '\x00' * (thistime - len(real_stub))
1969 else:
1970 stub = "\x00" * thistime
1971
1972 if remaining == 0:
1973 pfc_flags |= dcerpc.DCERPC_PFC_FLAG_LAST
1974
1975 # And now try a request without auth_info
1976 # netr_ServerReqChallenge()
1977 req = self.generate_request(call_id = 2,
1978 pfc_flags=pfc_flags,
1979 context_id=ctx.context_id,
1980 opnum=4,
1981 alloc_hint=alloc_hint,
1982 stub=stub)
1983 if alloc_hint >= thistime:
1984 alloc_hint -= thistime
1985 else:
1986 alloc_hint = 0
1987 self.send_pdu(req,hexdump=False)
1988 if fault_first is not None:
1989 rep = self.recv_pdu()
1990 # We get a fault back
1991 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
1992 auth_length=0)
1993 self.assertNotEquals(rep.u.alloc_hint, 0)
1994 self.assertEquals(rep.u.context_id, req.u.context_id)
1995 self.assertEquals(rep.u.cancel_count, 0)
1996 self.assertEquals(rep.u.flags, 0)
1997 self.assertEquals(rep.u.status, fault_first)
1998 self.assertEquals(rep.u.reserved, 0)
1999 self.assertEquals(len(rep.u.error_and_verifier), 0)
2000
2001 # wait for a disconnect
2002 rep = self.recv_pdu()
2003 self.assertIsNone(rep)
2004 self.assertNotConnected()
2005 return
2006 if remaining == 0:
2007 break
2008 if total >= 0x400000 and fault_last is not None:
2009 rep = self.recv_pdu()
2010 # We get a fault back
2011 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2012 auth_length=0)
2013 self.assertNotEquals(rep.u.alloc_hint, 0)
2014 self.assertEquals(rep.u.context_id, req.u.context_id)
2015 self.assertEquals(rep.u.cancel_count, 0)
2016 self.assertEquals(rep.u.flags, 0)
2017 self.assertEquals(rep.u.status, fault_last)
2018 self.assertEquals(rep.u.reserved, 0)
2019 self.assertEquals(len(rep.u.error_and_verifier), 0)
2020
2021 # wait for a disconnect
2022 rep = self.recv_pdu()
2023 self.assertIsNone(rep)
2024 self.assertNotConnected()
2025 return
2026 rep = self.recv_pdu(timeout=0.01)
2027 self.assertIsNone(rep)
2028 self.assertIsConnected()
2029
2030 if total >= 0x400000 and fault_last is not None:
2031 rep = self.recv_pdu()
2032 # We get a fault back
2033 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2034 auth_length=0)
2035 self.assertNotEquals(rep.u.alloc_hint, 0)
2036 self.assertEquals(rep.u.context_id, req.u.context_id)
2037 self.assertEquals(rep.u.cancel_count, 0)
2038 self.assertEquals(rep.u.flags, 0)
2039 self.assertEquals(rep.u.status, fault_last)
2040 self.assertEquals(rep.u.reserved, 0)
2041 self.assertEquals(len(rep.u.error_and_verifier), 0)
2042
2043 # wait for a disconnect
2044 rep = self.recv_pdu()
2045 self.assertIsNone(rep)
2046 self.assertNotConnected()
2047 return
2048 rep = self.recv_pdu()
2049 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2050 auth_length=0)
2051 self.assertNotEquals(rep.u.alloc_hint, 0)
2052 self.assertEquals(rep.u.context_id, req.u.context_id)
2053 self.assertEquals(rep.u.cancel_count, 0)
2054 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2055
2056 self.assertEquals(len(rep.u.stub_and_verifier), 12)
2057 status = struct.unpack_from("<I", rep.u.stub_and_verifier, len(rep.u.stub_and_verifier) - 4)
2058 self.assertEquals(status[0], 0)
2059
2060 def test_fragmented_requests01(self):
2061 return self._test_fragmented_requests(remaining=0x400000,
2062 alloc_hint=0x400000)
2063
2064 def test_fragmented_requests02(self):
2065 return self._test_fragmented_requests(remaining=0x400000,
2066 alloc_hint=0x100000)
2067
2068 def test_fragmented_requests03(self):
2069 return self._test_fragmented_requests(remaining=0x400000,
2070 alloc_hint=0)
2071
2072 def test_fragmented_requests04(self):
2073 return self._test_fragmented_requests(remaining=0x400000,
2074 alloc_hint=0x400001,
2075 fault_first=dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2076
2077 def test_fragmented_requests05(self):
2078 return self._test_fragmented_requests(remaining=0x500001,
2079 alloc_hint=0,
2080 fault_last=dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2081
2082 def _test_same_requests(self, pfc_flags, fault_1st=False, fault_2nd=False):
2083 (ctx, rep, real_stub) = self._get_netlogon_ctx()
2084
2085 # netr_ServerReqChallenge with given flags
2086 req = self.generate_request(call_id = 2,
2087 pfc_flags=pfc_flags,
2088 context_id=ctx.context_id,
2089 opnum=4,
2090 stub=real_stub)
2091 self.send_pdu(req)
2092 if fault_1st:
2093 rep = self.recv_pdu()
2094 # We get a fault back
2095 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2096 auth_length=0)
2097 self.assertNotEquals(rep.u.alloc_hint, 0)
2098 self.assertEquals(rep.u.context_id, 0)
2099 self.assertEquals(rep.u.cancel_count, 0)
2100 self.assertEquals(rep.u.flags, 0)
2101 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2102 self.assertEquals(rep.u.reserved, 0)
2103 self.assertEquals(len(rep.u.error_and_verifier), 0)
2104
2105 # wait for a disconnect
2106 rep = self.recv_pdu()
2107 self.assertIsNone(rep)
2108 self.assertNotConnected()
2109 return
2110 rep = self.recv_pdu(timeout=0.1)
2111 self.assertIsNone(rep)
2112 self.assertIsConnected()
2113
2114 # netr_ServerReqChallenge without DCERPC_PFC_FLAG_LAST
2115 # with the same call_id
2116 req = self.generate_request(call_id = 2,
2117 pfc_flags=pfc_flags,
2118 context_id=ctx.context_id,
2119 opnum=4,
2120 stub=real_stub)
2121 self.send_pdu(req)
2122 if fault_2nd:
2123 rep = self.recv_pdu()
2124 # We get a fault back
2125 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2126 auth_length=0)
2127 self.assertNotEquals(rep.u.alloc_hint, 0)
2128 self.assertEquals(rep.u.context_id, req.u.context_id)
2129 self.assertEquals(rep.u.cancel_count, 0)
2130 self.assertEquals(rep.u.flags, 0)
2131 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2132 self.assertEquals(rep.u.reserved, 0)
2133 self.assertEquals(len(rep.u.error_and_verifier), 0)
2134
2135 # wait for a disconnect
2136 rep = self.recv_pdu()
2137 self.assertIsNone(rep)
2138 self.assertNotConnected()
2139 return
2140
2141 rep = self.recv_pdu(timeout=0.1)
2142 self.assertIsNone(rep)
2143 self.assertIsConnected()
2144
2145 def test_first_only_requests(self):
2146 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2147 fault_2nd=True)
2148
2149 def test_none_only_requests(self):
2150 return self._test_same_requests(pfc_flags=0, fault_1st=True)
2151
2152 def test_last_only_requests(self):
2153 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2154 fault_1st=True)
2155
2156 def test_first_maybe_requests(self):
2157 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2158 dcerpc.DCERPC_PFC_FLAG_MAYBE,
2159 fault_2nd=True)
2160
2161 def test_first_didnot_requests(self):
2162 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2163 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
2164 fault_2nd=True)
2165
2166 def test_first_cmpx_requests(self):
2167 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2168 dcerpc.DCERPC_PFC_FLAG_CONC_MPX,
2169 fault_2nd=True)
2170
2171 def test_first_08_requests(self):
2172 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2173 0x08,
2174 fault_2nd=True)
2175
2176 def test_first_cancel_requests(self):
2177 (ctx, rep, real_stub) = self._get_netlogon_ctx()
2178
2179 # netr_ServerReqChallenge with given flags
2180 req = self.generate_request(call_id = 2,
2181 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2182 dcerpc.DCERPC_PFC_FLAG_PENDING_CANCEL,
2183 context_id=ctx.context_id,
2184 opnum=4,
2185 stub=real_stub)
2186 self.send_pdu(req)
2187 rep = self.recv_pdu()
2188 # We get a fault back
2189 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2190 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2191 dcerpc.DCERPC_PFC_FLAG_LAST |
2192 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
2193 auth_length=0)
2194 self.assertNotEquals(rep.u.alloc_hint, 0)
2195 self.assertEquals(rep.u.context_id, 0)
2196 self.assertEquals(rep.u.cancel_count, 0)
2197 self.assertEquals(rep.u.flags, 0)
2198 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_NO_CALL_ACTIVE)
2199 self.assertEquals(rep.u.reserved, 0)
2200 self.assertEquals(len(rep.u.error_and_verifier), 0)
2201
2202 # wait for a disconnect
2203 rep = self.recv_pdu()
2204 self.assertIsNone(rep)
2205 self.assertNotConnected()
2206
2207 def test_2nd_cancel_requests(self):
2208 (ctx, rep, real_stub) = self._get_netlogon_ctx()
2209
2210 # netr_ServerReqChallenge with given flags
2211 req = self.generate_request(call_id = 2,
2212 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2213 context_id=ctx.context_id,
2214 opnum=4,
2215 stub=real_stub)
2216 self.send_pdu(req)
2217 rep = self.recv_pdu(timeout=0.1)
2218 self.assertIsNone(rep)
2219 self.assertIsConnected()
2220
2221 # netr_ServerReqChallenge with given flags
2222 req = self.generate_request(call_id = 2,
2223 pfc_flags=dcerpc.DCERPC_PFC_FLAG_PENDING_CANCEL,
2224 context_id=ctx.context_id,
2225 opnum=4,
2226 stub=real_stub)
2227 self.send_pdu(req)
2228 rep = self.recv_pdu(timeout=0.1)
2229 self.assertIsNone(rep)
2230 self.assertIsConnected()
2231
2232 # netr_ServerReqChallenge with given flags
2233 req = self.generate_request(call_id = 2,
2234 pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2235 context_id=ctx.context_id,
2236 opnum=4,
2237 stub=real_stub)
2238 self.send_pdu(req)
2239 rep = self.recv_pdu()
2240 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2241 auth_length=0)
2242 self.assertNotEquals(rep.u.alloc_hint, 0)
2243 self.assertEquals(rep.u.context_id, req.u.context_id)
2244 self.assertEquals(rep.u.cancel_count, 0)
2245 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2246
2247 self.assertEquals(len(rep.u.stub_and_verifier), 12)
2248 status = struct.unpack_from("<I", rep.u.stub_and_verifier, len(rep.u.stub_and_verifier) - 4)
2249 self.assertEquals(status[0], 0)
2250
2251 def test_last_cancel_requests(self):
2252 (ctx, rep, real_stub) = self._get_netlogon_ctx()
2253
2254 # netr_ServerReqChallenge with given flags
2255 req = self.generate_request(call_id = 2,
2256 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2257 context_id=ctx.context_id,
2258 opnum=4,
2259 stub=real_stub[:4])
2260 self.send_pdu(req)
2261 rep = self.recv_pdu(timeout=0.1)
2262 self.assertIsNone(rep)
2263 self.assertIsConnected()
2264
2265 # netr_ServerReqChallenge with given flags
2266 req = self.generate_request(call_id = 2,
2267 pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST |
2268 dcerpc.DCERPC_PFC_FLAG_PENDING_CANCEL,
2269 context_id=ctx.context_id,
2270 opnum=4,
2271 stub=real_stub[4:])
2272 self.send_pdu(req)
2273 rep = self.recv_pdu()
2274 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2275 auth_length=0)
2276 self.assertNotEquals(rep.u.alloc_hint, 0)
2277 self.assertEquals(rep.u.context_id, req.u.context_id)
2278 self.assertEquals(rep.u.cancel_count, 0)
2279 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2280
2281 self.assertEquals(len(rep.u.stub_and_verifier), 12)
2282 status = struct.unpack_from("<I", rep.u.stub_and_verifier, len(rep.u.stub_and_verifier) - 4)
2283 self.assertEquals(status[0], 0)
2284
2285 def test_mix_requests(self):
2286 (ctx, rep, real_stub) = self._get_netlogon_ctx()
2287
2288 # netr_ServerReqChallenge with given flags
2289 req = self.generate_request(call_id = 50,
2290 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2291 context_id=ctx.context_id,
2292 opnum=4,
2293 stub=real_stub)
2294 self.send_pdu(req)
2295 rep = self.recv_pdu(timeout=0.1)
2296 self.assertIsNone(rep)
2297 self.assertIsConnected()
2298
2299 # netr_ServerReqChallenge with given flags
2300 req = self.generate_request(call_id = 51,
2301 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2302 context_id=ctx.context_id,
2303 opnum=4,
2304 stub=real_stub)
2305 self.send_pdu(req)
2306 rep = self.recv_pdu()
2307 # We get a fault back
2308 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, 50,
2309 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2310 dcerpc.DCERPC_PFC_FLAG_LAST,
2311 auth_length=0)
2312 self.assertNotEquals(rep.u.alloc_hint, 0)
2313 self.assertEquals(rep.u.context_id, req.u.context_id)
2314 self.assertEquals(rep.u.cancel_count, 0)
2315 self.assertEquals(rep.u.flags, 0)
2316 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2317 self.assertEquals(rep.u.reserved, 0)
2318 self.assertEquals(len(rep.u.error_and_verifier), 0)
2319
2320 def test_co_cancel_no_request(self):
2321 ndr32 = base.transfer_syntax_ndr()
2322 abstract = samba.dcerpc.mgmt.abstract_syntax()
2323 ctx = self.prepare_presentation(abstract, ndr32, context_id=0xff)
2324
2325 req = self.generate_co_cancel(call_id = 3)
2326 self.send_pdu(req)
2327 rep = self.recv_pdu(timeout=0.01)
2328 self.assertIsNone(rep)
2329 self.assertIsConnected()
2330
2331 # And now try a request
2332 req = self.generate_request(call_id = 1,
2333 context_id=ctx.context_id,
2334 opnum=0,
2335 stub="")
2336 self.send_pdu(req)
2337 rep = self.recv_pdu()
2338 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2339 auth_length=0)
2340 self.assertNotEquals(rep.u.alloc_hint, 0)
2341 self.assertEquals(rep.u.context_id, req.u.context_id)
2342 self.assertEquals(rep.u.cancel_count, 0)
2343 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2344
2345 def test_co_cancel_request_after_first(self):
2346 ndr32 = base.transfer_syntax_ndr()
2347 abstract = samba.dcerpc.mgmt.abstract_syntax()
2348 ctx = self.prepare_presentation(abstract, ndr32, context_id=0xff)
2349
2350 req = self.generate_request(call_id = 1,
2351 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2352 context_id=ctx.context_id,
2353 opnum=0,
2354 stub="")
2355 self.send_pdu(req)
2356 rep = self.recv_pdu(timeout=0.01)
2357 self.assertIsNone(rep)
2358 self.assertIsConnected()
2359
2360 req = self.generate_co_cancel(call_id = 1)
2361 self.send_pdu(req)
2362 rep = self.recv_pdu(timeout=0.01)
2363 self.assertIsNone(rep)
2364 self.assertIsConnected()
2365
2366 req = self.generate_request(call_id = 1,
2367 pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2368 context_id=ctx.context_id,
2369 opnum=0,
2370 stub="")
2371 self.send_pdu(req)
2372 rep = self.recv_pdu()
2373 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2374 auth_length=0)
2375 self.assertNotEquals(rep.u.alloc_hint, 0)
2376 self.assertEquals(rep.u.context_id, req.u.context_id)
2377 self.assertEquals(rep.u.cancel_count, 0)
2378 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2379
2380 # And now try a request
2381 req = self.generate_request(call_id = 2,
2382 context_id=ctx.context_id,
2383 opnum=0,
2384 stub="")
2385 self.send_pdu(req)
2386 rep = self.recv_pdu()
2387 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2388 auth_length=0)
2389 self.assertNotEquals(rep.u.alloc_hint, 0)
2390 self.assertEquals(rep.u.context_id, req.u.context_id)
2391 self.assertEquals(rep.u.cancel_count, 0)
2392 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2393
2394 def test_spnego_connect_request(self):
2395 ndr32 = base.transfer_syntax_ndr()
2396
2397 tsf1_list = [ndr32]
2398 ctx1 = dcerpc.ctx_list()
2399 ctx1.context_id = 1
2400 ctx1.num_transfer_syntaxes = len(tsf1_list)
2401 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2402 ctx1.transfer_syntaxes = tsf1_list
2403 ctx_list = [ctx1]
2404
2405 c = self.get_anon_creds()
2406 g = gensec.Security.start_client(self.settings)
2407 g.set_credentials(c)
2408 g.want_feature(gensec.FEATURE_DCE_STYLE)
2409 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2410 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
2411 auth_context_id = 2
2412 g.start_mech_by_authtype(auth_type, auth_level)
2413 from_server = ""
2414 (finished, to_server) = g.update(from_server)
2415 self.assertFalse(finished)
2416
2417 auth_info = self.generate_auth(auth_type=auth_type,
2418 auth_level=auth_level,
2419 auth_context_id=auth_context_id,
2420 auth_blob=to_server)
2421
2422 req = self.generate_bind(call_id=0,
2423 ctx_list=ctx_list,
2424 auth_info=auth_info)
2425
2426 self.send_pdu(req)
2427 rep = self.recv_pdu()
2428 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2429 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2430 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2431 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2432 self.assertEquals(rep.u.secondary_address_size, 4)
2433 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
2434 self.assertEquals(len(rep.u._pad1), 2)
2435 self.assertEquals(rep.u._pad1, '\0' * 2)
2436 self.assertEquals(rep.u.num_results, 1)
2437 self.assertEquals(rep.u.ctx_list[0].result,
2438 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2439 self.assertEquals(rep.u.ctx_list[0].reason,
2440 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2441 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2442 self.assertNotEquals(len(rep.u.auth_info), 0)
2443 a = self.parse_auth(rep.u.auth_info)
2444
2445 from_server = a.credentials
2446 (finished, to_server) = g.update(from_server)
2447 self.assertFalse(finished)
2448
2449 auth_info = self.generate_auth(auth_type=auth_type,
2450 auth_level=auth_level,
2451 auth_context_id=auth_context_id,
2452 auth_blob=to_server)
2453
2454 req = self.generate_alter(call_id=0,
2455 ctx_list=ctx_list,
2456 assoc_group_id=rep.u.assoc_group_id,
2457 auth_info=auth_info)
2458
2459 self.send_pdu(req)
2460 rep = self.recv_pdu()
2461 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
2462 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2463 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2464 self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2465 self.assertEquals(rep.u.secondary_address_size, 0)
2466 self.assertEquals(len(rep.u._pad1), 2)
2467 # Windows sends garbage
2468 #self.assertEquals(rep.u._pad1, '\0' * 2)
2469 self.assertEquals(rep.u.num_results, 1)
2470 self.assertEquals(rep.u.ctx_list[0].result,
2471 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2472 self.assertEquals(rep.u.ctx_list[0].reason,
2473 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2474 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2475 self.assertNotEquals(len(rep.u.auth_info), 0)
2476 a = self.parse_auth(rep.u.auth_info)
2477
2478 from_server = a.credentials
2479 (finished, to_server) = g.update(from_server)
2480 self.assertTrue(finished)
2481
2482 # And now try a request without auth_info
2483 req = self.generate_request(call_id = 2,
2484 context_id=ctx1.context_id,
2485 opnum=0,
2486 stub="")
2487 self.send_pdu(req)
2488 rep = self.recv_pdu()
2489 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2490 auth_length=0)
2491 self.assertNotEquals(rep.u.alloc_hint, 0)
2492 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2493 self.assertEquals(rep.u.cancel_count, 0)
2494 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2495
2496 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
2497 auth_info = self.generate_auth(auth_type=auth_type,
2498 auth_level=auth_level,
2499 auth_context_id=auth_context_id,
2500 auth_blob="\x01"+"\x00"*15)
2501 req = self.generate_request(call_id = 3,
2502 context_id=ctx1.context_id,
2503 opnum=0,
2504 stub="",
2505 auth_info=auth_info)
2506 self.send_pdu(req)
2507 rep = self.recv_pdu()
2508 # We don't get an auth_info back
2509 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2510 auth_length=0)
2511 self.assertNotEquals(rep.u.alloc_hint, 0)
2512 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2513 self.assertEquals(rep.u.cancel_count, 0)
2514 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2515
2516 # Now a request with auth_info DCERPC_AUTH_LEVEL_INTEGRITY
2517 auth_info = self.generate_auth(auth_type=auth_type,
2518 auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
2519 auth_context_id=auth_context_id,
2520 auth_blob="\x01"+"\x00"*15)
2521 req = self.generate_request(call_id = 4,
2522 context_id=ctx1.context_id,
2523 opnum=0,
2524 stub="",
2525 auth_info=auth_info)
2526 self.send_pdu(req)
2527 rep = self.recv_pdu()
2528 # We get a fault back
2529 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2530 auth_length=0)
2531 self.assertNotEquals(rep.u.alloc_hint, 0)
2532 self.assertEquals(rep.u.context_id, req.u.context_id)
2533 self.assertEquals(rep.u.cancel_count, 0)
2534 self.assertEquals(rep.u.flags, 0)
2535 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2536 self.assertEquals(rep.u.reserved, 0)
2537 self.assertEquals(len(rep.u.error_and_verifier), 0)
2538
2539 # wait for a disconnect
2540 rep = self.recv_pdu()
2541 self.assertIsNone(rep)
2542 self.assertNotConnected()
2543
2544 def test_spnego_integrity_request(self):
2545 ndr32 = base.transfer_syntax_ndr()
2546
2547 tsf1_list = [ndr32]
2548 ctx1 = dcerpc.ctx_list()
2549 ctx1.context_id = 1
2550 ctx1.num_transfer_syntaxes = len(tsf1_list)
2551 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2552 ctx1.transfer_syntaxes = tsf1_list
2553 ctx_list = [ctx1]
2554
2555 c = self.get_anon_creds()
2556 g = gensec.Security.start_client(self.settings)
2557 g.set_credentials(c)
2558 g.want_feature(gensec.FEATURE_DCE_STYLE)
2559 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2560 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
2561 auth_context_id = 2
2562 g.start_mech_by_authtype(auth_type, auth_level)
2563 from_server = ""
2564 (finished, to_server) = g.update(from_server)
2565 self.assertFalse(finished)
2566
2567 auth_info = self.generate_auth(auth_type=auth_type,
2568 auth_level=auth_level,
2569 auth_context_id=auth_context_id,
2570 auth_blob=to_server)
2571
2572 req = self.generate_bind(call_id=0,
2573 ctx_list=ctx_list,
2574 auth_info=auth_info)
2575
2576 self.send_pdu(req)
2577 rep = self.recv_pdu()
2578 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2579 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2580 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2581 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2582 self.assertEquals(rep.u.secondary_address_size, 4)
2583 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
2584 self.assertEquals(len(rep.u._pad1), 2)
2585 self.assertEquals(rep.u._pad1, '\0' * 2)
2586 self.assertEquals(rep.u.num_results, 1)
2587 self.assertEquals(rep.u.ctx_list[0].result,
2588 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2589 self.assertEquals(rep.u.ctx_list[0].reason,
2590 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2591 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2592 self.assertNotEquals(len(rep.u.auth_info), 0)
2593 a = self.parse_auth(rep.u.auth_info)
2594
2595 from_server = a.credentials
2596 (finished, to_server) = g.update(from_server)
2597 self.assertFalse(finished)
2598
2599 auth_info = self.generate_auth(auth_type=auth_type,
2600 auth_level=auth_level,
2601 auth_context_id=auth_context_id,
2602 auth_blob=to_server)
2603
2604 req = self.generate_alter(call_id=0,
2605 ctx_list=ctx_list,
2606 assoc_group_id=rep.u.assoc_group_id,
2607 auth_info=auth_info)
2608
2609 self.send_pdu(req)
2610 rep = self.recv_pdu()
2611 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
2612 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2613 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2614 self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2615 self.assertEquals(rep.u.secondary_address_size, 0)
2616 self.assertEquals(len(rep.u._pad1), 2)
2617 # Windows sends garbage
2618 #self.assertEquals(rep.u._pad1, '\0' * 2)
2619 self.assertEquals(rep.u.num_results, 1)
2620 self.assertEquals(rep.u.ctx_list[0].result,
2621 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2622 self.assertEquals(rep.u.ctx_list[0].reason,
2623 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2624 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2625 self.assertNotEquals(len(rep.u.auth_info), 0)
2626 a = self.parse_auth(rep.u.auth_info)
2627
2628 from_server = a.credentials
2629 (finished, to_server) = g.update(from_server)
2630 self.assertTrue(finished)
2631
2632 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
2633 auth_info = self.generate_auth(auth_type=auth_type,
2634 auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
2635 auth_context_id=auth_context_id,
2636 auth_blob="\x01"+"\x00"*15)
2637 req = self.generate_request(call_id = 3,
2638 context_id=ctx1.context_id,
2639 opnum=0,
2640 stub="",
2641 auth_info=auth_info)
2642 self.send_pdu(req)
2643 rep = self.recv_pdu()
2644 # We get a fault back
2645 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2646 auth_length=0)
2647 self.assertNotEquals(rep.u.alloc_hint, 0)
2648 self.assertEquals(rep.u.context_id, req.u.context_id)
2649 self.assertEquals(rep.u.cancel_count, 0)
2650 self.assertEquals(rep.u.flags, 0)
2651 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2652 self.assertEquals(rep.u.reserved, 0)
2653 self.assertEquals(len(rep.u.error_and_verifier), 0)
2654
2655 # wait for a disconnect
2656 rep = self.recv_pdu()
2657 self.assertIsNone(rep)
2658 self.assertNotConnected()
2659
2660 def test_spnego_unfinished_request(self):
2661 ndr32 = base.transfer_syntax_ndr()
2662
2663 tsf1_list = [ndr32]
2664 ctx1 = dcerpc.ctx_list()
2665 ctx1.context_id = 1
2666 ctx1.num_transfer_syntaxes = len(tsf1_list)
2667 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2668 ctx1.transfer_syntaxes = tsf1_list
2669 ctx_list = [ctx1]
2670
2671 c = self.get_anon_creds()
2672 g = gensec.Security.start_client(self.settings)
2673 g.set_credentials(c)
2674 g.want_feature(gensec.FEATURE_DCE_STYLE)
2675 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2676 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
2677 auth_context_id = 2
2678 g.start_mech_by_authtype(auth_type, auth_level)
2679 from_server = ""
2680 (finished, to_server) = g.update(from_server)
2681 self.assertFalse(finished)
2682
2683 auth_info = self.generate_auth(auth_type=auth_type,
2684 auth_level=auth_level,
2685 auth_context_id=auth_context_id,
2686 auth_blob=to_server)
2687
2688 req = self.generate_bind(call_id=0,
2689 ctx_list=ctx_list,
2690 auth_info=auth_info)
2691
2692 self.send_pdu(req)
2693 rep = self.recv_pdu()
2694 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2695 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2696 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2697 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2698 assoc_group_id = rep.u.assoc_group_id
2699 self.assertEquals(rep.u.secondary_address_size, 4)
2700 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
2701 self.assertEquals(len(rep.u._pad1), 2)
2702 self.assertEquals(rep.u._pad1, '\0' * 2)
2703 self.assertEquals(rep.u.num_results, 1)
2704 self.assertEquals(rep.u.ctx_list[0].result,
2705 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2706 self.assertEquals(rep.u.ctx_list[0].reason,
2707 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2708 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2709 self.assertNotEquals(len(rep.u.auth_info), 0)
2710 a = self.parse_auth(rep.u.auth_info)
2711
2712 from_server = a.credentials
2713 (finished, to_server) = g.update(from_server)
2714 self.assertFalse(finished)
2715
2716 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
2717 auth_info = self.generate_auth(auth_type=auth_type,
2718 auth_level=auth_level,
2719 auth_context_id=auth_context_id,
2720 auth_blob="\x01"+"\x00"*15)
2721 req = self.generate_request(call_id = 1,
2722 context_id=ctx1.context_id,
2723 opnum=0,
2724 stub="",
2725 auth_info=auth_info)
2726 self.send_pdu(req)
2727 rep = self.recv_pdu()
2728 # We get a fault
2729 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2730 pfc_flags=req.pfc_flags |
2731 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
2732 auth_length=0)
2733 self.assertNotEquals(rep.u.alloc_hint, 0)
2734 self.assertEquals(rep.u.context_id, 0)
2735 self.assertEquals(rep.u.cancel_count, 0)
2736 self.assertEquals(rep.u.flags, 0)
2737 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2738 self.assertEquals(rep.u.reserved, 0)
2739 self.assertEquals(len(rep.u.error_and_verifier), 0)
2740
2741 # wait for a disconnect
2742 rep = self.recv_pdu()
2743 self.assertIsNone(rep)
2744 self.assertNotConnected()
2745
2746 def test_spnego_auth3(self):
2747 ndr32 = base.transfer_syntax_ndr()
2748
2749 tsf1_list = [ndr32]
2750 ctx1 = dcerpc.ctx_list()
2751 ctx1.context_id = 1
2752 ctx1.num_transfer_syntaxes = len(tsf1_list)
2753 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2754 ctx1.transfer_syntaxes = tsf1_list
2755 ctx_list = [ctx1]
2756
2757 c = self.get_anon_creds()
2758 g = gensec.Security.start_client(self.settings)
2759 g.set_credentials(c)
2760 g.want_feature(gensec.FEATURE_DCE_STYLE)
2761 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2762 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
2763 auth_context_id = 2
2764 g.start_mech_by_authtype(auth_type, auth_level)
2765 from_server = ""
2766 (finished, to_server) = g.update(from_server)
2767 self.assertFalse(finished)
2768
2769 auth_info = self.generate_auth(auth_type=auth_type,
2770 auth_level=auth_level,
2771 auth_context_id=auth_context_id,
2772 auth_blob=to_server)
2773 req = self.generate_bind(call_id=0,
2774 ctx_list=ctx_list,
2775 auth_info=auth_info)
2776 self.send_pdu(req)
2777 rep = self.recv_pdu()
2778 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2779 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2780 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2781 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2782 self.assertEquals(rep.u.secondary_address_size, 4)
2783 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
2784 self.assertEquals(len(rep.u._pad1), 2)
2785 #self.assertEquals(rep.u._pad1, '\0' * 2)
2786 self.assertEquals(rep.u.num_results, 1)
2787 self.assertEquals(rep.u.ctx_list[0].result,
2788 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2789 self.assertEquals(rep.u.ctx_list[0].reason,
2790 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2791 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2792 self.assertNotEquals(len(rep.u.auth_info), 0)
2793 a = self.parse_auth(rep.u.auth_info)
2794
2795 from_server = a.credentials
2796 (finished, to_server) = g.update(from_server)
2797 self.assertFalse(finished)
2798
2799 auth_info = self.generate_auth(auth_type=auth_type,
2800 auth_level=auth_level,
2801 auth_context_id=auth_context_id,
2802 auth_blob=to_server)
2803 req = self.generate_auth3(call_id=0,
2804 auth_info=auth_info)
2805 self.send_pdu(req)
2806 rep = self.recv_pdu()
2807 self.assertIsNone(rep)
2808 self.assertIsConnected()
2809
2810 # And now try a request without auth_info
2811 req = self.generate_request(call_id = 2,
2812 context_id=ctx1.context_id,
2813 opnum=0,
2814 stub="")
2815 self.send_pdu(req)
2816 rep = self.recv_pdu()
2817 # We get a fault back
2818 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2819 auth_length=0)
2820 self.assertNotEquals(rep.u.alloc_hint, 0)
2821 self.assertEquals(rep.u.context_id, req.u.context_id)
2822 self.assertEquals(rep.u.cancel_count, 0)
2823 self.assertEquals(rep.u.flags, 0)
2824 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2825 self.assertEquals(rep.u.reserved, 0)
2826 self.assertEquals(len(rep.u.error_and_verifier), 0)
2827
2828 # wait for a disconnect
2829 rep = self.recv_pdu()
2830 self.assertIsNone(rep)
2831 self.assertNotConnected()
2832
2833 def test_spnego_connect_reauth_alter(self):
2834 ndr32 = base.transfer_syntax_ndr()
2835 ndr64 = base.transfer_syntax_ndr64()
2836
2837 tsf1_list = [ndr32]
2838 ctx1 = dcerpc.ctx_list()
2839 ctx1.context_id = 1
2840 ctx1.num_transfer_syntaxes = len(tsf1_list)
2841 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2842 ctx1.transfer_syntaxes = tsf1_list
2843 ctx_list = [ctx1]
2844
2845 c = self.get_anon_creds()
2846 g = gensec.Security.start_client(self.settings)
2847 g.set_credentials(c)
2848 g.want_feature(gensec.FEATURE_DCE_STYLE)
2849 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2850 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
2851 auth_context_id = 2
2852 g.start_mech_by_authtype(auth_type, auth_level)
2853 from_server = ""
2854 (finished, to_server) = g.update(from_server)
2855 self.assertFalse(finished)
2856
2857 auth_info = self.generate_auth(auth_type=auth_type,
2858 auth_level=auth_level,
2859 auth_context_id=auth_context_id,
2860 auth_blob=to_server)
2861
2862 req = self.generate_bind(call_id=0,
2863 ctx_list=ctx_list,
2864 auth_info=auth_info)
2865
2866 self.send_pdu(req)
2867 rep = self.recv_pdu()
2868 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2869 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2870 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2871 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2872 self.assertEquals(rep.u.secondary_address_size, 4)
2873 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
2874 self.assertEquals(len(rep.u._pad1), 2)
2875 self.assertEquals(rep.u._pad1, '\0' * 2)
2876 self.assertEquals(rep.u.num_results, 1)
2877 self.assertEquals(rep.u.ctx_list[0].result,
2878 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2879 self.assertEquals(rep.u.ctx_list[0].reason,
2880 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2881 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2882 self.assertNotEquals(len(rep.u.auth_info), 0)
2883 a = self.parse_auth(rep.u.auth_info)
2884
2885 from_server = a.credentials
2886 (finished, to_server) = g.update(from_server)
2887 self.assertFalse(finished)
2888
2889 auth_info = self.generate_auth(auth_type=auth_type,
2890 auth_level=auth_level,
2891 auth_context_id=auth_context_id,
2892 auth_blob=to_server)
2893 req = self.generate_alter(call_id=0,
2894 ctx_list=[ctx1],
2895 assoc_group_id=rep.u.assoc_group_id,
2896 auth_info=auth_info)
2897 self.send_pdu(req)
2898 rep = self.recv_pdu()
2899 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
2900 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2901 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2902 self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2903 self.assertEquals(rep.u.secondary_address_size, 0)
2904 self.assertEquals(len(rep.u._pad1), 2)
2905 # Windows sends garbage
2906 #self.assertEquals(rep.u._pad1, '\0' * 2)
2907 self.assertEquals(rep.u.num_results, 1)
2908 self.assertEquals(rep.u.ctx_list[0].result,
2909 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2910 self.assertEquals(rep.u.ctx_list[0].reason,
2911 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2912 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2913 self.assertNotEquals(len(rep.u.auth_info), 0)
2914 a = self.parse_auth(rep.u.auth_info)
2915
2916 from_server = a.credentials
2917 (finished, to_server) = g.update(from_server)
2918 self.assertTrue(finished)
2919
2920 # And now try a request without auth_info
2921 req = self.generate_request(call_id = 2,
2922 context_id=ctx1.context_id,
2923 opnum=0,
2924 stub="")
2925 self.send_pdu(req)
2926 rep = self.recv_pdu()
2927 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2928 auth_length=0)
2929 self.assertNotEquals(rep.u.alloc_hint, 0)
2930 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
2931 self.assertEquals(rep.u.cancel_count, 0)
2932 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2933
2934 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
2935 auth_info = self.generate_auth(auth_type=auth_type,
2936 auth_level=auth_level,
2937 auth_context_id=auth_context_id,
2938 auth_blob="\x01"+"\x00"*15)
2939 req = self.generate_request(call_id = 3,
2940 context_id=ctx1.context_id,
2941 opnum=0,
2942 stub="",
2943 auth_info=auth_info)
2944 self.send_pdu(req)
2945 rep = self.recv_pdu()
2946 # We don't get an auth_info back
2947 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2948 auth_length=0)
2949 self.assertNotEquals(rep.u.alloc_hint, 0)
2950 self.assertEquals(rep.u.context_id, req.u.context_id)
2951 self.assertEquals(rep.u.cancel_count, 0)
2952 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2953
2954 # Now a reauth
2955
2956 g = gensec.Security.start_client(self.settings)
2957 g.set_credentials(c)
2958 g.want_feature(gensec.FEATURE_DCE_STYLE)
2959 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2960 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
2961 auth_context_id = 2
2962 g.start_mech_by_authtype(auth_type, auth_level)
2963 from_server = ""
2964 (finished, to_server) = g.update(from_server)
2965 self.assertFalse(finished)
2966
2967 auth_info = self.generate_auth(auth_type=auth_type,
2968 auth_level=auth_level,
2969 auth_context_id=auth_context_id,
2970 auth_blob=to_server)
2971 req = self.generate_alter(call_id=0,
2972 ctx_list=ctx_list,
2973 auth_info=auth_info)
2974 self.send_pdu(req)
2975 rep = self.recv_pdu()
2976 # We get a fault
2977 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2978 pfc_flags=req.pfc_flags |
2979 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
2980 auth_length=0)
2981 self.assertNotEquals(rep.u.alloc_hint, 0)
2982 self.assertEquals(rep.u.context_id, 0)
2983 self.assertEquals(rep.u.cancel_count, 0)
2984 self.assertEquals(rep.u.flags, 0)
2985 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2986 self.assertEquals(rep.u.reserved, 0)
2987 self.assertEquals(len(rep.u.error_and_verifier), 0)
2988
2989 # wait for a disconnect
2990 rep = self.recv_pdu()
2991 self.assertIsNone(rep)
2992 self.assertNotConnected()
2993
2994 def test_spnego_connect_reauth_auth3(self):
2995 ndr32 = base.transfer_syntax_ndr()
2996 ndr64 = base.transfer_syntax_ndr64()
2997
2998 tsf1_list = [ndr32]
2999 ctx1 = dcerpc.ctx_list()
3000 ctx1.context_id = 1
3001 ctx1.num_transfer_syntaxes = len(tsf1_list)
3002 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3003 ctx1.transfer_syntaxes = tsf1_list
3004 ctx_list = [ctx1]
3005
3006 c = self.get_anon_creds()
3007 g = gensec.Security.start_client(self.settings)
3008 g.set_credentials(c)
3009 g.want_feature(gensec.FEATURE_DCE_STYLE)
3010 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3011 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3012 auth_context_id = 2
3013 g.start_mech_by_authtype(auth_type, auth_level)
3014 from_server = ""
3015 (finished, to_server) = g.update(from_server)
3016 self.assertFalse(finished)
3017
3018 auth_info = self.generate_auth(auth_type=auth_type,
3019 auth_level=auth_level,
3020 auth_context_id=auth_context_id,
3021 auth_blob=to_server)
3022
3023 req = self.generate_bind(call_id=0,
3024 ctx_list=ctx_list,
3025 auth_info=auth_info)
3026
3027 self.send_pdu(req)
3028 rep = self.recv_pdu()
3029 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3030 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3031 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3032 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3033 self.assertEquals(rep.u.secondary_address_size, 4)
3034 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3035 self.assertEquals(len(rep.u._pad1), 2)
3036 self.assertEquals(rep.u._pad1, '\0' * 2)
3037 self.assertEquals(rep.u.num_results, 1)
3038 self.assertEquals(rep.u.ctx_list[0].result,
3039 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3040 self.assertEquals(rep.u.ctx_list[0].reason,
3041 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3042 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3043 self.assertNotEquals(len(rep.u.auth_info), 0)
3044 a = self.parse_auth(rep.u.auth_info)
3045
3046 from_server = a.credentials
3047 (finished, to_server) = g.update(from_server)
3048 self.assertFalse(finished)
3049
3050 auth_info = self.generate_auth(auth_type=auth_type,
3051 auth_level=auth_level,
3052 auth_context_id=auth_context_id,
3053 auth_blob=to_server)
3054 req = self.generate_alter(call_id=0,
3055 ctx_list=[ctx1],
3056 assoc_group_id=rep.u.assoc_group_id,
3057 auth_info=auth_info)
3058 self.send_pdu(req)
3059 rep = self.recv_pdu()
3060 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
3061 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3062 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3063 self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3064 self.assertEquals(rep.u.secondary_address_size, 0)
3065 self.assertEquals(len(rep.u._pad1), 2)
3066 # Windows sends garbage
3067 #self.assertEquals(rep.u._pad1, '\0' * 2)
3068 self.assertEquals(rep.u.num_results, 1)
3069 self.assertEquals(rep.u.ctx_list[0].result,
3070 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3071 self.assertEquals(rep.u.ctx_list[0].reason,
3072 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3073 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3074 self.assertNotEquals(len(rep.u.auth_info), 0)
3075 a = self.parse_auth(rep.u.auth_info)
3076
3077 from_server = a.credentials
3078 (finished, to_server) = g.update(from_server)
3079 self.assertTrue(finished)
3080
3081 # And now try a request without auth_info
3082 req = self.generate_request(call_id = 2,
3083 context_id=ctx1.context_id,
3084 opnum=0,
3085 stub="")
3086 self.send_pdu(req)
3087 rep = self.recv_pdu()
3088 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3089 auth_length=0)
3090 self.assertNotEquals(rep.u.alloc_hint, 0)
3091 self.assertEquals(rep.u.context_id, req.u.context_id)
3092 self.assertEquals(rep.u.cancel_count, 0)
3093 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3094
3095 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
3096 auth_info = self.generate_auth(auth_type=auth_type,
3097 auth_level=auth_level,
3098 auth_context_id=auth_context_id,
3099 auth_blob="\x01"+"\x00"*15)
3100 req = self.generate_request(call_id = 3,
3101 context_id=ctx1.context_id,
3102 opnum=0,
3103 stub="",
3104 auth_info=auth_info)
3105 self.send_pdu(req)
3106 rep = self.recv_pdu()
3107 # We don't get an auth_info back
3108 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3109 auth_length=0)
3110 self.assertNotEquals(rep.u.alloc_hint, 0)
3111 self.assertEquals(rep.u.context_id, req.u.context_id)
3112 self.assertEquals(rep.u.cancel_count, 0)
3113 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3114
3115 # Now a reauth
3116
3117 g = gensec.Security.start_client(self.settings)
3118 g.set_credentials(c)
3119 g.want_feature(gensec.FEATURE_DCE_STYLE)
3120 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3121 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3122 auth_context_id = 2
3123 g.start_mech_by_authtype(auth_type, auth_level)
3124 from_server = ""
3125 (finished, to_server) = g.update(from_server)
3126 self.assertFalse(finished)
3127
3128 auth_info = self.generate_auth(auth_type=auth_type,
3129 auth_level=auth_level,
3130 auth_context_id=auth_context_id,
3131 auth_blob=to_server)
3132 req = self.generate_auth3(call_id=0,
3133 auth_info=auth_info)
3134 self.send_pdu(req)
3135 rep = self.recv_pdu()
3136 # We get a fault
3137 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3138 pfc_flags=req.pfc_flags |
3139 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3140 auth_length=0)
3141 self.assertNotEquals(rep.u.alloc_hint, 0)
3142 self.assertEquals(rep.u.context_id, 0)
3143 self.assertEquals(rep.u.cancel_count, 0)
3144 self.assertEquals(rep.u.flags, 0)
3145 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
3146 self.assertEquals(rep.u.reserved, 0)
3147 self.assertEquals(len(rep.u.error_and_verifier), 0)
3148
3149 # wait for a disconnect
3150 rep = self.recv_pdu()
3151 self.assertIsNone(rep)
3152 self.assertNotConnected()
3153
3154 def test_spnego_change_auth_level(self):
3155 ndr32 = base.transfer_syntax_ndr()
3156
3157 tsf1_list = [ndr32]
3158 ctx1 = dcerpc.ctx_list()
3159 ctx1.context_id = 1
3160 ctx1.num_transfer_syntaxes = len(tsf1_list)
3161 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3162 ctx1.transfer_syntaxes = tsf1_list
3163
3164 c = self.get_anon_creds()
3165 g = gensec.Security.start_client(self.settings)
3166 g.set_credentials(c)
3167 g.want_feature(gensec.FEATURE_DCE_STYLE)
3168 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3169 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3170 auth_context_id = 2
3171 g.start_mech_by_authtype(auth_type, auth_level)
3172 from_server = ""
3173 (finished, to_server) = g.update(from_server)
3174 self.assertFalse(finished)
3175
3176 auth_info = self.generate_auth(auth_type=auth_type,
3177 auth_level=auth_level,
3178 auth_context_id=auth_context_id,
3179 auth_blob=to_server)
3180 req = self.generate_bind(call_id=0,
3181 ctx_list=[ctx1],
3182 auth_info=auth_info)
3183 self.send_pdu(req)
3184 rep = self.recv_pdu()
3185 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3186 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3187 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3188 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3189 self.assertEquals(rep.u.secondary_address_size, 4)
3190 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3191 self.assertEquals(len(rep.u._pad1), 2)
3192 self.assertEquals(rep.u._pad1, '\0' * 2)
3193 self.assertEquals(rep.u.num_results, 1)
3194 self.assertEquals(rep.u.ctx_list[0].result,
3195 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3196 self.assertEquals(rep.u.ctx_list[0].reason,
3197 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3198 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3199 self.assertNotEquals(len(rep.u.auth_info), 0)
3200 a = self.parse_auth(rep.u.auth_info)
3201
3202 from_server = a.credentials
3203 (finished, to_server) = g.update(from_server)
3204 self.assertFalse(finished)
3205
3206 auth_info = self.generate_auth(auth_type=auth_type,
3207 auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
3208 auth_context_id=auth_context_id,
3209 auth_blob=to_server)
3210 req = self.generate_alter(call_id=0,
3211 ctx_list=[ctx1],
3212 assoc_group_id=rep.u.assoc_group_id,
3213 auth_info=auth_info)
3214 self.send_pdu(req)
3215 rep = self.recv_pdu()
3216 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3217 pfc_flags=req.pfc_flags |
3218 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3219 auth_length=0)
3220 self.assertNotEquals(rep.u.alloc_hint, 0)
3221 self.assertEquals(rep.u.context_id, 0)
3222 self.assertEquals(rep.u.cancel_count, 0)
3223 self.assertEquals(rep.u.flags, 0)
3224 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
3225 self.assertEquals(rep.u.reserved, 0)
3226 self.assertEquals(len(rep.u.error_and_verifier), 0)
3227
3228 # wait for a disconnect
3229 rep = self.recv_pdu()
3230 self.assertIsNone(rep)
3231 self.assertNotConnected()
3232
3233 def test_spnego_change_abstract(self):
3234 ndr32 = base.transfer_syntax_ndr()
3235
3236 tsf1_list = [ndr32]
3237 ctx1 = dcerpc.ctx_list()
3238 ctx1.context_id = 1
3239 ctx1.num_transfer_syntaxes = len(tsf1_list)
3240 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3241 ctx1.transfer_syntaxes = tsf1_list
3242
3243 ctx1b = dcerpc.ctx_list()
3244 ctx1b.context_id = 1
3245 ctx1b.num_transfer_syntaxes = len(tsf1_list)
3246 ctx1b.abstract_syntax = samba.dcerpc.epmapper.abstract_syntax()
3247 ctx1b.transfer_syntaxes = tsf1_list
3248
3249 c = self.get_anon_creds()
3250 g = gensec.Security.start_client(self.settings)
3251 g.set_credentials(c)
3252 g.want_feature(gensec.FEATURE_DCE_STYLE)
3253 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3254 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3255 auth_context_id = 2
3256 g.start_mech_by_authtype(auth_type, auth_level)
3257 from_server = ""
3258 (finished, to_server) = g.update(from_server)
3259 self.assertFalse(finished)
3260
3261 auth_info = self.generate_auth(auth_type=auth_type,
3262 auth_level=auth_level,
3263 auth_context_id=auth_context_id,
3264 auth_blob=to_server)
3265 req = self.generate_bind(call_id=0,
3266 ctx_list=[ctx1],
3267 auth_info=auth_info)
3268 self.send_pdu(req)
3269 rep = self.recv_pdu()
3270 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3271 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3272 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3273 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3274 self.assertEquals(rep.u.secondary_address_size, 4)
3275 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3276 self.assertEquals(len(rep.u._pad1), 2)
3277 #self.assertEquals(rep.u._pad1, '\0' * 2)
3278 self.assertEquals(rep.u.num_results, 1)
3279 self.assertEquals(rep.u.ctx_list[0].result,
3280 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3281 self.assertEquals(rep.u.ctx_list[0].reason,
3282 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3283 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3284 self.assertNotEquals(len(rep.u.auth_info), 0)
3285 a = self.parse_auth(rep.u.auth_info)
3286
3287 from_server = a.credentials
3288 (finished, to_server) = g.update(from_server)
3289 self.assertFalse(finished)
3290
3291 auth_info = self.generate_auth(auth_type=auth_type,
3292 auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
3293 auth_context_id=auth_context_id,
3294 auth_blob=to_server)
3295 req = self.generate_alter(call_id=0,
3296 ctx_list=[ctx1b],
3297 assoc_group_id=rep.u.assoc_group_id,
3298 auth_info=auth_info)
3299 self.send_pdu(req)
3300 rep = self.recv_pdu()
3301 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3302 pfc_flags=req.pfc_flags |
3303 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3304 auth_length=0)
3305 self.assertNotEquals(rep.u.alloc_hint, 0)
3306 self.assertEquals(rep.u.context_id, 0)
3307 self.assertEquals(rep.u.cancel_count, 0)
3308 self.assertEquals(rep.u.flags, 0)
3309 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
3310 self.assertEquals(rep.u.reserved, 0)
3311 self.assertEquals(len(rep.u.error_and_verifier), 0)
3312
3313 # wait for a disconnect
3314 rep = self.recv_pdu()
3315 self.assertIsNone(rep)
3316 self.assertNotConnected()
3317
3318 def test_spnego_change_transfer(self):
3319 ndr32 = base.transfer_syntax_ndr()
3320 ndr64 = base.transfer_syntax_ndr64()
3321
3322 tsf1_list = [ndr32]
3323 ctx1 = dcerpc.ctx_list()
3324 ctx1.context_id = 1
3325 ctx1.num_transfer_syntaxes = len(tsf1_list)
3326 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3327 ctx1.transfer_syntaxes = tsf1_list
3328
3329 tsf1b_list = [ndr32,ndr64]
3330 ctx1b = dcerpc.ctx_list()
3331 ctx1b.context_id = 1
3332 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
3333 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3334 ctx1b.transfer_syntaxes = tsf1b_list
3335
3336 c = self.get_anon_creds()
3337 g = gensec.Security.start_client(self.settings)
3338 g.set_credentials(c)
3339 g.want_feature(gensec.FEATURE_DCE_STYLE)
3340 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3341 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3342 auth_context_id = 2
3343 g.start_mech_by_authtype(auth_type, auth_level)
3344 from_server = ""
3345 (finished, to_server) = g.update(from_server)
3346 self.assertFalse(finished)
3347
3348 auth_info = self.generate_auth(auth_type=auth_type,
3349 auth_level=auth_level,
3350 auth_context_id=auth_context_id,
3351 auth_blob=to_server)
3352 req = self.generate_bind(call_id=0,
3353 ctx_list=[ctx1],
3354 auth_info=auth_info)
3355 self.send_pdu(req)
3356 rep = self.recv_pdu()
3357 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3358 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3359 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3360 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3361 self.assertEquals(rep.u.secondary_address_size, 4)
3362 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3363 self.assertEquals(len(rep.u._pad1), 2)
3364 #self.assertEquals(rep.u._pad1, '\0' * 2)
3365 self.assertEquals(rep.u.num_results, 1)
3366 self.assertEquals(rep.u.ctx_list[0].result,
3367 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3368 self.assertEquals(rep.u.ctx_list[0].reason,
3369 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3370 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3371 self.assertNotEquals(len(rep.u.auth_info), 0)
3372 a = self.parse_auth(rep.u.auth_info)
3373
3374 from_server = a.credentials
3375 (finished, to_server) = g.update(from_server)
3376 self.assertFalse(finished)
3377
3378 # We change ctx_list and auth_level
3379 auth_info = self.generate_auth(auth_type=auth_type,
3380 auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
3381 auth_context_id=auth_context_id,
3382 auth_blob=to_server)
3383 req = self.generate_alter(call_id=0,
3384 ctx_list=[ctx1b],
3385 assoc_group_id=rep.u.assoc_group_id,
3386 auth_info=auth_info)
3387 self.send_pdu(req)
3388 rep = self.recv_pdu()
3389 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3390 pfc_flags=req.pfc_flags |
3391 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3392 auth_length=0)
3393 self.assertNotEquals(rep.u.alloc_hint, 0)
3394 self.assertEquals(rep.u.context_id, 0)
3395 self.assertEquals(rep.u.cancel_count, 0)
3396 self.assertEquals(rep.u.flags, 0)
3397 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
3398 self.assertEquals(rep.u.reserved, 0)
3399 self.assertEquals(len(rep.u.error_and_verifier), 0)
3400
3401 # wait for a disconnect
3402 rep = self.recv_pdu()
3403 self.assertIsNone(rep)
3404 self.assertNotConnected()
3405
3406 def test_spnego_change_auth_type1(self):
3407 ndr32 = base.transfer_syntax_ndr()
3408 ndr64 = base.transfer_syntax_ndr64()
3409
3410 tsf1_list = [ndr32]
3411 ctx1 = dcerpc.ctx_list()
3412 ctx1.context_id = 1
3413 ctx1.num_transfer_syntaxes = len(tsf1_list)
3414 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3415 ctx1.transfer_syntaxes = tsf1_list
3416
3417 c = self.get_anon_creds()
3418 g = gensec.Security.start_client(self.settings)
3419 g.set_credentials(c)
3420 g.want_feature(gensec.FEATURE_DCE_STYLE)
3421 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3422 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3423 auth_context_id = 2
3424 g.start_mech_by_authtype(auth_type, auth_level)
3425 from_server = ""
3426 (finished, to_server) = g.update(from_server)
3427 self.assertFalse(finished)
3428
3429 auth_info = self.generate_auth(auth_type=auth_type,
3430 auth_level=auth_level,
3431 auth_context_id=auth_context_id,
3432 auth_blob=to_server)
3433 req = self.generate_bind(call_id=0,
3434 ctx_list=[ctx1],
3435 auth_info=auth_info)
3436 self.send_pdu(req)
3437 rep = self.recv_pdu()
3438 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3439 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3440 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3441 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3442 self.assertEquals(rep.u.secondary_address_size, 4)
3443 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3444 self.assertEquals(len(rep.u._pad1), 2)
3445 #self.assertEquals(rep.u._pad1, '\0' * 2)
3446 self.assertEquals(rep.u.num_results, 1)
3447 self.assertEquals(rep.u.ctx_list[0].result,
3448 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3449 self.assertEquals(rep.u.ctx_list[0].reason,
3450 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3451 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3452 self.assertNotEquals(len(rep.u.auth_info), 0)
3453 a = self.parse_auth(rep.u.auth_info)
3454
3455 from_server = a.credentials
3456 (finished, to_server) = g.update(from_server)
3457 self.assertFalse(finished)
3458
3459 # We change ctx_list and auth_level
3460 auth_info = self.generate_auth(auth_type=dcerpc.DCERPC_AUTH_TYPE_KRB5,
3461 auth_level=auth_level,
3462 auth_context_id=auth_context_id,
3463 auth_blob=to_server)
3464 req = self.generate_alter(call_id=0,
3465 ctx_list=[ctx1],
3466 assoc_group_id=rep.u.assoc_group_id,
3467 auth_info=auth_info)
3468 self.send_pdu(req)
3469 rep = self.recv_pdu()
3470 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3471 pfc_flags=req.pfc_flags |
3472 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3473 auth_length=0)
3474 self.assertNotEquals(rep.u.alloc_hint, 0)
3475 self.assertEquals(rep.u.context_id, 0)
3476 self.assertEquals(rep.u.cancel_count, 0)
3477 self.assertEquals(rep.u.flags, 0)
3478 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
3479 self.assertEquals(rep.u.reserved, 0)
3480 self.assertEquals(len(rep.u.error_and_verifier), 0)
3481
3482 # wait for a disconnect
3483 rep = self.recv_pdu()
3484 self.assertIsNone(rep)
3485 self.assertNotConnected()
3486
3487 def test_spnego_change_auth_type2(self):
3488 ndr32 = base.transfer_syntax_ndr()
3489 ndr64 = base.transfer_syntax_ndr64()
3490
3491 tsf1_list = [ndr32]
3492 ctx1 = dcerpc.ctx_list()
3493 ctx1.context_id = 1
3494 ctx1.num_transfer_syntaxes = len(tsf1_list)
3495 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3496 ctx1.transfer_syntaxes = tsf1_list
3497
3498 tsf1b_list = [ndr32,ndr64]
3499 ctx1b = dcerpc.ctx_list()
3500 ctx1b.context_id = 1
3501 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
3502 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3503 ctx1b.transfer_syntaxes = tsf1b_list
3504
3505 c = self.get_anon_creds()
3506 g = gensec.Security.start_client(self.settings)
3507 g.set_credentials(c)
3508 g.want_feature(gensec.FEATURE_DCE_STYLE)
3509 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3510 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3511 auth_context_id = 2
3512 g.start_mech_by_authtype(auth_type, auth_level)
3513 from_server = ""
3514 (finished, to_server) = g.update(from_server)
3515 self.assertFalse(finished)
3516
3517 auth_info = self.generate_auth(auth_type=auth_type,
3518 auth_level=auth_level,
3519 auth_context_id=auth_context_id,
3520 auth_blob=to_server)
3521 req = self.generate_bind(call_id=0,
3522 ctx_list=[ctx1],
3523 auth_info=auth_info)
3524 self.send_pdu(req)
3525 rep = self.recv_pdu()
3526 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3527 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3528 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3529 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3530 self.assertEquals(rep.u.secondary_address_size, 4)
3531 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3532 self.assertEquals(len(rep.u._pad1), 2)
3533 #self.assertEquals(rep.u._pad1, '\0' * 2)
3534 self.assertEquals(rep.u.num_results, 1)
3535 self.assertEquals(rep.u.ctx_list[0].result,
3536 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3537 self.assertEquals(rep.u.ctx_list[0].reason,
3538 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3539 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3540 self.assertNotEquals(len(rep.u.auth_info), 0)
3541 a = self.parse_auth(rep.u.auth_info)
3542
3543 from_server = a.credentials
3544 (finished, to_server) = g.update(from_server)
3545 self.assertFalse(finished)
3546
3547 # We change ctx_list and auth_level
3548 auth_info = self.generate_auth(auth_type=dcerpc.DCERPC_AUTH_TYPE_KRB5,
3549 auth_level=auth_level,
3550 auth_context_id=auth_context_id,
3551 auth_blob=to_server)
3552 req = self.generate_alter(call_id=0,
3553 ctx_list=[ctx1b],
3554 assoc_group_id=rep.u.assoc_group_id,
3555 auth_info=auth_info)
3556 self.send_pdu(req)
3557 rep = self.recv_pdu()
3558 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3559 pfc_flags=req.pfc_flags |
3560 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3561 auth_length=0)
3562 self.assertNotEquals(rep.u.alloc_hint, 0)
3563 self.assertEquals(rep.u.context_id, 0)
3564 self.assertEquals(rep.u.cancel_count, 0)
3565 self.assertEquals(rep.u.flags, 0)
3566 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
3567 self.assertEquals(rep.u.reserved, 0)
3568 self.assertEquals(len(rep.u.error_and_verifier), 0)
3569
3570 # wait for a disconnect
3571 rep = self.recv_pdu()
3572 self.assertIsNone(rep)
3573 self.assertNotConnected()
3574
3575 def test_spnego_change_auth_type3(self):
3576 ndr32 = base.transfer_syntax_ndr()
3577 ndr64 = base.transfer_syntax_ndr64()
3578
3579 tsf1_list = [ndr32]
3580 ctx1 = dcerpc.ctx_list()
3581 ctx1.context_id = 1
3582 ctx1.num_transfer_syntaxes = len(tsf1_list)
3583 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3584 ctx1.transfer_syntaxes = tsf1_list
3585
3586 tsf1b_list = [ndr32,ndr64]
3587 ctx1b = dcerpc.ctx_list()
3588 ctx1b.context_id = 1
3589 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
3590 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3591 ctx1b.transfer_syntaxes = tsf1b_list
3592
3593 c = self.get_anon_creds()
3594 g = gensec.Security.start_client(self.settings)
3595 g.set_credentials(c)
3596 g.want_feature(gensec.FEATURE_DCE_STYLE)
3597 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3598 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3599 auth_context_id = 2
3600 g.start_mech_by_authtype(auth_type, auth_level)
3601 from_server = ""
3602 (finished, to_server) = g.update(from_server)
3603 self.assertFalse(finished)
3604
3605 auth_info = self.generate_auth(auth_type=auth_type,
3606 auth_level=auth_level,
3607 auth_context_id=auth_context_id,
3608 auth_blob=to_server)
3609 req = self.generate_bind(call_id=0,
3610 ctx_list=[ctx1],
3611 auth_info=auth_info)
3612 self.send_pdu(req)
3613 rep = self.recv_pdu()
3614 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3615 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3616 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3617 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3618 self.assertEquals(rep.u.secondary_address_size, 4)
3619 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3620 self.assertEquals(len(rep.u._pad1), 2)
3621 #self.assertEquals(rep.u._pad1, '\0' * 2)
3622 self.assertEquals(rep.u.num_results, 1)
3623 self.assertEquals(rep.u.ctx_list[0].result,
3624 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3625 self.assertEquals(rep.u.ctx_list[0].reason,
3626 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3627 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3628 self.assertNotEquals(len(rep.u.auth_info), 0)
3629 a = self.parse_auth(rep.u.auth_info)
3630
3631 from_server = a.credentials
3632 (finished, to_server) = g.update(from_server)
3633 self.assertFalse(finished)
3634
3635 # We change ctx_list and auth_level
3636 auth_info = self.generate_auth(auth_type=dcerpc.DCERPC_AUTH_TYPE_NONE,
3637 auth_level=auth_level,
3638 auth_context_id=auth_context_id,
3639 auth_blob=to_server)
3640 req = self.generate_alter(call_id=0,
3641 ctx_list=[ctx1b],
3642 assoc_group_id=rep.u.assoc_group_id,
3643 auth_info=auth_info)
3644 self.send_pdu(req)
3645 rep = self.recv_pdu()
3646 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3647 pfc_flags=req.pfc_flags |
3648 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3649 auth_length=0)
3650 self.assertNotEquals(rep.u.alloc_hint, 0)
3651 self.assertEquals(rep.u.context_id, 0)
3652 self.assertEquals(rep.u.cancel_count, 0)
3653 self.assertEquals(rep.u.flags, 0)
3654 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
3655 self.assertEquals(rep.u.reserved, 0)
3656 self.assertEquals(len(rep.u.error_and_verifier), 0)
3657
3658 # wait for a disconnect
3659 rep = self.recv_pdu()
3660 self.assertIsNone(rep)
3661 self.assertNotConnected()
3662
3663 def test_spnego_auth_pad_ok(self):
3664 ndr32 = base.transfer_syntax_ndr()
3665
3666 tsf1_list = [ndr32]
3667 ctx1 = dcerpc.ctx_list()
3668 ctx1.context_id = 1
3669 ctx1.num_transfer_syntaxes = len(tsf1_list)
3670 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3671 ctx1.transfer_syntaxes = tsf1_list
3672 ctx_list = [ctx1]
3673
3674 c = self.get_anon_creds()
3675 g = gensec.Security.start_client(self.settings)
3676 g.set_credentials(c)
3677 g.want_feature(gensec.FEATURE_DCE_STYLE)
3678 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3679 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3680 auth_context_id = 2
3681 g.start_mech_by_authtype(auth_type, auth_level)
3682 from_server = ""
3683 (finished, to_server) = g.update(from_server)
3684 self.assertFalse(finished)
3685
3686 auth_info = self.generate_auth(auth_type=auth_type,
3687 auth_level=auth_level,
3688 auth_context_id=auth_context_id,
3689 auth_blob=to_server)
3690
3691 req = self.generate_bind(call_id=0,
3692 ctx_list=ctx_list,
3693 auth_info=auth_info)
3694 req_pdu = samba.ndr.ndr_pack(req)
3695
3696 auth_pad_ok = len(req_pdu)
3697 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
3698 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
3699 auth_pad_ok -= len(to_server)
3700
3701 auth_info = self.generate_auth(auth_type=auth_type,
3702 auth_level=auth_level,
3703 auth_context_id=auth_context_id,
3704 auth_pad_length=auth_pad_ok,
3705 auth_blob=to_server)
3706
3707 req = self.generate_bind(call_id=0,
3708 ctx_list=ctx_list,
3709 auth_info=auth_info)
3710 self.send_pdu(req)
3711 rep = self.recv_pdu()
3712 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3713 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3714 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3715 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3716 self.assertEquals(rep.u.secondary_address_size, 4)
3717 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3718 self.assertEquals(len(rep.u._pad1), 2)
3719 #self.assertEquals(rep.u._pad1, '\0' * 2)
3720 self.assertEquals(rep.u.num_results, 1)
3721 self.assertEquals(rep.u.ctx_list[0].result,
3722 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3723 self.assertEquals(rep.u.ctx_list[0].reason,
3724 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3725 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3726 self.assertNotEquals(len(rep.u.auth_info), 0)
3727 a = self.parse_auth(rep.u.auth_info)
3728
3729 from_server = a.credentials
3730 (finished, to_server) = g.update(from_server)
3731 self.assertFalse(finished)
3732
3733 auth_info = self.generate_auth(auth_type=auth_type,
3734 auth_level=auth_level,
3735 auth_context_id=auth_context_id,
3736 auth_blob=to_server)
3737 req = self.generate_alter(call_id=0,
3738 ctx_list=ctx_list,
3739 assoc_group_id=rep.u.assoc_group_id,
3740 auth_info=auth_info)
3741 req_pdu = samba.ndr.ndr_pack(req)
3742
3743 auth_pad_ok = len(req_pdu)
3744 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
3745 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
3746 auth_pad_ok -= len(to_server)
3747 auth_info = self.generate_auth(auth_type=auth_type,
3748 auth_level=auth_level,
3749 auth_context_id=auth_context_id,
3750 auth_pad_length=auth_pad_ok,
3751 auth_blob=to_server)
3752 req = self.generate_alter(call_id=0,
3753 ctx_list=ctx_list,
3754 assoc_group_id=rep.u.assoc_group_id,
3755 auth_info=auth_info)
3756 self.send_pdu(req)
3757 rep = self.recv_pdu()
3758 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
3759 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3760 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3761 self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3762 self.assertEquals(rep.u.secondary_address_size, 0)
3763 self.assertEquals(len(rep.u._pad1), 2)
3764 # Windows sends garbage
3765 #self.assertEquals(rep.u._pad1, '\0' * 2)
3766 self.assertEquals(rep.u.num_results, 1)
3767 self.assertEquals(rep.u.ctx_list[0].result,
3768 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3769 self.assertEquals(rep.u.ctx_list[0].reason,
3770 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3771 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3772 self.assertNotEquals(len(rep.u.auth_info), 0)
3773 a = self.parse_auth(rep.u.auth_info)
3774
3775 from_server = a.credentials
3776 (finished, to_server) = g.update(from_server)
3777 self.assertTrue(finished)
3778
3779 # And now try a request without auth_info
3780 req = self.generate_request(call_id = 2,
3781 context_id=ctx1.context_id,
3782 opnum=0,
3783 stub="")
3784 self.send_pdu(req)
3785 rep = self.recv_pdu()
3786 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3787 auth_length=0)
3788 self.assertNotEquals(rep.u.alloc_hint, 0)
3789 self.assertEquals(rep.u.context_id, req.u.context_id)
3790 self.assertEquals(rep.u.cancel_count, 0)
3791 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3792
3793 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
3794 auth_info = self.generate_auth(auth_type=auth_type,
3795 auth_level=auth_level,
3796 auth_context_id=auth_context_id,
3797 auth_blob="\x01"+"\x00"*15)
3798 req = self.generate_request(call_id = 3,
3799 context_id=ctx1.context_id,
3800 opnum=0,
3801 stub="",
3802 auth_info=auth_info)
3803 self.send_pdu(req)
3804 rep = self.recv_pdu()
3805 # We don't get an auth_info back
3806 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3807 auth_length=0)
3808 self.assertNotEquals(rep.u.alloc_hint, 0)
3809 self.assertEquals(rep.u.context_id, req.u.context_id)
3810 self.assertEquals(rep.u.cancel_count, 0)
3811 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3812
3813 self._disconnect("disconnect")
3814 self.assertNotConnected()
3815
3816 def test_spnego_auth_pad_fail_bind(self):
3817 ndr32 = base.transfer_syntax_ndr()
3818
3819 tsf1_list = [ndr32]
3820 ctx1 = dcerpc.ctx_list()
3821 ctx1.context_id = 1
3822 ctx1.num_transfer_syntaxes = len(tsf1_list)
3823 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3824 ctx1.transfer_syntaxes = tsf1_list
3825 ctx_list = [ctx1]
3826
3827 c = self.get_anon_creds()
3828 g = gensec.Security.start_client(self.settings)
3829 g.set_credentials(c)
3830 g.want_feature(gensec.FEATURE_DCE_STYLE)
3831 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3832 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3833 auth_context_id = 2
3834 g.start_mech_by_authtype(auth_type, auth_level)
3835 from_server = ""
3836 (finished, to_server) = g.update(from_server)
3837 self.assertFalse(finished)
3838
3839 auth_info = self.generate_auth(auth_type=auth_type,
3840 auth_level=auth_level,
3841 auth_context_id=auth_context_id,
3842 auth_blob=to_server)
3843
3844 req = self.generate_bind(call_id=0,
3845 ctx_list=ctx_list,
3846 auth_info=auth_info)
3847 req_pdu = samba.ndr.ndr_pack(req)
3848
3849 auth_pad_ok = len(req_pdu)
3850 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
3851 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
3852 auth_pad_ok -= len(to_server)
3853 auth_pad_bad = auth_pad_ok + 1
3854 auth_info = self.generate_auth(auth_type=auth_type,
3855 auth_level=auth_level,
3856 auth_context_id=auth_context_id,
3857 auth_pad_length=auth_pad_bad,
3858 auth_blob=to_server)
3859
3860 req = self.generate_bind(call_id=0,
3861 ctx_list=ctx_list,
3862 auth_info=auth_info)
3863 self.send_pdu(req)
3864 rep = self.recv_pdu()
3865 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
3866 auth_length=0)
3867 self.assertEquals(rep.u.reject_reason,
3868 dcerpc.DCERPC_BIND_NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED)
3869 self.assertEquals(rep.u.num_versions, 1)
3870 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
3871 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
3872 self.assertEquals(len(rep.u._pad), 3)
3873 self.assertEquals(rep.u._pad, '\0' * 3)
3874
3875 # wait for a disconnect
3876 rep = self.recv_pdu()
3877 self.assertIsNone(rep)
3878 self.assertNotConnected()
3879
3880 def test_spnego_auth_pad_fail_alter(self):
3881 ndr32 = base.transfer_syntax_ndr()
3882
3883 tsf1_list = [ndr32]
3884 ctx1 = dcerpc.ctx_list()
3885 ctx1.context_id = 1
3886 ctx1.num_transfer_syntaxes = len(tsf1_list)
3887 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3888 ctx1.transfer_syntaxes = tsf1_list
3889 ctx_list = [ctx1]
3890
3891 c = self.get_anon_creds()
3892 g = gensec.Security.start_client(self.settings)
3893 g.set_credentials(c)
3894 g.want_feature(gensec.FEATURE_DCE_STYLE)
3895 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3896 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3897 auth_context_id = 2
3898 g.start_mech_by_authtype(auth_type, auth_level)
3899 from_server = ""
3900 (finished, to_server) = g.update(from_server)
3901 self.assertFalse(finished)
3902
3903 auth_info = self.generate_auth(auth_type=auth_type,
3904 auth_level=auth_level,
3905 auth_context_id=auth_context_id,
3906 auth_blob=to_server)
3907
3908 req = self.generate_bind(call_id=0,
3909 ctx_list=ctx_list,
3910 auth_info=auth_info)
3911 req_pdu = samba.ndr.ndr_pack(req)
3912
3913 auth_pad_ok = len(req_pdu)
3914 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
3915 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
3916 auth_pad_ok -= len(to_server)
3917
3918 auth_info = self.generate_auth(auth_type=auth_type,
3919 auth_level=auth_level,
3920 auth_context_id=auth_context_id,
3921 auth_pad_length=auth_pad_ok,
3922 auth_blob=to_server)
3923
3924 req = self.generate_bind(call_id=0,
3925 ctx_list=ctx_list,
3926 auth_info=auth_info)
3927 self.send_pdu(req)
3928 rep = self.recv_pdu()
3929 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3930 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3931 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3932 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3933 self.assertEquals(rep.u.secondary_address_size, 4)
3934 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3935 self.assertEquals(len(rep.u._pad1), 2)
3936 #self.assertEquals(rep.u._pad1, '\0' * 2)
3937 self.assertEquals(rep.u.num_results, 1)
3938 self.assertEquals(rep.u.ctx_list[0].result,
3939 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3940 self.assertEquals(rep.u.ctx_list[0].reason,
3941 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3942 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3943 self.assertNotEquals(len(rep.u.auth_info), 0)
3944 a = self.parse_auth(rep.u.auth_info)
3945
3946 from_server = a.credentials
3947 (finished, to_server) = g.update(from_server)
3948 self.assertFalse(finished)
3949
3950 auth_info = self.generate_auth(auth_type=auth_type,
3951 auth_level=auth_level,
3952 auth_context_id=auth_context_id,
3953 auth_blob=to_server)
3954 req = self.generate_alter(call_id=0,
3955 ctx_list=ctx_list,
3956 assoc_group_id=rep.u.assoc_group_id,
3957 auth_info=auth_info)
3958 req_pdu = samba.ndr.ndr_pack(req)
3959
3960 auth_pad_ok = len(req_pdu)
3961 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
3962 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
3963 auth_pad_ok -= len(to_server)
3964 auth_pad_bad = auth_pad_ok + 1
3965 auth_info = self.generate_auth(auth_type=auth_type,
3966 auth_level=auth_level,
3967 auth_context_id=auth_context_id,
3968 auth_pad_length=auth_pad_bad,
3969 auth_blob=to_server)
3970 req = self.generate_alter(call_id=0,
3971 ctx_list=ctx_list,
3972 assoc_group_id=rep.u.assoc_group_id,
3973 auth_info=auth_info)
3974 self.send_pdu(req)
3975 rep = self.recv_pdu()
3976 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3977 pfc_flags=req.pfc_flags |
3978 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3979 auth_length=0)
3980 self.assertNotEquals(rep.u.alloc_hint, 0)
3981 self.assertEquals(rep.u.context_id, 0)
3982 self.assertEquals(rep.u.cancel_count, 0)
3983 self.assertEquals(rep.u.flags, 0)
3984 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
3985 self.assertEquals(rep.u.reserved, 0)
3986 self.assertEquals(len(rep.u.error_and_verifier), 0)
3987
3988 # wait for a disconnect
3989 rep = self.recv_pdu()
3990 self.assertIsNone(rep)
3991 self.assertNotConnected()
3992
3993 def test_ntlmssp_auth_pad_ok(self):
3994 ndr32 = base.transfer_syntax_ndr()
3995
3996 tsf1_list = [ndr32]
3997 ctx1 = dcerpc.ctx_list()
3998 ctx1.context_id = 1
3999 ctx1.num_transfer_syntaxes = len(tsf1_list)
4000 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4001 ctx1.transfer_syntaxes = tsf1_list
4002 ctx_list = [ctx1]
4003
4004 c = self.get_anon_creds()
4005 g = gensec.Security.start_client(self.settings)
4006 g.set_credentials(c)
4007 g.want_feature(gensec.FEATURE_DCE_STYLE)
4008 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
4009 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
4010 auth_context_id = 2
4011 g.start_mech_by_authtype(auth_type, auth_level)
4012 from_server = ""
4013 (finished, to_server) = g.update(from_server)
4014 self.assertFalse(finished)
4015
4016 auth_info = self.generate_auth(auth_type=auth_type,
4017 auth_level=auth_level,
4018 auth_context_id=auth_context_id,
4019 auth_blob=to_server)
4020
4021 req = self.generate_bind(call_id=0,
4022 ctx_list=ctx_list,
4023 auth_info=auth_info)
4024 req_pdu = samba.ndr.ndr_pack(req)
4025
4026 auth_pad_ok = len(req_pdu)
4027 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
4028 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4029 auth_pad_ok -= len(to_server)
4030
4031 auth_info = self.generate_auth(auth_type=auth_type,
4032 auth_level=auth_level,
4033 auth_context_id=auth_context_id,
4034 auth_pad_length=auth_pad_ok,
4035 auth_blob=to_server)
4036
4037 req = self.generate_bind(call_id=0,
4038 ctx_list=ctx_list,
4039 auth_info=auth_info)
4040 self.send_pdu(req)
4041 rep = self.recv_pdu()
4042 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
4043 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
4044 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
4045 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
4046 self.assertEquals(rep.u.secondary_address_size, 4)
4047 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
4048 self.assertEquals(len(rep.u._pad1), 2)
4049 #self.assertEquals(rep.u._pad1, '\0' * 2)
4050 self.assertEquals(rep.u.num_results, 1)
4051 self.assertEquals(rep.u.ctx_list[0].result,
4052 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
4053 self.assertEquals(rep.u.ctx_list[0].reason,
4054 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
4055 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
4056 self.assertNotEquals(len(rep.u.auth_info), 0)
4057 a = self.parse_auth(rep.u.auth_info)
4058
4059 from_server = a.credentials
4060 (finished, to_server) = g.update(from_server)
4061 self.assertTrue(finished)
4062
4063 auth_pad_ok = 0
4064 auth_info = self.generate_auth(auth_type=auth_type,
4065 auth_level=auth_level,
4066 auth_context_id=auth_context_id,
4067 auth_pad_length=auth_pad_ok,
4068 auth_blob=to_server)
4069 req = self.generate_auth3(call_id=0,
4070 auth_info=auth_info)
4071 self.send_pdu(req)
4072 self.assertIsConnected()
4073
4074 # And now try a request without auth_info
4075 req = self.generate_request(call_id = 2,
4076 context_id=ctx1.context_id,
4077 opnum=0,
4078 stub="")
4079 self.send_pdu(req)
4080 rep = self.recv_pdu()
4081 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4082 auth_length=0)
4083 self.assertNotEquals(rep.u.alloc_hint, 0)
4084 self.assertEquals(rep.u.context_id, req.u.context_id)
4085 self.assertEquals(rep.u.cancel_count, 0)
4086 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4087
4088 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
4089 auth_info = self.generate_auth(auth_type=auth_type,
4090 auth_level=auth_level,
4091 auth_context_id=auth_context_id,
4092 auth_blob="\x01"+"\x00"*15)
4093 req = self.generate_request(call_id = 3,
4094 context_id=ctx1.context_id,
4095 opnum=0,
4096 stub="",
4097 auth_info=auth_info)
4098 self.send_pdu(req)
4099 rep = self.recv_pdu()
4100 # We don't get an auth_info back
4101 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4102 auth_length=0)
4103 self.assertNotEquals(rep.u.alloc_hint, 0)
4104 self.assertEquals(rep.u.context_id, req.u.context_id)
4105 self.assertEquals(rep.u.cancel_count, 0)
4106 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4107
4108 self._disconnect("disconnect")
4109 self.assertNotConnected()
4110
4111 def test_ntlmssp_auth_pad_fail_auth3(self):
4112 ndr32 = base.transfer_syntax_ndr()
4113
4114 tsf1_list = [ndr32]
4115 ctx1 = dcerpc.ctx_list()
4116 ctx1.context_id = 1
4117 ctx1.num_transfer_syntaxes = len(tsf1_list)
4118 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4119 ctx1.transfer_syntaxes = tsf1_list
4120 ctx_list = [ctx1]
4121
4122 c = self.get_anon_creds()
4123 g = gensec.Security.start_client(self.settings)
4124 g.set_credentials(c)
4125 g.want_feature(gensec.FEATURE_DCE_STYLE)
4126 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
4127 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
4128 auth_context_id = 2
4129 g.start_mech_by_authtype(auth_type, auth_level)
4130 from_server = ""
4131 (finished, to_server) = g.update(from_server)
4132 self.assertFalse(finished)
4133
4134 auth_info = self.generate_auth(auth_type=auth_type,
4135 auth_level=auth_level,
4136 auth_context_id=auth_context_id,
4137 auth_blob=to_server)
4138
4139 req = self.generate_bind(call_id=0,
4140 ctx_list=ctx_list,
4141 auth_info=auth_info)
4142 req_pdu = samba.ndr.ndr_pack(req)
4143
4144 auth_pad_ok = len(req_pdu)
4145 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
4146 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4147 auth_pad_ok -= len(to_server)
4148
4149 auth_info = self.generate_auth(auth_type=auth_type,
4150 auth_level=auth_level,
4151 auth_context_id=auth_context_id,
4152 auth_pad_length=auth_pad_ok,
4153 auth_blob=to_server)
4154
4155 req = self.generate_bind(call_id=0,
4156 ctx_list=ctx_list,
4157 auth_info=auth_info)
4158 self.send_pdu(req)
4159 rep = self.recv_pdu()
4160 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
4161 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
4162 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
4163 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
4164 self.assertEquals(rep.u.secondary_address_size, 4)
4165 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
4166 self.assertEquals(len(rep.u._pad1), 2)
4167 #self.assertEquals(rep.u._pad1, '\0' * 2)
4168 self.assertEquals(rep.u.num_results, 1)
4169 self.assertEquals(rep.u.ctx_list[0].result,
4170 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
4171 self.assertEquals(rep.u.ctx_list[0].reason,
4172 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
4173 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
4174 self.assertNotEquals(len(rep.u.auth_info), 0)
4175 a = self.parse_auth(rep.u.auth_info)
4176
4177 from_server = a.credentials
4178 (finished, to_server) = g.update(from_server)
4179 self.assertTrue(finished)
4180
4181 auth_pad_bad = 1
4182 auth_info = self.generate_auth(auth_type=auth_type,
4183 auth_level=auth_level,
4184 auth_context_id=auth_context_id,
4185 auth_pad_length=auth_pad_bad,
4186 auth_blob=to_server)
4187 req = self.generate_auth3(call_id=0,
4188 auth_info=auth_info)
4189 self.send_pdu(req)
4190 rep = self.recv_pdu()
4191 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
4192 pfc_flags=req.pfc_flags |
4193 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
4194 auth_length=0)
4195 self.assertNotEquals(rep.u.alloc_hint, 0)
4196 self.assertEquals(rep.u.context_id, 0)
4197 self.assertEquals(rep.u.cancel_count, 0)
4198 self.assertEquals(rep.u.flags, 0)
4199 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_FAULT_REMOTE_NO_MEMORY)
4200 self.assertEquals(rep.u.reserved, 0)
4201 self.assertEquals(len(rep.u.error_and_verifier), 0)
4202
4203 # wait for a disconnect
4204 rep = self.recv_pdu()
4205 self.assertIsNone(rep)
4206 self.assertNotConnected()
4207
4208 def _test_spnego_bind_auth_level(self, auth_level, auth_context_id, ctx,
4209 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4210 alter_fault=None):
4211 creds = self.get_user_creds()
4212 auth_context = self.get_auth_context_creds(creds=creds,
4213 auth_type=dcerpc.DCERPC_AUTH_TYPE_SPNEGO,
4214 auth_level=auth_level,
4215 auth_context_id=auth_context_id,
4216 g_auth_level=g_auth_level)
4217 if auth_context is None:
4218 return None
4219 ack = self.do_generic_bind(ctx=ctx,
4220 auth_context=auth_context,
4221 alter_fault=alter_fault)
4222 if ack is None:
4223 return None
4224 return auth_context["gensec"]
4225
4226 def _test_spnego_level_bind_nak(self, auth_level,
4227 reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_CHECKSUM):
4228 c = self.get_user_creds()
4229 return self._test_auth_type_level_bind_nak(auth_type=dcerpc.DCERPC_AUTH_TYPE_SPNEGO,
4230 auth_level=auth_level, creds=c, reason=reason)
4231
4232 def _test_spnego_level_bind(self, auth_level,
4233 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4234 alter_fault=None,
4235 request_fault=None,
4236 response_fault_flags=0):
4237 ndr32 = base.transfer_syntax_ndr()
4238
4239 tsf1_list = [ndr32]
4240 ctx1 = dcerpc.ctx_list()
4241 ctx1.context_id = 0x1001
4242 ctx1.num_transfer_syntaxes = len(tsf1_list)
4243 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4244 ctx1.transfer_syntaxes = tsf1_list
4245
4246 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
4247 auth_context_id = 2
4248
4249 g = self._test_spnego_bind_auth_level(auth_level=auth_level,
4250 auth_context_id=auth_context_id,
4251 ctx=ctx1,
4252 g_auth_level=g_auth_level,
4253 alter_fault=alter_fault)
4254
4255 if request_fault is None:
4256 return
4257
4258 self.assertIsNotNone(g)
4259
4260 stub_bin = '\x00' * 17
4261 mod_len = len(stub_bin) % dcerpc.DCERPC_AUTH_PAD_ALIGNMENT
4262 auth_pad_length = 0
4263 if mod_len > 0:
4264 auth_pad_length = dcerpc.DCERPC_AUTH_PAD_ALIGNMENT - mod_len
4265 stub_bin += '\x00' * auth_pad_length
4266
4267 if g_auth_level >= dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY:
4268 sig_size = g.sig_size(len(stub_bin))
4269 else:
4270 sig_size = 16
4271 zero_sig = "\x00"*sig_size
4272
4273 auth_info = self.generate_auth(auth_type=auth_type,
4274 auth_level=auth_level,
4275 auth_pad_length=auth_pad_length,
4276 auth_context_id=auth_context_id,
4277 auth_blob=zero_sig)
4278 req = self.generate_request(call_id = 4,
4279 context_id=ctx1.context_id,
4280 opnum=0xffff,
4281 stub=stub_bin,
4282 auth_info=auth_info)
4283 if g_auth_level >= dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY:
4284 req_blob = samba.ndr.ndr_pack(req)
4285 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4286 ofs_sig = len(req_blob) - req.auth_length
4287 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4288 req_data = req_blob[ofs_stub:ofs_trailer]
4289 req_whole = req_blob[0:ofs_sig]
4290 sig = g.sign_packet(req_data, req_whole)
4291 auth_info = self.generate_auth(auth_type=auth_type,
4292 auth_level=auth_level,
4293 auth_pad_length=auth_pad_length,
4294 auth_context_id=auth_context_id,
4295 auth_blob=sig)
4296 req = self.generate_request(call_id = 4,
4297 context_id=ctx1.context_id,
4298 opnum=0xffff,
4299 stub=stub_bin,
4300 auth_info=auth_info)
4301 self.send_pdu(req)
4302 rep = self.recv_pdu()
4303 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
4304 pfc_flags=req.pfc_flags | response_fault_flags,
4305 auth_length=0)
4306 self.assertNotEquals(rep.u.alloc_hint, 0)
4307 self.assertEquals(rep.u.context_id, ctx1.context_id)
4308 self.assertEquals(rep.u.cancel_count, 0)
4309 self.assertEquals(rep.u.flags, 0)
4310 self.assertEquals(rep.u.status, request_fault)
4311 self.assertEquals(rep.u.reserved, 0)
4312 self.assertEquals(len(rep.u.error_and_verifier), 0)
4313
4314 if response_fault_flags & dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE:
4315 return
4316
4317 # wait for a disconnect
4318 rep = self.recv_pdu()
4319 self.assertIsNone(rep)
4320 self.assertNotConnected()
4321
4322 def test_spnego_none_bind(self):
4323 return self._test_spnego_level_bind_nak(dcerpc.DCERPC_AUTH_LEVEL_NONE,
4324 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
4325
4326 def test_spnego_call_bind(self):
4327 return self._test_spnego_level_bind_nak(dcerpc.DCERPC_AUTH_LEVEL_CALL,
4328 reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_CHECKSUM)
4329
4330 def test_spnego_0_bind(self):
4331 return self._test_spnego_level_bind_nak(0,
4332 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
4333
4334 def test_spnego_7_bind(self):
4335 return self._test_spnego_level_bind_nak(7,
4336 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
4337
4338 def test_spnego_255_bind(self):
4339 return self._test_spnego_level_bind_nak(255,
4340 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
4341
4342 def test_spnego_connect_bind_none(self):
4343 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
4344 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT)
4345
4346 def test_spnego_connect_bind_sign(self):
4347 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
4348 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
4349
4350 def test_spnego_connect_bind_seal(self):
4351 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
4352 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY)
4353
4354 def test_spnego_packet_bind_none(self):
4355 # DCERPC_AUTH_LEVEL_PACKET is handled as alias of
4356 # DCERPC_AUTH_LEVEL_INTEGRITY
4357 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PACKET,
4358 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
4359 request_fault=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
4360
4361 def test_spnego_packet_bind_sign(self):
4362 # DCERPC_AUTH_LEVEL_PACKET is handled as alias of
4363 # DCERPC_AUTH_LEVEL_INTEGRITY
4364 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PACKET,
4365 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4366 request_fault=dcerpc.DCERPC_NCA_S_OP_RNG_ERROR,
4367 response_fault_flags=dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE)
4368
4369 def test_spnego_packet_bind_sign(self):
4370 # DCERPC_AUTH_LEVEL_PACKET is handled as alias of
4371 # DCERPC_AUTH_LEVEL_INTEGRITY
4372 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PACKET,
4373 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
4374 request_fault=dcerpc.DCERPC_NCA_S_OP_RNG_ERROR,
4375 response_fault_flags=dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE)
4376
4377 def test_spnego_integrity_bind_none(self):
4378 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4379 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
4380 request_fault=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
4381
4382 def test_spnego_integrity_bind_sign(self):
4383 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4384 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4385 request_fault=dcerpc.DCERPC_NCA_S_OP_RNG_ERROR,
4386 response_fault_flags=dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE)
4387
4388 def test_spnego_integrity_bind_seal(self):
4389 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4390 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
4391 request_fault=dcerpc.DCERPC_NCA_S_OP_RNG_ERROR,
4392 response_fault_flags=dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE)
4393
4394 def test_spnego_privacy_bind_none(self):
4395 # This fails...
4396 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
4397 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
4398 alter_fault=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
4399
4400 def test_spnego_privacy_bind_sign(self):
4401 # This fails...
4402 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
4403 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
4404 alter_fault=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
4405
4406 def test_spnego_privacy_bind_seal(self):
4407 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
4408 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY)
4409
4410
4411
4412 def _test_spnego_signing_auth_level_request(self, auth_level):
4413 ndr32 = base.transfer_syntax_ndr()
4414
4415 tsf1_list = [ndr32]
4416 ctx1 = dcerpc.ctx_list()
4417 ctx1.context_id = 0x1001
4418 ctx1.num_transfer_syntaxes = len(tsf1_list)
4419 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4420 ctx1.transfer_syntaxes = tsf1_list
4421 ctx_list = [ctx1]
4422
4423 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
4424 auth_context_id = 2
4425
4426 g = self._test_spnego_bind_auth_level(auth_level=auth_level,
4427 auth_context_id=auth_context_id,
4428 ctx=ctx1)
4429
4430 stub_bin = '\x00' * 0
4431 mod_len = len(stub_bin) % dcerpc.DCERPC_AUTH_PAD_ALIGNMENT
4432 auth_pad_length = 0
4433 if mod_len > 0:
4434 auth_pad_length = dcerpc.DCERPC_AUTH_PAD_ALIGNMENT - mod_len
4435 stub_bin += '\x00' * auth_pad_length
4436
4437 sig_size = g.sig_size(len(stub_bin))
4438 zero_sig = "\x00"*sig_size
4439
4440 auth_info = self.generate_auth(auth_type=auth_type,
4441 auth_level=auth_level,
4442 auth_pad_length=auth_pad_length,
4443 auth_context_id=auth_context_id,
4444 auth_blob=zero_sig)
4445 req = self.generate_request(call_id = 3,
4446 context_id=ctx1.context_id,
4447 opnum=0,
4448 stub=stub_bin,
4449 auth_info=auth_info)
4450 req_blob = samba.ndr.ndr_pack(req)
4451 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4452 ofs_sig = len(req_blob) - req.auth_length
4453 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4454 req_data = req_blob[ofs_stub:ofs_trailer]
4455 req_whole = req_blob[0:ofs_sig]
4456 sig = g.sign_packet(req_data, req_whole)
4457 auth_info = self.generate_auth(auth_type=auth_type,
4458 auth_level=auth_level,
4459 auth_pad_length=auth_pad_length,
4460 auth_context_id=auth_context_id,
4461 auth_blob=sig)
4462 req = self.generate_request(call_id = 3,
4463 context_id=ctx1.context_id,
4464 opnum=0,
4465 stub=stub_bin,
4466 auth_info=auth_info)
4467 self.send_pdu(req)
4468 (rep, rep_blob) = self.recv_pdu_raw()
4469 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4470 auth_length=sig_size)
4471 self.assertNotEquals(rep.u.alloc_hint, 0)
4472 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
4473 self.assertEquals(rep.u.cancel_count, 0)
4474 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4475 self.assertEquals(rep.auth_length, sig_size)
4476
4477 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4478 ofs_sig = rep.frag_length - rep.auth_length
4479 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4480 rep_data = rep_blob[ofs_stub:ofs_trailer]
4481 rep_whole = rep_blob[0:ofs_sig]
4482 rep_sig = rep_blob[ofs_sig:]
4483 rep_auth_info_blob = rep_blob[ofs_trailer:]
4484
4485 rep_auth_info = self.parse_auth(rep_auth_info_blob)
4486 self.assertEquals(rep_auth_info.auth_type, auth_type)
4487 self.assertEquals(rep_auth_info.auth_level, auth_level)
4488 # mgmt_inq_if_ids() returns no fixed size results
4489 #self.assertEquals(rep_auth_info.auth_pad_length, 0)
4490 self.assertEquals(rep_auth_info.auth_reserved, 0)
4491 self.assertEquals(rep_auth_info.auth_context_id, auth_context_id)
4492 self.assertEquals(rep_auth_info.credentials, rep_sig)
4493
4494 g.check_packet(rep_data, rep_whole, rep_sig)
4495
4496 stub_bin = '\x00' * 17
4497 mod_len = len(stub_bin) % dcerpc.DCERPC_AUTH_PAD_ALIGNMENT
4498 auth_pad_length = 0
4499 if mod_len > 0:
4500 auth_pad_length = dcerpc.DCERPC_AUTH_PAD_ALIGNMENT - mod_len
4501 stub_bin += '\x00' * auth_pad_length
4502
4503 sig_size = g.sig_size(len(stub_bin))
4504 zero_sig = "\x00"*sig_size
4505
4506 auth_info = self.generate_auth(auth_type=auth_type,
4507 auth_level=auth_level,
4508 auth_pad_length=auth_pad_length,
4509 auth_context_id=auth_context_id,
4510 auth_blob=zero_sig)
4511 req = self.generate_request(call_id = 4,
4512 context_id=ctx1.context_id,
4513 opnum=0xffff,
4514 stub=stub_bin,
4515 auth_info=auth_info)
4516 req_blob = samba.ndr.ndr_pack(req)
4517 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4518 ofs_sig = len(req_blob) - req.auth_length
4519 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4520 req_data = req_blob[ofs_stub:ofs_trailer]
4521 req_whole = req_blob[0:ofs_sig]
4522 sig = g.sign_packet(req_data, req_whole)
4523 auth_info = self.generate_auth(auth_type=auth_type,
4524 auth_level=auth_level,
4525 auth_pad_length=auth_pad_length,
4526 auth_context_id=auth_context_id,
4527 auth_blob=sig)
4528 req = self.generate_request(call_id = 4,
4529 context_id=ctx1.context_id,
4530 opnum=0xffff,
4531 stub=stub_bin,
4532 auth_info=auth_info)
4533 self.send_pdu(req)
4534 rep = self.recv_pdu()
4535 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
4536 pfc_flags=req.pfc_flags |
4537 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
4538 auth_length=0)
4539 self.assertNotEquals(rep.u.alloc_hint, 0)
4540 self.assertEquals(rep.u.context_id, ctx1.context_id)
4541 self.assertEquals(rep.u.cancel_count, 0)
4542 self.assertEquals(rep.u.flags, 0)
4543 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_OP_RNG_ERROR)
4544 self.assertEquals(rep.u.reserved, 0)
4545 self.assertEquals(len(rep.u.error_and_verifier), 0)
4546
4547 stub_bin = '\x00' * 8
4548 mod_len = len(stub_bin) % dcerpc.DCERPC_AUTH_PAD_ALIGNMENT
4549 auth_pad_length = 0
4550 if mod_len > 0:
4551 auth_pad_length = dcerpc.DCERPC_AUTH_PAD_ALIGNMENT - mod_len
4552 stub_bin += '\x00' * auth_pad_length
4553
4554 sig_size = g.sig_size(len(stub_bin))
4555 zero_sig = "\x00"*sig_size
4556
4557 auth_info = self.generate_auth(auth_type=auth_type,
4558 auth_level=auth_level,
4559 auth_pad_length=auth_pad_length,
4560 auth_context_id=auth_context_id,
4561 auth_blob=zero_sig)
4562 req = self.generate_request(call_id = 5,
4563 context_id=ctx1.context_id,
4564 opnum=1,
4565 stub=stub_bin,
4566 auth_info=auth_info)
4567 req_blob = samba.ndr.ndr_pack(req)
4568 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4569 ofs_sig = len(req_blob) - req.auth_length
4570 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4571 req_data = req_blob[ofs_stub:ofs_trailer]
4572 req_whole = req_blob[0:ofs_sig]
4573 sig = g.sign_packet(req_data, req_whole)
4574 auth_info = self.generate_auth(auth_type=auth_type,
4575 auth_level=auth_level,
4576 auth_pad_length=auth_pad_length,
4577 auth_context_id=auth_context_id,
4578 auth_blob=sig)
4579 req = self.generate_request(call_id = 5,
4580 context_id=ctx1.context_id,
4581 opnum=1,
4582 stub=stub_bin,
4583 auth_info=auth_info)
4584 self.send_pdu(req)
4585 (rep, rep_blob) = self.recv_pdu_raw()
4586 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4587 auth_length=sig_size)
4588 self.assertNotEquals(rep.u.alloc_hint, 0)
4589 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
4590 self.assertEquals(rep.u.cancel_count, 0)
4591 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4592 self.assertEquals(rep.auth_length, sig_size)
4593
4594 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4595 ofs_sig = rep.frag_length - rep.auth_length
4596 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4597 rep_data = rep_blob[ofs_stub:ofs_trailer]
4598 rep_whole = rep_blob[0:ofs_sig]
4599 rep_sig = rep_blob[ofs_sig:]
4600 rep_auth_info_blob = rep_blob[ofs_trailer:]
4601
4602 rep_auth_info = self.parse_auth(rep_auth_info_blob)
4603 self.assertEquals(rep_auth_info.auth_type, auth_type)
4604 self.assertEquals(rep_auth_info.auth_level, auth_level)
4605 self.assertEquals(rep_auth_info.auth_pad_length, 4)
4606 self.assertEquals(rep_auth_info.auth_reserved, 0)
4607 self.assertEquals(rep_auth_info.auth_context_id, auth_context_id)
4608 self.assertEquals(rep_auth_info.credentials, rep_sig)
4609
4610 g.check_packet(rep_data, rep_whole, rep_sig)
4611
4612 stub_bin = '\x00' * 8
4613 mod_len = len(stub_bin) % dcerpc.DCERPC_AUTH_PAD_ALIGNMENT
4614 auth_pad_length = 0
4615 if mod_len > 0:
4616 auth_pad_length = dcerpc.DCERPC_AUTH_PAD_ALIGNMENT - mod_len
4617 stub_bin += '\x00' * auth_pad_length
4618
4619 sig_size = g.sig_size(len(stub_bin))
4620 zero_sig = "\x00"*sig_size
4621
4622 auth_info = self.generate_auth(auth_type=auth_type,
4623 auth_level=auth_level,
4624 auth_pad_length=auth_pad_length,
4625 auth_context_id=auth_context_id,
4626 auth_blob=zero_sig)
4627 req = self.generate_request(call_id = 6,
4628 context_id=ctx1.context_id,
4629 opnum=3,
4630 stub=stub_bin,
4631 auth_info=auth_info)
4632 req_blob = samba.ndr.ndr_pack(req)
4633 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4634 ofs_sig = len(req_blob) - req.auth_length
4635 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4636 req_data = req_blob[ofs_stub:ofs_trailer]
4637 req_whole = req_blob[0:ofs_sig]
4638 sig = g.sign_packet(req_data, req_whole)
4639 auth_info = self.generate_auth(auth_type=auth_type,
4640 auth_level=auth_level,
4641 auth_pad_length=auth_pad_length,
4642 auth_context_id=auth_context_id,
4643 auth_blob=sig)
4644 req = self.generate_request(call_id = 6,
4645 context_id=ctx1.context_id,
4646 opnum=3,
4647 stub=stub_bin,
4648 auth_info=auth_info)
4649 self.send_pdu(req)
4650 (rep, rep_blob) = self.recv_pdu_raw()
4651 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4652 auth_length=sig_size)
4653 self.assertNotEquals(rep.u.alloc_hint, 0)
4654 self.assertEquals(rep.u.context_id, req.u.context_id & 0xff)
4655 self.assertEquals(rep.u.cancel_count, 0)
4656 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4657 self.assertEquals(rep.auth_length, sig_size)
4658
4659 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
4660 ofs_sig = rep.frag_length - rep.auth_length
4661 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4662 rep_data = rep_blob[ofs_stub:ofs_trailer]
4663 rep_whole = rep_blob[0:ofs_sig]
4664 rep_sig = rep_blob[ofs_sig:]
4665 rep_auth_info_blob = rep_blob[ofs_trailer:]
4666
4667 rep_auth_info = self.parse_auth(rep_auth_info_blob)
4668 self.assertEquals(rep_auth_info.auth_type, auth_type)
4669 self.assertEquals(rep_auth_info.auth_level, auth_level)
4670 self.assertEquals(rep_auth_info.auth_pad_length, 12)
4671 self.assertEquals(rep_auth_info.auth_reserved, 0)
4672 self.assertEquals(rep_auth_info.auth_context_id, auth_context_id)
4673 self.assertEquals(rep_auth_info.credentials, rep_sig)
4674
4675 g.check_packet(rep_data, rep_whole, rep_sig)
4676
4677 def test_spnego_signing_packet(self):
4678 # DCERPC_AUTH_LEVEL_PACKET is handled as alias of
4679 # DCERPC_AUTH_LEVEL_INTEGRITY
4680 return self._test_spnego_signing_auth_level_request(dcerpc.DCERPC_AUTH_LEVEL_PACKET)
4681
4682 def test_spnego_signing_integrity(self):
4683 return self._test_spnego_signing_auth_level_request(dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
4684
4685
4686 def test_assoc_group_fail1(self):
4687 abstract = samba.dcerpc.mgmt.abstract_syntax()
4688 transfer = base.transfer_syntax_ndr()
4689
4690 tsf1_list = [transfer]
4691 ctx = samba.dcerpc.dcerpc.ctx_list()
4692 ctx.context_id = 1
4693 ctx.num_transfer_syntaxes = len(tsf1_list)
4694 ctx.abstract_syntax = abstract
4695 ctx.transfer_syntaxes = tsf1_list
4696
4697 ack = self.do_generic_bind(ctx=ctx, assoc_group_id=1,
4698 nak_reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
4699 return
4700
4701 def test_assoc_group_fail2(self):
4702 abstract = samba.dcerpc.mgmt.abstract_syntax()
4703 transfer = base.transfer_syntax_ndr()
4704
4705 tsf1_list = [transfer]
4706 ctx = samba.dcerpc.dcerpc.ctx_list()
4707 ctx.context_id = 1
4708 ctx.num_transfer_syntaxes = len(tsf1_list)
4709 ctx.abstract_syntax = abstract
4710 ctx.transfer_syntaxes = tsf1_list
4711
4712 ack = self.do_generic_bind(ctx=ctx)
4713
4714 self._disconnect("test_assoc_group_fail2")
4715 self.connect()
4716
4717 ack2 = self.do_generic_bind(ctx=ctx,assoc_group_id=ack.u.assoc_group_id,
4718 nak_reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
4719 return
4720
4721 def test_assoc_group_diff1(self):
4722 abstract = samba.dcerpc.mgmt.abstract_syntax()
4723 transfer = base.transfer_syntax_ndr()
4724
4725 (ctx1, ack1) = self.prepare_presentation(abstract, transfer,
4726 context_id=1, return_ack=True)
4727
4728 conn2 = self.second_connection()
4729 (ctx2, ack2) = conn2.prepare_presentation(abstract, transfer,
4730 context_id=2, return_ack=True)
4731 self.assertNotEqual(ack2.u.assoc_group_id, ack1.u.assoc_group_id)
4732
4733 return
4734
4735 def test_assoc_group_ok1(self):
4736 abstract = samba.dcerpc.mgmt.abstract_syntax()
4737 transfer = base.transfer_syntax_ndr()
4738
4739 (ctx1, ack1) = self.prepare_presentation(abstract, transfer,
4740 context_id=1, return_ack=True)
4741
4742 conn2 = self.second_connection()
4743 (ctx2, ack2) = conn2.prepare_presentation(abstract, transfer,
4744 assoc_group_id=ack1.u.assoc_group_id,
4745 context_id=2, return_ack=True)
4746
4747 inq_if_ids = samba.dcerpc.mgmt.inq_if_ids()
4748 self.do_single_request(call_id = 1, ctx=ctx1, io=inq_if_ids)
4749 conn2.do_single_request(call_id = 1, ctx=ctx2, io=inq_if_ids)
4750
4751 conn2.do_single_request(call_id = 1, ctx=ctx1, io=inq_if_ids,
4752 fault_pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST |
4753 samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST |
4754 samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
4755 fault_status=dcerpc.DCERPC_NCA_S_UNKNOWN_IF,
4756 fault_context_id=0)
4757
4758 self.do_single_request(call_id = 1, ctx=ctx1, io=inq_if_ids)
4759 conn2.do_single_request(call_id = 1, ctx=ctx2, io=inq_if_ids)
4760 return
4761
4762 if __name__ == "__main__":
4763 global_ndr_print = True
4764 global_hexdump = True
4765 import unittest
4766 unittest.main()
Samba GIT mirror