search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
python/tests: add bind time feature related tests to dcerpc raw protocol tests
[Samba.git] / python / samba / tests / dcerpc / raw_protocol.py
blobef660ea32b77a17c58bea83c83c6d904263bbea9
1 #!/usr/bin/env python
2 # Unix SMB/CIFS implementation.
3 # Copyright (C) Stefan Metzmacher 2014,2015
4 #
5 # This program is free software; you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 3 of the License, or
8 # (at your option) any later version.
9 #
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
14 #
15 # You should have received a copy of the GNU General Public License
16 # along with this program. If not, see <http://www.gnu.org/licenses/>.
17 #
18
19 import sys
20 import os
21
22 sys.path.insert(0, "bin/python")
23 os.environ["PYTHONUNBUFFERED"] = "1"
24
25 import samba.dcerpc.dcerpc as dcerpc
26 import samba.dcerpc.base as base
27 import samba.dcerpc.misc as misc
28 import samba.dcerpc.epmapper
29 import samba.dcerpc.mgmt
30 import samba.dcerpc.netlogon
31 import struct
32 from samba.credentials import Credentials
33 from samba import gensec
34 from samba.tests import RawDCERPCTest
35
36 global_ndr_print = False
37 global_hexdump = False
38
39 class TestDCERPC_BIND(RawDCERPCTest):
40
41 def setUp(self):
42 super(TestDCERPC_BIND, self).setUp()
43 self.do_ndr_print = global_ndr_print
44 self.do_hexdump = global_hexdump
45
46 def _test_no_auth_request_bind_pfc_flags(self, req_pfc_flags, rep_pfc_flags):
47 ndr32 = base.transfer_syntax_ndr()
48
49 tsf1_list = [ndr32]
50 ctx1 = dcerpc.ctx_list()
51 ctx1.context_id = 1
52 ctx1.num_transfer_syntaxes = len(tsf1_list)
53 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
54 ctx1.transfer_syntaxes = tsf1_list
55
56 req = self.generate_bind(call_id=0, pfc_flags=req_pfc_flags, ctx_list=[ctx1])
57 self.send_pdu(req)
58 rep = self.recv_pdu()
59 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
60 pfc_flags=rep_pfc_flags, auth_length=0)
61 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
62 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
63 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
64 self.assertEquals(rep.u.secondary_address_size, 4)
65 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
66 self.assertEquals(len(rep.u._pad1), 2)
67 # sometimes windows sends random bytes
68 # self.assertEquals(rep.u._pad1, '\0' * 2)
69 self.assertEquals(rep.u.num_results, 1)
70 self.assertEquals(rep.u.ctx_list[0].result,
71 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
72 self.assertEquals(rep.u.ctx_list[0].reason,
73 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
74 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
75 self.assertEquals(rep.u.auth_info, '\0' * 0)
76
77 # And now try a request
78 req = self.generate_request(call_id = 1,
79 context_id=ctx1.context_id,
80 opnum=0,
81 stub="")
82 self.send_pdu(req)
83 rep = self.recv_pdu()
84 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
85 auth_length=0)
86 self.assertNotEquals(rep.u.alloc_hint, 0)
87 self.assertEquals(rep.u.context_id, req.u.context_id)
88 self.assertEquals(rep.u.cancel_count, 0)
89 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
90
91 def _test_no_auth_request_alter_pfc_flags(self, req_pfc_flags, rep_pfc_flags):
92 ndr32 = base.transfer_syntax_ndr()
93
94 tsf1_list = [ndr32]
95 ctx1 = dcerpc.ctx_list()
96 ctx1.context_id = 1
97 ctx1.num_transfer_syntaxes = len(tsf1_list)
98 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
99 ctx1.transfer_syntaxes = tsf1_list
100
101 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
102 self.send_pdu(req)
103 rep = self.recv_pdu()
104 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
105 auth_length=0)
106 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
107 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
108 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
109 self.assertEquals(rep.u.secondary_address_size, 4)
110 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
111 self.assertEquals(len(rep.u._pad1), 2)
112 # sometimes windows sends random bytes
113 # self.assertEquals(rep.u._pad1, '\0' * 2)
114 self.assertEquals(rep.u.num_results, 1)
115 self.assertEquals(rep.u.ctx_list[0].result,
116 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
117 self.assertEquals(rep.u.ctx_list[0].reason,
118 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
119 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
120 self.assertEquals(rep.u.auth_info, '\0' * 0)
121
122 # And now try a alter context
123 req = self.generate_alter(call_id=0, pfc_flags=req_pfc_flags, ctx_list=[ctx1])
124 self.send_pdu(req)
125 rep = self.recv_pdu()
126 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
127 pfc_flags=rep_pfc_flags, auth_length=0)
128 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
129 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
130 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
131 self.assertEquals(rep.u.secondary_address_size, 0)
132 self.assertEquals(rep.u.secondary_address, "")
133 self.assertEquals(len(rep.u._pad1), 2)
134 # sometimes windows sends random bytes
135 # self.assertEquals(rep.u._pad1, '\0' * 2)
136 self.assertEquals(rep.u.num_results, 1)
137 self.assertEquals(rep.u.ctx_list[0].result,
138 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
139 self.assertEquals(rep.u.ctx_list[0].reason,
140 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
141 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
142 self.assertEquals(rep.u.auth_info, '\0' * 0)
143
144 # And now try a request
145 req = self.generate_request(call_id = 1,
146 context_id=ctx1.context_id,
147 opnum=0,
148 stub="")
149 self.send_pdu(req)
150 rep = self.recv_pdu()
151 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
152 auth_length=0)
153 self.assertNotEquals(rep.u.alloc_hint, 0)
154 self.assertEquals(rep.u.context_id, req.u.context_id)
155 self.assertEquals(rep.u.cancel_count, 0)
156 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
157
158 def test_no_auth_request(self):
159 return self._test_no_auth_request_bind_pfc_flags(
160 req_pfc_flags=0 |
161 dcerpc.DCERPC_PFC_FLAG_FIRST |
162 dcerpc.DCERPC_PFC_FLAG_LAST,
163 rep_pfc_flags=0 |
164 dcerpc.DCERPC_PFC_FLAG_FIRST |
165 dcerpc.DCERPC_PFC_FLAG_LAST)
166
167 def test_no_auth_request_bind_pfc_00(self):
168 return self._test_no_auth_request_bind_pfc_flags(
169 req_pfc_flags=0 |
170 0,
171 rep_pfc_flags=0 |
172 dcerpc.DCERPC_PFC_FLAG_FIRST |
173 dcerpc.DCERPC_PFC_FLAG_LAST)
174
175 def test_no_auth_request_bind_pfc_FIRST(self):
176 return self._test_no_auth_request_bind_pfc_flags(
177 req_pfc_flags=0 |
178 dcerpc.DCERPC_PFC_FLAG_FIRST |
179 0,
180 rep_pfc_flags=0 |
181 dcerpc.DCERPC_PFC_FLAG_FIRST |
182 dcerpc.DCERPC_PFC_FLAG_LAST)
183
184 def test_no_auth_request_bind_pfc_LAST(self):
185 return self._test_no_auth_request_bind_pfc_flags(
186 req_pfc_flags=0 |
187 dcerpc.DCERPC_PFC_FLAG_LAST |
188 0,
189 rep_pfc_flags=0 |
190 dcerpc.DCERPC_PFC_FLAG_FIRST |
191 dcerpc.DCERPC_PFC_FLAG_LAST)
192
193 # TODO: doesn't announce DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
194 # without authentication
195 def _test_no_auth_request_bind_pfc_HDR_SIGNING(self):
196 return self._test_no_auth_request_bind_pfc_flags(
197 req_pfc_flags=0 |
198 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN |
199 0,
200 rep_pfc_flags=0 |
201 dcerpc.DCERPC_PFC_FLAG_FIRST |
202 dcerpc.DCERPC_PFC_FLAG_LAST |
203 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)
204
205 def test_no_auth_request_bind_pfc_08(self):
206 return self._test_no_auth_request_bind_pfc_flags(
207 req_pfc_flags=0 |
208 8 |
209 0,
210 rep_pfc_flags=0 |
211 dcerpc.DCERPC_PFC_FLAG_FIRST |
212 dcerpc.DCERPC_PFC_FLAG_LAST)
213
214 # TODO: doesn't announce DCERPC_PFC_FLAG_CONC_MPX
215 # by default
216 def _test_no_auth_request_bind_pfc_CONC_MPX(self):
217 return self._test_no_auth_request_bind_pfc_flags(
218 req_pfc_flags=0 |
219 dcerpc.DCERPC_PFC_FLAG_CONC_MPX |
220 0,
221 rep_pfc_flags=0 |
222 dcerpc.DCERPC_PFC_FLAG_FIRST |
223 dcerpc.DCERPC_PFC_FLAG_LAST |
224 dcerpc.DCERPC_PFC_FLAG_CONC_MPX)
225
226 def test_no_auth_request_bind_pfc_DID_NOT_EXECUTE(self):
227 return self._test_no_auth_request_bind_pfc_flags(
228 req_pfc_flags=0 |
229 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE |
230 0,
231 rep_pfc_flags=0 |
232 dcerpc.DCERPC_PFC_FLAG_FIRST |
233 dcerpc.DCERPC_PFC_FLAG_LAST)
234
235 def test_no_auth_request_bind_pfc_MAYBE(self):
236 return self._test_no_auth_request_bind_pfc_flags(
237 req_pfc_flags=0 |
238 dcerpc.DCERPC_PFC_FLAG_MAYBE |
239 0,
240 rep_pfc_flags=0 |
241 dcerpc.DCERPC_PFC_FLAG_FIRST |
242 dcerpc.DCERPC_PFC_FLAG_LAST)
243
244 def test_no_auth_request_bind_pfc_OBJECT_UUID(self):
245 return self._test_no_auth_request_bind_pfc_flags(
246 req_pfc_flags=0 |
247 dcerpc.DCERPC_PFC_FLAG_OBJECT_UUID |
248 0,
249 rep_pfc_flags=0 |
250 dcerpc.DCERPC_PFC_FLAG_FIRST |
251 dcerpc.DCERPC_PFC_FLAG_LAST)
252
253 # TODO: doesn't announce DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
254 # without authentication
255 # TODO: doesn't announce DCERPC_PFC_FLAG_CONC_MPX
256 # by default
257 def _test_no_auth_request_bind_pfc_ff(self):
258 return self._test_no_auth_request_bind_pfc_flags(
259 req_pfc_flags=0 |
260 0xff |
261 0,
262 rep_pfc_flags=0 |
263 dcerpc.DCERPC_PFC_FLAG_FIRST |
264 dcerpc.DCERPC_PFC_FLAG_LAST |
265 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN |
266 dcerpc.DCERPC_PFC_FLAG_CONC_MPX)
267
268 def test_no_auth_request_alter_pfc_00(self):
269 return self._test_no_auth_request_alter_pfc_flags(
270 req_pfc_flags=0 |
271 0,
272 rep_pfc_flags=0 |
273 dcerpc.DCERPC_PFC_FLAG_FIRST |
274 dcerpc.DCERPC_PFC_FLAG_LAST)
275
276 def test_no_auth_request_alter_pfc_FIRST(self):
277 return self._test_no_auth_request_alter_pfc_flags(
278 req_pfc_flags=0 |
279 dcerpc.DCERPC_PFC_FLAG_FIRST |
280 0,
281 rep_pfc_flags=0 |
282 dcerpc.DCERPC_PFC_FLAG_FIRST |
283 dcerpc.DCERPC_PFC_FLAG_LAST)
284
285 def test_no_auth_request_alter_pfc_LAST(self):
286 return self._test_no_auth_request_alter_pfc_flags(
287 req_pfc_flags=0 |
288 dcerpc.DCERPC_PFC_FLAG_LAST |
289 0,
290 rep_pfc_flags=0 |
291 dcerpc.DCERPC_PFC_FLAG_FIRST |
292 dcerpc.DCERPC_PFC_FLAG_LAST)
293
294 # TODO: doesn't announce DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
295 # without authentication
296 def _test_no_auth_request_alter_pfc_HDR_SIGNING(self):
297 return self._test_no_auth_request_alter_pfc_flags(
298 req_pfc_flags=0 |
299 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN |
300 0,
301 rep_pfc_flags=0 |
302 dcerpc.DCERPC_PFC_FLAG_FIRST |
303 dcerpc.DCERPC_PFC_FLAG_LAST |
304 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)
305
306 def test_no_auth_request_alter_pfc_08(self):
307 return self._test_no_auth_request_alter_pfc_flags(
308 req_pfc_flags=0 |
309 8 |
310 0,
311 rep_pfc_flags=0 |
312 dcerpc.DCERPC_PFC_FLAG_FIRST |
313 dcerpc.DCERPC_PFC_FLAG_LAST)
314
315 def test_no_auth_request_alter_pfc_CONC_MPX(self):
316 return self._test_no_auth_request_alter_pfc_flags(
317 req_pfc_flags=0 |
318 dcerpc.DCERPC_PFC_FLAG_CONC_MPX |
319 0,
320 rep_pfc_flags=0 |
321 dcerpc.DCERPC_PFC_FLAG_FIRST |
322 dcerpc.DCERPC_PFC_FLAG_LAST)
323
324 def test_no_auth_request_alter_pfc_DID_NOT_EXECUTE(self):
325 return self._test_no_auth_request_alter_pfc_flags(
326 req_pfc_flags=0 |
327 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE |
328 0,
329 rep_pfc_flags=0 |
330 dcerpc.DCERPC_PFC_FLAG_FIRST |
331 dcerpc.DCERPC_PFC_FLAG_LAST)
332
333 def test_no_auth_request_alter_pfc_MAYBE(self):
334 return self._test_no_auth_request_alter_pfc_flags(
335 req_pfc_flags=0 |
336 dcerpc.DCERPC_PFC_FLAG_MAYBE |
337 0,
338 rep_pfc_flags=0 |
339 dcerpc.DCERPC_PFC_FLAG_FIRST |
340 dcerpc.DCERPC_PFC_FLAG_LAST)
341
342 def test_no_auth_request_alter_pfc_OBJECT_UUID(self):
343 return self._test_no_auth_request_alter_pfc_flags(
344 req_pfc_flags=0 |
345 dcerpc.DCERPC_PFC_FLAG_OBJECT_UUID |
346 0,
347 rep_pfc_flags=0 |
348 dcerpc.DCERPC_PFC_FLAG_FIRST |
349 dcerpc.DCERPC_PFC_FLAG_LAST)
350
351 # TODO: doesn't announce DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
352 # without authentication
353 def _test_no_auth_request_alter_pfc_ff(self):
354 return self._test_no_auth_request_alter_pfc_flags(
355 req_pfc_flags=0 |
356 0xff |
357 0,
358 rep_pfc_flags=0 |
359 dcerpc.DCERPC_PFC_FLAG_FIRST |
360 dcerpc.DCERPC_PFC_FLAG_LAST |
361 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)
362
363 def test_no_auth_no_ctx(self):
364 # send an useless bind
365 req = self.generate_bind(call_id=0)
366 self.send_pdu(req)
367 rep = self.recv_pdu()
368 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
369 auth_length=0)
370 self.assertEquals(rep.u.reject_reason,
371 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
372 self.assertEquals(rep.u.num_versions, 1)
373 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
374 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
375 self.assertEquals(len(rep.u._pad), 3)
376 self.assertEquals(rep.u._pad, '\0' * 3)
377
378 def test_invalid_auth_noctx(self):
379 req = self.generate_bind(call_id=0)
380 req.auth_length = dcerpc.DCERPC_AUTH_TRAILER_LENGTH
381 self.send_pdu(req)
382 rep = self.recv_pdu()
383 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
384 auth_length=0)
385 self.assertEquals(rep.u.reject_reason,
386 dcerpc.DCERPC_BIND_NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED)
387 self.assertEquals(rep.u.num_versions, 1)
388 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
389 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
390 self.assertEquals(len(rep.u._pad), 3)
391 self.assertEquals(rep.u._pad, '\0' * 3)
392
393 def test_no_auth_valid_valid_request(self):
394 ndr32 = base.transfer_syntax_ndr()
395
396 tsf1_list = [ndr32]
397 ctx1 = dcerpc.ctx_list()
398 ctx1.context_id = 1
399 ctx1.num_transfer_syntaxes = len(tsf1_list)
400 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
401 ctx1.transfer_syntaxes = tsf1_list
402
403 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
404 self.send_pdu(req)
405 rep = self.recv_pdu()
406 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
407 auth_length=0)
408 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
409 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
410 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
411 self.assertEquals(rep.u.secondary_address_size, 4)
412 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
413 self.assertEquals(len(rep.u._pad1), 2)
414 self.assertEquals(rep.u._pad1, '\0' * 2)
415 self.assertEquals(rep.u.num_results, 1)
416 self.assertEquals(rep.u.ctx_list[0].result,
417 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
418 self.assertEquals(rep.u.ctx_list[0].reason,
419 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
420 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
421 self.assertEquals(rep.u.auth_info, '\0' * 0)
422
423 # Send a bind again
424 tsf2_list = [ndr32]
425 ctx2 = dcerpc.ctx_list()
426 ctx2.context_id = 2
427 ctx2.num_transfer_syntaxes = len(tsf2_list)
428 ctx2.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
429 ctx2.transfer_syntaxes = tsf2_list
430
431 req = self.generate_bind(call_id=1, ctx_list=[ctx2])
432 self.send_pdu(req)
433 rep = self.recv_pdu()
434 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
435 auth_length=0)
436 self.assertEquals(rep.u.reject_reason,
437 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
438 self.assertEquals(rep.u.num_versions, 1)
439 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
440 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
441 self.assertEquals(len(rep.u._pad), 3)
442 self.assertEquals(rep.u._pad, '\0' * 3)
443
444 # wait for a disconnect
445 rep = self.recv_pdu()
446 self.assertIsNone(rep)
447 self.assertNotConnected()
448
449 def test_no_auth_invalid_valid_request(self):
450 # send an useless bind
451 req = self.generate_bind(call_id=0)
452 self.send_pdu(req)
453 rep = self.recv_pdu()
454 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
455 auth_length=0)
456 self.assertEquals(rep.u.reject_reason,
457 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
458 self.assertEquals(rep.u.num_versions, 1)
459 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
460 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
461 self.assertEquals(len(rep.u._pad), 3)
462 self.assertEquals(rep.u._pad, '\0' * 3)
463
464 # wait for a disconnect
465 rep = self.recv_pdu()
466 self.assertIsNone(rep)
467 self.assertNotConnected()
468
469 def test_alter_no_auth_no_ctx(self):
470 ndr32 = base.transfer_syntax_ndr()
471
472 tsf1_list = [ndr32]
473 ctx1 = dcerpc.ctx_list()
474 ctx1.context_id = 1
475 ctx1.num_transfer_syntaxes = len(tsf1_list)
476 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
477 ctx1.transfer_syntaxes = tsf1_list
478
479 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
480 self.send_pdu(req)
481 rep = self.recv_pdu()
482 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
483 auth_length=0)
484 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
485 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
486 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
487 self.assertEquals(rep.u.secondary_address_size, 4)
488 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
489 self.assertEquals(len(rep.u._pad1), 2)
490 self.assertEquals(rep.u._pad1, '\0' * 2)
491 self.assertEquals(rep.u.num_results, 1)
492 self.assertEquals(rep.u.ctx_list[0].result,
493 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
494 self.assertEquals(rep.u.ctx_list[0].reason,
495 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
496 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
497 self.assertEquals(rep.u.auth_info, '\0' * 0)
498
499 # Send a alter
500 req = self.generate_alter(call_id=1, ctx_list=[])
501 self.send_pdu(req)
502 rep = self.recv_pdu()
503 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
504 pfc_flags=req.pfc_flags |
505 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
506 auth_length=0)
507 self.assertNotEquals(rep.u.alloc_hint, 0)
508 self.assertEquals(rep.u.context_id, 0)
509 self.assertEquals(rep.u.cancel_count, 0)
510 self.assertEquals(rep.u.flags, 0)
511 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
512 self.assertEquals(rep.u.reserved, 0)
513 self.assertEquals(len(rep.u.error_and_verifier), 0)
514
515 # wait for a disconnect
516 rep = self.recv_pdu()
517 self.assertIsNone(rep)
518 self.assertNotConnected()
519
520 def test_no_auth_presentation_ctx_valid1(self):
521 ndr32 = base.transfer_syntax_ndr()
522
523 zero_syntax = misc.ndr_syntax_id()
524
525 tsf1_list = [zero_syntax, ndr32]
526 ctx1 = dcerpc.ctx_list()
527 ctx1.context_id = 1
528 ctx1.num_transfer_syntaxes = len(tsf1_list)
529 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
530 ctx1.transfer_syntaxes = tsf1_list
531
532 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
533 self.send_pdu(req)
534 rep = self.recv_pdu()
535 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
536 auth_length=0)
537 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
538 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
539 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
540 self.assertEquals(rep.u.secondary_address_size, 4)
541 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
542 self.assertEquals(len(rep.u._pad1), 2)
543 self.assertEquals(rep.u._pad1, '\0' * 2)
544 self.assertEquals(rep.u.num_results, 1)
545 self.assertEquals(rep.u.ctx_list[0].result,
546 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
547 self.assertEquals(rep.u.ctx_list[0].reason,
548 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
549 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
550 self.assertEquals(rep.u.auth_info, '\0' * 0)
551
552 # Send a alter
553 req = self.generate_alter(call_id=1, ctx_list=[ctx1])
554 self.send_pdu(req)
555 rep = self.recv_pdu()
556 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
557 auth_length=0)
558 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
559 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
560 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
561 self.assertEquals(rep.u.secondary_address_size, 0)
562 self.assertEquals(len(rep.u._pad1), 2)
563 #self.assertEquals(rep.u._pad1, '\0' * 2)
564 self.assertEquals(rep.u.num_results, 1)
565 self.assertEquals(rep.u.ctx_list[0].result,
566 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
567 self.assertEquals(rep.u.ctx_list[0].reason,
568 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
569 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
570 self.assertEquals(rep.u.auth_info, '\0' * 0)
571
572 req = self.generate_request(call_id = 2,
573 context_id=ctx1.context_id,
574 opnum=0xffff,
575 stub="")
576 self.send_pdu(req)
577 rep = self.recv_pdu()
578 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
579 pfc_flags=req.pfc_flags |
580 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
581 auth_length=0)
582 self.assertNotEquals(rep.u.alloc_hint, 0)
583 self.assertEquals(rep.u.context_id, ctx1.context_id)
584 self.assertEquals(rep.u.cancel_count, 0)
585 self.assertEquals(rep.u.flags, 0)
586 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_OP_RNG_ERROR)
587 self.assertEquals(rep.u.reserved, 0)
588 self.assertEquals(len(rep.u.error_and_verifier), 0)
589
590 def test_no_auth_presentation_ctx_invalid1(self):
591 ndr32 = base.transfer_syntax_ndr()
592
593 zero_syntax = misc.ndr_syntax_id()
594
595 tsf1_list = [ndr32]
596 ctx1 = dcerpc.ctx_list()
597 ctx1.context_id = 1
598 ctx1.num_transfer_syntaxes = len(tsf1_list)
599 ctx1.abstract_syntax = ndr32
600 ctx1.transfer_syntaxes = tsf1_list
601
602 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
603 self.send_pdu(req)
604 rep = self.recv_pdu()
605 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
606 auth_length=0)
607 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
608 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
609 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
610 self.assertEquals(rep.u.secondary_address_size, 4)
611 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
612 self.assertEquals(len(rep.u._pad1), 2)
613 self.assertEquals(rep.u._pad1, '\0' * 2)
614 self.assertEquals(rep.u.num_results, 1)
615 self.assertEquals(rep.u.ctx_list[0].result,
616 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
617 self.assertEquals(rep.u.ctx_list[0].reason,
618 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
619 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
620 self.assertEquals(rep.u.auth_info, '\0' * 0)
621
622 # Send a alter
623 req = self.generate_alter(call_id=1, ctx_list=[ctx1])
624 self.send_pdu(req)
625 rep = self.recv_pdu()
626 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
627 auth_length=0)
628 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
629 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
630 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
631 self.assertEquals(rep.u.secondary_address_size, 0)
632 self.assertEquals(len(rep.u._pad1), 2)
633 #self.assertEquals(rep.u._pad1, '\0' * 2)
634 self.assertEquals(rep.u.num_results, 1)
635 self.assertEquals(rep.u.ctx_list[0].result,
636 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
637 self.assertEquals(rep.u.ctx_list[0].reason,
638 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
639 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
640 self.assertEquals(rep.u.auth_info, '\0' * 0)
641
642 req = self.generate_request(call_id = 2,
643 context_id=12345,
644 opnum=0,
645 stub="")
646 self.send_pdu(req)
647 rep = self.recv_pdu()
648 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
649 pfc_flags=req.pfc_flags |
650 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
651 auth_length=0)
652 self.assertNotEquals(rep.u.alloc_hint, 0)
653 self.assertEquals(rep.u.context_id, 0)
654 self.assertEquals(rep.u.cancel_count, 0)
655 self.assertEquals(rep.u.flags, 0)
656 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_UNKNOWN_IF)
657 self.assertEquals(rep.u.reserved, 0)
658 self.assertEquals(len(rep.u.error_and_verifier), 0)
659
660 # Send a alter again to prove the connection is still alive
661 req = self.generate_alter(call_id=3, ctx_list=[ctx1])
662 self.send_pdu(req)
663 rep = self.recv_pdu()
664 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
665 auth_length=0)
666 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
667 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
668 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
669 self.assertEquals(rep.u.secondary_address_size, 0)
670 self.assertEquals(len(rep.u._pad1), 2)
671 #self.assertEquals(rep.u._pad1, '\0' * 2)
672 self.assertEquals(rep.u.num_results, 1)
673 self.assertEquals(rep.u.ctx_list[0].result,
674 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
675 self.assertEquals(rep.u.ctx_list[0].reason,
676 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
677 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
678 self.assertEquals(rep.u.auth_info, '\0' * 0)
679
680 def test_no_auth_presentation_ctx_invalid2(self):
681 ndr32 = base.transfer_syntax_ndr()
682
683 zero_syntax = misc.ndr_syntax_id()
684
685 tsf1a_list = []
686 ctx1a = dcerpc.ctx_list()
687 ctx1a.context_id = 1
688 ctx1a.num_transfer_syntaxes = len(tsf1a_list)
689 ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
690 ctx1a.transfer_syntaxes = tsf1a_list
691
692 req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
693 self.send_pdu(req)
694 rep = self.recv_pdu()
695 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
696 auth_length=0)
697 self.assertEquals(rep.u.reject_reason,
698 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
699 self.assertEquals(rep.u.num_versions, 1)
700 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
701 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
702 self.assertEquals(len(rep.u._pad), 3)
703 self.assertEquals(rep.u._pad, '\0' * 3)
704
705 # wait for a disconnect
706 rep = self.recv_pdu()
707 self.assertIsNone(rep)
708 self.assertNotConnected()
709
710 def test_no_auth_presentation_ctx_invalid3(self):
711 ndr32 = base.transfer_syntax_ndr()
712
713 zero_syntax = misc.ndr_syntax_id()
714
715 tsf1a_list = [zero_syntax, ndr32, ndr32, ndr32]
716 ctx1a = dcerpc.ctx_list()
717 ctx1a.context_id = 1
718 ctx1a.num_transfer_syntaxes = len(tsf1a_list)
719 ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
720 ctx1a.transfer_syntaxes = tsf1a_list
721
722 req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
723 self.send_pdu(req)
724 rep = self.recv_pdu()
725 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
726 auth_length=0)
727 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
728 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
729 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
730 self.assertEquals(rep.u.secondary_address_size, 4)
731 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
732 self.assertEquals(len(rep.u._pad1), 2)
733 self.assertEquals(rep.u._pad1, '\0' * 2)
734 self.assertEquals(rep.u.num_results, 1)
735 self.assertEquals(rep.u.ctx_list[0].result,
736 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
737 self.assertEquals(rep.u.ctx_list[0].reason,
738 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
739 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
740 self.assertEquals(rep.u.auth_info, '\0' * 0)
741
742 tsf1b_list = []
743 ctx1b = dcerpc.ctx_list()
744 ctx1b.context_id = 1
745 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
746 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
747 ctx1b.transfer_syntaxes = tsf1b_list
748
749 # Send a alter
750 req = self.generate_alter(call_id=1, ctx_list=[ctx1b])
751 self.send_pdu(req)
752 rep = self.recv_pdu()
753 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
754 pfc_flags=req.pfc_flags |
755 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
756 auth_length=0)
757 self.assertNotEquals(rep.u.alloc_hint, 0)
758 self.assertEquals(rep.u.context_id, 0)
759 self.assertEquals(rep.u.cancel_count, 0)
760 self.assertEquals(rep.u.flags, 0)
761 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
762 self.assertEquals(rep.u.reserved, 0)
763 self.assertEquals(len(rep.u.error_and_verifier), 0)
764
765 # wait for a disconnect
766 rep = self.recv_pdu()
767 self.assertIsNone(rep)
768 self.assertNotConnected()
769
770 def test_no_auth_presentation_ctx_invalid4(self):
771 ndr32 = base.transfer_syntax_ndr()
772 ndr64 = base.transfer_syntax_ndr64()
773
774 zero_syntax = misc.ndr_syntax_id()
775
776 tsf1a_list = [zero_syntax, ndr32, ndr32, ndr32]
777 ctx1a = dcerpc.ctx_list()
778 ctx1a.context_id = 1
779 ctx1a.num_transfer_syntaxes = len(tsf1a_list)
780 ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
781 ctx1a.transfer_syntaxes = tsf1a_list
782
783 req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
784 self.send_pdu(req)
785 rep = self.recv_pdu()
786 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
787 auth_length=0)
788 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
789 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
790 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
791 self.assertEquals(rep.u.secondary_address_size, 4)
792 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
793 self.assertEquals(len(rep.u._pad1), 2)
794 self.assertEquals(rep.u._pad1, '\0' * 2)
795 self.assertEquals(rep.u.num_results, 1)
796 self.assertEquals(rep.u.ctx_list[0].result,
797 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
798 self.assertEquals(rep.u.ctx_list[0].reason,
799 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
800 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
801 self.assertEquals(rep.u.auth_info, '\0' * 0)
802
803 # With a known but wrong syntax we get a protocol error
804 # see test_no_auth_presentation_ctx_valid2
805 tsf1b_list = [zero_syntax,samba.dcerpc.epmapper.abstract_syntax(),ndr64]
806 ctx1b = dcerpc.ctx_list()
807 ctx1b.context_id = 1
808 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
809 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
810 ctx1b.transfer_syntaxes = tsf1b_list
811
812 # Send a alter
813 req = self.generate_alter(call_id=1, ctx_list=[ctx1b])
814 self.send_pdu(req)
815 rep = self.recv_pdu()
816 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
817 pfc_flags=req.pfc_flags |
818 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
819 auth_length=0)
820 self.assertNotEquals(rep.u.alloc_hint, 0)
821 self.assertEquals(rep.u.context_id, 0)
822 self.assertEquals(rep.u.cancel_count, 0)
823 self.assertEquals(rep.u.flags, 0)
824 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
825 self.assertEquals(rep.u.reserved, 0)
826 self.assertEquals(len(rep.u.error_and_verifier), 0)
827
828 # wait for a disconnect
829 rep = self.recv_pdu()
830 self.assertIsNone(rep)
831 self.assertNotConnected()
832
833 def test_no_auth_presentation_ctx_valid2(self):
834 ndr32 = base.transfer_syntax_ndr()
835
836 zero_syntax = misc.ndr_syntax_id()
837
838 tsf1a_list = [zero_syntax, ndr32, ndr32, ndr32]
839 ctx1a = dcerpc.ctx_list()
840 ctx1a.context_id = 1
841 ctx1a.num_transfer_syntaxes = len(tsf1a_list)
842 ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
843 ctx1a.transfer_syntaxes = tsf1a_list
844
845 req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
846 self.send_pdu(req)
847 rep = self.recv_pdu()
848 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
849 auth_length=0)
850 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
851 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
852 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
853 self.assertEquals(rep.u.secondary_address_size, 4)
854 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
855 self.assertEquals(len(rep.u._pad1), 2)
856 self.assertEquals(rep.u._pad1, '\0' * 2)
857 self.assertEquals(rep.u.num_results, 1)
858 self.assertEquals(rep.u.ctx_list[0].result,
859 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
860 self.assertEquals(rep.u.ctx_list[0].reason,
861 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
862 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
863 self.assertEquals(rep.u.auth_info, '\0' * 0)
864
865 # With a unknown but wrong syntaxes we get NO protocol error
866 # see test_no_auth_presentation_ctx_invalid4
867 tsf1b_list = [zero_syntax,samba.dcerpc.epmapper.abstract_syntax()]
868 ctx1b = dcerpc.ctx_list()
869 ctx1b.context_id = 1
870 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
871 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
872 ctx1b.transfer_syntaxes = tsf1b_list
873
874 # Send a alter
875 req = self.generate_alter(call_id=1, ctx_list=[ctx1b])
876 self.send_pdu(req)
877 rep = self.recv_pdu()
878 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
879 auth_length=0)
880 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
881 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
882 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
883 self.assertEquals(rep.u.secondary_address_size, 0)
884 self.assertEquals(len(rep.u._pad1), 2)
885 #self.assertEquals(rep.u._pad1, '\0' * 2)
886 self.assertEquals(rep.u.num_results, 1)
887 self.assertEquals(rep.u.ctx_list[0].result,
888 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
889 self.assertEquals(rep.u.ctx_list[0].reason,
890 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
891 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
892 self.assertEquals(rep.u.auth_info, '\0' * 0)
893
894 req = self.generate_request(call_id = 2,
895 context_id=ctx1a.context_id,
896 opnum=0xffff,
897 stub="")
898 self.send_pdu(req)
899 rep = self.recv_pdu()
900 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
901 pfc_flags=req.pfc_flags |
902 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
903 auth_length=0)
904 self.assertNotEquals(rep.u.alloc_hint, 0)
905 self.assertEquals(rep.u.context_id, ctx1a.context_id)
906 self.assertEquals(rep.u.cancel_count, 0)
907 self.assertEquals(rep.u.flags, 0)
908 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_OP_RNG_ERROR)
909 self.assertEquals(rep.u.reserved, 0)
910 self.assertEquals(len(rep.u.error_and_verifier), 0)
911
912 def test_no_auth_presentation_ctx_no_ndr64(self):
913 ndr32 = base.transfer_syntax_ndr()
914 zero_syntax = misc.ndr_syntax_id()
915
916 tsfZ_list = [zero_syntax]
917 ctxZ = dcerpc.ctx_list()
918 ctxZ.context_id = 54321
919 ctxZ.num_transfer_syntaxes = len(tsfZ_list)
920 ctxZ.abstract_syntax = zero_syntax
921 ctxZ.transfer_syntaxes = tsfZ_list
922
923 req = self.generate_bind(call_id=0, ctx_list=[ctxZ])
924 self.send_pdu(req)
925 rep = self.recv_pdu()
926 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
927 auth_length=0)
928 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
929 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
930 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
931 self.assertEquals(rep.u.secondary_address_size, 4)
932 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
933 self.assertEquals(len(rep.u._pad1), 2)
934 self.assertEquals(rep.u._pad1, '\0' * 2)
935 self.assertEquals(rep.u.num_results, 1)
936 self.assertEquals(rep.u.ctx_list[0].result,
937 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
938 self.assertEquals(rep.u.ctx_list[0].reason,
939 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
940 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
941 self.assertEquals(rep.u.auth_info, '\0' * 0)
942
943 tsf0_list = [ndr32]
944 ctx0 = dcerpc.ctx_list()
945 ctx0.context_id = 0
946 ctx0.num_transfer_syntaxes = len(tsf0_list)
947 ctx0.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
948 ctx0.transfer_syntaxes = tsf0_list
949
950 req = self.generate_alter(call_id=0, ctx_list=[ctx0])
951 self.send_pdu(req)
952 rep = self.recv_pdu()
953 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
954 auth_length=0)
955 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
956 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
957 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
958 self.assertEquals(rep.u.secondary_address_size, 0)
959 self.assertEquals(len(rep.u._pad1), 2)
960 #self.assertEquals(rep.u._pad1, '\0' * 2)
961 self.assertEquals(rep.u.num_results, 1)
962 self.assertEquals(rep.u.ctx_list[0].result,
963 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
964 self.assertEquals(rep.u.ctx_list[0].reason,
965 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
966 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
967 self.assertEquals(rep.u.auth_info, '\0' * 0)
968
969 req = self.generate_request(call_id = 1,
970 context_id=ctx0.context_id,
971 opnum=0,
972 stub="")
973 self.send_pdu(req)
974 rep = self.recv_pdu()
975 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
976 auth_length=0)
977 self.assertNotEquals(rep.u.alloc_hint, 0)
978 self.assertEquals(rep.u.context_id, req.u.context_id)
979 self.assertEquals(rep.u.cancel_count, 0)
980 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
981
982 tsf1_list = [zero_syntax,ndr32]
983 ctx1 = dcerpc.ctx_list()
984 ctx1.context_id = 1
985 ctx1.num_transfer_syntaxes = len(tsf1_list)
986 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
987 ctx1.transfer_syntaxes = tsf1_list
988
989 req = self.generate_alter(call_id=1, ctx_list=[ctx1])
990 self.send_pdu(req)
991 rep = self.recv_pdu()
992 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
993 auth_length=0)
994 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
995 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
996 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
997 self.assertEquals(rep.u.secondary_address_size, 0)
998 self.assertEquals(len(rep.u._pad1), 2)
999 #self.assertEquals(rep.u._pad1, '\0' * 2)
1000 self.assertEquals(rep.u.num_results, 1)
1001 self.assertEquals(rep.u.ctx_list[0].result,
1002 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1003 self.assertEquals(rep.u.ctx_list[0].reason,
1004 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1005 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1006 self.assertEquals(rep.u.auth_info, '\0' * 0)
1007
1008 req = self.generate_request(call_id = 1,
1009 context_id=ctx1.context_id,
1010 opnum=0,
1011 stub="")
1012 self.send_pdu(req)
1013 rep = self.recv_pdu()
1014 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1015 auth_length=0)
1016 self.assertNotEquals(rep.u.alloc_hint, 0)
1017 self.assertEquals(rep.u.context_id, req.u.context_id)
1018 self.assertEquals(rep.u.cancel_count, 0)
1019 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1020
1021 tsf2_list = [ndr32,ndr32]
1022 ctx2 = dcerpc.ctx_list()
1023 ctx2.context_id = 2
1024 ctx2.num_transfer_syntaxes = len(tsf2_list)
1025 ctx2.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1026 ctx2.transfer_syntaxes = tsf2_list
1027
1028 req = self.generate_alter(call_id=2, ctx_list=[ctx2])
1029 self.send_pdu(req)
1030 rep = self.recv_pdu()
1031 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1032 auth_length=0)
1033 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1034 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1035 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1036 self.assertEquals(rep.u.secondary_address_size, 0)
1037 self.assertEquals(len(rep.u._pad1), 2)
1038 #self.assertEquals(rep.u._pad1, '\0' * 2)
1039 self.assertEquals(rep.u.num_results, 1)
1040 self.assertEquals(rep.u.ctx_list[0].result,
1041 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1042 self.assertEquals(rep.u.ctx_list[0].reason,
1043 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1044 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1045 self.assertEquals(rep.u.auth_info, '\0' * 0)
1046
1047 req = self.generate_request(call_id = 1,
1048 context_id=ctx2.context_id,
1049 opnum=0,
1050 stub="")
1051 self.send_pdu(req)
1052 rep = self.recv_pdu()
1053 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1054 auth_length=0)
1055 self.assertNotEquals(rep.u.alloc_hint, 0)
1056 self.assertEquals(rep.u.context_id, req.u.context_id)
1057 self.assertEquals(rep.u.cancel_count, 0)
1058 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1059
1060 tsf3_list = [ndr32]
1061 ctx3 = dcerpc.ctx_list()
1062 ctx3.context_id = 3
1063 ctx3.num_transfer_syntaxes = len(tsf3_list)
1064 ctx3.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1065 ctx3.transfer_syntaxes = tsf3_list
1066
1067 tsf4_list = [ndr32]
1068 ctx4 = dcerpc.ctx_list()
1069 ctx4.context_id = 4
1070 ctx4.num_transfer_syntaxes = len(tsf4_list)
1071 ctx4.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1072 ctx4.transfer_syntaxes = tsf4_list
1073
1074 req = self.generate_alter(call_id=34, ctx_list=[ctx3,ctx4])
1075 self.send_pdu(req)
1076 rep = self.recv_pdu()
1077 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1078 auth_length=0)
1079 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1080 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1081 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1082 self.assertEquals(rep.u.secondary_address_size, 0)
1083 self.assertEquals(len(rep.u._pad1), 2)
1084 #self.assertEquals(rep.u._pad1, '\0' * 2)
1085 self.assertEquals(rep.u.num_results, 2)
1086 self.assertEquals(rep.u.ctx_list[0].result,
1087 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1088 self.assertEquals(rep.u.ctx_list[0].reason,
1089 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1090 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1091 self.assertEquals(rep.u.ctx_list[1].result,
1092 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1093 self.assertEquals(rep.u.ctx_list[1].reason,
1094 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1095 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1096 self.assertEquals(rep.u.auth_info, '\0' * 0)
1097
1098 req = self.generate_request(call_id = 1,
1099 context_id=ctx3.context_id,
1100 opnum=0,
1101 stub="")
1102 self.send_pdu(req)
1103 rep = self.recv_pdu()
1104 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1105 auth_length=0)
1106 self.assertNotEquals(rep.u.alloc_hint, 0)
1107 self.assertEquals(rep.u.context_id, req.u.context_id)
1108 self.assertEquals(rep.u.cancel_count, 0)
1109 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1110
1111 req = self.generate_alter(call_id=43, ctx_list=[ctx4,ctx3])
1112 self.send_pdu(req)
1113 rep = self.recv_pdu()
1114 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1115 auth_length=0)
1116 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1117 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1118 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1119 self.assertEquals(rep.u.secondary_address_size, 0)
1120 self.assertEquals(len(rep.u._pad1), 2)
1121 #self.assertEquals(rep.u._pad1, '\0' * 2)
1122 self.assertEquals(rep.u.num_results, 2)
1123 self.assertEquals(rep.u.ctx_list[0].result,
1124 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1125 self.assertEquals(rep.u.ctx_list[0].reason,
1126 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1127 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1128 self.assertEquals(rep.u.ctx_list[1].result,
1129 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1130 self.assertEquals(rep.u.ctx_list[1].reason,
1131 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1132 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1133 self.assertEquals(rep.u.auth_info, '\0' * 0)
1134
1135 req = self.generate_request(call_id = 1,
1136 context_id=ctx4.context_id,
1137 opnum=0,
1138 stub="")
1139 self.send_pdu(req)
1140 rep = self.recv_pdu()
1141 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1142 auth_length=0)
1143 self.assertNotEquals(rep.u.alloc_hint, 0)
1144 self.assertEquals(rep.u.context_id, req.u.context_id)
1145 self.assertEquals(rep.u.cancel_count, 0)
1146 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1147
1148 req = self.generate_request(call_id = 1,
1149 context_id=ctx3.context_id,
1150 opnum=0,
1151 stub="")
1152 self.send_pdu(req)
1153 rep = self.recv_pdu()
1154 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1155 auth_length=0)
1156 self.assertNotEquals(rep.u.alloc_hint, 0)
1157 self.assertEquals(rep.u.context_id, req.u.context_id)
1158 self.assertEquals(rep.u.cancel_count, 0)
1159 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1160
1161 req = self.generate_alter(call_id=44, ctx_list=[ctx4,ctx4])
1162 self.send_pdu(req)
1163 rep = self.recv_pdu()
1164 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1165 auth_length=0)
1166 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1167 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1168 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1169 self.assertEquals(rep.u.secondary_address_size, 0)
1170 self.assertEquals(len(rep.u._pad1), 2)
1171 #self.assertEquals(rep.u._pad1, '\0' * 2)
1172 self.assertEquals(rep.u.num_results, 2)
1173 self.assertEquals(rep.u.ctx_list[0].result,
1174 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1175 self.assertEquals(rep.u.ctx_list[0].reason,
1176 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1177 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1178 self.assertEquals(rep.u.ctx_list[1].result,
1179 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1180 self.assertEquals(rep.u.ctx_list[1].reason,
1181 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1182 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1183 self.assertEquals(rep.u.auth_info, '\0' * 0)
1184
1185 req = self.generate_request(call_id = 1,
1186 context_id=ctx4.context_id,
1187 opnum=0,
1188 stub="")
1189 self.send_pdu(req)
1190 rep = self.recv_pdu()
1191 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1192 auth_length=0)
1193 self.assertNotEquals(rep.u.alloc_hint, 0)
1194 self.assertEquals(rep.u.context_id, req.u.context_id)
1195 self.assertEquals(rep.u.cancel_count, 0)
1196 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1197
1198 req = self.generate_request(call_id = 1,
1199 context_id=ctx3.context_id,
1200 opnum=0,
1201 stub="")
1202 self.send_pdu(req)
1203 rep = self.recv_pdu()
1204 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1205 auth_length=0)
1206 self.assertNotEquals(rep.u.alloc_hint, 0)
1207 self.assertEquals(rep.u.context_id, req.u.context_id)
1208 self.assertEquals(rep.u.cancel_count, 0)
1209 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1210
1211 tsf5mgmt_list = [ndr32]
1212 ctx5mgmt = dcerpc.ctx_list()
1213 ctx5mgmt.context_id = 5
1214 ctx5mgmt.num_transfer_syntaxes = len(tsf5mgmt_list)
1215 ctx5mgmt.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1216 ctx5mgmt.transfer_syntaxes = tsf5mgmt_list
1217
1218 tsf5epm_list = [ndr32]
1219 ctx5epm = dcerpc.ctx_list()
1220 ctx5epm.context_id = 5
1221 ctx5epm.num_transfer_syntaxes = len(tsf5epm_list)
1222 ctx5epm.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1223 ctx5epm.transfer_syntaxes = tsf5epm_list
1224
1225 req = self.generate_alter(call_id=55, ctx_list=[ctx5mgmt,ctx5epm])
1226 self.send_pdu(req)
1227 rep = self.recv_pdu()
1228 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1229 auth_length=0)
1230 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1231 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1232 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1233 self.assertEquals(rep.u.secondary_address_size, 0)
1234 self.assertEquals(len(rep.u._pad1), 2)
1235 #self.assertEquals(rep.u._pad1, '\0' * 2)
1236 self.assertEquals(rep.u.num_results, 2)
1237 self.assertEquals(rep.u.ctx_list[0].result,
1238 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1239 self.assertEquals(rep.u.ctx_list[0].reason,
1240 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1241 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1242 self.assertEquals(rep.u.ctx_list[1].result,
1243 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1244 self.assertEquals(rep.u.ctx_list[1].reason,
1245 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1246 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1247 self.assertEquals(rep.u.auth_info, '\0' * 0)
1248
1249 req = self.generate_request(call_id = 1,
1250 context_id=ctx5mgmt.context_id,
1251 opnum=0,
1252 stub="")
1253 self.send_pdu(req)
1254 rep = self.recv_pdu()
1255 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1256 auth_length=0)
1257 self.assertNotEquals(rep.u.alloc_hint, 0)
1258 self.assertEquals(rep.u.context_id, req.u.context_id)
1259 self.assertEquals(rep.u.cancel_count, 0)
1260 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1261
1262 req = self.generate_alter(call_id=55, ctx_list=[ctx5mgmt,ctx5epm])
1263 self.send_pdu(req)
1264 rep = self.recv_pdu()
1265 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1266 auth_length=0)
1267 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1268 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1269 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1270 self.assertEquals(rep.u.secondary_address_size, 0)
1271 self.assertEquals(len(rep.u._pad1), 2)
1272 #self.assertEquals(rep.u._pad1, '\0' * 2)
1273 self.assertEquals(rep.u.num_results, 2)
1274 self.assertEquals(rep.u.ctx_list[0].result,
1275 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1276 self.assertEquals(rep.u.ctx_list[0].reason,
1277 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1278 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1279 self.assertEquals(rep.u.ctx_list[1].result,
1280 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1281 self.assertEquals(rep.u.ctx_list[1].reason,
1282 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1283 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1284 self.assertEquals(rep.u.auth_info, '\0' * 0)
1285
1286 req = self.generate_request(call_id = 1,
1287 context_id=ctx5mgmt.context_id,
1288 opnum=0,
1289 stub="")
1290 self.send_pdu(req)
1291 rep = self.recv_pdu()
1292 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1293 auth_length=0)
1294 self.assertNotEquals(rep.u.alloc_hint, 0)
1295 self.assertEquals(rep.u.context_id, req.u.context_id)
1296 self.assertEquals(rep.u.cancel_count, 0)
1297 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1298
1299 def test_no_auth_bind_time_none_simple(self):
1300 features = 0
1301 btf = base.bind_time_features_syntax(features)
1302
1303 zero_syntax = misc.ndr_syntax_id()
1304
1305 tsf1_list = [btf]
1306 ctx1 = dcerpc.ctx_list()
1307 ctx1.context_id = 1
1308 ctx1.num_transfer_syntaxes = len(tsf1_list)
1309 ctx1.abstract_syntax = zero_syntax
1310 ctx1.transfer_syntaxes = tsf1_list
1311
1312 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1313 self.send_pdu(req)
1314 rep = self.recv_pdu()
1315 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1316 auth_length=0)
1317 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1318 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1319 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1320 self.assertEquals(rep.u.secondary_address_size, 4)
1321 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1322 self.assertEquals(len(rep.u._pad1), 2)
1323 self.assertEquals(rep.u._pad1, '\0' * 2)
1324 self.assertEquals(rep.u.num_results, 1)
1325 self.assertEquals(rep.u.ctx_list[0].result,
1326 dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1327 self.assertEquals(rep.u.ctx_list[0].reason, features)
1328 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1329 self.assertEquals(rep.u.auth_info, '\0' * 0)
1330
1331 def test_no_auth_bind_time_none_ignore_additional(self):
1332 features1 = 0
1333 btf1 = base.bind_time_features_syntax(features1)
1334
1335 features2 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1336 features2 |= dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1337 btf2 = base.bind_time_features_syntax(features2)
1338
1339 zero_syntax = misc.ndr_syntax_id()
1340 ndr64 = base.transfer_syntax_ndr64()
1341
1342 tsf1_list = [btf1,btf2,zero_syntax]
1343 ctx1 = dcerpc.ctx_list()
1344 ctx1.context_id = 1
1345 ctx1.num_transfer_syntaxes = len(tsf1_list)
1346 ctx1.abstract_syntax = ndr64
1347 ctx1.transfer_syntaxes = tsf1_list
1348
1349 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1350 self.send_pdu(req)
1351 rep = self.recv_pdu()
1352 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1353 auth_length=0)
1354 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1355 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1356 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1357 self.assertEquals(rep.u.secondary_address_size, 4)
1358 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1359 self.assertEquals(len(rep.u._pad1), 2)
1360 self.assertEquals(rep.u._pad1, '\0' * 2)
1361 self.assertEquals(rep.u.num_results, 1)
1362 self.assertEquals(rep.u.ctx_list[0].result,
1363 dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1364 self.assertEquals(rep.u.ctx_list[0].reason, features1)
1365 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1366 self.assertEquals(rep.u.auth_info, '\0' * 0)
1367
1368 def test_no_auth_bind_time_only_first(self):
1369 features1 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1370 btf1 = base.bind_time_features_syntax(features1)
1371
1372 features2 = dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1373 btf2 = base.bind_time_features_syntax(features2)
1374
1375 zero_syntax = misc.ndr_syntax_id()
1376
1377 tsf1_list = [zero_syntax,btf1,btf2,zero_syntax]
1378 ctx1 = dcerpc.ctx_list()
1379 ctx1.context_id = 1
1380 ctx1.num_transfer_syntaxes = len(tsf1_list)
1381 ctx1.abstract_syntax = zero_syntax
1382 ctx1.transfer_syntaxes = tsf1_list
1383
1384 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1385 self.send_pdu(req)
1386 rep = self.recv_pdu()
1387 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1388 auth_length=0)
1389 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1390 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1391 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1392 self.assertEquals(rep.u.secondary_address_size, 4)
1393 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1394 self.assertEquals(len(rep.u._pad1), 2)
1395 self.assertEquals(rep.u._pad1, '\0' * 2)
1396 self.assertEquals(rep.u.num_results, 1)
1397 self.assertEquals(rep.u.ctx_list[0].result,
1398 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1399 self.assertEquals(rep.u.ctx_list[0].reason,
1400 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
1401 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1402 self.assertEquals(rep.u.auth_info, '\0' * 0)
1403
1404 def test_no_auth_bind_time_twice(self):
1405 features1 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1406 btf1 = base.bind_time_features_syntax(features1)
1407
1408 features2 = dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1409 btf2 = base.bind_time_features_syntax(features2)
1410
1411 zero_syntax = misc.ndr_syntax_id()
1412
1413 tsf1_list = [btf1]
1414 ctx1 = dcerpc.ctx_list()
1415 ctx1.context_id = 1
1416 ctx1.num_transfer_syntaxes = len(tsf1_list)
1417 ctx1.abstract_syntax = zero_syntax
1418 ctx1.transfer_syntaxes = tsf1_list
1419
1420 tsf2_list = [btf2]
1421 ctx2 = dcerpc.ctx_list()
1422 ctx2.context_id = 2
1423 ctx2.num_transfer_syntaxes = len(tsf2_list)
1424 ctx2.abstract_syntax = zero_syntax
1425 ctx2.transfer_syntaxes = tsf2_list
1426
1427 req = self.generate_bind(call_id=0, ctx_list=[ctx1,ctx2])
1428 self.send_pdu(req)
1429 rep = self.recv_pdu()
1430 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
1431 auth_length=0)
1432 self.assertEquals(rep.u.reject_reason,
1433 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1434 self.assertEquals(rep.u.num_versions, 1)
1435 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
1436 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
1437 self.assertEquals(len(rep.u._pad), 3)
1438 self.assertEquals(rep.u._pad, '\0' * 3)
1439
1440 # wait for a disconnect
1441 rep = self.recv_pdu()
1442 self.assertIsNone(rep)
1443 self.assertNotConnected()
1444
1445 def _test_auth_none_level_bind(self, auth_level,
1446 reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_AUTH_TYPE):
1447 ndr32 = base.transfer_syntax_ndr()
1448
1449 tsf1_list = [ndr32]
1450 ctx1 = dcerpc.ctx_list()
1451 ctx1.context_id = 1
1452 ctx1.num_transfer_syntaxes = len(tsf1_list)
1453 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1454 ctx1.transfer_syntaxes = tsf1_list
1455 ctx_list = [ctx1]
1456
1457 auth_type = dcerpc.DCERPC_AUTH_TYPE_NONE
1458 auth_context_id = 0
1459
1460 auth_info = self.generate_auth(auth_type=auth_type,
1461 auth_level=auth_level,
1462 auth_context_id=auth_context_id,
1463 auth_blob="none")
1464
1465 req = self.generate_bind(call_id=0,
1466 ctx_list=ctx_list,
1467 auth_info=auth_info)
1468 self.send_pdu(req)
1469 rep = self.recv_pdu()
1470 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
1471 auth_length=0)
1472 self.assertEquals(rep.u.reject_reason, reason)
1473 self.assertEquals(rep.u.num_versions, 1)
1474 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
1475 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
1476 self.assertEquals(len(rep.u._pad), 3)
1477 self.assertEquals(rep.u._pad, '\0' * 3)
1478
1479 # wait for a disconnect
1480 rep = self.recv_pdu()
1481 self.assertIsNone(rep)
1482 self.assertNotConnected()
1483
1484 def test_auth_none_none_bind(self):
1485 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_NONE,
1486 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1487
1488 def test_auth_none_connect_bind(self):
1489 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_CONNECT)
1490
1491 def test_auth_none_call_bind(self):
1492 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_CALL)
1493
1494 def test_auth_none_packet_bind(self):
1495 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_PACKET)
1496
1497 def test_auth_none_integrity_bind(self):
1498 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
1499
1500 def test_auth_none_privacy_bind(self):
1501 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_PRIVACY)
1502
1503 def test_auth_none_0_bind(self):
1504 return self._test_auth_none_level_bind(0,
1505 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1506
1507 def test_auth_none_7_bind(self):
1508 return self._test_auth_none_level_bind(7,
1509 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1510
1511 def test_auth_none_255_bind(self):
1512 return self._test_auth_none_level_bind(255,
1513 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1514
1515 def _test_auth_none_level_request(self, auth_level):
1516 ndr32 = base.transfer_syntax_ndr()
1517
1518 tsf1_list = [ndr32]
1519 ctx1 = dcerpc.ctx_list()
1520 ctx1.context_id = 1
1521 ctx1.num_transfer_syntaxes = len(tsf1_list)
1522 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1523 ctx1.transfer_syntaxes = tsf1_list
1524 ctx_list = [ctx1]
1525
1526 auth_type = dcerpc.DCERPC_AUTH_TYPE_NONE
1527 auth_context_id = 0
1528
1529 req = self.generate_bind(call_id=0,
1530 ctx_list=ctx_list)
1531
1532 self.send_pdu(req)
1533 rep = self.recv_pdu()
1534 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
1535 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1536 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1537 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1538 self.assertEquals(rep.u.secondary_address_size, 4)
1539 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1540 self.assertEquals(len(rep.u._pad1), 2)
1541 self.assertEquals(rep.u._pad1, '\0' * 2)
1542 self.assertEquals(rep.u.num_results, 1)
1543 self.assertEquals(rep.u.ctx_list[0].result,
1544 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1545 self.assertEquals(rep.u.ctx_list[0].reason,
1546 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1547 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1548 self.assertEquals(len(rep.u.auth_info), 0)
1549
1550 # And now try a request without auth_info
1551 req = self.generate_request(call_id = 2,
1552 context_id=ctx1.context_id,
1553 opnum=0,
1554 stub="")
1555 self.send_pdu(req)
1556 rep = self.recv_pdu()
1557 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1558 auth_length=0)
1559 self.assertNotEquals(rep.u.alloc_hint, 0)
1560 self.assertEquals(rep.u.context_id, req.u.context_id)
1561 self.assertEquals(rep.u.cancel_count, 0)
1562 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1563
1564 auth_info = self.generate_auth(auth_type=auth_type,
1565 auth_level=auth_level,
1566 auth_context_id=auth_context_id,
1567 auth_blob="none")
1568
1569 req = self.generate_request(call_id = 3,
1570 context_id=ctx1.context_id,
1571 opnum=0,
1572 stub="",
1573 auth_info=auth_info)
1574 self.send_pdu(req)
1575 rep = self.recv_pdu()
1576 # We get a fault back
1577 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
1578 auth_length=0)
1579 self.assertNotEquals(rep.u.alloc_hint, 0)
1580 self.assertEquals(rep.u.context_id, req.u.context_id)
1581 self.assertEquals(rep.u.cancel_count, 0)
1582 self.assertEquals(rep.u.flags, 0)
1583 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
1584 self.assertEquals(rep.u.reserved, 0)
1585 self.assertEquals(len(rep.u.error_and_verifier), 0)
1586
1587 # wait for a disconnect
1588 rep = self.recv_pdu()
1589 self.assertIsNone(rep)
1590 self.assertNotConnected()
1591
1592 def test_auth_none_none_request(self):
1593 return self._test_auth_none_level_request(dcerpc.DCERPC_AUTH_LEVEL_NONE)
1594
1595 def test_auth_none_connect_request(self):
1596 return self._test_auth_none_level_request(dcerpc.DCERPC_AUTH_LEVEL_CONNECT)
1597
1598 def test_auth_none_call_request(self):
1599 return self._test_auth_none_level_request(dcerpc.DCERPC_AUTH_LEVEL_CALL)
1600
1601 def _test_neg_xmit_check_values(self,
1602 req_xmit=None,
1603 req_recv=None,
1604 rep_both=None,
1605 alter_xmit=None,
1606 alter_recv=None):
1607 ndr32 = base.transfer_syntax_ndr()
1608
1609 tsf1_list = [ndr32]
1610 ctx1 = dcerpc.ctx_list()
1611 ctx1.context_id = 1
1612 ctx1.num_transfer_syntaxes = len(tsf1_list)
1613 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1614 ctx1.transfer_syntaxes = tsf1_list
1615
1616 req = self.generate_bind(call_id=0,
1617 max_xmit_frag=req_xmit,
1618 max_recv_frag=req_recv,
1619 ctx_list=[ctx1])
1620 self.send_pdu(req)
1621 rep = self.recv_pdu()
1622 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1623 auth_length=0)
1624 self.assertEquals(rep.u.max_xmit_frag, rep_both)
1625 self.assertEquals(rep.u.max_recv_frag, rep_both)
1626 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1627 self.assertEquals(rep.u.secondary_address_size, 4)
1628 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1629 self.assertEquals(len(rep.u._pad1), 2)
1630 self.assertEquals(rep.u._pad1, '\0' * 2)
1631 self.assertEquals(rep.u.num_results, 1)
1632 self.assertEquals(rep.u.ctx_list[0].result,
1633 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1634 self.assertEquals(rep.u.ctx_list[0].reason,
1635 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1636 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1637 self.assertEquals(rep.u.auth_info, '\0' * 0)
1638
1639 assoc_group_id = rep.u.assoc_group_id
1640 if alter_xmit is None:
1641 alter_xmit = rep_both - 8
1642 if alter_recv is None:
1643 alter_recv = rep_both - 8
1644
1645 # max_{xmit,recv}_frag and assoc_group_id are completely
1646 # ignored in alter_context requests
1647 req = self.generate_alter(call_id=1,
1648 max_xmit_frag=alter_xmit,
1649 max_recv_frag=alter_recv,
1650 assoc_group_id=0xffffffff-rep.u.assoc_group_id,
1651 ctx_list=[ctx1])
1652 self.send_pdu(req)
1653 rep = self.recv_pdu()
1654 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1655 auth_length=0)
1656 self.assertEquals(rep.u.max_xmit_frag, rep_both)
1657 self.assertEquals(rep.u.max_recv_frag, rep_both)
1658 self.assertEquals(rep.u.assoc_group_id, rep.u.assoc_group_id)
1659 self.assertEquals(rep.u.secondary_address_size, 0)
1660 self.assertEquals(len(rep.u._pad1), 2)
1661 #self.assertEquals(rep.u._pad1, '\0' * 2)
1662 self.assertEquals(rep.u.num_results, 1)
1663 self.assertEquals(rep.u.ctx_list[0].result,
1664 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1665 self.assertEquals(rep.u.ctx_list[0].reason,
1666 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1667 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1668 self.assertEquals(rep.u.auth_info, '\0' * 0)
1669
1670 chunk_size = rep_both - dcerpc.DCERPC_REQUEST_LENGTH
1671 req = self.generate_request(call_id = 2,
1672 context_id=ctx1.context_id,
1673 opnum=0,
1674 alloc_hint=0xffffffff,
1675 stub="\00" * chunk_size)
1676 self.send_pdu(req,ndr_print=True,hexdump=True)
1677 rep = self.recv_pdu(ndr_print=True,hexdump=True)
1678 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1679 auth_length=0)
1680 self.assertNotEquals(rep.u.alloc_hint, 0)
1681 self.assertEquals(rep.u.context_id, req.u.context_id)
1682 self.assertEquals(rep.u.cancel_count, 0)
1683 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1684
1685 chunk_size = 5840 - dcerpc.DCERPC_REQUEST_LENGTH
1686 req = self.generate_request(call_id = 2,
1687 context_id=ctx1.context_id,
1688 opnum=0,
1689 alloc_hint=0xffffffff,
1690 stub="\00" * chunk_size)
1691 self.send_pdu(req)
1692 rep = self.recv_pdu()
1693 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1694 auth_length=0)
1695 self.assertNotEquals(rep.u.alloc_hint, 0)
1696 self.assertEquals(rep.u.context_id, req.u.context_id)
1697 self.assertEquals(rep.u.cancel_count, 0)
1698 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1699
1700 chunk_size += 1
1701 req = self.generate_request(call_id = 3,
1702 context_id=ctx1.context_id,
1703 opnum=0,
1704 alloc_hint=0xffffffff,
1705 stub="\00" * chunk_size)
1706 self.send_pdu(req)
1707 rep = self.recv_pdu()
1708 # We get a fault
1709 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
1710 auth_length=0)
1711 self.assertNotEquals(rep.u.alloc_hint, 0)
1712 self.assertEquals(rep.u.context_id, 0)
1713 self.assertEquals(rep.u.cancel_count, 0)
1714 self.assertEquals(rep.u.flags, 0)
1715 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
1716 self.assertEquals(rep.u.reserved, 0)
1717 self.assertEquals(len(rep.u.error_and_verifier), 0)
1718
1719 # wait for a disconnect
1720 rep = self.recv_pdu()
1721 self.assertIsNone(rep)
1722 self.assertNotConnected()
1723
1724 def test_neg_xmit_ffff_ffff(self):
1725 return self._test_neg_xmit_check_values(req_xmit=0xffff,
1726 req_recv=0xffff,
1727 rep_both=5840)
1728
1729 def test_neg_xmit_0_ffff(self):
1730 return self._test_neg_xmit_check_values(req_xmit=0,
1731 req_recv=0xffff,
1732 rep_both=2048,
1733 alter_xmit=0xffff,
1734 alter_recv=0xffff)
1735
1736 def test_neg_xmit_ffff_0(self):
1737 return self._test_neg_xmit_check_values(req_xmit=0xffff,
1738 req_recv=0,
1739 rep_both=2048)
1740
1741 def test_neg_xmit_0_0(self):
1742 return self._test_neg_xmit_check_values(req_xmit=0,
1743 req_recv=0,
1744 rep_both=2048,
1745 alter_xmit=0xffff,
1746 alter_recv=0xffff)
1747
1748 def test_neg_xmit_3199_0(self):
1749 return self._test_neg_xmit_check_values(req_xmit=3199,
1750 req_recv=0,
1751 rep_both=2048)
1752 def test_neg_xmit_0_3199(self):
1753 return self._test_neg_xmit_check_values(req_xmit=0,
1754 req_recv=3199,
1755 rep_both=2048)
1756
1757 def test_neg_xmit_3199_ffff(self):
1758 return self._test_neg_xmit_check_values(req_xmit=3199,
1759 req_recv=0xffff,
1760 rep_both=3192)
1761 def test_neg_xmit_ffff_3199(self):
1762 return self._test_neg_xmit_check_values(req_xmit=0xffff,
1763 req_recv=3199,
1764 rep_both=3192)
1765
1766 def test_alloc_hint(self):
1767 ndr32 = base.transfer_syntax_ndr()
1768
1769 tsf1_list = [ndr32]
1770 ctx = dcerpc.ctx_list()
1771 ctx.context_id = 0
1772 ctx.num_transfer_syntaxes = len(tsf1_list)
1773 ctx.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1774 ctx.transfer_syntaxes = tsf1_list
1775
1776 req = self.generate_bind(call_id=0,
1777 ctx_list=[ctx])
1778 self.send_pdu(req)
1779 rep = self.recv_pdu()
1780 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1781 auth_length=0)
1782 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1783 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1784 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1785 self.assertEquals(rep.u.secondary_address_size, 4)
1786 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
1787 self.assertEquals(len(rep.u._pad1), 2)
1788 self.assertEquals(rep.u._pad1, '\0' * 2)
1789 self.assertEquals(rep.u.num_results, 1)
1790 self.assertEquals(rep.u.ctx_list[0].result,
1791 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1792 self.assertEquals(rep.u.ctx_list[0].reason,
1793 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1794 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1795 self.assertEquals(rep.u.auth_info, '\0' * 0)
1796
1797 # And now try a request without auth_info
1798 req = self.generate_request(call_id = 2,
1799 context_id=ctx.context_id,
1800 opnum=0,
1801 alloc_hint=0xffffffff,
1802 stub="")
1803 self.send_pdu(req)
1804 rep = self.recv_pdu()
1805 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1806 auth_length=0)
1807 self.assertNotEquals(rep.u.alloc_hint, 0)
1808 self.assertEquals(rep.u.context_id, req.u.context_id)
1809 self.assertEquals(rep.u.cancel_count, 0)
1810 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1811
1812 req = self.generate_request(call_id = 3,
1813 context_id=ctx.context_id,
1814 opnum=1,
1815 alloc_hint=0xffffffff,
1816 stub="\04\00\00\00\00\00\00\00")
1817 self.send_pdu(req)
1818 rep = self.recv_pdu()
1819 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1820 auth_length=0)
1821 self.assertNotEquals(rep.u.alloc_hint, 0)
1822 self.assertEquals(rep.u.context_id, req.u.context_id)
1823 self.assertEquals(rep.u.cancel_count, 0)
1824 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1825
1826 req = self.generate_request(call_id = 4,
1827 context_id=ctx.context_id,
1828 opnum=1,
1829 alloc_hint=1,
1830 stub="\04\00\00\00\00\00\00\00")
1831 self.send_pdu(req)
1832 rep = self.recv_pdu()
1833 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1834 auth_length=0)
1835 self.assertNotEquals(rep.u.alloc_hint, 0)
1836 self.assertEquals(rep.u.context_id, req.u.context_id)
1837 self.assertEquals(rep.u.cancel_count, 0)
1838 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1839
1840 def _get_netlogon_ctx(self):
1841 abstract = samba.dcerpc.netlogon.abstract_syntax()
1842 self.epmap_reconnect(abstract)
1843
1844 ndr32 = base.transfer_syntax_ndr()
1845
1846 tsf1_list = [ndr32]
1847 ctx = dcerpc.ctx_list()
1848 ctx.context_id = 0
1849 ctx.num_transfer_syntaxes = len(tsf1_list)
1850 ctx.abstract_syntax = abstract
1851 ctx.transfer_syntaxes = tsf1_list
1852
1853 req = self.generate_bind(call_id=0,
1854 ctx_list=[ctx])
1855 self.send_pdu(req)
1856 rep = self.recv_pdu()
1857 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1858 auth_length=0)
1859 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1860 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
1861 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
1862 port_str = "%d" % self.tcp_port
1863 port_len = len(port_str) + 1
1864 mod_len = (2 + port_len) % 4
1865 if mod_len != 0:
1866 port_pad = 4 - mod_len
1867 else:
1868 port_pad = 0
1869 self.assertEquals(rep.u.secondary_address_size, port_len)
1870 self.assertEquals(rep.u.secondary_address, port_str)
1871 self.assertEquals(len(rep.u._pad1), port_pad)
1872 self.assertEquals(rep.u._pad1, '\0' * port_pad)
1873 self.assertEquals(rep.u.num_results, 1)
1874 self.assertEquals(rep.u.ctx_list[0].result,
1875 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1876 self.assertEquals(rep.u.ctx_list[0].reason,
1877 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1878 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1879 self.assertEquals(rep.u.auth_info, '\0' * 0)
1880
1881 server = '\\\\' + self.host
1882 server_utf16 = unicode(server, 'utf-8').encode('utf-16-le')
1883 computer = 'UNKNOWNCOMPUTER'
1884 computer_utf16 = unicode(computer, 'utf-8').encode('utf-16-le')
1885
1886 real_stub = struct.pack('<IIII', 0x00200000,
1887 len(server)+1, 0, len(server)+1)
1888 real_stub += server_utf16 + '\x00\x00'
1889 mod_len = len(real_stub) % 4
1890 if mod_len != 0:
1891 real_stub += '\x00' * (4 - mod_len)
1892 real_stub += struct.pack('<III',
1893 len(computer)+1, 0, len(computer)+1)
1894 real_stub += computer_utf16 + '\x00\x00'
1895 real_stub += '\x11\x22\x33\x44\x55\x66\x77\x88'
1896
1897 return (ctx, rep, real_stub)
1898
1899 def _test_fragmented_requests(self, remaining=None, alloc_hint=None,
1900 fault_first=None, fault_last=None):
1901 (ctx, rep, real_stub) = self._get_netlogon_ctx()
1902
1903 chunk = rep.u.max_recv_frag - dcerpc.DCERPC_REQUEST_LENGTH
1904
1905 total = 0
1906 first = True
1907 while remaining > 0:
1908 thistime = min(remaining, chunk)
1909 remaining -= thistime
1910 total += thistime
1911
1912 pfc_flags = 0
1913 if first:
1914 pfc_flags |= dcerpc.DCERPC_PFC_FLAG_FIRST
1915 first = False
1916 stub = real_stub + '\x00' * (thistime - len(real_stub))
1917 else:
1918 stub = "\x00" * thistime
1919
1920 if remaining == 0:
1921 pfc_flags |= dcerpc.DCERPC_PFC_FLAG_LAST
1922
1923 # And now try a request without auth_info
1924 # netr_ServerReqChallenge()
1925 req = self.generate_request(call_id = 2,
1926 pfc_flags=pfc_flags,
1927 context_id=ctx.context_id,
1928 opnum=4,
1929 alloc_hint=alloc_hint,
1930 stub=stub)
1931 if alloc_hint >= thistime:
1932 alloc_hint -= thistime
1933 else:
1934 alloc_hint = 0
1935 self.send_pdu(req,hexdump=False)
1936 if fault_first is not None:
1937 rep = self.recv_pdu()
1938 # We get a fault back
1939 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
1940 auth_length=0)
1941 self.assertNotEquals(rep.u.alloc_hint, 0)
1942 self.assertEquals(rep.u.context_id, req.u.context_id)
1943 self.assertEquals(rep.u.cancel_count, 0)
1944 self.assertEquals(rep.u.flags, 0)
1945 self.assertEquals(rep.u.status, fault_first)
1946 self.assertEquals(rep.u.reserved, 0)
1947 self.assertEquals(len(rep.u.error_and_verifier), 0)
1948
1949 # wait for a disconnect
1950 rep = self.recv_pdu()
1951 self.assertIsNone(rep)
1952 self.assertNotConnected()
1953 return
1954 if remaining == 0:
1955 break
1956 if total >= 0x400000 and fault_last is not None:
1957 rep = self.recv_pdu()
1958 # We get a fault back
1959 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
1960 auth_length=0)
1961 self.assertNotEquals(rep.u.alloc_hint, 0)
1962 self.assertEquals(rep.u.context_id, req.u.context_id)
1963 self.assertEquals(rep.u.cancel_count, 0)
1964 self.assertEquals(rep.u.flags, 0)
1965 self.assertEquals(rep.u.status, fault_last)
1966 self.assertEquals(rep.u.reserved, 0)
1967 self.assertEquals(len(rep.u.error_and_verifier), 0)
1968
1969 # wait for a disconnect
1970 rep = self.recv_pdu()
1971 self.assertIsNone(rep)
1972 self.assertNotConnected()
1973 return
1974 rep = self.recv_pdu(timeout=0.01)
1975 self.assertIsNone(rep)
1976 self.assertIsConnected()
1977
1978 if total >= 0x400000 and fault_last is not None:
1979 rep = self.recv_pdu()
1980 # We get a fault back
1981 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
1982 auth_length=0)
1983 self.assertNotEquals(rep.u.alloc_hint, 0)
1984 self.assertEquals(rep.u.context_id, req.u.context_id)
1985 self.assertEquals(rep.u.cancel_count, 0)
1986 self.assertEquals(rep.u.flags, 0)
1987 self.assertEquals(rep.u.status, fault_last)
1988 self.assertEquals(rep.u.reserved, 0)
1989 self.assertEquals(len(rep.u.error_and_verifier), 0)
1990
1991 # wait for a disconnect
1992 rep = self.recv_pdu()
1993 self.assertIsNone(rep)
1994 self.assertNotConnected()
1995 return
1996 rep = self.recv_pdu()
1997 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1998 auth_length=0)
1999 self.assertNotEquals(rep.u.alloc_hint, 0)
2000 self.assertEquals(rep.u.context_id, req.u.context_id)
2001 self.assertEquals(rep.u.cancel_count, 0)
2002 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2003
2004 self.assertEquals(len(rep.u.stub_and_verifier), 12)
2005 status = struct.unpack_from("<I", rep.u.stub_and_verifier, len(rep.u.stub_and_verifier) - 4)
2006 self.assertEquals(status[0], 0)
2007
2008 def test_fragmented_requests01(self):
2009 return self._test_fragmented_requests(remaining=0x400000,
2010 alloc_hint=0x400000)
2011
2012 def test_fragmented_requests02(self):
2013 return self._test_fragmented_requests(remaining=0x400000,
2014 alloc_hint=0x100000)
2015
2016 def test_fragmented_requests03(self):
2017 return self._test_fragmented_requests(remaining=0x400000,
2018 alloc_hint=0)
2019
2020 def test_fragmented_requests04(self):
2021 return self._test_fragmented_requests(remaining=0x400000,
2022 alloc_hint=0x400001,
2023 fault_first=dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2024
2025 def test_fragmented_requests05(self):
2026 return self._test_fragmented_requests(remaining=0x500001,
2027 alloc_hint=0,
2028 fault_last=dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2029
2030 def _test_same_requests(self, pfc_flags, fault_1st=False, fault_2nd=False):
2031 (ctx, rep, real_stub) = self._get_netlogon_ctx()
2032
2033 # netr_ServerReqChallenge with given flags
2034 req = self.generate_request(call_id = 2,
2035 pfc_flags=pfc_flags,
2036 context_id=ctx.context_id,
2037 opnum=4,
2038 stub=real_stub)
2039 self.send_pdu(req)
2040 if fault_1st:
2041 rep = self.recv_pdu()
2042 # We get a fault back
2043 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2044 auth_length=0)
2045 self.assertNotEquals(rep.u.alloc_hint, 0)
2046 self.assertEquals(rep.u.context_id, req.u.context_id)
2047 self.assertEquals(rep.u.cancel_count, 0)
2048 self.assertEquals(rep.u.flags, 0)
2049 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2050 self.assertEquals(rep.u.reserved, 0)
2051 self.assertEquals(len(rep.u.error_and_verifier), 0)
2052
2053 # wait for a disconnect
2054 rep = self.recv_pdu()
2055 self.assertIsNone(rep)
2056 self.assertNotConnected()
2057 return
2058 rep = self.recv_pdu(timeout=0.1)
2059 self.assertIsNone(rep)
2060 self.assertIsConnected()
2061
2062 # netr_ServerReqChallenge without DCERPC_PFC_FLAG_LAST
2063 # with the same call_id
2064 req = self.generate_request(call_id = 2,
2065 pfc_flags=pfc_flags,
2066 context_id=ctx.context_id,
2067 opnum=4,
2068 stub=real_stub)
2069 self.send_pdu(req)
2070 if fault_2nd:
2071 rep = self.recv_pdu()
2072 # We get a fault back
2073 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2074 auth_length=0)
2075 self.assertNotEquals(rep.u.alloc_hint, 0)
2076 self.assertEquals(rep.u.context_id, req.u.context_id)
2077 self.assertEquals(rep.u.cancel_count, 0)
2078 self.assertEquals(rep.u.flags, 0)
2079 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2080 self.assertEquals(rep.u.reserved, 0)
2081 self.assertEquals(len(rep.u.error_and_verifier), 0)
2082
2083 # wait for a disconnect
2084 rep = self.recv_pdu()
2085 self.assertIsNone(rep)
2086 self.assertNotConnected()
2087 return
2088
2089 rep = self.recv_pdu(timeout=0.1)
2090 self.assertIsNone(rep)
2091 self.assertIsConnected()
2092
2093 def test_first_only_requests(self):
2094 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2095 fault_2nd=True)
2096
2097 def test_none_only_requests(self):
2098 return self._test_same_requests(pfc_flags=0, fault_1st=True)
2099
2100 def test_last_only_requests(self):
2101 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2102 fault_1st=True)
2103
2104 def test_first_maybe_requests(self):
2105 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2106 dcerpc.DCERPC_PFC_FLAG_MAYBE,
2107 fault_2nd=True)
2108
2109 def test_first_didnot_requests(self):
2110 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2111 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
2112 fault_2nd=True)
2113
2114 def test_first_cmpx_requests(self):
2115 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2116 dcerpc.DCERPC_PFC_FLAG_CONC_MPX,
2117 fault_2nd=True)
2118
2119 def test_first_08_requests(self):
2120 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2121 0x08,
2122 fault_2nd=True)
2123
2124 def test_first_cancel_requests(self):
2125 (ctx, rep, real_stub) = self._get_netlogon_ctx()
2126
2127 # netr_ServerReqChallenge with given flags
2128 req = self.generate_request(call_id = 2,
2129 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2130 dcerpc.DCERPC_PFC_FLAG_PENDING_CANCEL,
2131 context_id=ctx.context_id,
2132 opnum=4,
2133 stub=real_stub)
2134 self.send_pdu(req)
2135 rep = self.recv_pdu()
2136 # We get a fault back
2137 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2138 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2139 dcerpc.DCERPC_PFC_FLAG_LAST |
2140 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
2141 auth_length=0)
2142 self.assertNotEquals(rep.u.alloc_hint, 0)
2143 self.assertEquals(rep.u.context_id, req.u.context_id)
2144 self.assertEquals(rep.u.cancel_count, 0)
2145 self.assertEquals(rep.u.flags, 0)
2146 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_NO_CALL_ACTIVE)
2147 self.assertEquals(rep.u.reserved, 0)
2148 self.assertEquals(len(rep.u.error_and_verifier), 0)
2149
2150 # wait for a disconnect
2151 rep = self.recv_pdu()
2152 self.assertIsNone(rep)
2153 self.assertNotConnected()
2154
2155 def test_2nd_cancel_requests(self):
2156 (ctx, rep, real_stub) = self._get_netlogon_ctx()
2157
2158 # netr_ServerReqChallenge with given flags
2159 req = self.generate_request(call_id = 2,
2160 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2161 context_id=ctx.context_id,
2162 opnum=4,
2163 stub=real_stub)
2164 self.send_pdu(req)
2165 rep = self.recv_pdu(timeout=0.1)
2166 self.assertIsNone(rep)
2167 self.assertIsConnected()
2168
2169 # netr_ServerReqChallenge with given flags
2170 req = self.generate_request(call_id = 2,
2171 pfc_flags=dcerpc.DCERPC_PFC_FLAG_PENDING_CANCEL,
2172 context_id=ctx.context_id,
2173 opnum=4,
2174 stub=real_stub)
2175 self.send_pdu(req)
2176 rep = self.recv_pdu(timeout=0.1)
2177 self.assertIsNone(rep)
2178 self.assertIsConnected()
2179
2180 # netr_ServerReqChallenge with given flags
2181 req = self.generate_request(call_id = 2,
2182 pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
2183 context_id=ctx.context_id,
2184 opnum=4,
2185 stub=real_stub)
2186 self.send_pdu(req)
2187 rep = self.recv_pdu()
2188 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2189 auth_length=0)
2190 self.assertNotEquals(rep.u.alloc_hint, 0)
2191 self.assertEquals(rep.u.context_id, req.u.context_id)
2192 self.assertEquals(rep.u.cancel_count, 0)
2193 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2194
2195 self.assertEquals(len(rep.u.stub_and_verifier), 12)
2196 status = struct.unpack_from("<I", rep.u.stub_and_verifier, len(rep.u.stub_and_verifier) - 4)
2197 self.assertEquals(status[0], 0)
2198
2199 def test_last_cancel_requests(self):
2200 (ctx, rep, real_stub) = self._get_netlogon_ctx()
2201
2202 # netr_ServerReqChallenge with given flags
2203 req = self.generate_request(call_id = 2,
2204 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2205 context_id=ctx.context_id,
2206 opnum=4,
2207 stub=real_stub[:4])
2208 self.send_pdu(req)
2209 rep = self.recv_pdu(timeout=0.1)
2210 self.assertIsNone(rep)
2211 self.assertIsConnected()
2212
2213 # netr_ServerReqChallenge with given flags
2214 req = self.generate_request(call_id = 2,
2215 pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST |
2216 dcerpc.DCERPC_PFC_FLAG_PENDING_CANCEL,
2217 context_id=ctx.context_id,
2218 opnum=4,
2219 stub=real_stub[4:])
2220 self.send_pdu(req)
2221 rep = self.recv_pdu()
2222 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2223 auth_length=0)
2224 self.assertNotEquals(rep.u.alloc_hint, 0)
2225 self.assertEquals(rep.u.context_id, req.u.context_id)
2226 self.assertEquals(rep.u.cancel_count, 0)
2227 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2228
2229 self.assertEquals(len(rep.u.stub_and_verifier), 12)
2230 status = struct.unpack_from("<I", rep.u.stub_and_verifier, len(rep.u.stub_and_verifier) - 4)
2231 self.assertEquals(status[0], 0)
2232
2233 def test_mix_requests(self):
2234 (ctx, rep, real_stub) = self._get_netlogon_ctx()
2235
2236 # netr_ServerReqChallenge with given flags
2237 req = self.generate_request(call_id = 50,
2238 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2239 context_id=ctx.context_id,
2240 opnum=4,
2241 stub=real_stub)
2242 self.send_pdu(req)
2243 rep = self.recv_pdu(timeout=0.1)
2244 self.assertIsNone(rep)
2245 self.assertIsConnected()
2246
2247 # netr_ServerReqChallenge with given flags
2248 req = self.generate_request(call_id = 51,
2249 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
2250 context_id=ctx.context_id,
2251 opnum=4,
2252 stub=real_stub)
2253 self.send_pdu(req)
2254 rep = self.recv_pdu()
2255 # We get a fault back
2256 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, 50,
2257 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
2258 dcerpc.DCERPC_PFC_FLAG_LAST,
2259 auth_length=0)
2260 self.assertNotEquals(rep.u.alloc_hint, 0)
2261 self.assertEquals(rep.u.context_id, req.u.context_id)
2262 self.assertEquals(rep.u.cancel_count, 0)
2263 self.assertEquals(rep.u.flags, 0)
2264 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2265 self.assertEquals(rep.u.reserved, 0)
2266 self.assertEquals(len(rep.u.error_and_verifier), 0)
2267
2268 def test_spnego_connect_request(self):
2269 ndr32 = base.transfer_syntax_ndr()
2270
2271 tsf1_list = [ndr32]
2272 ctx1 = dcerpc.ctx_list()
2273 ctx1.context_id = 1
2274 ctx1.num_transfer_syntaxes = len(tsf1_list)
2275 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2276 ctx1.transfer_syntaxes = tsf1_list
2277 ctx_list = [ctx1]
2278
2279 c = Credentials()
2280 c.set_anonymous()
2281 g = gensec.Security.start_client(self.settings)
2282 g.set_credentials(c)
2283 g.want_feature(gensec.FEATURE_DCE_STYLE)
2284 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2285 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
2286 auth_context_id = 2
2287 g.start_mech_by_authtype(auth_type, auth_level)
2288 from_server = ""
2289 (finished, to_server) = g.update(from_server)
2290 self.assertFalse(finished)
2291
2292 auth_info = self.generate_auth(auth_type=auth_type,
2293 auth_level=auth_level,
2294 auth_context_id=auth_context_id,
2295 auth_blob=to_server)
2296
2297 req = self.generate_bind(call_id=0,
2298 ctx_list=ctx_list,
2299 auth_info=auth_info)
2300
2301 self.send_pdu(req)
2302 rep = self.recv_pdu()
2303 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2304 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2305 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2306 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2307 self.assertEquals(rep.u.secondary_address_size, 4)
2308 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
2309 self.assertEquals(len(rep.u._pad1), 2)
2310 self.assertEquals(rep.u._pad1, '\0' * 2)
2311 self.assertEquals(rep.u.num_results, 1)
2312 self.assertEquals(rep.u.ctx_list[0].result,
2313 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2314 self.assertEquals(rep.u.ctx_list[0].reason,
2315 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2316 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2317 self.assertNotEquals(len(rep.u.auth_info), 0)
2318 a = self.parse_auth(rep.u.auth_info)
2319
2320 from_server = a.credentials
2321 (finished, to_server) = g.update(from_server)
2322 self.assertFalse(finished)
2323
2324 auth_info = self.generate_auth(auth_type=auth_type,
2325 auth_level=auth_level,
2326 auth_context_id=auth_context_id,
2327 auth_blob=to_server)
2328
2329 req = self.generate_alter(call_id=0,
2330 ctx_list=ctx_list,
2331 assoc_group_id=rep.u.assoc_group_id,
2332 auth_info=auth_info)
2333
2334 self.send_pdu(req)
2335 rep = self.recv_pdu()
2336 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
2337 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2338 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2339 self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2340 self.assertEquals(rep.u.secondary_address_size, 0)
2341 self.assertEquals(len(rep.u._pad1), 2)
2342 # Windows sends garbage
2343 #self.assertEquals(rep.u._pad1, '\0' * 2)
2344 self.assertEquals(rep.u.num_results, 1)
2345 self.assertEquals(rep.u.ctx_list[0].result,
2346 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2347 self.assertEquals(rep.u.ctx_list[0].reason,
2348 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2349 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2350 self.assertNotEquals(len(rep.u.auth_info), 0)
2351 a = self.parse_auth(rep.u.auth_info)
2352
2353 from_server = a.credentials
2354 (finished, to_server) = g.update(from_server)
2355 self.assertTrue(finished)
2356
2357 # And now try a request without auth_info
2358 req = self.generate_request(call_id = 2,
2359 context_id=ctx1.context_id,
2360 opnum=0,
2361 stub="")
2362 self.send_pdu(req)
2363 rep = self.recv_pdu()
2364 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2365 auth_length=0)
2366 self.assertNotEquals(rep.u.alloc_hint, 0)
2367 self.assertEquals(rep.u.context_id, req.u.context_id)
2368 self.assertEquals(rep.u.cancel_count, 0)
2369 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2370
2371 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
2372 auth_info = self.generate_auth(auth_type=auth_type,
2373 auth_level=auth_level,
2374 auth_context_id=auth_context_id,
2375 auth_blob="\x01"+"\x00"*15)
2376 req = self.generate_request(call_id = 3,
2377 context_id=ctx1.context_id,
2378 opnum=0,
2379 stub="",
2380 auth_info=auth_info)
2381 self.send_pdu(req)
2382 rep = self.recv_pdu()
2383 # We don't get an auth_info back
2384 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2385 auth_length=0)
2386 self.assertNotEquals(rep.u.alloc_hint, 0)
2387 self.assertEquals(rep.u.context_id, req.u.context_id)
2388 self.assertEquals(rep.u.cancel_count, 0)
2389 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2390
2391 # Now a request with auth_info DCERPC_AUTH_LEVEL_INTEGRITY
2392 auth_info = self.generate_auth(auth_type=auth_type,
2393 auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
2394 auth_context_id=auth_context_id,
2395 auth_blob="\x01"+"\x00"*15)
2396 req = self.generate_request(call_id = 4,
2397 context_id=ctx1.context_id,
2398 opnum=0,
2399 stub="",
2400 auth_info=auth_info)
2401 self.send_pdu(req)
2402 rep = self.recv_pdu()
2403 # We get a fault back
2404 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2405 auth_length=0)
2406 self.assertNotEquals(rep.u.alloc_hint, 0)
2407 self.assertEquals(rep.u.context_id, req.u.context_id)
2408 self.assertEquals(rep.u.cancel_count, 0)
2409 self.assertEquals(rep.u.flags, 0)
2410 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2411 self.assertEquals(rep.u.reserved, 0)
2412 self.assertEquals(len(rep.u.error_and_verifier), 0)
2413
2414 # wait for a disconnect
2415 rep = self.recv_pdu()
2416 self.assertIsNone(rep)
2417 self.assertNotConnected()
2418
2419 def test_spnego_integrity_request(self):
2420 ndr32 = base.transfer_syntax_ndr()
2421
2422 tsf1_list = [ndr32]
2423 ctx1 = dcerpc.ctx_list()
2424 ctx1.context_id = 1
2425 ctx1.num_transfer_syntaxes = len(tsf1_list)
2426 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2427 ctx1.transfer_syntaxes = tsf1_list
2428 ctx_list = [ctx1]
2429
2430 c = Credentials()
2431 c.set_anonymous()
2432 g = gensec.Security.start_client(self.settings)
2433 g.set_credentials(c)
2434 g.want_feature(gensec.FEATURE_DCE_STYLE)
2435 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2436 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
2437 auth_context_id = 2
2438 g.start_mech_by_authtype(auth_type, auth_level)
2439 from_server = ""
2440 (finished, to_server) = g.update(from_server)
2441 self.assertFalse(finished)
2442
2443 auth_info = self.generate_auth(auth_type=auth_type,
2444 auth_level=auth_level,
2445 auth_context_id=auth_context_id,
2446 auth_blob=to_server)
2447
2448 req = self.generate_bind(call_id=0,
2449 ctx_list=ctx_list,
2450 auth_info=auth_info)
2451
2452 self.send_pdu(req)
2453 rep = self.recv_pdu()
2454 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2455 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2456 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2457 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2458 self.assertEquals(rep.u.secondary_address_size, 4)
2459 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
2460 self.assertEquals(len(rep.u._pad1), 2)
2461 self.assertEquals(rep.u._pad1, '\0' * 2)
2462 self.assertEquals(rep.u.num_results, 1)
2463 self.assertEquals(rep.u.ctx_list[0].result,
2464 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2465 self.assertEquals(rep.u.ctx_list[0].reason,
2466 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2467 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2468 self.assertNotEquals(len(rep.u.auth_info), 0)
2469 a = self.parse_auth(rep.u.auth_info)
2470
2471 from_server = a.credentials
2472 (finished, to_server) = g.update(from_server)
2473 self.assertFalse(finished)
2474
2475 auth_info = self.generate_auth(auth_type=auth_type,
2476 auth_level=auth_level,
2477 auth_context_id=auth_context_id,
2478 auth_blob=to_server)
2479
2480 req = self.generate_alter(call_id=0,
2481 ctx_list=ctx_list,
2482 assoc_group_id=rep.u.assoc_group_id,
2483 auth_info=auth_info)
2484
2485 self.send_pdu(req)
2486 rep = self.recv_pdu()
2487 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
2488 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2489 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2490 self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2491 self.assertEquals(rep.u.secondary_address_size, 0)
2492 self.assertEquals(len(rep.u._pad1), 2)
2493 # Windows sends garbage
2494 #self.assertEquals(rep.u._pad1, '\0' * 2)
2495 self.assertEquals(rep.u.num_results, 1)
2496 self.assertEquals(rep.u.ctx_list[0].result,
2497 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2498 self.assertEquals(rep.u.ctx_list[0].reason,
2499 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2500 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2501 self.assertNotEquals(len(rep.u.auth_info), 0)
2502 a = self.parse_auth(rep.u.auth_info)
2503
2504 from_server = a.credentials
2505 (finished, to_server) = g.update(from_server)
2506 self.assertTrue(finished)
2507
2508 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
2509 auth_info = self.generate_auth(auth_type=auth_type,
2510 auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
2511 auth_context_id=auth_context_id,
2512 auth_blob="\x01"+"\x00"*15)
2513 req = self.generate_request(call_id = 3,
2514 context_id=ctx1.context_id,
2515 opnum=0,
2516 stub="",
2517 auth_info=auth_info)
2518 self.send_pdu(req)
2519 rep = self.recv_pdu()
2520 # We get a fault back
2521 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2522 auth_length=0)
2523 self.assertNotEquals(rep.u.alloc_hint, 0)
2524 self.assertEquals(rep.u.context_id, req.u.context_id)
2525 self.assertEquals(rep.u.cancel_count, 0)
2526 self.assertEquals(rep.u.flags, 0)
2527 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2528 self.assertEquals(rep.u.reserved, 0)
2529 self.assertEquals(len(rep.u.error_and_verifier), 0)
2530
2531 # wait for a disconnect
2532 rep = self.recv_pdu()
2533 self.assertIsNone(rep)
2534 self.assertNotConnected()
2535
2536 def test_spnego_unfinished_request(self):
2537 ndr32 = base.transfer_syntax_ndr()
2538
2539 tsf1_list = [ndr32]
2540 ctx1 = dcerpc.ctx_list()
2541 ctx1.context_id = 1
2542 ctx1.num_transfer_syntaxes = len(tsf1_list)
2543 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2544 ctx1.transfer_syntaxes = tsf1_list
2545 ctx_list = [ctx1]
2546
2547 c = Credentials()
2548 c.set_anonymous()
2549 g = gensec.Security.start_client(self.settings)
2550 g.set_credentials(c)
2551 g.want_feature(gensec.FEATURE_DCE_STYLE)
2552 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2553 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
2554 auth_context_id = 2
2555 g.start_mech_by_authtype(auth_type, auth_level)
2556 from_server = ""
2557 (finished, to_server) = g.update(from_server)
2558 self.assertFalse(finished)
2559
2560 auth_info = self.generate_auth(auth_type=auth_type,
2561 auth_level=auth_level,
2562 auth_context_id=auth_context_id,
2563 auth_blob=to_server)
2564
2565 req = self.generate_bind(call_id=0,
2566 ctx_list=ctx_list,
2567 auth_info=auth_info)
2568
2569 self.send_pdu(req)
2570 rep = self.recv_pdu()
2571 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2572 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2573 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2574 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2575 assoc_group_id = rep.u.assoc_group_id
2576 self.assertEquals(rep.u.secondary_address_size, 4)
2577 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
2578 self.assertEquals(len(rep.u._pad1), 2)
2579 self.assertEquals(rep.u._pad1, '\0' * 2)
2580 self.assertEquals(rep.u.num_results, 1)
2581 self.assertEquals(rep.u.ctx_list[0].result,
2582 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2583 self.assertEquals(rep.u.ctx_list[0].reason,
2584 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2585 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2586 self.assertNotEquals(len(rep.u.auth_info), 0)
2587 a = self.parse_auth(rep.u.auth_info)
2588
2589 from_server = a.credentials
2590 (finished, to_server) = g.update(from_server)
2591 self.assertFalse(finished)
2592
2593 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
2594 auth_info = self.generate_auth(auth_type=auth_type,
2595 auth_level=auth_level,
2596 auth_context_id=auth_context_id,
2597 auth_blob="\x01"+"\x00"*15)
2598 req = self.generate_request(call_id = 1,
2599 context_id=ctx1.context_id,
2600 opnum=0,
2601 stub="",
2602 auth_info=auth_info)
2603 self.send_pdu(req)
2604 rep = self.recv_pdu()
2605 # We get a fault
2606 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2607 pfc_flags=req.pfc_flags |
2608 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
2609 auth_length=0)
2610 self.assertNotEquals(rep.u.alloc_hint, 0)
2611 self.assertEquals(rep.u.context_id, 0)
2612 self.assertEquals(rep.u.cancel_count, 0)
2613 self.assertEquals(rep.u.flags, 0)
2614 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
2615 self.assertEquals(rep.u.reserved, 0)
2616 self.assertEquals(len(rep.u.error_and_verifier), 0)
2617
2618 # wait for a disconnect
2619 rep = self.recv_pdu()
2620 self.assertIsNone(rep)
2621 self.assertNotConnected()
2622
2623 def test_spnego_auth3(self):
2624 ndr32 = base.transfer_syntax_ndr()
2625
2626 tsf1_list = [ndr32]
2627 ctx1 = dcerpc.ctx_list()
2628 ctx1.context_id = 1
2629 ctx1.num_transfer_syntaxes = len(tsf1_list)
2630 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2631 ctx1.transfer_syntaxes = tsf1_list
2632 ctx_list = [ctx1]
2633
2634 c = Credentials()
2635 c.set_anonymous()
2636 g = gensec.Security.start_client(self.settings)
2637 g.set_credentials(c)
2638 g.want_feature(gensec.FEATURE_DCE_STYLE)
2639 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2640 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
2641 auth_context_id = 2
2642 g.start_mech_by_authtype(auth_type, auth_level)
2643 from_server = ""
2644 (finished, to_server) = g.update(from_server)
2645 self.assertFalse(finished)
2646
2647 auth_info = self.generate_auth(auth_type=auth_type,
2648 auth_level=auth_level,
2649 auth_context_id=auth_context_id,
2650 auth_blob=to_server)
2651 req = self.generate_bind(call_id=0,
2652 ctx_list=ctx_list,
2653 auth_info=auth_info)
2654 self.send_pdu(req)
2655 rep = self.recv_pdu()
2656 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2657 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2658 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2659 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2660 self.assertEquals(rep.u.secondary_address_size, 4)
2661 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
2662 self.assertEquals(len(rep.u._pad1), 2)
2663 #self.assertEquals(rep.u._pad1, '\0' * 2)
2664 self.assertEquals(rep.u.num_results, 1)
2665 self.assertEquals(rep.u.ctx_list[0].result,
2666 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2667 self.assertEquals(rep.u.ctx_list[0].reason,
2668 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2669 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2670 self.assertNotEquals(len(rep.u.auth_info), 0)
2671 a = self.parse_auth(rep.u.auth_info)
2672
2673 from_server = a.credentials
2674 (finished, to_server) = g.update(from_server)
2675 self.assertFalse(finished)
2676
2677 auth_info = self.generate_auth(auth_type=auth_type,
2678 auth_level=auth_level,
2679 auth_context_id=auth_context_id,
2680 auth_blob=to_server)
2681 req = self.generate_auth3(call_id=0,
2682 auth_info=auth_info)
2683 self.send_pdu(req)
2684 rep = self.recv_pdu()
2685 self.assertIsNone(rep)
2686 self.assertIsConnected()
2687
2688 # And now try a request without auth_info
2689 req = self.generate_request(call_id = 2,
2690 context_id=ctx1.context_id,
2691 opnum=0,
2692 stub="")
2693 self.send_pdu(req)
2694 rep = self.recv_pdu()
2695 # We get a fault back
2696 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2697 auth_length=0)
2698 self.assertNotEquals(rep.u.alloc_hint, 0)
2699 self.assertEquals(rep.u.context_id, req.u.context_id)
2700 self.assertEquals(rep.u.cancel_count, 0)
2701 self.assertEquals(rep.u.flags, 0)
2702 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2703 self.assertEquals(rep.u.reserved, 0)
2704 self.assertEquals(len(rep.u.error_and_verifier), 0)
2705
2706 # wait for a disconnect
2707 rep = self.recv_pdu()
2708 self.assertIsNone(rep)
2709 self.assertNotConnected()
2710
2711 def test_spnego_connect_reauth_alter(self):
2712 ndr32 = base.transfer_syntax_ndr()
2713 ndr64 = base.transfer_syntax_ndr64()
2714
2715 tsf1_list = [ndr32]
2716 ctx1 = dcerpc.ctx_list()
2717 ctx1.context_id = 1
2718 ctx1.num_transfer_syntaxes = len(tsf1_list)
2719 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2720 ctx1.transfer_syntaxes = tsf1_list
2721 ctx_list = [ctx1]
2722
2723 c = Credentials()
2724 c.set_anonymous()
2725 g = gensec.Security.start_client(self.settings)
2726 g.set_credentials(c)
2727 g.want_feature(gensec.FEATURE_DCE_STYLE)
2728 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2729 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
2730 auth_context_id = 2
2731 g.start_mech_by_authtype(auth_type, auth_level)
2732 from_server = ""
2733 (finished, to_server) = g.update(from_server)
2734 self.assertFalse(finished)
2735
2736 auth_info = self.generate_auth(auth_type=auth_type,
2737 auth_level=auth_level,
2738 auth_context_id=auth_context_id,
2739 auth_blob=to_server)
2740
2741 req = self.generate_bind(call_id=0,
2742 ctx_list=ctx_list,
2743 auth_info=auth_info)
2744
2745 self.send_pdu(req)
2746 rep = self.recv_pdu()
2747 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2748 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2749 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2750 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2751 self.assertEquals(rep.u.secondary_address_size, 4)
2752 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
2753 self.assertEquals(len(rep.u._pad1), 2)
2754 self.assertEquals(rep.u._pad1, '\0' * 2)
2755 self.assertEquals(rep.u.num_results, 1)
2756 self.assertEquals(rep.u.ctx_list[0].result,
2757 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2758 self.assertEquals(rep.u.ctx_list[0].reason,
2759 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2760 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2761 self.assertNotEquals(len(rep.u.auth_info), 0)
2762 a = self.parse_auth(rep.u.auth_info)
2763
2764 from_server = a.credentials
2765 (finished, to_server) = g.update(from_server)
2766 self.assertFalse(finished)
2767
2768 auth_info = self.generate_auth(auth_type=auth_type,
2769 auth_level=auth_level,
2770 auth_context_id=auth_context_id,
2771 auth_blob=to_server)
2772 req = self.generate_alter(call_id=0,
2773 ctx_list=[ctx1],
2774 assoc_group_id=rep.u.assoc_group_id,
2775 auth_info=auth_info)
2776 self.send_pdu(req)
2777 rep = self.recv_pdu()
2778 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
2779 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2780 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2781 self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2782 self.assertEquals(rep.u.secondary_address_size, 0)
2783 self.assertEquals(len(rep.u._pad1), 2)
2784 # Windows sends garbage
2785 #self.assertEquals(rep.u._pad1, '\0' * 2)
2786 self.assertEquals(rep.u.num_results, 1)
2787 self.assertEquals(rep.u.ctx_list[0].result,
2788 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2789 self.assertEquals(rep.u.ctx_list[0].reason,
2790 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2791 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2792 self.assertNotEquals(len(rep.u.auth_info), 0)
2793 a = self.parse_auth(rep.u.auth_info)
2794
2795 from_server = a.credentials
2796 (finished, to_server) = g.update(from_server)
2797 self.assertTrue(finished)
2798
2799 # And now try a request without auth_info
2800 req = self.generate_request(call_id = 2,
2801 context_id=ctx1.context_id,
2802 opnum=0,
2803 stub="")
2804 self.send_pdu(req)
2805 rep = self.recv_pdu()
2806 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2807 auth_length=0)
2808 self.assertNotEquals(rep.u.alloc_hint, 0)
2809 self.assertEquals(rep.u.context_id, req.u.context_id)
2810 self.assertEquals(rep.u.cancel_count, 0)
2811 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2812
2813 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
2814 auth_info = self.generate_auth(auth_type=auth_type,
2815 auth_level=auth_level,
2816 auth_context_id=auth_context_id,
2817 auth_blob="\x01"+"\x00"*15)
2818 req = self.generate_request(call_id = 3,
2819 context_id=ctx1.context_id,
2820 opnum=0,
2821 stub="",
2822 auth_info=auth_info)
2823 self.send_pdu(req)
2824 rep = self.recv_pdu()
2825 # We don't get an auth_info back
2826 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2827 auth_length=0)
2828 self.assertNotEquals(rep.u.alloc_hint, 0)
2829 self.assertEquals(rep.u.context_id, req.u.context_id)
2830 self.assertEquals(rep.u.cancel_count, 0)
2831 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2832
2833 # Now a reauth
2834
2835 g = gensec.Security.start_client(self.settings)
2836 g.set_credentials(c)
2837 g.want_feature(gensec.FEATURE_DCE_STYLE)
2838 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2839 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
2840 auth_context_id = 2
2841 g.start_mech_by_authtype(auth_type, auth_level)
2842 from_server = ""
2843 (finished, to_server) = g.update(from_server)
2844 self.assertFalse(finished)
2845
2846 auth_info = self.generate_auth(auth_type=auth_type,
2847 auth_level=auth_level,
2848 auth_context_id=auth_context_id,
2849 auth_blob=to_server)
2850 req = self.generate_alter(call_id=0,
2851 ctx_list=ctx_list,
2852 auth_info=auth_info)
2853 self.send_pdu(req)
2854 rep = self.recv_pdu()
2855 # We get a fault
2856 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
2857 pfc_flags=req.pfc_flags |
2858 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
2859 auth_length=0)
2860 self.assertNotEquals(rep.u.alloc_hint, 0)
2861 self.assertEquals(rep.u.context_id, 0)
2862 self.assertEquals(rep.u.cancel_count, 0)
2863 self.assertEquals(rep.u.flags, 0)
2864 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
2865 self.assertEquals(rep.u.reserved, 0)
2866 self.assertEquals(len(rep.u.error_and_verifier), 0)
2867
2868 # wait for a disconnect
2869 rep = self.recv_pdu()
2870 self.assertIsNone(rep)
2871 self.assertNotConnected()
2872
2873 def test_spnego_connect_reauth_auth3(self):
2874 ndr32 = base.transfer_syntax_ndr()
2875 ndr64 = base.transfer_syntax_ndr64()
2876
2877 tsf1_list = [ndr32]
2878 ctx1 = dcerpc.ctx_list()
2879 ctx1.context_id = 1
2880 ctx1.num_transfer_syntaxes = len(tsf1_list)
2881 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2882 ctx1.transfer_syntaxes = tsf1_list
2883 ctx_list = [ctx1]
2884
2885 c = Credentials()
2886 c.set_anonymous()
2887 g = gensec.Security.start_client(self.settings)
2888 g.set_credentials(c)
2889 g.want_feature(gensec.FEATURE_DCE_STYLE)
2890 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
2891 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
2892 auth_context_id = 2
2893 g.start_mech_by_authtype(auth_type, auth_level)
2894 from_server = ""
2895 (finished, to_server) = g.update(from_server)
2896 self.assertFalse(finished)
2897
2898 auth_info = self.generate_auth(auth_type=auth_type,
2899 auth_level=auth_level,
2900 auth_context_id=auth_context_id,
2901 auth_blob=to_server)
2902
2903 req = self.generate_bind(call_id=0,
2904 ctx_list=ctx_list,
2905 auth_info=auth_info)
2906
2907 self.send_pdu(req)
2908 rep = self.recv_pdu()
2909 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
2910 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2911 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2912 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2913 self.assertEquals(rep.u.secondary_address_size, 4)
2914 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
2915 self.assertEquals(len(rep.u._pad1), 2)
2916 self.assertEquals(rep.u._pad1, '\0' * 2)
2917 self.assertEquals(rep.u.num_results, 1)
2918 self.assertEquals(rep.u.ctx_list[0].result,
2919 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2920 self.assertEquals(rep.u.ctx_list[0].reason,
2921 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2922 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2923 self.assertNotEquals(len(rep.u.auth_info), 0)
2924 a = self.parse_auth(rep.u.auth_info)
2925
2926 from_server = a.credentials
2927 (finished, to_server) = g.update(from_server)
2928 self.assertFalse(finished)
2929
2930 auth_info = self.generate_auth(auth_type=auth_type,
2931 auth_level=auth_level,
2932 auth_context_id=auth_context_id,
2933 auth_blob=to_server)
2934 req = self.generate_alter(call_id=0,
2935 ctx_list=[ctx1],
2936 assoc_group_id=rep.u.assoc_group_id,
2937 auth_info=auth_info)
2938 self.send_pdu(req)
2939 rep = self.recv_pdu()
2940 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
2941 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
2942 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
2943 self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
2944 self.assertEquals(rep.u.secondary_address_size, 0)
2945 self.assertEquals(len(rep.u._pad1), 2)
2946 # Windows sends garbage
2947 #self.assertEquals(rep.u._pad1, '\0' * 2)
2948 self.assertEquals(rep.u.num_results, 1)
2949 self.assertEquals(rep.u.ctx_list[0].result,
2950 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2951 self.assertEquals(rep.u.ctx_list[0].reason,
2952 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2953 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2954 self.assertNotEquals(len(rep.u.auth_info), 0)
2955 a = self.parse_auth(rep.u.auth_info)
2956
2957 from_server = a.credentials
2958 (finished, to_server) = g.update(from_server)
2959 self.assertTrue(finished)
2960
2961 # And now try a request without auth_info
2962 req = self.generate_request(call_id = 2,
2963 context_id=ctx1.context_id,
2964 opnum=0,
2965 stub="")
2966 self.send_pdu(req)
2967 rep = self.recv_pdu()
2968 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2969 auth_length=0)
2970 self.assertNotEquals(rep.u.alloc_hint, 0)
2971 self.assertEquals(rep.u.context_id, req.u.context_id)
2972 self.assertEquals(rep.u.cancel_count, 0)
2973 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2974
2975 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
2976 auth_info = self.generate_auth(auth_type=auth_type,
2977 auth_level=auth_level,
2978 auth_context_id=auth_context_id,
2979 auth_blob="\x01"+"\x00"*15)
2980 req = self.generate_request(call_id = 3,
2981 context_id=ctx1.context_id,
2982 opnum=0,
2983 stub="",
2984 auth_info=auth_info)
2985 self.send_pdu(req)
2986 rep = self.recv_pdu()
2987 # We don't get an auth_info back
2988 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
2989 auth_length=0)
2990 self.assertNotEquals(rep.u.alloc_hint, 0)
2991 self.assertEquals(rep.u.context_id, req.u.context_id)
2992 self.assertEquals(rep.u.cancel_count, 0)
2993 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
2994
2995 # Now a reauth
2996
2997 g = gensec.Security.start_client(self.settings)
2998 g.set_credentials(c)
2999 g.want_feature(gensec.FEATURE_DCE_STYLE)
3000 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3001 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3002 auth_context_id = 2
3003 g.start_mech_by_authtype(auth_type, auth_level)
3004 from_server = ""
3005 (finished, to_server) = g.update(from_server)
3006 self.assertFalse(finished)
3007
3008 auth_info = self.generate_auth(auth_type=auth_type,
3009 auth_level=auth_level,
3010 auth_context_id=auth_context_id,
3011 auth_blob=to_server)
3012 req = self.generate_auth3(call_id=0,
3013 auth_info=auth_info)
3014 self.send_pdu(req)
3015 rep = self.recv_pdu()
3016 # We get a fault
3017 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3018 pfc_flags=req.pfc_flags |
3019 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3020 auth_length=0)
3021 self.assertNotEquals(rep.u.alloc_hint, 0)
3022 self.assertEquals(rep.u.context_id, 0)
3023 self.assertEquals(rep.u.cancel_count, 0)
3024 self.assertEquals(rep.u.flags, 0)
3025 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
3026 self.assertEquals(rep.u.reserved, 0)
3027 self.assertEquals(len(rep.u.error_and_verifier), 0)
3028
3029 # wait for a disconnect
3030 rep = self.recv_pdu()
3031 self.assertIsNone(rep)
3032 self.assertNotConnected()
3033
3034 def test_spnego_change_auth_level(self):
3035 ndr32 = base.transfer_syntax_ndr()
3036
3037 tsf1_list = [ndr32]
3038 ctx1 = dcerpc.ctx_list()
3039 ctx1.context_id = 1
3040 ctx1.num_transfer_syntaxes = len(tsf1_list)
3041 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3042 ctx1.transfer_syntaxes = tsf1_list
3043
3044 c = Credentials()
3045 c.set_anonymous()
3046 g = gensec.Security.start_client(self.settings)
3047 g.set_credentials(c)
3048 g.want_feature(gensec.FEATURE_DCE_STYLE)
3049 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3050 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3051 auth_context_id = 2
3052 g.start_mech_by_authtype(auth_type, auth_level)
3053 from_server = ""
3054 (finished, to_server) = g.update(from_server)
3055 self.assertFalse(finished)
3056
3057 auth_info = self.generate_auth(auth_type=auth_type,
3058 auth_level=auth_level,
3059 auth_context_id=auth_context_id,
3060 auth_blob=to_server)
3061 req = self.generate_bind(call_id=0,
3062 ctx_list=[ctx1],
3063 auth_info=auth_info)
3064 self.send_pdu(req)
3065 rep = self.recv_pdu()
3066 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3067 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3068 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3069 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3070 self.assertEquals(rep.u.secondary_address_size, 4)
3071 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3072 self.assertEquals(len(rep.u._pad1), 2)
3073 self.assertEquals(rep.u._pad1, '\0' * 2)
3074 self.assertEquals(rep.u.num_results, 1)
3075 self.assertEquals(rep.u.ctx_list[0].result,
3076 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3077 self.assertEquals(rep.u.ctx_list[0].reason,
3078 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3079 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3080 self.assertNotEquals(len(rep.u.auth_info), 0)
3081 a = self.parse_auth(rep.u.auth_info)
3082
3083 from_server = a.credentials
3084 (finished, to_server) = g.update(from_server)
3085 self.assertFalse(finished)
3086
3087 auth_info = self.generate_auth(auth_type=auth_type,
3088 auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
3089 auth_context_id=auth_context_id,
3090 auth_blob=to_server)
3091 req = self.generate_alter(call_id=0,
3092 ctx_list=[ctx1],
3093 assoc_group_id=rep.u.assoc_group_id,
3094 auth_info=auth_info)
3095 self.send_pdu(req)
3096 rep = self.recv_pdu()
3097 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3098 pfc_flags=req.pfc_flags |
3099 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3100 auth_length=0)
3101 self.assertNotEquals(rep.u.alloc_hint, 0)
3102 self.assertEquals(rep.u.context_id, 0)
3103 self.assertEquals(rep.u.cancel_count, 0)
3104 self.assertEquals(rep.u.flags, 0)
3105 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
3106 self.assertEquals(rep.u.reserved, 0)
3107 self.assertEquals(len(rep.u.error_and_verifier), 0)
3108
3109 # wait for a disconnect
3110 rep = self.recv_pdu()
3111 self.assertIsNone(rep)
3112 self.assertNotConnected()
3113
3114 def test_spnego_change_abstract(self):
3115 ndr32 = base.transfer_syntax_ndr()
3116
3117 tsf1_list = [ndr32]
3118 ctx1 = dcerpc.ctx_list()
3119 ctx1.context_id = 1
3120 ctx1.num_transfer_syntaxes = len(tsf1_list)
3121 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3122 ctx1.transfer_syntaxes = tsf1_list
3123
3124 ctx1b = dcerpc.ctx_list()
3125 ctx1b.context_id = 1
3126 ctx1b.num_transfer_syntaxes = len(tsf1_list)
3127 ctx1b.abstract_syntax = samba.dcerpc.epmapper.abstract_syntax()
3128 ctx1b.transfer_syntaxes = tsf1_list
3129
3130 c = Credentials()
3131 c.set_anonymous()
3132 g = gensec.Security.start_client(self.settings)
3133 g.set_credentials(c)
3134 g.want_feature(gensec.FEATURE_DCE_STYLE)
3135 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3136 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3137 auth_context_id = 2
3138 g.start_mech_by_authtype(auth_type, auth_level)
3139 from_server = ""
3140 (finished, to_server) = g.update(from_server)
3141 self.assertFalse(finished)
3142
3143 auth_info = self.generate_auth(auth_type=auth_type,
3144 auth_level=auth_level,
3145 auth_context_id=auth_context_id,
3146 auth_blob=to_server)
3147 req = self.generate_bind(call_id=0,
3148 ctx_list=[ctx1],
3149 auth_info=auth_info)
3150 self.send_pdu(req)
3151 rep = self.recv_pdu()
3152 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3153 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3154 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3155 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3156 self.assertEquals(rep.u.secondary_address_size, 4)
3157 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3158 self.assertEquals(len(rep.u._pad1), 2)
3159 #self.assertEquals(rep.u._pad1, '\0' * 2)
3160 self.assertEquals(rep.u.num_results, 1)
3161 self.assertEquals(rep.u.ctx_list[0].result,
3162 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3163 self.assertEquals(rep.u.ctx_list[0].reason,
3164 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3165 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3166 self.assertNotEquals(len(rep.u.auth_info), 0)
3167 a = self.parse_auth(rep.u.auth_info)
3168
3169 from_server = a.credentials
3170 (finished, to_server) = g.update(from_server)
3171 self.assertFalse(finished)
3172
3173 auth_info = self.generate_auth(auth_type=auth_type,
3174 auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
3175 auth_context_id=auth_context_id,
3176 auth_blob=to_server)
3177 req = self.generate_alter(call_id=0,
3178 ctx_list=[ctx1b],
3179 assoc_group_id=rep.u.assoc_group_id,
3180 auth_info=auth_info)
3181 self.send_pdu(req)
3182 rep = self.recv_pdu()
3183 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3184 pfc_flags=req.pfc_flags |
3185 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3186 auth_length=0)
3187 self.assertNotEquals(rep.u.alloc_hint, 0)
3188 self.assertEquals(rep.u.context_id, 0)
3189 self.assertEquals(rep.u.cancel_count, 0)
3190 self.assertEquals(rep.u.flags, 0)
3191 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
3192 self.assertEquals(rep.u.reserved, 0)
3193 self.assertEquals(len(rep.u.error_and_verifier), 0)
3194
3195 # wait for a disconnect
3196 rep = self.recv_pdu()
3197 self.assertIsNone(rep)
3198 self.assertNotConnected()
3199
3200 def test_spnego_change_transfer(self):
3201 ndr32 = base.transfer_syntax_ndr()
3202 ndr64 = base.transfer_syntax_ndr64()
3203
3204 tsf1_list = [ndr32]
3205 ctx1 = dcerpc.ctx_list()
3206 ctx1.context_id = 1
3207 ctx1.num_transfer_syntaxes = len(tsf1_list)
3208 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3209 ctx1.transfer_syntaxes = tsf1_list
3210
3211 tsf1b_list = [ndr32,ndr64]
3212 ctx1b = dcerpc.ctx_list()
3213 ctx1b.context_id = 1
3214 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
3215 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3216 ctx1b.transfer_syntaxes = tsf1b_list
3217
3218 c = Credentials()
3219 c.set_anonymous()
3220 g = gensec.Security.start_client(self.settings)
3221 g.set_credentials(c)
3222 g.want_feature(gensec.FEATURE_DCE_STYLE)
3223 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3224 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3225 auth_context_id = 2
3226 g.start_mech_by_authtype(auth_type, auth_level)
3227 from_server = ""
3228 (finished, to_server) = g.update(from_server)
3229 self.assertFalse(finished)
3230
3231 auth_info = self.generate_auth(auth_type=auth_type,
3232 auth_level=auth_level,
3233 auth_context_id=auth_context_id,
3234 auth_blob=to_server)
3235 req = self.generate_bind(call_id=0,
3236 ctx_list=[ctx1],
3237 auth_info=auth_info)
3238 self.send_pdu(req)
3239 rep = self.recv_pdu()
3240 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3241 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3242 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3243 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3244 self.assertEquals(rep.u.secondary_address_size, 4)
3245 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3246 self.assertEquals(len(rep.u._pad1), 2)
3247 #self.assertEquals(rep.u._pad1, '\0' * 2)
3248 self.assertEquals(rep.u.num_results, 1)
3249 self.assertEquals(rep.u.ctx_list[0].result,
3250 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3251 self.assertEquals(rep.u.ctx_list[0].reason,
3252 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3253 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3254 self.assertNotEquals(len(rep.u.auth_info), 0)
3255 a = self.parse_auth(rep.u.auth_info)
3256
3257 from_server = a.credentials
3258 (finished, to_server) = g.update(from_server)
3259 self.assertFalse(finished)
3260
3261 # We change ctx_list and auth_level
3262 auth_info = self.generate_auth(auth_type=auth_type,
3263 auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
3264 auth_context_id=auth_context_id,
3265 auth_blob=to_server)
3266 req = self.generate_alter(call_id=0,
3267 ctx_list=[ctx1b],
3268 assoc_group_id=rep.u.assoc_group_id,
3269 auth_info=auth_info)
3270 self.send_pdu(req)
3271 rep = self.recv_pdu()
3272 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3273 pfc_flags=req.pfc_flags |
3274 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3275 auth_length=0)
3276 self.assertNotEquals(rep.u.alloc_hint, 0)
3277 self.assertEquals(rep.u.context_id, 0)
3278 self.assertEquals(rep.u.cancel_count, 0)
3279 self.assertEquals(rep.u.flags, 0)
3280 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
3281 self.assertEquals(rep.u.reserved, 0)
3282 self.assertEquals(len(rep.u.error_and_verifier), 0)
3283
3284 # wait for a disconnect
3285 rep = self.recv_pdu()
3286 self.assertIsNone(rep)
3287 self.assertNotConnected()
3288
3289 def test_spnego_change_auth_type1(self):
3290 ndr32 = base.transfer_syntax_ndr()
3291 ndr64 = base.transfer_syntax_ndr64()
3292
3293 tsf1_list = [ndr32]
3294 ctx1 = dcerpc.ctx_list()
3295 ctx1.context_id = 1
3296 ctx1.num_transfer_syntaxes = len(tsf1_list)
3297 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3298 ctx1.transfer_syntaxes = tsf1_list
3299
3300 c = Credentials()
3301 c.set_anonymous()
3302 g = gensec.Security.start_client(self.settings)
3303 g.set_credentials(c)
3304 g.want_feature(gensec.FEATURE_DCE_STYLE)
3305 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3306 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3307 auth_context_id = 2
3308 g.start_mech_by_authtype(auth_type, auth_level)
3309 from_server = ""
3310 (finished, to_server) = g.update(from_server)
3311 self.assertFalse(finished)
3312
3313 auth_info = self.generate_auth(auth_type=auth_type,
3314 auth_level=auth_level,
3315 auth_context_id=auth_context_id,
3316 auth_blob=to_server)
3317 req = self.generate_bind(call_id=0,
3318 ctx_list=[ctx1],
3319 auth_info=auth_info)
3320 self.send_pdu(req)
3321 rep = self.recv_pdu()
3322 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3323 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3324 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3325 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3326 self.assertEquals(rep.u.secondary_address_size, 4)
3327 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3328 self.assertEquals(len(rep.u._pad1), 2)
3329 #self.assertEquals(rep.u._pad1, '\0' * 2)
3330 self.assertEquals(rep.u.num_results, 1)
3331 self.assertEquals(rep.u.ctx_list[0].result,
3332 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3333 self.assertEquals(rep.u.ctx_list[0].reason,
3334 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3335 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3336 self.assertNotEquals(len(rep.u.auth_info), 0)
3337 a = self.parse_auth(rep.u.auth_info)
3338
3339 from_server = a.credentials
3340 (finished, to_server) = g.update(from_server)
3341 self.assertFalse(finished)
3342
3343 # We change ctx_list and auth_level
3344 auth_info = self.generate_auth(auth_type=dcerpc.DCERPC_AUTH_TYPE_KRB5,
3345 auth_level=auth_level,
3346 auth_context_id=auth_context_id,
3347 auth_blob=to_server)
3348 req = self.generate_alter(call_id=0,
3349 ctx_list=[ctx1],
3350 assoc_group_id=rep.u.assoc_group_id,
3351 auth_info=auth_info)
3352 self.send_pdu(req)
3353 rep = self.recv_pdu()
3354 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3355 pfc_flags=req.pfc_flags |
3356 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3357 auth_length=0)
3358 self.assertNotEquals(rep.u.alloc_hint, 0)
3359 self.assertEquals(rep.u.context_id, 0)
3360 self.assertEquals(rep.u.cancel_count, 0)
3361 self.assertEquals(rep.u.flags, 0)
3362 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
3363 self.assertEquals(rep.u.reserved, 0)
3364 self.assertEquals(len(rep.u.error_and_verifier), 0)
3365
3366 # wait for a disconnect
3367 rep = self.recv_pdu()
3368 self.assertIsNone(rep)
3369 self.assertNotConnected()
3370
3371 def test_spnego_change_auth_type2(self):
3372 ndr32 = base.transfer_syntax_ndr()
3373 ndr64 = base.transfer_syntax_ndr64()
3374
3375 tsf1_list = [ndr32]
3376 ctx1 = dcerpc.ctx_list()
3377 ctx1.context_id = 1
3378 ctx1.num_transfer_syntaxes = len(tsf1_list)
3379 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3380 ctx1.transfer_syntaxes = tsf1_list
3381
3382 tsf1b_list = [ndr32,ndr64]
3383 ctx1b = dcerpc.ctx_list()
3384 ctx1b.context_id = 1
3385 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
3386 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3387 ctx1b.transfer_syntaxes = tsf1b_list
3388
3389 c = Credentials()
3390 c.set_anonymous()
3391 g = gensec.Security.start_client(self.settings)
3392 g.set_credentials(c)
3393 g.want_feature(gensec.FEATURE_DCE_STYLE)
3394 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3395 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3396 auth_context_id = 2
3397 g.start_mech_by_authtype(auth_type, auth_level)
3398 from_server = ""
3399 (finished, to_server) = g.update(from_server)
3400 self.assertFalse(finished)
3401
3402 auth_info = self.generate_auth(auth_type=auth_type,
3403 auth_level=auth_level,
3404 auth_context_id=auth_context_id,
3405 auth_blob=to_server)
3406 req = self.generate_bind(call_id=0,
3407 ctx_list=[ctx1],
3408 auth_info=auth_info)
3409 self.send_pdu(req)
3410 rep = self.recv_pdu()
3411 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3412 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3413 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3414 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3415 self.assertEquals(rep.u.secondary_address_size, 4)
3416 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3417 self.assertEquals(len(rep.u._pad1), 2)
3418 #self.assertEquals(rep.u._pad1, '\0' * 2)
3419 self.assertEquals(rep.u.num_results, 1)
3420 self.assertEquals(rep.u.ctx_list[0].result,
3421 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3422 self.assertEquals(rep.u.ctx_list[0].reason,
3423 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3424 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3425 self.assertNotEquals(len(rep.u.auth_info), 0)
3426 a = self.parse_auth(rep.u.auth_info)
3427
3428 from_server = a.credentials
3429 (finished, to_server) = g.update(from_server)
3430 self.assertFalse(finished)
3431
3432 # We change ctx_list and auth_level
3433 auth_info = self.generate_auth(auth_type=dcerpc.DCERPC_AUTH_TYPE_KRB5,
3434 auth_level=auth_level,
3435 auth_context_id=auth_context_id,
3436 auth_blob=to_server)
3437 req = self.generate_alter(call_id=0,
3438 ctx_list=[ctx1b],
3439 assoc_group_id=rep.u.assoc_group_id,
3440 auth_info=auth_info)
3441 self.send_pdu(req)
3442 rep = self.recv_pdu()
3443 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3444 pfc_flags=req.pfc_flags |
3445 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3446 auth_length=0)
3447 self.assertNotEquals(rep.u.alloc_hint, 0)
3448 self.assertEquals(rep.u.context_id, 0)
3449 self.assertEquals(rep.u.cancel_count, 0)
3450 self.assertEquals(rep.u.flags, 0)
3451 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
3452 self.assertEquals(rep.u.reserved, 0)
3453 self.assertEquals(len(rep.u.error_and_verifier), 0)
3454
3455 # wait for a disconnect
3456 rep = self.recv_pdu()
3457 self.assertIsNone(rep)
3458 self.assertNotConnected()
3459
3460 def test_spnego_change_auth_type3(self):
3461 ndr32 = base.transfer_syntax_ndr()
3462 ndr64 = base.transfer_syntax_ndr64()
3463
3464 tsf1_list = [ndr32]
3465 ctx1 = dcerpc.ctx_list()
3466 ctx1.context_id = 1
3467 ctx1.num_transfer_syntaxes = len(tsf1_list)
3468 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3469 ctx1.transfer_syntaxes = tsf1_list
3470
3471 tsf1b_list = [ndr32,ndr64]
3472 ctx1b = dcerpc.ctx_list()
3473 ctx1b.context_id = 1
3474 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
3475 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3476 ctx1b.transfer_syntaxes = tsf1b_list
3477
3478 c = Credentials()
3479 c.set_anonymous()
3480 g = gensec.Security.start_client(self.settings)
3481 g.set_credentials(c)
3482 g.want_feature(gensec.FEATURE_DCE_STYLE)
3483 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3484 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
3485 auth_context_id = 2
3486 g.start_mech_by_authtype(auth_type, auth_level)
3487 from_server = ""
3488 (finished, to_server) = g.update(from_server)
3489 self.assertFalse(finished)
3490
3491 auth_info = self.generate_auth(auth_type=auth_type,
3492 auth_level=auth_level,
3493 auth_context_id=auth_context_id,
3494 auth_blob=to_server)
3495 req = self.generate_bind(call_id=0,
3496 ctx_list=[ctx1],
3497 auth_info=auth_info)
3498 self.send_pdu(req)
3499 rep = self.recv_pdu()
3500 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3501 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3502 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3503 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3504 self.assertEquals(rep.u.secondary_address_size, 4)
3505 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3506 self.assertEquals(len(rep.u._pad1), 2)
3507 #self.assertEquals(rep.u._pad1, '\0' * 2)
3508 self.assertEquals(rep.u.num_results, 1)
3509 self.assertEquals(rep.u.ctx_list[0].result,
3510 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3511 self.assertEquals(rep.u.ctx_list[0].reason,
3512 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3513 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3514 self.assertNotEquals(len(rep.u.auth_info), 0)
3515 a = self.parse_auth(rep.u.auth_info)
3516
3517 from_server = a.credentials
3518 (finished, to_server) = g.update(from_server)
3519 self.assertFalse(finished)
3520
3521 # We change ctx_list and auth_level
3522 auth_info = self.generate_auth(auth_type=dcerpc.DCERPC_AUTH_TYPE_NONE,
3523 auth_level=auth_level,
3524 auth_context_id=auth_context_id,
3525 auth_blob=to_server)
3526 req = self.generate_alter(call_id=0,
3527 ctx_list=[ctx1b],
3528 assoc_group_id=rep.u.assoc_group_id,
3529 auth_info=auth_info)
3530 self.send_pdu(req)
3531 rep = self.recv_pdu()
3532 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3533 pfc_flags=req.pfc_flags |
3534 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3535 auth_length=0)
3536 self.assertNotEquals(rep.u.alloc_hint, 0)
3537 self.assertEquals(rep.u.context_id, 0)
3538 self.assertEquals(rep.u.cancel_count, 0)
3539 self.assertEquals(rep.u.flags, 0)
3540 self.assertEquals(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
3541 self.assertEquals(rep.u.reserved, 0)
3542 self.assertEquals(len(rep.u.error_and_verifier), 0)
3543
3544 # wait for a disconnect
3545 rep = self.recv_pdu()
3546 self.assertIsNone(rep)
3547 self.assertNotConnected()
3548
3549 def test_spnego_auth_pad_ok(self):
3550 ndr32 = base.transfer_syntax_ndr()
3551
3552 tsf1_list = [ndr32]
3553 ctx1 = dcerpc.ctx_list()
3554 ctx1.context_id = 1
3555 ctx1.num_transfer_syntaxes = len(tsf1_list)
3556 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3557 ctx1.transfer_syntaxes = tsf1_list
3558 ctx_list = [ctx1]
3559
3560 c = Credentials()
3561 c.set_anonymous()
3562 g = gensec.Security.start_client(self.settings)
3563 g.set_credentials(c)
3564 g.want_feature(gensec.FEATURE_DCE_STYLE)
3565 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3566 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3567 auth_context_id = 2
3568 g.start_mech_by_authtype(auth_type, auth_level)
3569 from_server = ""
3570 (finished, to_server) = g.update(from_server)
3571 self.assertFalse(finished)
3572
3573 auth_info = self.generate_auth(auth_type=auth_type,
3574 auth_level=auth_level,
3575 auth_context_id=auth_context_id,
3576 auth_blob=to_server)
3577
3578 req = self.generate_bind(call_id=0,
3579 ctx_list=ctx_list,
3580 auth_info=auth_info)
3581 req_pdu = samba.ndr.ndr_pack(req)
3582
3583 auth_pad_ok = len(req_pdu)
3584 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
3585 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
3586 auth_pad_ok -= len(to_server)
3587
3588 auth_info = self.generate_auth(auth_type=auth_type,
3589 auth_level=auth_level,
3590 auth_context_id=auth_context_id,
3591 auth_pad_length=auth_pad_ok,
3592 auth_blob=to_server)
3593
3594 req = self.generate_bind(call_id=0,
3595 ctx_list=ctx_list,
3596 auth_info=auth_info)
3597 self.send_pdu(req)
3598 rep = self.recv_pdu()
3599 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3600 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3601 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3602 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3603 self.assertEquals(rep.u.secondary_address_size, 4)
3604 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3605 self.assertEquals(len(rep.u._pad1), 2)
3606 #self.assertEquals(rep.u._pad1, '\0' * 2)
3607 self.assertEquals(rep.u.num_results, 1)
3608 self.assertEquals(rep.u.ctx_list[0].result,
3609 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3610 self.assertEquals(rep.u.ctx_list[0].reason,
3611 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3612 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3613 self.assertNotEquals(len(rep.u.auth_info), 0)
3614 a = self.parse_auth(rep.u.auth_info)
3615
3616 from_server = a.credentials
3617 (finished, to_server) = g.update(from_server)
3618 self.assertFalse(finished)
3619
3620 auth_info = self.generate_auth(auth_type=auth_type,
3621 auth_level=auth_level,
3622 auth_context_id=auth_context_id,
3623 auth_blob=to_server)
3624 req = self.generate_alter(call_id=0,
3625 ctx_list=ctx_list,
3626 assoc_group_id=rep.u.assoc_group_id,
3627 auth_info=auth_info)
3628 req_pdu = samba.ndr.ndr_pack(req)
3629
3630 auth_pad_ok = len(req_pdu)
3631 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
3632 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
3633 auth_pad_ok -= len(to_server)
3634 auth_info = self.generate_auth(auth_type=auth_type,
3635 auth_level=auth_level,
3636 auth_context_id=auth_context_id,
3637 auth_pad_length=auth_pad_ok,
3638 auth_blob=to_server)
3639 req = self.generate_alter(call_id=0,
3640 ctx_list=ctx_list,
3641 assoc_group_id=rep.u.assoc_group_id,
3642 auth_info=auth_info)
3643 self.send_pdu(req)
3644 rep = self.recv_pdu()
3645 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
3646 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3647 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3648 self.assertEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3649 self.assertEquals(rep.u.secondary_address_size, 0)
3650 self.assertEquals(len(rep.u._pad1), 2)
3651 # Windows sends garbage
3652 #self.assertEquals(rep.u._pad1, '\0' * 2)
3653 self.assertEquals(rep.u.num_results, 1)
3654 self.assertEquals(rep.u.ctx_list[0].result,
3655 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3656 self.assertEquals(rep.u.ctx_list[0].reason,
3657 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3658 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3659 self.assertNotEquals(len(rep.u.auth_info), 0)
3660 a = self.parse_auth(rep.u.auth_info)
3661
3662 from_server = a.credentials
3663 (finished, to_server) = g.update(from_server)
3664 self.assertTrue(finished)
3665
3666 # And now try a request without auth_info
3667 req = self.generate_request(call_id = 2,
3668 context_id=ctx1.context_id,
3669 opnum=0,
3670 stub="")
3671 self.send_pdu(req)
3672 rep = self.recv_pdu()
3673 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3674 auth_length=0)
3675 self.assertNotEquals(rep.u.alloc_hint, 0)
3676 self.assertEquals(rep.u.context_id, req.u.context_id)
3677 self.assertEquals(rep.u.cancel_count, 0)
3678 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3679
3680 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
3681 auth_info = self.generate_auth(auth_type=auth_type,
3682 auth_level=auth_level,
3683 auth_context_id=auth_context_id,
3684 auth_blob="\x01"+"\x00"*15)
3685 req = self.generate_request(call_id = 3,
3686 context_id=ctx1.context_id,
3687 opnum=0,
3688 stub="",
3689 auth_info=auth_info)
3690 self.send_pdu(req)
3691 rep = self.recv_pdu()
3692 # We don't get an auth_info back
3693 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3694 auth_length=0)
3695 self.assertNotEquals(rep.u.alloc_hint, 0)
3696 self.assertEquals(rep.u.context_id, req.u.context_id)
3697 self.assertEquals(rep.u.cancel_count, 0)
3698 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3699
3700 self._disconnect("disconnect")
3701 self.assertNotConnected()
3702
3703 def test_spnego_auth_pad_fail_bind(self):
3704 ndr32 = base.transfer_syntax_ndr()
3705
3706 tsf1_list = [ndr32]
3707 ctx1 = dcerpc.ctx_list()
3708 ctx1.context_id = 1
3709 ctx1.num_transfer_syntaxes = len(tsf1_list)
3710 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3711 ctx1.transfer_syntaxes = tsf1_list
3712 ctx_list = [ctx1]
3713
3714 c = Credentials()
3715 c.set_anonymous()
3716 g = gensec.Security.start_client(self.settings)
3717 g.set_credentials(c)
3718 g.want_feature(gensec.FEATURE_DCE_STYLE)
3719 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3720 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3721 auth_context_id = 2
3722 g.start_mech_by_authtype(auth_type, auth_level)
3723 from_server = ""
3724 (finished, to_server) = g.update(from_server)
3725 self.assertFalse(finished)
3726
3727 auth_info = self.generate_auth(auth_type=auth_type,
3728 auth_level=auth_level,
3729 auth_context_id=auth_context_id,
3730 auth_blob=to_server)
3731
3732 req = self.generate_bind(call_id=0,
3733 ctx_list=ctx_list,
3734 auth_info=auth_info)
3735 req_pdu = samba.ndr.ndr_pack(req)
3736
3737 auth_pad_ok = len(req_pdu)
3738 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
3739 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
3740 auth_pad_ok -= len(to_server)
3741 auth_pad_bad = auth_pad_ok + 1
3742 auth_info = self.generate_auth(auth_type=auth_type,
3743 auth_level=auth_level,
3744 auth_context_id=auth_context_id,
3745 auth_pad_length=auth_pad_bad,
3746 auth_blob=to_server)
3747
3748 req = self.generate_bind(call_id=0,
3749 ctx_list=ctx_list,
3750 auth_info=auth_info)
3751 self.send_pdu(req)
3752 rep = self.recv_pdu()
3753 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
3754 auth_length=0)
3755 self.assertEquals(rep.u.reject_reason,
3756 dcerpc.DCERPC_BIND_NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED)
3757 self.assertEquals(rep.u.num_versions, 1)
3758 self.assertEquals(rep.u.versions[0].rpc_vers, req.rpc_vers)
3759 self.assertEquals(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
3760 self.assertEquals(len(rep.u._pad), 3)
3761 self.assertEquals(rep.u._pad, '\0' * 3)
3762
3763 # wait for a disconnect
3764 rep = self.recv_pdu()
3765 self.assertIsNone(rep)
3766 self.assertNotConnected()
3767
3768 def test_spnego_auth_pad_fail_alter(self):
3769 ndr32 = base.transfer_syntax_ndr()
3770
3771 tsf1_list = [ndr32]
3772 ctx1 = dcerpc.ctx_list()
3773 ctx1.context_id = 1
3774 ctx1.num_transfer_syntaxes = len(tsf1_list)
3775 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3776 ctx1.transfer_syntaxes = tsf1_list
3777 ctx_list = [ctx1]
3778
3779 c = Credentials()
3780 c.set_anonymous()
3781 g = gensec.Security.start_client(self.settings)
3782 g.set_credentials(c)
3783 g.want_feature(gensec.FEATURE_DCE_STYLE)
3784 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3785 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3786 auth_context_id = 2
3787 g.start_mech_by_authtype(auth_type, auth_level)
3788 from_server = ""
3789 (finished, to_server) = g.update(from_server)
3790 self.assertFalse(finished)
3791
3792 auth_info = self.generate_auth(auth_type=auth_type,
3793 auth_level=auth_level,
3794 auth_context_id=auth_context_id,
3795 auth_blob=to_server)
3796
3797 req = self.generate_bind(call_id=0,
3798 ctx_list=ctx_list,
3799 auth_info=auth_info)
3800 req_pdu = samba.ndr.ndr_pack(req)
3801
3802 auth_pad_ok = len(req_pdu)
3803 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
3804 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
3805 auth_pad_ok -= len(to_server)
3806
3807 auth_info = self.generate_auth(auth_type=auth_type,
3808 auth_level=auth_level,
3809 auth_context_id=auth_context_id,
3810 auth_pad_length=auth_pad_ok,
3811 auth_blob=to_server)
3812
3813 req = self.generate_bind(call_id=0,
3814 ctx_list=ctx_list,
3815 auth_info=auth_info)
3816 self.send_pdu(req)
3817 rep = self.recv_pdu()
3818 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3819 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3820 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3821 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3822 self.assertEquals(rep.u.secondary_address_size, 4)
3823 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3824 self.assertEquals(len(rep.u._pad1), 2)
3825 #self.assertEquals(rep.u._pad1, '\0' * 2)
3826 self.assertEquals(rep.u.num_results, 1)
3827 self.assertEquals(rep.u.ctx_list[0].result,
3828 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3829 self.assertEquals(rep.u.ctx_list[0].reason,
3830 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3831 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3832 self.assertNotEquals(len(rep.u.auth_info), 0)
3833 a = self.parse_auth(rep.u.auth_info)
3834
3835 from_server = a.credentials
3836 (finished, to_server) = g.update(from_server)
3837 self.assertFalse(finished)
3838
3839 auth_info = self.generate_auth(auth_type=auth_type,
3840 auth_level=auth_level,
3841 auth_context_id=auth_context_id,
3842 auth_blob=to_server)
3843 req = self.generate_alter(call_id=0,
3844 ctx_list=ctx_list,
3845 assoc_group_id=rep.u.assoc_group_id,
3846 auth_info=auth_info)
3847 req_pdu = samba.ndr.ndr_pack(req)
3848
3849 auth_pad_ok = len(req_pdu)
3850 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
3851 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
3852 auth_pad_ok -= len(to_server)
3853 auth_pad_bad = auth_pad_ok + 1
3854 auth_info = self.generate_auth(auth_type=auth_type,
3855 auth_level=auth_level,
3856 auth_context_id=auth_context_id,
3857 auth_pad_length=auth_pad_bad,
3858 auth_blob=to_server)
3859 req = self.generate_alter(call_id=0,
3860 ctx_list=ctx_list,
3861 assoc_group_id=rep.u.assoc_group_id,
3862 auth_info=auth_info)
3863 self.send_pdu(req)
3864 rep = self.recv_pdu()
3865 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3866 pfc_flags=req.pfc_flags |
3867 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3868 auth_length=0)
3869 self.assertNotEquals(rep.u.alloc_hint, 0)
3870 self.assertEquals(rep.u.context_id, 0)
3871 self.assertEquals(rep.u.cancel_count, 0)
3872 self.assertEquals(rep.u.flags, 0)
3873 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
3874 self.assertEquals(rep.u.reserved, 0)
3875 self.assertEquals(len(rep.u.error_and_verifier), 0)
3876
3877 # wait for a disconnect
3878 rep = self.recv_pdu()
3879 self.assertIsNone(rep)
3880 self.assertNotConnected()
3881
3882 def test_ntlmssp_auth_pad_ok(self):
3883 ndr32 = base.transfer_syntax_ndr()
3884
3885 tsf1_list = [ndr32]
3886 ctx1 = dcerpc.ctx_list()
3887 ctx1.context_id = 1
3888 ctx1.num_transfer_syntaxes = len(tsf1_list)
3889 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3890 ctx1.transfer_syntaxes = tsf1_list
3891 ctx_list = [ctx1]
3892
3893 c = Credentials()
3894 c.set_anonymous()
3895 g = gensec.Security.start_client(self.settings)
3896 g.set_credentials(c)
3897 g.want_feature(gensec.FEATURE_DCE_STYLE)
3898 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
3899 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3900 auth_context_id = 2
3901 g.start_mech_by_authtype(auth_type, auth_level)
3902 from_server = ""
3903 (finished, to_server) = g.update(from_server)
3904 self.assertFalse(finished)
3905
3906 auth_info = self.generate_auth(auth_type=auth_type,
3907 auth_level=auth_level,
3908 auth_context_id=auth_context_id,
3909 auth_blob=to_server)
3910
3911 req = self.generate_bind(call_id=0,
3912 ctx_list=ctx_list,
3913 auth_info=auth_info)
3914 req_pdu = samba.ndr.ndr_pack(req)
3915
3916 auth_pad_ok = len(req_pdu)
3917 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
3918 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
3919 auth_pad_ok -= len(to_server)
3920
3921 auth_info = self.generate_auth(auth_type=auth_type,
3922 auth_level=auth_level,
3923 auth_context_id=auth_context_id,
3924 auth_pad_length=auth_pad_ok,
3925 auth_blob=to_server)
3926
3927 req = self.generate_bind(call_id=0,
3928 ctx_list=ctx_list,
3929 auth_info=auth_info)
3930 self.send_pdu(req)
3931 rep = self.recv_pdu()
3932 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3933 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3934 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
3935 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
3936 self.assertEquals(rep.u.secondary_address_size, 4)
3937 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
3938 self.assertEquals(len(rep.u._pad1), 2)
3939 #self.assertEquals(rep.u._pad1, '\0' * 2)
3940 self.assertEquals(rep.u.num_results, 1)
3941 self.assertEquals(rep.u.ctx_list[0].result,
3942 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3943 self.assertEquals(rep.u.ctx_list[0].reason,
3944 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3945 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3946 self.assertNotEquals(len(rep.u.auth_info), 0)
3947 a = self.parse_auth(rep.u.auth_info)
3948
3949 from_server = a.credentials
3950 (finished, to_server) = g.update(from_server)
3951 self.assertTrue(finished)
3952
3953 auth_pad_ok = 0
3954 auth_info = self.generate_auth(auth_type=auth_type,
3955 auth_level=auth_level,
3956 auth_context_id=auth_context_id,
3957 auth_pad_length=auth_pad_ok,
3958 auth_blob=to_server)
3959 req = self.generate_auth3(call_id=0,
3960 auth_info=auth_info)
3961 self.send_pdu(req)
3962 self.assertIsConnected()
3963
3964 # And now try a request without auth_info
3965 req = self.generate_request(call_id = 2,
3966 context_id=ctx1.context_id,
3967 opnum=0,
3968 stub="")
3969 self.send_pdu(req)
3970 rep = self.recv_pdu()
3971 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3972 auth_length=0)
3973 self.assertNotEquals(rep.u.alloc_hint, 0)
3974 self.assertEquals(rep.u.context_id, req.u.context_id)
3975 self.assertEquals(rep.u.cancel_count, 0)
3976 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3977
3978 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
3979 auth_info = self.generate_auth(auth_type=auth_type,
3980 auth_level=auth_level,
3981 auth_context_id=auth_context_id,
3982 auth_blob="\x01"+"\x00"*15)
3983 req = self.generate_request(call_id = 3,
3984 context_id=ctx1.context_id,
3985 opnum=0,
3986 stub="",
3987 auth_info=auth_info)
3988 self.send_pdu(req)
3989 rep = self.recv_pdu()
3990 # We don't get an auth_info back
3991 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3992 auth_length=0)
3993 self.assertNotEquals(rep.u.alloc_hint, 0)
3994 self.assertEquals(rep.u.context_id, req.u.context_id)
3995 self.assertEquals(rep.u.cancel_count, 0)
3996 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3997
3998 self._disconnect("disconnect")
3999 self.assertNotConnected()
4000
4001 def test_ntlmssp_auth_pad_fail_auth3(self):
4002 ndr32 = base.transfer_syntax_ndr()
4003
4004 tsf1_list = [ndr32]
4005 ctx1 = dcerpc.ctx_list()
4006 ctx1.context_id = 1
4007 ctx1.num_transfer_syntaxes = len(tsf1_list)
4008 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4009 ctx1.transfer_syntaxes = tsf1_list
4010 ctx_list = [ctx1]
4011
4012 c = Credentials()
4013 c.set_anonymous()
4014 g = gensec.Security.start_client(self.settings)
4015 g.set_credentials(c)
4016 g.want_feature(gensec.FEATURE_DCE_STYLE)
4017 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
4018 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
4019 auth_context_id = 2
4020 g.start_mech_by_authtype(auth_type, auth_level)
4021 from_server = ""
4022 (finished, to_server) = g.update(from_server)
4023 self.assertFalse(finished)
4024
4025 auth_info = self.generate_auth(auth_type=auth_type,
4026 auth_level=auth_level,
4027 auth_context_id=auth_context_id,
4028 auth_blob=to_server)
4029
4030 req = self.generate_bind(call_id=0,
4031 ctx_list=ctx_list,
4032 auth_info=auth_info)
4033 req_pdu = samba.ndr.ndr_pack(req)
4034
4035 auth_pad_ok = len(req_pdu)
4036 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
4037 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
4038 auth_pad_ok -= len(to_server)
4039
4040 auth_info = self.generate_auth(auth_type=auth_type,
4041 auth_level=auth_level,
4042 auth_context_id=auth_context_id,
4043 auth_pad_length=auth_pad_ok,
4044 auth_blob=to_server)
4045
4046 req = self.generate_bind(call_id=0,
4047 ctx_list=ctx_list,
4048 auth_info=auth_info)
4049 self.send_pdu(req)
4050 rep = self.recv_pdu()
4051 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
4052 self.assertEquals(rep.u.max_xmit_frag, req.u.max_xmit_frag)
4053 self.assertEquals(rep.u.max_recv_frag, req.u.max_recv_frag)
4054 self.assertNotEquals(rep.u.assoc_group_id, req.u.assoc_group_id)
4055 self.assertEquals(rep.u.secondary_address_size, 4)
4056 self.assertEquals(rep.u.secondary_address, "%d" % self.tcp_port)
4057 self.assertEquals(len(rep.u._pad1), 2)
4058 #self.assertEquals(rep.u._pad1, '\0' * 2)
4059 self.assertEquals(rep.u.num_results, 1)
4060 self.assertEquals(rep.u.ctx_list[0].result,
4061 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
4062 self.assertEquals(rep.u.ctx_list[0].reason,
4063 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
4064 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
4065 self.assertNotEquals(len(rep.u.auth_info), 0)
4066 a = self.parse_auth(rep.u.auth_info)
4067
4068 from_server = a.credentials
4069 (finished, to_server) = g.update(from_server)
4070 self.assertTrue(finished)
4071
4072 auth_pad_bad = 1
4073 auth_info = self.generate_auth(auth_type=auth_type,
4074 auth_level=auth_level,
4075 auth_context_id=auth_context_id,
4076 auth_pad_length=auth_pad_bad,
4077 auth_blob=to_server)
4078 req = self.generate_auth3(call_id=0,
4079 auth_info=auth_info)
4080 self.send_pdu(req)
4081 rep = self.recv_pdu()
4082 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
4083 pfc_flags=req.pfc_flags |
4084 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
4085 auth_length=0)
4086 self.assertNotEquals(rep.u.alloc_hint, 0)
4087 self.assertEquals(rep.u.context_id, 0)
4088 self.assertEquals(rep.u.cancel_count, 0)
4089 self.assertEquals(rep.u.flags, 0)
4090 self.assertEquals(rep.u.status, dcerpc.DCERPC_NCA_S_FAULT_REMOTE_NO_MEMORY)
4091 self.assertEquals(rep.u.reserved, 0)
4092 self.assertEquals(len(rep.u.error_and_verifier), 0)
4093
4094 # wait for a disconnect
4095 rep = self.recv_pdu()
4096 self.assertIsNone(rep)
4097 self.assertNotConnected()
4098
4099 if __name__ == "__main__":
4100 global_ndr_print = True
4101 global_hexdump = True
4102 import unittest
4103 unittest.main()
Samba GIT mirror