search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
smbd: Fix cached dos attributes
[Samba.git] / python / samba / tests / dcerpc / raw_protocol.py
blobfa5a042b851558f199f7426c24fff54632347508
1 #!/usr/bin/env python3
2 # Unix SMB/CIFS implementation.
3 # Copyright (C) Stefan Metzmacher 2014,2015
4 #
5 # This program is free software; you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 3 of the License, or
8 # (at your option) any later version.
9 #
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
14 #
15 # You should have received a copy of the GNU General Public License
16 # along with this program. If not, see <http://www.gnu.org/licenses/>.
17 #
18
19 import sys
20 import os
21 import time
22
23 sys.path.insert(0, "bin/python")
24 os.environ["PYTHONUNBUFFERED"] = "1"
25
26 import samba.dcerpc.dcerpc as dcerpc
27 import samba.dcerpc.base as base
28 import samba.dcerpc.misc as misc
29 import samba.dcerpc.epmapper
30 import samba.dcerpc.mgmt
31 import samba.dcerpc.netlogon
32 import samba.dcerpc.lsa
33 import struct
34 from samba import gensec
35 from samba.tests.dcerpc.raw_testcase import RawDCERPCTest
36 from samba.ntstatus import (
37 NT_STATUS_SUCCESS
38 )
39
40 global_ndr_print = False
41 global_hexdump = False
42
43
44 class TestDCERPC_BIND(RawDCERPCTest):
45
46 def setUp(self):
47 super().setUp()
48 self.do_ndr_print = global_ndr_print
49 self.do_hexdump = global_hexdump
50
51 def _test_no_auth_request_bind_pfc_flags(self, req_pfc_flags, rep_pfc_flags):
52 ndr32 = base.transfer_syntax_ndr()
53
54 tsf1_list = [ndr32]
55 ctx1 = dcerpc.ctx_list()
56 ctx1.context_id = 1
57 ctx1.num_transfer_syntaxes = len(tsf1_list)
58 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
59 ctx1.transfer_syntaxes = tsf1_list
60
61 req = self.generate_bind(call_id=0, pfc_flags=req_pfc_flags, ctx_list=[ctx1])
62 self.send_pdu(req)
63 rep = self.recv_pdu()
64 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
65 pfc_flags=rep_pfc_flags, auth_length=0)
66 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
67 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
68 self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
69 self.assertEqual(rep.u.secondary_address_size, 4)
70 self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
71 self.assertPadding(rep.u._pad1, 2)
72 self.assertEqual(rep.u.num_results, 1)
73 self.assertEqual(rep.u.ctx_list[0].result,
74 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
75 self.assertEqual(rep.u.ctx_list[0].reason,
76 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
77 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
78 self.assertEqual(rep.u.auth_info, b'\0' * 0)
79
80 # And now try a request
81 req = self.generate_request(call_id=1,
82 context_id=ctx1.context_id,
83 opnum=0,
84 stub=b"")
85 self.send_pdu(req)
86 rep = self.recv_pdu()
87 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
88 auth_length=0)
89 self.assertNotEqual(rep.u.alloc_hint, 0)
90 self.assertEqual(rep.u.context_id, req.u.context_id)
91 self.assertEqual(rep.u.cancel_count, 0)
92 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
93
94 def _test_no_auth_request_alter_pfc_flags(self, req_pfc_flags, rep_pfc_flags):
95 ndr32 = base.transfer_syntax_ndr()
96
97 tsf1_list = [ndr32]
98 ctx1 = dcerpc.ctx_list()
99 ctx1.context_id = 1
100 ctx1.num_transfer_syntaxes = len(tsf1_list)
101 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
102 ctx1.transfer_syntaxes = tsf1_list
103
104 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
105 self.send_pdu(req)
106 rep = self.recv_pdu()
107 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
108 auth_length=0)
109 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
110 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
111 self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
112 self.assertEqual(rep.u.secondary_address_size, 4)
113 self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
114 self.assertPadding(rep.u._pad1, 2)
115 self.assertEqual(rep.u.num_results, 1)
116 self.assertEqual(rep.u.ctx_list[0].result,
117 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
118 self.assertEqual(rep.u.ctx_list[0].reason,
119 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
120 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
121 self.assertEqual(rep.u.auth_info, b'\0' * 0)
122
123 # And now try a alter context
124 req = self.generate_alter(call_id=0, pfc_flags=req_pfc_flags, ctx_list=[ctx1])
125 self.send_pdu(req)
126 rep = self.recv_pdu()
127 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
128 pfc_flags=rep_pfc_flags, auth_length=0)
129 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
130 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
131 self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
132 self.assertEqual(rep.u.secondary_address_size, 0)
133 self.assertEqual(rep.u.secondary_address, "")
134 self.assertPadding(rep.u._pad1, 2)
135 self.assertEqual(rep.u.num_results, 1)
136 self.assertEqual(rep.u.ctx_list[0].result,
137 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
138 self.assertEqual(rep.u.ctx_list[0].reason,
139 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
140 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
141 self.assertEqual(rep.u.auth_info, b'\0' * 0)
142
143 # And now try a request
144 req = self.generate_request(call_id=1,
145 context_id=ctx1.context_id,
146 opnum=0,
147 stub=b"")
148 self.send_pdu(req)
149 rep = self.recv_pdu()
150 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
151 auth_length=0)
152 self.assertNotEqual(rep.u.alloc_hint, 0)
153 self.assertEqual(rep.u.context_id, req.u.context_id)
154 self.assertEqual(rep.u.cancel_count, 0)
155 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
156
157 def test_no_auth_request(self):
158 return self._test_no_auth_request_bind_pfc_flags(
159 req_pfc_flags=0 |
160 dcerpc.DCERPC_PFC_FLAG_FIRST |
161 dcerpc.DCERPC_PFC_FLAG_LAST,
162 rep_pfc_flags=0 |
163 dcerpc.DCERPC_PFC_FLAG_FIRST |
164 dcerpc.DCERPC_PFC_FLAG_LAST)
165
166 def test_no_auth_request_bind_pfc_00(self):
167 return self._test_no_auth_request_bind_pfc_flags(
168 req_pfc_flags=0 |
169 0,
170 rep_pfc_flags=0 |
171 dcerpc.DCERPC_PFC_FLAG_FIRST |
172 dcerpc.DCERPC_PFC_FLAG_LAST)
173
174 def test_no_auth_request_bind_pfc_FIRST(self):
175 return self._test_no_auth_request_bind_pfc_flags(
176 req_pfc_flags=0 |
177 dcerpc.DCERPC_PFC_FLAG_FIRST |
178 0,
179 rep_pfc_flags=0 |
180 dcerpc.DCERPC_PFC_FLAG_FIRST |
181 dcerpc.DCERPC_PFC_FLAG_LAST)
182
183 def test_no_auth_request_bind_pfc_LAST(self):
184 return self._test_no_auth_request_bind_pfc_flags(
185 req_pfc_flags=0 |
186 dcerpc.DCERPC_PFC_FLAG_LAST |
187 0,
188 rep_pfc_flags=0 |
189 dcerpc.DCERPC_PFC_FLAG_FIRST |
190 dcerpc.DCERPC_PFC_FLAG_LAST)
191
192 def test_no_auth_request_bind_pfc_HDR_SIGNING(self):
193 return self._test_no_auth_request_bind_pfc_flags(
194 req_pfc_flags=0 |
195 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN |
196 0,
197 rep_pfc_flags=0 |
198 dcerpc.DCERPC_PFC_FLAG_FIRST |
199 dcerpc.DCERPC_PFC_FLAG_LAST |
200 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)
201
202 def test_no_auth_request_bind_pfc_08(self):
203 return self._test_no_auth_request_bind_pfc_flags(
204 req_pfc_flags=0 |
205 8 |
206 0,
207 rep_pfc_flags=0 |
208 dcerpc.DCERPC_PFC_FLAG_FIRST |
209 dcerpc.DCERPC_PFC_FLAG_LAST)
210
211 def test_no_auth_request_bind_pfc_CONC_MPX(self):
212 return self._test_no_auth_request_bind_pfc_flags(
213 req_pfc_flags=0 |
214 dcerpc.DCERPC_PFC_FLAG_CONC_MPX |
215 0,
216 rep_pfc_flags=0 |
217 dcerpc.DCERPC_PFC_FLAG_FIRST |
218 dcerpc.DCERPC_PFC_FLAG_LAST |
219 dcerpc.DCERPC_PFC_FLAG_CONC_MPX)
220
221 def test_no_auth_request_bind_pfc_DID_NOT_EXECUTE(self):
222 return self._test_no_auth_request_bind_pfc_flags(
223 req_pfc_flags=0 |
224 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE |
225 0,
226 rep_pfc_flags=0 |
227 dcerpc.DCERPC_PFC_FLAG_FIRST |
228 dcerpc.DCERPC_PFC_FLAG_LAST)
229
230 def test_no_auth_request_bind_pfc_MAYBE(self):
231 return self._test_no_auth_request_bind_pfc_flags(
232 req_pfc_flags=0 |
233 dcerpc.DCERPC_PFC_FLAG_MAYBE |
234 0,
235 rep_pfc_flags=0 |
236 dcerpc.DCERPC_PFC_FLAG_FIRST |
237 dcerpc.DCERPC_PFC_FLAG_LAST)
238
239 def test_no_auth_request_bind_pfc_OBJECT_UUID(self):
240 return self._test_no_auth_request_bind_pfc_flags(
241 req_pfc_flags=0 |
242 dcerpc.DCERPC_PFC_FLAG_OBJECT_UUID |
243 0,
244 rep_pfc_flags=0 |
245 dcerpc.DCERPC_PFC_FLAG_FIRST |
246 dcerpc.DCERPC_PFC_FLAG_LAST)
247
248 # TODO: doesn't announce DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
249 # without authentication
250 # TODO: doesn't announce DCERPC_PFC_FLAG_CONC_MPX
251 # by default
252 def _test_no_auth_request_bind_pfc_ff(self):
253 return self._test_no_auth_request_bind_pfc_flags(
254 req_pfc_flags=0 |
255 0xff |
256 0,
257 rep_pfc_flags=0 |
258 dcerpc.DCERPC_PFC_FLAG_FIRST |
259 dcerpc.DCERPC_PFC_FLAG_LAST |
260 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN |
261 dcerpc.DCERPC_PFC_FLAG_CONC_MPX)
262
263 def test_no_auth_request_alter_pfc_00(self):
264 return self._test_no_auth_request_alter_pfc_flags(
265 req_pfc_flags=0 |
266 0,
267 rep_pfc_flags=0 |
268 dcerpc.DCERPC_PFC_FLAG_FIRST |
269 dcerpc.DCERPC_PFC_FLAG_LAST)
270
271 def test_no_auth_request_alter_pfc_FIRST(self):
272 return self._test_no_auth_request_alter_pfc_flags(
273 req_pfc_flags=0 |
274 dcerpc.DCERPC_PFC_FLAG_FIRST |
275 0,
276 rep_pfc_flags=0 |
277 dcerpc.DCERPC_PFC_FLAG_FIRST |
278 dcerpc.DCERPC_PFC_FLAG_LAST)
279
280 def test_no_auth_request_alter_pfc_LAST(self):
281 return self._test_no_auth_request_alter_pfc_flags(
282 req_pfc_flags=0 |
283 dcerpc.DCERPC_PFC_FLAG_LAST |
284 0,
285 rep_pfc_flags=0 |
286 dcerpc.DCERPC_PFC_FLAG_FIRST |
287 dcerpc.DCERPC_PFC_FLAG_LAST)
288
289 def test_no_auth_request_alter_pfc_HDR_SIGNING(self):
290 return self._test_no_auth_request_alter_pfc_flags(
291 req_pfc_flags=0 |
292 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN |
293 0,
294 rep_pfc_flags=0 |
295 dcerpc.DCERPC_PFC_FLAG_FIRST |
296 dcerpc.DCERPC_PFC_FLAG_LAST |
297 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)
298
299 def test_no_auth_request_alter_pfc_08(self):
300 return self._test_no_auth_request_alter_pfc_flags(
301 req_pfc_flags=0 |
302 8 |
303 0,
304 rep_pfc_flags=0 |
305 dcerpc.DCERPC_PFC_FLAG_FIRST |
306 dcerpc.DCERPC_PFC_FLAG_LAST)
307
308 def test_no_auth_request_alter_pfc_CONC_MPX(self):
309 return self._test_no_auth_request_alter_pfc_flags(
310 req_pfc_flags=0 |
311 dcerpc.DCERPC_PFC_FLAG_CONC_MPX |
312 0,
313 rep_pfc_flags=0 |
314 dcerpc.DCERPC_PFC_FLAG_FIRST |
315 dcerpc.DCERPC_PFC_FLAG_LAST)
316
317 def test_no_auth_request_alter_pfc_DID_NOT_EXECUTE(self):
318 return self._test_no_auth_request_alter_pfc_flags(
319 req_pfc_flags=0 |
320 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE |
321 0,
322 rep_pfc_flags=0 |
323 dcerpc.DCERPC_PFC_FLAG_FIRST |
324 dcerpc.DCERPC_PFC_FLAG_LAST)
325
326 def test_no_auth_request_alter_pfc_MAYBE(self):
327 return self._test_no_auth_request_alter_pfc_flags(
328 req_pfc_flags=0 |
329 dcerpc.DCERPC_PFC_FLAG_MAYBE |
330 0,
331 rep_pfc_flags=0 |
332 dcerpc.DCERPC_PFC_FLAG_FIRST |
333 dcerpc.DCERPC_PFC_FLAG_LAST)
334
335 def test_no_auth_request_alter_pfc_OBJECT_UUID(self):
336 return self._test_no_auth_request_alter_pfc_flags(
337 req_pfc_flags=0 |
338 dcerpc.DCERPC_PFC_FLAG_OBJECT_UUID |
339 0,
340 rep_pfc_flags=0 |
341 dcerpc.DCERPC_PFC_FLAG_FIRST |
342 dcerpc.DCERPC_PFC_FLAG_LAST)
343
344 def test_no_auth_request_alter_pfc_ff(self):
345 return self._test_no_auth_request_alter_pfc_flags(
346 req_pfc_flags=0 |
347 0xff |
348 0,
349 rep_pfc_flags=0 |
350 dcerpc.DCERPC_PFC_FLAG_FIRST |
351 dcerpc.DCERPC_PFC_FLAG_LAST |
352 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)
353
354 def test_no_auth_no_ctx(self):
355 # send an useless bind
356 req = self.generate_bind(call_id=0)
357 self.send_pdu(req)
358 rep = self.recv_pdu()
359 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
360 auth_length=0)
361 self.assertEqual(rep.u.reject_reason,
362 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
363 self.assertEqual(rep.u.num_versions, 1)
364 self.assertEqual(rep.u.versions[0].rpc_vers, req.rpc_vers)
365 self.assertEqual(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
366 self.assertPadding(rep.u._pad, 3)
367
368 def test_invalid_auth_noctx(self):
369 req = self.generate_bind(call_id=0)
370 req.auth_length = dcerpc.DCERPC_AUTH_TRAILER_LENGTH
371 self.send_pdu(req)
372 rep = self.recv_pdu()
373 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
374 auth_length=0)
375 self.assertEqual(rep.u.reject_reason,
376 dcerpc.DCERPC_BIND_NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED)
377 self.assertEqual(rep.u.num_versions, 1)
378 self.assertEqual(rep.u.versions[0].rpc_vers, req.rpc_vers)
379 self.assertEqual(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
380 self.assertPadding(rep.u._pad, 3)
381
382 def test_no_auth_valid_valid_request(self):
383 ndr32 = base.transfer_syntax_ndr()
384
385 tsf1_list = [ndr32]
386 ctx1 = dcerpc.ctx_list()
387 ctx1.context_id = 1
388 ctx1.num_transfer_syntaxes = len(tsf1_list)
389 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
390 ctx1.transfer_syntaxes = tsf1_list
391
392 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
393 self.send_pdu(req)
394 rep = self.recv_pdu()
395 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
396 auth_length=0)
397 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
398 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
399 self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
400 self.assertEqual(rep.u.secondary_address_size, 4)
401 self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
402 self.assertPadding(rep.u._pad1, 2)
403 self.assertEqual(rep.u.num_results, 1)
404 self.assertEqual(rep.u.ctx_list[0].result,
405 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
406 self.assertEqual(rep.u.ctx_list[0].reason,
407 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
408 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
409 self.assertEqual(rep.u.auth_info, b'\0' * 0)
410
411 # Send a bind again
412 tsf2_list = [ndr32]
413 ctx2 = dcerpc.ctx_list()
414 ctx2.context_id = 2
415 ctx2.num_transfer_syntaxes = len(tsf2_list)
416 ctx2.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
417 ctx2.transfer_syntaxes = tsf2_list
418
419 req = self.generate_bind(call_id=1, ctx_list=[ctx2])
420 self.send_pdu(req)
421 rep = self.recv_pdu()
422 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
423 auth_length=0)
424 self.assertEqual(rep.u.reject_reason,
425 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
426 self.assertEqual(rep.u.num_versions, 1)
427 self.assertEqual(rep.u.versions[0].rpc_vers, req.rpc_vers)
428 self.assertEqual(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
429 self.assertPadding(rep.u._pad, 3)
430
431 # wait for a disconnect
432 rep = self.recv_pdu()
433 self.assertIsNone(rep)
434 self.assertNotConnected()
435
436 def test_no_auth_invalid_valid_request(self):
437 # send an useless bind
438 req = self.generate_bind(call_id=0)
439 self.send_pdu(req)
440 rep = self.recv_pdu()
441 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
442 auth_length=0)
443 self.assertEqual(rep.u.reject_reason,
444 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
445 self.assertEqual(rep.u.num_versions, 1)
446 self.assertEqual(rep.u.versions[0].rpc_vers, req.rpc_vers)
447 self.assertEqual(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
448 self.assertPadding(rep.u._pad, 3)
449
450 # wait for a disconnect
451 rep = self.recv_pdu()
452 self.assertIsNone(rep)
453 self.assertNotConnected()
454
455 def test_alter_no_auth_no_ctx(self):
456 ndr32 = base.transfer_syntax_ndr()
457
458 tsf1_list = [ndr32]
459 ctx1 = dcerpc.ctx_list()
460 ctx1.context_id = 1
461 ctx1.num_transfer_syntaxes = len(tsf1_list)
462 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
463 ctx1.transfer_syntaxes = tsf1_list
464
465 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
466 self.send_pdu(req)
467 rep = self.recv_pdu()
468 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
469 auth_length=0)
470 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
471 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
472 self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
473 self.assertEqual(rep.u.secondary_address_size, 4)
474 self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
475 self.assertPadding(rep.u._pad1, 2)
476 self.assertEqual(rep.u.num_results, 1)
477 self.assertEqual(rep.u.ctx_list[0].result,
478 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
479 self.assertEqual(rep.u.ctx_list[0].reason,
480 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
481 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
482 self.assertEqual(rep.u.auth_info, b'\0' * 0)
483
484 # Send a alter
485 req = self.generate_alter(call_id=1, ctx_list=[])
486 self.send_pdu(req)
487 rep = self.recv_pdu()
488 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
489 pfc_flags=req.pfc_flags |
490 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
491 auth_length=0)
492 self.assertNotEqual(rep.u.alloc_hint, 0)
493 self.assertEqual(rep.u.context_id, 0)
494 self.assertEqual(rep.u.cancel_count, 0)
495 self.assertEqual(rep.u.flags, 0)
496 self.assertEqual(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
497 self.assertEqual(rep.u.reserved, 0)
498 self.assertEqual(len(rep.u.error_and_verifier), 0)
499
500 # wait for a disconnect
501 rep = self.recv_pdu()
502 self.assertIsNone(rep)
503 self.assertNotConnected()
504
505 def test_no_auth_presentation_ctx_valid1(self):
506 ndr32 = base.transfer_syntax_ndr()
507
508 zero_syntax = misc.ndr_syntax_id()
509
510 tsf1_list = [zero_syntax, ndr32]
511 ctx1 = dcerpc.ctx_list()
512 ctx1.context_id = 1
513 ctx1.num_transfer_syntaxes = len(tsf1_list)
514 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
515 ctx1.transfer_syntaxes = tsf1_list
516
517 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
518 self.send_pdu(req)
519 rep = self.recv_pdu()
520 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
521 auth_length=0)
522 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
523 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
524 self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
525 self.assertEqual(rep.u.secondary_address_size, 4)
526 self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
527 self.assertPadding(rep.u._pad1, 2)
528 self.assertEqual(rep.u.num_results, 1)
529 self.assertEqual(rep.u.ctx_list[0].result,
530 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
531 self.assertEqual(rep.u.ctx_list[0].reason,
532 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
533 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
534 self.assertEqual(rep.u.auth_info, b'\0' * 0)
535
536 # Send a alter
537 req = self.generate_alter(call_id=1, ctx_list=[ctx1])
538 self.send_pdu(req)
539 rep = self.recv_pdu()
540 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
541 auth_length=0)
542 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
543 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
544 self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
545 self.assertEqual(rep.u.secondary_address_size, 0)
546 self.assertPadding(rep.u._pad1, 2)
547 self.assertEqual(rep.u.num_results, 1)
548 self.assertEqual(rep.u.ctx_list[0].result,
549 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
550 self.assertEqual(rep.u.ctx_list[0].reason,
551 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
552 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
553 self.assertEqual(rep.u.auth_info, b'\0' * 0)
554
555 req = self.generate_request(call_id=2,
556 context_id=ctx1.context_id,
557 opnum=0xffff,
558 stub=b"")
559 self.send_pdu(req)
560 rep = self.recv_pdu()
561 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
562 pfc_flags=req.pfc_flags |
563 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
564 auth_length=0)
565 self.assertNotEqual(rep.u.alloc_hint, 0)
566 self.assertEqual(rep.u.context_id, ctx1.context_id)
567 self.assertEqual(rep.u.cancel_count, 0)
568 self.assertEqual(rep.u.flags, 0)
569 self.assertEqual(rep.u.status, dcerpc.DCERPC_NCA_S_OP_RNG_ERROR)
570 self.assertEqual(rep.u.reserved, 0)
571 self.assertEqual(len(rep.u.error_and_verifier), 0)
572
573 def test_no_auth_presentation_ctx_invalid1(self):
574 ndr32 = base.transfer_syntax_ndr()
575
576 zero_syntax = misc.ndr_syntax_id()
577
578 tsf1_list = [ndr32]
579 ctx1 = dcerpc.ctx_list()
580 ctx1.context_id = 1
581 ctx1.num_transfer_syntaxes = len(tsf1_list)
582 ctx1.abstract_syntax = ndr32
583 ctx1.transfer_syntaxes = tsf1_list
584
585 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
586 self.send_pdu(req)
587 rep = self.recv_pdu()
588 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
589 auth_length=0)
590 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
591 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
592 self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
593 self.assertEqual(rep.u.secondary_address_size, 4)
594 self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
595 self.assertPadding(rep.u._pad1, 2)
596 self.assertEqual(rep.u.num_results, 1)
597 self.assertEqual(rep.u.ctx_list[0].result,
598 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
599 self.assertEqual(rep.u.ctx_list[0].reason,
600 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
601 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
602 self.assertEqual(rep.u.auth_info, b'\0' * 0)
603
604 # Send a alter
605 req = self.generate_alter(call_id=1, ctx_list=[ctx1])
606 self.send_pdu(req)
607 rep = self.recv_pdu()
608 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
609 auth_length=0)
610 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
611 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
612 self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
613 self.assertEqual(rep.u.secondary_address_size, 0)
614 self.assertPadding(rep.u._pad1, 2)
615 self.assertEqual(rep.u.num_results, 1)
616 self.assertEqual(rep.u.ctx_list[0].result,
617 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
618 self.assertEqual(rep.u.ctx_list[0].reason,
619 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
620 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
621 self.assertEqual(rep.u.auth_info, b'\0' * 0)
622
623 req = self.generate_request(call_id=2,
624 context_id=12345,
625 opnum=0,
626 stub=b"")
627 self.send_pdu(req)
628 rep = self.recv_pdu()
629 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
630 pfc_flags=req.pfc_flags |
631 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
632 auth_length=0)
633 self.assertNotEqual(rep.u.alloc_hint, 0)
634 self.assertEqual(rep.u.context_id, 0)
635 self.assertEqual(rep.u.cancel_count, 0)
636 self.assertEqual(rep.u.flags, 0)
637 self.assertEqual(rep.u.status, dcerpc.DCERPC_NCA_S_UNKNOWN_IF)
638 self.assertEqual(rep.u.reserved, 0)
639 self.assertEqual(len(rep.u.error_and_verifier), 0)
640
641 # Send a alter again to prove the connection is still alive
642 req = self.generate_alter(call_id=3, ctx_list=[ctx1])
643 self.send_pdu(req)
644 rep = self.recv_pdu()
645 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
646 auth_length=0)
647 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
648 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
649 self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
650 self.assertEqual(rep.u.secondary_address_size, 0)
651 self.assertPadding(rep.u._pad1, 2)
652 self.assertEqual(rep.u.num_results, 1)
653 self.assertEqual(rep.u.ctx_list[0].result,
654 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
655 self.assertEqual(rep.u.ctx_list[0].reason,
656 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
657 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
658 self.assertEqual(rep.u.auth_info, b'\0' * 0)
659
660 def test_no_auth_presentation_ctx_invalid2(self):
661 ndr32 = base.transfer_syntax_ndr()
662
663 zero_syntax = misc.ndr_syntax_id()
664
665 tsf1a_list = []
666 ctx1a = dcerpc.ctx_list()
667 ctx1a.context_id = 1
668 ctx1a.num_transfer_syntaxes = len(tsf1a_list)
669 ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
670 ctx1a.transfer_syntaxes = tsf1a_list
671
672 req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
673 self.send_pdu(req)
674 rep = self.recv_pdu()
675 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
676 auth_length=0)
677 self.assertEqual(rep.u.reject_reason,
678 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
679 self.assertEqual(rep.u.num_versions, 1)
680 self.assertEqual(rep.u.versions[0].rpc_vers, req.rpc_vers)
681 self.assertEqual(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
682 self.assertPadding(rep.u._pad, 3)
683
684 # wait for a disconnect
685 rep = self.recv_pdu()
686 self.assertIsNone(rep)
687 self.assertNotConnected()
688
689 def test_no_auth_presentation_ctx_invalid3(self):
690 ndr32 = base.transfer_syntax_ndr()
691
692 zero_syntax = misc.ndr_syntax_id()
693
694 tsf1a_list = [zero_syntax, ndr32, ndr32, ndr32]
695 ctx1a = dcerpc.ctx_list()
696 ctx1a.context_id = 1
697 ctx1a.num_transfer_syntaxes = len(tsf1a_list)
698 ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
699 ctx1a.transfer_syntaxes = tsf1a_list
700
701 req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
702 self.send_pdu(req)
703 rep = self.recv_pdu()
704 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
705 auth_length=0)
706 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
707 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
708 self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
709 self.assertEqual(rep.u.secondary_address_size, 4)
710 self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
711 self.assertPadding(rep.u._pad1, 2)
712 self.assertEqual(rep.u.num_results, 1)
713 self.assertEqual(rep.u.ctx_list[0].result,
714 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
715 self.assertEqual(rep.u.ctx_list[0].reason,
716 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
717 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
718 self.assertEqual(rep.u.auth_info, b'\0' * 0)
719
720 tsf1b_list = []
721 ctx1b = dcerpc.ctx_list()
722 ctx1b.context_id = 1
723 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
724 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
725 ctx1b.transfer_syntaxes = tsf1b_list
726
727 # Send a alter
728 req = self.generate_alter(call_id=1, ctx_list=[ctx1b])
729 self.send_pdu(req)
730 rep = self.recv_pdu()
731 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
732 pfc_flags=req.pfc_flags |
733 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
734 auth_length=0)
735 self.assertNotEqual(rep.u.alloc_hint, 0)
736 self.assertEqual(rep.u.context_id, 0)
737 self.assertEqual(rep.u.cancel_count, 0)
738 self.assertEqual(rep.u.flags, 0)
739 self.assertEqual(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
740 self.assertEqual(rep.u.reserved, 0)
741 self.assertEqual(len(rep.u.error_and_verifier), 0)
742
743 # wait for a disconnect
744 rep = self.recv_pdu()
745 self.assertIsNone(rep)
746 self.assertNotConnected()
747
748 def test_no_auth_presentation_ctx_invalid4(self):
749 ndr32 = base.transfer_syntax_ndr()
750 ndr64 = base.transfer_syntax_ndr64()
751
752 zero_syntax = misc.ndr_syntax_id()
753
754 tsf1a_list = [zero_syntax, ndr32, ndr32, ndr32]
755 ctx1a = dcerpc.ctx_list()
756 ctx1a.context_id = 1
757 ctx1a.num_transfer_syntaxes = len(tsf1a_list)
758 ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
759 ctx1a.transfer_syntaxes = tsf1a_list
760
761 req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
762 self.send_pdu(req)
763 rep = self.recv_pdu()
764 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
765 auth_length=0)
766 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
767 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
768 self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
769 self.assertEqual(rep.u.secondary_address_size, 4)
770 self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
771 self.assertPadding(rep.u._pad1, 2)
772 self.assertEqual(rep.u.num_results, 1)
773 self.assertEqual(rep.u.ctx_list[0].result,
774 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
775 self.assertEqual(rep.u.ctx_list[0].reason,
776 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
777 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
778 self.assertEqual(rep.u.auth_info, b'\0' * 0)
779
780 # With a known but wrong syntax we get a protocol error
781 # see test_no_auth_presentation_ctx_valid2
782 tsf1b_list = [zero_syntax, samba.dcerpc.epmapper.abstract_syntax(), ndr64]
783 ctx1b = dcerpc.ctx_list()
784 ctx1b.context_id = 1
785 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
786 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
787 ctx1b.transfer_syntaxes = tsf1b_list
788
789 # Send a alter
790 req = self.generate_alter(call_id=1, ctx_list=[ctx1b])
791 self.send_pdu(req)
792 rep = self.recv_pdu()
793 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
794 pfc_flags=req.pfc_flags |
795 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
796 auth_length=0)
797 self.assertNotEqual(rep.u.alloc_hint, 0)
798 self.assertEqual(rep.u.context_id, 0)
799 self.assertEqual(rep.u.cancel_count, 0)
800 self.assertEqual(rep.u.flags, 0)
801 self.assertEqual(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
802 self.assertEqual(rep.u.reserved, 0)
803 self.assertEqual(len(rep.u.error_and_verifier), 0)
804
805 # wait for a disconnect
806 rep = self.recv_pdu()
807 self.assertIsNone(rep)
808 self.assertNotConnected()
809
810 def test_no_auth_presentation_ctx_valid2(self):
811 ndr32 = base.transfer_syntax_ndr()
812
813 zero_syntax = misc.ndr_syntax_id()
814
815 tsf1a_list = [zero_syntax, ndr32, ndr32, ndr32]
816 ctx1a = dcerpc.ctx_list()
817 ctx1a.context_id = 1
818 ctx1a.num_transfer_syntaxes = len(tsf1a_list)
819 ctx1a.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
820 ctx1a.transfer_syntaxes = tsf1a_list
821
822 req = self.generate_bind(call_id=0, ctx_list=[ctx1a])
823 self.send_pdu(req)
824 rep = self.recv_pdu()
825 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
826 auth_length=0)
827 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
828 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
829 self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
830 self.assertEqual(rep.u.secondary_address_size, 4)
831 self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
832 self.assertPadding(rep.u._pad1, 2)
833 self.assertEqual(rep.u.num_results, 1)
834 self.assertEqual(rep.u.ctx_list[0].result,
835 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
836 self.assertEqual(rep.u.ctx_list[0].reason,
837 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
838 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
839 self.assertEqual(rep.u.auth_info, b'\0' * 0)
840
841 # With a unknown but wrong syntaxes we get NO protocol error
842 # see test_no_auth_presentation_ctx_invalid4
843 tsf1b_list = [zero_syntax, samba.dcerpc.epmapper.abstract_syntax()]
844 ctx1b = dcerpc.ctx_list()
845 ctx1b.context_id = 1
846 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
847 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
848 ctx1b.transfer_syntaxes = tsf1b_list
849
850 # Send a alter
851 req = self.generate_alter(call_id=1, ctx_list=[ctx1b])
852 self.send_pdu(req)
853 rep = self.recv_pdu()
854 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
855 auth_length=0)
856 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
857 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
858 self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
859 self.assertEqual(rep.u.secondary_address_size, 0)
860 self.assertPadding(rep.u._pad1, 2)
861 self.assertEqual(rep.u.num_results, 1)
862 self.assertEqual(rep.u.ctx_list[0].result,
863 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
864 self.assertEqual(rep.u.ctx_list[0].reason,
865 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
866 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
867 self.assertEqual(rep.u.auth_info, b'\0' * 0)
868
869 req = self.generate_request(call_id=2,
870 context_id=ctx1a.context_id,
871 opnum=0xffff,
872 stub=b"")
873 self.send_pdu(req)
874 rep = self.recv_pdu()
875 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
876 pfc_flags=req.pfc_flags |
877 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
878 auth_length=0)
879 self.assertNotEqual(rep.u.alloc_hint, 0)
880 self.assertEqual(rep.u.context_id, ctx1a.context_id)
881 self.assertEqual(rep.u.cancel_count, 0)
882 self.assertEqual(rep.u.flags, 0)
883 self.assertEqual(rep.u.status, dcerpc.DCERPC_NCA_S_OP_RNG_ERROR)
884 self.assertEqual(rep.u.reserved, 0)
885 self.assertEqual(len(rep.u.error_and_verifier), 0)
886
887 def test_no_auth_presentation_ctx_no_ndr64(self):
888 ndr32 = base.transfer_syntax_ndr()
889 zero_syntax = misc.ndr_syntax_id()
890
891 tsfZ_list = [zero_syntax]
892 ctxZ = dcerpc.ctx_list()
893 ctxZ.context_id = 54321
894 ctxZ.num_transfer_syntaxes = len(tsfZ_list)
895 ctxZ.abstract_syntax = zero_syntax
896 ctxZ.transfer_syntaxes = tsfZ_list
897
898 req = self.generate_bind(call_id=0, ctx_list=[ctxZ])
899 self.send_pdu(req)
900 rep = self.recv_pdu()
901 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
902 auth_length=0)
903 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
904 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
905 self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
906 self.assertEqual(rep.u.secondary_address_size, 4)
907 self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
908 self.assertPadding(rep.u._pad1, 2)
909 self.assertEqual(rep.u.num_results, 1)
910 self.assertEqual(rep.u.ctx_list[0].result,
911 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
912 self.assertEqual(rep.u.ctx_list[0].reason,
913 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
914 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
915 self.assertEqual(rep.u.auth_info, b'\0' * 0)
916
917 tsf0_list = [ndr32]
918 ctx0 = dcerpc.ctx_list()
919 ctx0.context_id = 0
920 ctx0.num_transfer_syntaxes = len(tsf0_list)
921 ctx0.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
922 ctx0.transfer_syntaxes = tsf0_list
923
924 req = self.generate_alter(call_id=0, ctx_list=[ctx0])
925 self.send_pdu(req)
926 rep = self.recv_pdu()
927 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
928 auth_length=0)
929 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
930 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
931 self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
932 self.assertEqual(rep.u.secondary_address_size, 0)
933 self.assertPadding(rep.u._pad1, 2)
934 self.assertEqual(rep.u.num_results, 1)
935 self.assertEqual(rep.u.ctx_list[0].result,
936 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
937 self.assertEqual(rep.u.ctx_list[0].reason,
938 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
939 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
940 self.assertEqual(rep.u.auth_info, b'\0' * 0)
941
942 req = self.generate_request(call_id=1,
943 context_id=ctx0.context_id,
944 opnum=0,
945 stub=b"")
946 self.send_pdu(req)
947 rep = self.recv_pdu()
948 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
949 auth_length=0)
950 self.assertNotEqual(rep.u.alloc_hint, 0)
951 self.assertEqual(rep.u.context_id, req.u.context_id)
952 self.assertEqual(rep.u.cancel_count, 0)
953 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
954
955 tsf1_list = [zero_syntax, ndr32]
956 ctx1 = dcerpc.ctx_list()
957 ctx1.context_id = 1
958 ctx1.num_transfer_syntaxes = len(tsf1_list)
959 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
960 ctx1.transfer_syntaxes = tsf1_list
961
962 req = self.generate_alter(call_id=1, ctx_list=[ctx1])
963 self.send_pdu(req)
964 rep = self.recv_pdu()
965 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
966 auth_length=0)
967 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
968 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
969 self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
970 self.assertEqual(rep.u.secondary_address_size, 0)
971 self.assertPadding(rep.u._pad1, 2)
972 self.assertEqual(rep.u.num_results, 1)
973 self.assertEqual(rep.u.ctx_list[0].result,
974 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
975 self.assertEqual(rep.u.ctx_list[0].reason,
976 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
977 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
978 self.assertEqual(rep.u.auth_info, b'\0' * 0)
979
980 req = self.generate_request(call_id=1,
981 context_id=ctx1.context_id,
982 opnum=0,
983 stub=b"")
984 self.send_pdu(req)
985 rep = self.recv_pdu()
986 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
987 auth_length=0)
988 self.assertNotEqual(rep.u.alloc_hint, 0)
989 self.assertEqual(rep.u.context_id, req.u.context_id)
990 self.assertEqual(rep.u.cancel_count, 0)
991 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
992
993 tsf2_list = [ndr32, ndr32]
994 ctx2 = dcerpc.ctx_list()
995 ctx2.context_id = 2
996 ctx2.num_transfer_syntaxes = len(tsf2_list)
997 ctx2.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
998 ctx2.transfer_syntaxes = tsf2_list
999
1000 req = self.generate_alter(call_id=2, ctx_list=[ctx2])
1001 self.send_pdu(req)
1002 rep = self.recv_pdu()
1003 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1004 auth_length=0)
1005 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1006 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
1007 self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
1008 self.assertEqual(rep.u.secondary_address_size, 0)
1009 self.assertPadding(rep.u._pad1, 2)
1010 self.assertEqual(rep.u.num_results, 1)
1011 self.assertEqual(rep.u.ctx_list[0].result,
1012 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1013 self.assertEqual(rep.u.ctx_list[0].reason,
1014 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1015 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1016 self.assertEqual(rep.u.auth_info, b'\0' * 0)
1017
1018 req = self.generate_request(call_id=1,
1019 context_id=ctx2.context_id,
1020 opnum=0,
1021 stub=b"")
1022 self.send_pdu(req)
1023 rep = self.recv_pdu()
1024 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1025 auth_length=0)
1026 self.assertNotEqual(rep.u.alloc_hint, 0)
1027 self.assertEqual(rep.u.context_id, req.u.context_id)
1028 self.assertEqual(rep.u.cancel_count, 0)
1029 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1030
1031 tsf3_list = [ndr32]
1032 ctx3 = dcerpc.ctx_list()
1033 ctx3.context_id = 3
1034 ctx3.num_transfer_syntaxes = len(tsf3_list)
1035 ctx3.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1036 ctx3.transfer_syntaxes = tsf3_list
1037
1038 tsf4_list = [ndr32]
1039 ctx4 = dcerpc.ctx_list()
1040 ctx4.context_id = 4
1041 ctx4.num_transfer_syntaxes = len(tsf4_list)
1042 ctx4.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1043 ctx4.transfer_syntaxes = tsf4_list
1044
1045 req = self.generate_alter(call_id=34, ctx_list=[ctx3, ctx4])
1046 self.send_pdu(req)
1047 rep = self.recv_pdu()
1048 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1049 auth_length=0)
1050 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1051 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
1052 self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
1053 self.assertEqual(rep.u.secondary_address_size, 0)
1054 self.assertPadding(rep.u._pad1, 2)
1055 self.assertEqual(rep.u.num_results, 2)
1056 self.assertEqual(rep.u.ctx_list[0].result,
1057 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1058 self.assertEqual(rep.u.ctx_list[0].reason,
1059 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1060 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1061 self.assertEqual(rep.u.ctx_list[1].result,
1062 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1063 self.assertEqual(rep.u.ctx_list[1].reason,
1064 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1065 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1066 self.assertEqual(rep.u.auth_info, b'\0' * 0)
1067
1068 req = self.generate_request(call_id=1,
1069 context_id=ctx3.context_id,
1070 opnum=0,
1071 stub=b"")
1072 self.send_pdu(req)
1073 rep = self.recv_pdu()
1074 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1075 auth_length=0)
1076 self.assertNotEqual(rep.u.alloc_hint, 0)
1077 self.assertEqual(rep.u.context_id, req.u.context_id)
1078 self.assertEqual(rep.u.cancel_count, 0)
1079 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1080
1081 req = self.generate_alter(call_id=43, ctx_list=[ctx4, ctx3])
1082 self.send_pdu(req)
1083 rep = self.recv_pdu()
1084 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1085 auth_length=0)
1086 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1087 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
1088 self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
1089 self.assertEqual(rep.u.secondary_address_size, 0)
1090 self.assertPadding(rep.u._pad1, 2)
1091 self.assertEqual(rep.u.num_results, 2)
1092 self.assertEqual(rep.u.ctx_list[0].result,
1093 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1094 self.assertEqual(rep.u.ctx_list[0].reason,
1095 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1096 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1097 self.assertEqual(rep.u.ctx_list[1].result,
1098 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1099 self.assertEqual(rep.u.ctx_list[1].reason,
1100 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1101 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1102 self.assertEqual(rep.u.auth_info, b'\0' * 0)
1103
1104 req = self.generate_request(call_id=1,
1105 context_id=ctx4.context_id,
1106 opnum=0,
1107 stub=b"")
1108 self.send_pdu(req)
1109 rep = self.recv_pdu()
1110 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1111 auth_length=0)
1112 self.assertNotEqual(rep.u.alloc_hint, 0)
1113 self.assertEqual(rep.u.context_id, req.u.context_id)
1114 self.assertEqual(rep.u.cancel_count, 0)
1115 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1116
1117 req = self.generate_request(call_id=1,
1118 context_id=ctx3.context_id,
1119 opnum=0,
1120 stub=b"")
1121 self.send_pdu(req)
1122 rep = self.recv_pdu()
1123 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1124 auth_length=0)
1125 self.assertNotEqual(rep.u.alloc_hint, 0)
1126 self.assertEqual(rep.u.context_id, req.u.context_id)
1127 self.assertEqual(rep.u.cancel_count, 0)
1128 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1129
1130 req = self.generate_alter(call_id=44, ctx_list=[ctx4, ctx4])
1131 self.send_pdu(req)
1132 rep = self.recv_pdu()
1133 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1134 auth_length=0)
1135 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1136 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
1137 self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
1138 self.assertEqual(rep.u.secondary_address_size, 0)
1139 self.assertPadding(rep.u._pad1, 2)
1140 self.assertEqual(rep.u.num_results, 2)
1141 self.assertEqual(rep.u.ctx_list[0].result,
1142 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1143 self.assertEqual(rep.u.ctx_list[0].reason,
1144 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1145 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1146 self.assertEqual(rep.u.ctx_list[1].result,
1147 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1148 self.assertEqual(rep.u.ctx_list[1].reason,
1149 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1150 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1151 self.assertEqual(rep.u.auth_info, b'\0' * 0)
1152
1153 req = self.generate_request(call_id=1,
1154 context_id=ctx4.context_id,
1155 opnum=0,
1156 stub=b"")
1157 self.send_pdu(req)
1158 rep = self.recv_pdu()
1159 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1160 auth_length=0)
1161 self.assertNotEqual(rep.u.alloc_hint, 0)
1162 self.assertEqual(rep.u.context_id, req.u.context_id)
1163 self.assertEqual(rep.u.cancel_count, 0)
1164 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1165
1166 req = self.generate_request(call_id=1,
1167 context_id=ctx3.context_id,
1168 opnum=0,
1169 stub=b"")
1170 self.send_pdu(req)
1171 rep = self.recv_pdu()
1172 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1173 auth_length=0)
1174 self.assertNotEqual(rep.u.alloc_hint, 0)
1175 self.assertEqual(rep.u.context_id, req.u.context_id)
1176 self.assertEqual(rep.u.cancel_count, 0)
1177 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1178
1179 tsf5mgmt_list = [ndr32]
1180 ctx5mgmt = dcerpc.ctx_list()
1181 ctx5mgmt.context_id = 5
1182 ctx5mgmt.num_transfer_syntaxes = len(tsf5mgmt_list)
1183 ctx5mgmt.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1184 ctx5mgmt.transfer_syntaxes = tsf5mgmt_list
1185
1186 tsf5epm_list = [ndr32]
1187 ctx5epm = dcerpc.ctx_list()
1188 ctx5epm.context_id = 5
1189 ctx5epm.num_transfer_syntaxes = len(tsf5epm_list)
1190 ctx5epm.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1191 ctx5epm.transfer_syntaxes = tsf5epm_list
1192
1193 req = self.generate_alter(call_id=55, ctx_list=[ctx5mgmt, ctx5epm])
1194 self.send_pdu(req)
1195 rep = self.recv_pdu()
1196 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1197 auth_length=0)
1198 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1199 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
1200 self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
1201 self.assertEqual(rep.u.secondary_address_size, 0)
1202 self.assertPadding(rep.u._pad1, 2)
1203 self.assertEqual(rep.u.num_results, 2)
1204 self.assertEqual(rep.u.ctx_list[0].result,
1205 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1206 self.assertEqual(rep.u.ctx_list[0].reason,
1207 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1208 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1209 self.assertEqual(rep.u.ctx_list[1].result,
1210 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1211 self.assertEqual(rep.u.ctx_list[1].reason,
1212 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1213 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1214 self.assertEqual(rep.u.auth_info, b'\0' * 0)
1215
1216 req = self.generate_request(call_id=1,
1217 context_id=ctx5mgmt.context_id,
1218 opnum=0,
1219 stub=b"")
1220 self.send_pdu(req)
1221 rep = self.recv_pdu()
1222 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1223 auth_length=0)
1224 self.assertNotEqual(rep.u.alloc_hint, 0)
1225 self.assertEqual(rep.u.context_id, req.u.context_id)
1226 self.assertEqual(rep.u.cancel_count, 0)
1227 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1228
1229 req = self.generate_alter(call_id=55, ctx_list=[ctx5mgmt, ctx5epm])
1230 self.send_pdu(req)
1231 rep = self.recv_pdu()
1232 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
1233 auth_length=0)
1234 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1235 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
1236 self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
1237 self.assertEqual(rep.u.secondary_address_size, 0)
1238 self.assertPadding(rep.u._pad1, 2)
1239 self.assertEqual(rep.u.num_results, 2)
1240 self.assertEqual(rep.u.ctx_list[0].result,
1241 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1242 self.assertEqual(rep.u.ctx_list[0].reason,
1243 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1244 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1245 self.assertEqual(rep.u.ctx_list[1].result,
1246 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1247 self.assertEqual(rep.u.ctx_list[1].reason,
1248 dcerpc.DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED)
1249 self.assertNDRSyntaxEquals(rep.u.ctx_list[1].syntax, zero_syntax)
1250 self.assertEqual(rep.u.auth_info, b'\0' * 0)
1251
1252 req = self.generate_request(call_id=1,
1253 context_id=ctx5mgmt.context_id,
1254 opnum=0,
1255 stub=b"")
1256 self.send_pdu(req)
1257 rep = self.recv_pdu()
1258 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1259 auth_length=0)
1260 self.assertNotEqual(rep.u.alloc_hint, 0)
1261 self.assertEqual(rep.u.context_id, req.u.context_id)
1262 self.assertEqual(rep.u.cancel_count, 0)
1263 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1264
1265 def test_no_auth_bind_time_none_simple(self):
1266 features = 0
1267 btf = base.bind_time_features_syntax(features)
1268
1269 zero_syntax = misc.ndr_syntax_id()
1270
1271 tsf1_list = [btf]
1272 ctx1 = dcerpc.ctx_list()
1273 ctx1.context_id = 1
1274 ctx1.num_transfer_syntaxes = len(tsf1_list)
1275 ctx1.abstract_syntax = zero_syntax
1276 ctx1.transfer_syntaxes = tsf1_list
1277
1278 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1279 self.send_pdu(req)
1280 rep = self.recv_pdu()
1281 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1282 auth_length=0)
1283 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1284 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
1285 self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
1286 self.assertEqual(rep.u.secondary_address_size, 4)
1287 self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
1288 self.assertPadding(rep.u._pad1, 2)
1289 self.assertEqual(rep.u.num_results, 1)
1290 self.assertEqual(rep.u.ctx_list[0].result,
1291 dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1292 self.assertEqual(rep.u.ctx_list[0].reason, features)
1293 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1294 self.assertEqual(rep.u.auth_info, b'\0' * 0)
1295
1296 def test_no_auth_bind_time_none_ignore_additional(self):
1297 features1 = 0
1298 btf1 = base.bind_time_features_syntax(features1)
1299
1300 features2 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1301 features2 |= dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1302 btf2 = base.bind_time_features_syntax(features2)
1303
1304 zero_syntax = misc.ndr_syntax_id()
1305 ndr64 = base.transfer_syntax_ndr64()
1306
1307 tsf1_list = [btf1, btf2, zero_syntax]
1308 ctx1 = dcerpc.ctx_list()
1309 ctx1.context_id = 1
1310 ctx1.num_transfer_syntaxes = len(tsf1_list)
1311 ctx1.abstract_syntax = ndr64
1312 ctx1.transfer_syntaxes = tsf1_list
1313
1314 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1315 self.send_pdu(req)
1316 rep = self.recv_pdu()
1317 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1318 auth_length=0)
1319 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1320 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
1321 self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
1322 self.assertEqual(rep.u.secondary_address_size, 4)
1323 self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
1324 self.assertPadding(rep.u._pad1, 2)
1325 self.assertEqual(rep.u.num_results, 1)
1326 self.assertEqual(rep.u.ctx_list[0].result,
1327 dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1328 self.assertEqual(rep.u.ctx_list[0].reason, features1)
1329 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1330 self.assertEqual(rep.u.auth_info, b'\0' * 0)
1331
1332 def test_no_auth_bind_time_only_first(self):
1333 features1 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1334 btf1 = base.bind_time_features_syntax(features1)
1335
1336 features2 = dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1337 btf2 = base.bind_time_features_syntax(features2)
1338
1339 zero_syntax = misc.ndr_syntax_id()
1340
1341 tsf1_list = [zero_syntax, btf1, btf2, zero_syntax]
1342 ctx1 = dcerpc.ctx_list()
1343 ctx1.context_id = 1
1344 ctx1.num_transfer_syntaxes = len(tsf1_list)
1345 ctx1.abstract_syntax = zero_syntax
1346 ctx1.transfer_syntaxes = tsf1_list
1347
1348 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1349 self.send_pdu(req)
1350 rep = self.recv_pdu()
1351 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1352 auth_length=0)
1353 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1354 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
1355 self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
1356 self.assertEqual(rep.u.secondary_address_size, 4)
1357 self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
1358 self.assertPadding(rep.u._pad1, 2)
1359 self.assertEqual(rep.u.num_results, 1)
1360 self.assertEqual(rep.u.ctx_list[0].result,
1361 dcerpc.DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION)
1362 self.assertEqual(rep.u.ctx_list[0].reason,
1363 dcerpc.DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED)
1364 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1365 self.assertEqual(rep.u.auth_info, b'\0' * 0)
1366
1367 def test_no_auth_bind_time_twice(self):
1368 features1 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1369 btf1 = base.bind_time_features_syntax(features1)
1370
1371 features2 = dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1372 btf2 = base.bind_time_features_syntax(features2)
1373
1374 zero_syntax = misc.ndr_syntax_id()
1375
1376 tsf1_list = [btf1]
1377 ctx1 = dcerpc.ctx_list()
1378 ctx1.context_id = 1
1379 ctx1.num_transfer_syntaxes = len(tsf1_list)
1380 ctx1.abstract_syntax = zero_syntax
1381 ctx1.transfer_syntaxes = tsf1_list
1382
1383 tsf2_list = [btf2]
1384 ctx2 = dcerpc.ctx_list()
1385 ctx2.context_id = 2
1386 ctx2.num_transfer_syntaxes = len(tsf2_list)
1387 ctx2.abstract_syntax = zero_syntax
1388 ctx2.transfer_syntaxes = tsf2_list
1389
1390 req = self.generate_bind(call_id=0, ctx_list=[ctx1, ctx2])
1391 self.send_pdu(req)
1392 rep = self.recv_pdu()
1393 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
1394 auth_length=0)
1395 self.assertEqual(rep.u.reject_reason,
1396 dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1397 self.assertEqual(rep.u.num_versions, 1)
1398 self.assertEqual(rep.u.versions[0].rpc_vers, req.rpc_vers)
1399 self.assertEqual(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
1400 self.assertPadding(rep.u._pad, 3)
1401
1402 # wait for a disconnect
1403 rep = self.recv_pdu()
1404 self.assertIsNone(rep)
1405 self.assertNotConnected()
1406
1407 def test_no_auth_bind_time_keep_on_orphan_simple(self):
1408 features = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1409 btf = base.bind_time_features_syntax(features)
1410
1411 zero_syntax = misc.ndr_syntax_id()
1412
1413 tsf1_list = [btf]
1414 ctx1 = dcerpc.ctx_list()
1415 ctx1.context_id = 1
1416 ctx1.num_transfer_syntaxes = len(tsf1_list)
1417 ctx1.abstract_syntax = zero_syntax
1418 ctx1.transfer_syntaxes = tsf1_list
1419
1420 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1421 self.send_pdu(req)
1422 rep = self.recv_pdu()
1423 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1424 auth_length=0)
1425 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1426 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
1427 self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
1428 self.assertEqual(rep.u.secondary_address_size, 4)
1429 self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
1430 self.assertPadding(rep.u._pad1, 2)
1431 self.assertEqual(rep.u.num_results, 1)
1432 self.assertEqual(rep.u.ctx_list[0].result,
1433 dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1434 self.assertEqual(rep.u.ctx_list[0].reason, features)
1435 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1436 self.assertEqual(rep.u.auth_info, b'\0' * 0)
1437
1438 def test_no_auth_bind_time_keep_on_orphan_ignore_additional(self):
1439 features1 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1440 btf1 = base.bind_time_features_syntax(features1)
1441
1442 features2 = dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1443 btf2 = base.bind_time_features_syntax(features2)
1444
1445 zero_syntax = misc.ndr_syntax_id()
1446 ndr64 = base.transfer_syntax_ndr64()
1447
1448 tsf1_list = [btf1, btf2, zero_syntax]
1449 ctx1 = dcerpc.ctx_list()
1450 ctx1.context_id = 1
1451 ctx1.num_transfer_syntaxes = len(tsf1_list)
1452 ctx1.abstract_syntax = ndr64
1453 ctx1.transfer_syntaxes = tsf1_list
1454
1455 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1456 self.send_pdu(req)
1457 rep = self.recv_pdu()
1458 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1459 auth_length=0)
1460 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1461 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
1462 self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
1463 self.assertEqual(rep.u.secondary_address_size, 4)
1464 self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
1465 self.assertPadding(rep.u._pad1, 2)
1466 self.assertEqual(rep.u.num_results, 1)
1467 self.assertEqual(rep.u.ctx_list[0].result,
1468 dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1469 self.assertEqual(rep.u.ctx_list[0].reason, features1)
1470 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1471 self.assertEqual(rep.u.auth_info, b'\0' * 0)
1472
1473 def test_no_auth_bind_time_sec_ctx_ignore_additional(self):
1474 features1 = dcerpc.DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
1475 btf1 = base.bind_time_features_syntax(features1)
1476
1477 features2 = dcerpc.DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
1478 btf2 = base.bind_time_features_syntax(features2)
1479
1480 zero_syntax = misc.ndr_syntax_id()
1481 ndr64 = base.transfer_syntax_ndr64()
1482
1483 tsf1_list = [btf1, btf2, zero_syntax]
1484 ctx1 = dcerpc.ctx_list()
1485 ctx1.context_id = 1
1486 ctx1.num_transfer_syntaxes = len(tsf1_list)
1487 ctx1.abstract_syntax = ndr64
1488 ctx1.transfer_syntaxes = tsf1_list
1489
1490 req = self.generate_bind(call_id=0, ctx_list=[ctx1])
1491 self.send_pdu(req)
1492 rep = self.recv_pdu()
1493 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
1494 auth_length=0)
1495 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1496 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
1497 self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
1498 self.assertEqual(rep.u.secondary_address_size, 4)
1499 self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
1500 self.assertPadding(rep.u._pad1, 2)
1501 self.assertEqual(rep.u.num_results, 1)
1502 self.assertEqual(rep.u.ctx_list[0].result,
1503 dcerpc.DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK)
1504 self.assertEqual(rep.u.ctx_list[0].reason, features1)
1505 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, zero_syntax)
1506 self.assertEqual(rep.u.auth_info, b'\0' * 0)
1507
1508 def _test_auth_type_level_bind_nak(self, auth_type, auth_level, creds=None,
1509 reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_AUTH_TYPE):
1510 ndr32 = base.transfer_syntax_ndr()
1511
1512 tsf1_list = [ndr32]
1513 ctx1 = dcerpc.ctx_list()
1514 ctx1.context_id = 1
1515 ctx1.num_transfer_syntaxes = len(tsf1_list)
1516 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1517 ctx1.transfer_syntaxes = tsf1_list
1518 ctx_list = [ctx1]
1519
1520 auth_context_id = 0
1521
1522 if creds is not None:
1523 # We always start with DCERPC_AUTH_LEVEL_INTEGRITY
1524 auth_context = self.get_auth_context_creds(creds,
1525 auth_type=auth_type,
1526 auth_level=auth_level,
1527 auth_context_id=auth_context_id,
1528 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
1529 from_server = b""
1530 (finished, to_server) = auth_context["gensec"].update(from_server)
1531 self.assertFalse(finished)
1532
1533 auth_info = self.generate_auth(auth_type=auth_context["auth_type"],
1534 auth_level=auth_context["auth_level"],
1535 auth_context_id=auth_context["auth_context_id"],
1536 auth_blob=to_server)
1537 else:
1538 to_server = b"none"
1539 auth_info = self.generate_auth(auth_type=auth_type,
1540 auth_level=auth_level,
1541 auth_context_id=auth_context_id,
1542 auth_blob=to_server)
1543
1544 req = self.generate_bind(call_id=0,
1545 ctx_list=ctx_list,
1546 auth_info=auth_info)
1547 self.send_pdu(req)
1548 rep = self.recv_pdu()
1549 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
1550 auth_length=0)
1551 self.assertEqual(rep.u.reject_reason, reason)
1552 self.assertEqual(rep.u.num_versions, 1)
1553 self.assertEqual(rep.u.versions[0].rpc_vers, req.rpc_vers)
1554 self.assertEqual(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
1555 self.assertPadding(rep.u._pad, 3)
1556
1557 # wait for a disconnect
1558 rep = self.recv_pdu()
1559 self.assertIsNone(rep)
1560 self.assertNotConnected()
1561
1562 def _test_auth_none_level_bind(self, auth_level,
1563 reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_AUTH_TYPE):
1564 return self._test_auth_type_level_bind_nak(auth_type=dcerpc.DCERPC_AUTH_LEVEL_NONE,
1565 auth_level=auth_level, reason=reason)
1566
1567 def test_auth_none_none_bind(self):
1568 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_NONE,
1569 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1570
1571 def test_auth_none_connect_bind(self):
1572 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_CONNECT)
1573
1574 def test_auth_none_call_bind(self):
1575 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_CALL)
1576
1577 def test_auth_none_packet_bind(self):
1578 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_PACKET)
1579
1580 def test_auth_none_integrity_bind(self):
1581 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
1582
1583 def test_auth_none_privacy_bind(self):
1584 return self._test_auth_none_level_bind(dcerpc.DCERPC_AUTH_LEVEL_PRIVACY)
1585
1586 def test_auth_none_0_bind(self):
1587 return self._test_auth_none_level_bind(0,
1588 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1589
1590 def test_auth_none_7_bind(self):
1591 return self._test_auth_none_level_bind(7,
1592 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1593
1594 def test_auth_none_255_bind(self):
1595 return self._test_auth_none_level_bind(255,
1596 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
1597
1598 def _test_auth_none_level_request(self, auth_level):
1599 ndr32 = base.transfer_syntax_ndr()
1600
1601 tsf1_list = [ndr32]
1602 ctx1 = dcerpc.ctx_list()
1603 ctx1.context_id = 1
1604 ctx1.num_transfer_syntaxes = len(tsf1_list)
1605 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
1606 ctx1.transfer_syntaxes = tsf1_list
1607 ctx_list = [ctx1]
1608
1609 auth_type = dcerpc.DCERPC_AUTH_TYPE_NONE
1610 auth_context_id = 0
1611
1612 req = self.generate_bind(call_id=0,
1613 ctx_list=ctx_list)
1614
1615 self.send_pdu(req)
1616 rep = self.recv_pdu()
1617 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
1618 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
1619 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
1620 self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
1621 self.assertEqual(rep.u.secondary_address_size, 4)
1622 self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
1623 self.assertPadding(rep.u._pad1, 2)
1624 self.assertEqual(rep.u.num_results, 1)
1625 self.assertEqual(rep.u.ctx_list[0].result,
1626 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
1627 self.assertEqual(rep.u.ctx_list[0].reason,
1628 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
1629 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
1630 self.assertEqual(len(rep.u.auth_info), 0)
1631
1632 # And now try a request without auth_info
1633 req = self.generate_request(call_id=2,
1634 context_id=ctx1.context_id,
1635 opnum=0,
1636 stub=b"")
1637 self.send_pdu(req)
1638 rep = self.recv_pdu()
1639 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
1640 auth_length=0)
1641 self.assertNotEqual(rep.u.alloc_hint, 0)
1642 self.assertEqual(rep.u.context_id, req.u.context_id)
1643 self.assertEqual(rep.u.cancel_count, 0)
1644 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
1645
1646 auth_info = self.generate_auth(auth_type=auth_type,
1647 auth_level=auth_level,
1648 auth_context_id=auth_context_id,
1649 auth_blob=b"none")
1650
1651 req = self.generate_request(call_id=3,
1652 context_id=ctx1.context_id,
1653 opnum=0,
1654 stub=b"",
1655 auth_info=auth_info)
1656 self.send_pdu(req)
1657 rep = self.recv_pdu()
1658 # We get a fault back
1659 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
1660 auth_length=0)
1661 self.assertNotEqual(rep.u.alloc_hint, 0)
1662 self.assertEqual(rep.u.context_id, req.u.context_id)
1663 self.assertEqual(rep.u.cancel_count, 0)
1664 self.assertEqual(rep.u.flags, 0)
1665 self.assertEqual(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
1666 self.assertEqual(rep.u.reserved, 0)
1667 self.assertEqual(len(rep.u.error_and_verifier), 0)
1668
1669 # wait for a disconnect
1670 rep = self.recv_pdu()
1671 self.assertIsNone(rep)
1672 self.assertNotConnected()
1673
1674 def test_auth_none_none_request(self):
1675 return self._test_auth_none_level_request(dcerpc.DCERPC_AUTH_LEVEL_NONE)
1676
1677 def test_auth_none_connect_request(self):
1678 return self._test_auth_none_level_request(dcerpc.DCERPC_AUTH_LEVEL_CONNECT)
1679
1680 def test_auth_none_call_request(self):
1681 return self._test_auth_none_level_request(dcerpc.DCERPC_AUTH_LEVEL_CALL)
1682
1683 def test_auth_none_packet_request(self):
1684 return self._test_auth_none_level_request(dcerpc.DCERPC_AUTH_LEVEL_PACKET)
1685
1686 def test_ntlmssp_multi_auth_first1_lastSame2(self):
1687 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
1688 expected_fault = dcerpc.DCERPC_FAULT_SEC_PKG_ERROR
1689 auth_context_2nd = 2
1690 expected_call_id = None
1691 expected_context_id = None
1692 not_executed = False
1693 conc_mpx = False
1694 forced_call_id = None
1695 forced_context_id = None
1696 forced_opnum = None
1697 forced_auth_context_id = None
1698 forced_auth_type = None
1699 forced_auth_level = None
1700 return self._test_generic_auth_first_last(auth_type,
1701 expected_fault,
1702 auth_context_2nd=auth_context_2nd,
1703 expected_call_id=expected_call_id,
1704 expected_context_id=expected_context_id,
1705 not_executed=not_executed,
1706 conc_mpx=conc_mpx,
1707 forced_call_id=forced_call_id,
1708 forced_context_id=forced_context_id,
1709 forced_opnum=forced_opnum,
1710 forced_auth_context_id=forced_auth_context_id,
1711 forced_auth_type=forced_auth_type,
1712 forced_auth_level=forced_auth_level)
1713
1714 def test_ntlmssp_multi_auth_first1_lastNext2(self):
1715 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
1716 expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
1717 auth_context_2nd = 2
1718 expected_call_id = None
1719 expected_context_id = None
1720 not_executed = False
1721 conc_mpx = False
1722 forced_call_id = 4
1723 forced_context_id = None
1724 forced_opnum = None
1725 forced_auth_context_id = None
1726 forced_auth_type = None
1727 forced_auth_level = None
1728 return self._test_generic_auth_first_last(auth_type,
1729 expected_fault,
1730 auth_context_2nd=auth_context_2nd,
1731 expected_call_id=expected_call_id,
1732 expected_context_id=expected_context_id,
1733 not_executed=not_executed,
1734 conc_mpx=conc_mpx,
1735 forced_call_id=forced_call_id,
1736 forced_context_id=forced_context_id,
1737 forced_opnum=forced_opnum,
1738 forced_auth_context_id=forced_auth_context_id,
1739 forced_auth_type=forced_auth_type,
1740 forced_auth_level=forced_auth_level)
1741
1742 def test_ntlmssp_multi_auth_first1_lastSame111(self):
1743 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
1744 expected_fault = None
1745 auth_context_2nd = 1
1746 expected_call_id = None
1747 expected_context_id = None
1748 not_executed = False
1749 conc_mpx = False
1750 forced_call_id = None
1751 forced_context_id = 111
1752 forced_opnum = 111
1753 forced_auth_context_id = 111
1754 forced_auth_type = 111
1755 forced_auth_level = 111
1756 return self._test_generic_auth_first_last(auth_type,
1757 expected_fault,
1758 auth_context_2nd=auth_context_2nd,
1759 expected_call_id=expected_call_id,
1760 expected_context_id=expected_context_id,
1761 not_executed=not_executed,
1762 conc_mpx=conc_mpx,
1763 forced_call_id=forced_call_id,
1764 forced_context_id=forced_context_id,
1765 forced_opnum=forced_opnum,
1766 forced_auth_context_id=forced_auth_context_id,
1767 forced_auth_type=forced_auth_type,
1768 forced_auth_level=forced_auth_level)
1769
1770 def test_ntlmssp_multi_auth_first1_lastNext111(self):
1771 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
1772 expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
1773 auth_context_2nd = 1
1774 expected_call_id = None
1775 expected_context_id = None
1776 not_executed = False
1777 conc_mpx = False
1778 forced_call_id = 4
1779 forced_context_id = 111
1780 forced_opnum = 111
1781 forced_auth_context_id = 111
1782 forced_auth_type = 111
1783 forced_auth_level = 111
1784 return self._test_generic_auth_first_last(auth_type,
1785 expected_fault,
1786 auth_context_2nd=auth_context_2nd,
1787 expected_call_id=expected_call_id,
1788 expected_context_id=expected_context_id,
1789 not_executed=not_executed,
1790 conc_mpx=conc_mpx,
1791 forced_call_id=forced_call_id,
1792 forced_context_id=forced_context_id,
1793 forced_opnum=forced_opnum,
1794 forced_auth_context_id=forced_auth_context_id,
1795 forced_auth_type=forced_auth_type,
1796 forced_auth_level=forced_auth_level)
1797
1798 def test_ntlmssp_multi_auth_MPX_first1_lastNext111(self):
1799 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
1800 expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
1801 auth_context_2nd = 1
1802 expected_call_id = 4
1803 expected_context_id = 0
1804 not_executed = False
1805 conc_mpx = True
1806 forced_call_id = 4
1807 forced_context_id = 111
1808 forced_opnum = 111
1809 forced_auth_context_id = 111
1810 forced_auth_type = 111
1811 forced_auth_level = 111
1812 return self._test_generic_auth_first_last(auth_type,
1813 expected_fault,
1814 auth_context_2nd=auth_context_2nd,
1815 expected_call_id=expected_call_id,
1816 expected_context_id=expected_context_id,
1817 not_executed=not_executed,
1818 conc_mpx=conc_mpx,
1819 forced_call_id=forced_call_id,
1820 forced_context_id=forced_context_id,
1821 forced_opnum=forced_opnum,
1822 forced_auth_context_id=forced_auth_context_id,
1823 forced_auth_type=forced_auth_type,
1824 forced_auth_level=forced_auth_level)
1825
1826 def test_ntlmssp_multi_auth_first1_lastSameNone(self):
1827 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
1828 expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
1829 auth_context_2nd = None
1830 expected_call_id = None
1831 expected_context_id = None
1832 not_executed = False
1833 conc_mpx = False
1834 forced_call_id = None
1835 forced_context_id = None
1836 forced_opnum = None
1837 forced_auth_context_id = None
1838 forced_auth_type = None
1839 forced_auth_level = None
1840 return self._test_generic_auth_first_last(auth_type,
1841 expected_fault,
1842 auth_context_2nd=auth_context_2nd,
1843 expected_call_id=expected_call_id,
1844 expected_context_id=expected_context_id,
1845 not_executed=not_executed,
1846 conc_mpx=conc_mpx,
1847 forced_call_id=forced_call_id,
1848 forced_context_id=forced_context_id,
1849 forced_opnum=forced_opnum,
1850 forced_auth_context_id=forced_auth_context_id,
1851 forced_auth_type=forced_auth_type,
1852 forced_auth_level=forced_auth_level)
1853
1854 def test_ntlmssp_multi_auth_MPX_first1_lastSameNone(self):
1855 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
1856 expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
1857 auth_context_2nd = None
1858 expected_call_id = None
1859 expected_context_id = None
1860 not_executed = False
1861 conc_mpx = True
1862 forced_call_id = None
1863 forced_context_id = None
1864 forced_opnum = None
1865 forced_auth_context_id = None
1866 forced_auth_type = None
1867 forced_auth_level = None
1868 return self._test_generic_auth_first_last(auth_type,
1869 expected_fault,
1870 auth_context_2nd=auth_context_2nd,
1871 expected_call_id=expected_call_id,
1872 expected_context_id=expected_context_id,
1873 not_executed=not_executed,
1874 conc_mpx=conc_mpx,
1875 forced_call_id=forced_call_id,
1876 forced_context_id=forced_context_id,
1877 forced_opnum=forced_opnum,
1878 forced_auth_context_id=forced_auth_context_id,
1879 forced_auth_type=forced_auth_type,
1880 forced_auth_level=forced_auth_level)
1881
1882 def test_ntlmssp_multi_auth_first1_lastNextNone(self):
1883 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
1884 expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
1885 auth_context_2nd = None
1886 expected_call_id = None
1887 expected_context_id = None
1888 not_executed = False
1889 conc_mpx = False
1890 forced_call_id = 4
1891 forced_context_id = None
1892 forced_opnum = None
1893 forced_auth_context_id = None
1894 forced_auth_type = None
1895 forced_auth_level = None
1896 return self._test_generic_auth_first_last(auth_type,
1897 expected_fault,
1898 auth_context_2nd=auth_context_2nd,
1899 expected_call_id=expected_call_id,
1900 expected_context_id=expected_context_id,
1901 not_executed=not_executed,
1902 conc_mpx=conc_mpx,
1903 forced_call_id=forced_call_id,
1904 forced_context_id=forced_context_id,
1905 forced_opnum=forced_opnum,
1906 forced_auth_context_id=forced_auth_context_id,
1907 forced_auth_type=forced_auth_type,
1908 forced_auth_level=forced_auth_level)
1909
1910 def test_ntlmssp_multi_auth_MPX_first1_lastNextNone(self):
1911 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
1912 expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
1913 auth_context_2nd = None
1914 expected_call_id = 4
1915 expected_context_id = 0
1916 not_executed = False
1917 conc_mpx = True
1918 forced_call_id = 4
1919 forced_context_id = None
1920 forced_opnum = None
1921 forced_auth_context_id = None
1922 forced_auth_type = None
1923 forced_auth_level = None
1924 return self._test_generic_auth_first_last(auth_type,
1925 expected_fault,
1926 auth_context_2nd=auth_context_2nd,
1927 expected_call_id=expected_call_id,
1928 expected_context_id=expected_context_id,
1929 not_executed=not_executed,
1930 conc_mpx=conc_mpx,
1931 forced_call_id=forced_call_id,
1932 forced_context_id=forced_context_id,
1933 forced_opnum=forced_opnum,
1934 forced_auth_context_id=forced_auth_context_id,
1935 forced_auth_type=forced_auth_type,
1936 forced_auth_level=forced_auth_level)
1937
1938 def test_ntlmssp_multi_auth_first1_lastSameNone111(self):
1939 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
1940 expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
1941 auth_context_2nd = None
1942 expected_call_id = None
1943 expected_context_id = None
1944 not_executed = False
1945 conc_mpx = False
1946 forced_call_id = None
1947 forced_context_id = 111
1948 forced_opnum = 111
1949 forced_auth_context_id = None
1950 forced_auth_type = None
1951 forced_auth_level = None
1952 return self._test_generic_auth_first_last(auth_type,
1953 expected_fault,
1954 auth_context_2nd=auth_context_2nd,
1955 expected_call_id=expected_call_id,
1956 expected_context_id=expected_context_id,
1957 not_executed=not_executed,
1958 conc_mpx=conc_mpx,
1959 forced_call_id=forced_call_id,
1960 forced_context_id=forced_context_id,
1961 forced_opnum=forced_opnum,
1962 forced_auth_context_id=forced_auth_context_id,
1963 forced_auth_type=forced_auth_type,
1964 forced_auth_level=forced_auth_level)
1965
1966 def test_ntlmssp_multi_auth_MPX_first1_lastSameNone111(self):
1967 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
1968 expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
1969 auth_context_2nd = None
1970 expected_call_id = None
1971 expected_context_id = None
1972 not_executed = False
1973 conc_mpx = True
1974 forced_call_id = None
1975 forced_context_id = 111
1976 forced_opnum = 111
1977 forced_auth_context_id = None
1978 forced_auth_type = None
1979 forced_auth_level = None
1980 return self._test_generic_auth_first_last(auth_type,
1981 expected_fault,
1982 auth_context_2nd=auth_context_2nd,
1983 expected_call_id=expected_call_id,
1984 expected_context_id=expected_context_id,
1985 not_executed=not_executed,
1986 conc_mpx=conc_mpx,
1987 forced_call_id=forced_call_id,
1988 forced_context_id=forced_context_id,
1989 forced_opnum=forced_opnum,
1990 forced_auth_context_id=forced_auth_context_id,
1991 forced_auth_type=forced_auth_type,
1992 forced_auth_level=forced_auth_level)
1993
1994 def test_ntlmssp_multi_auth_first1_lastNextNone111(self):
1995 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
1996 expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
1997 auth_context_2nd = None
1998 expected_call_id = None
1999 expected_context_id = None
2000 not_executed = False
2001 conc_mpx = False
2002 forced_call_id = 4
2003 forced_context_id = 111
2004 forced_opnum = 111
2005 forced_auth_context_id = None
2006 forced_auth_type = None
2007 forced_auth_level = None
2008 return self._test_generic_auth_first_last(auth_type,
2009 expected_fault,
2010 auth_context_2nd=auth_context_2nd,
2011 expected_call_id=expected_call_id,
2012 expected_context_id=expected_context_id,
2013 not_executed=not_executed,
2014 conc_mpx=conc_mpx,
2015 forced_call_id=forced_call_id,
2016 forced_context_id=forced_context_id,
2017 forced_opnum=forced_opnum,
2018 forced_auth_context_id=forced_auth_context_id,
2019 forced_auth_type=forced_auth_type,
2020 forced_auth_level=forced_auth_level)
2021
2022 def test_ntlmssp_multi_auth_MPX_first1_lastNextNone111(self):
2023 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
2024 expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
2025 auth_context_2nd = None
2026 expected_call_id = 4
2027 expected_context_id = 0
2028 not_executed = False
2029 conc_mpx = True
2030 forced_call_id = 4
2031 forced_context_id = 111
2032 forced_opnum = 111
2033 forced_auth_context_id = None
2034 forced_auth_type = None
2035 forced_auth_level = None
2036 return self._test_generic_auth_first_last(auth_type,
2037 expected_fault,
2038 auth_context_2nd=auth_context_2nd,
2039 expected_call_id=expected_call_id,
2040 expected_context_id=expected_context_id,
2041 not_executed=not_executed,
2042 conc_mpx=conc_mpx,
2043 forced_call_id=forced_call_id,
2044 forced_context_id=forced_context_id,
2045 forced_opnum=forced_opnum,
2046 forced_auth_context_id=forced_auth_context_id,
2047 forced_auth_type=forced_auth_type,
2048 forced_auth_level=forced_auth_level)
2049
2050 def _test_generic_auth_first_2nd(self,
2051 auth_type,
2052 pfc_flags_2nd,
2053 expected_fault,
2054 auth_context_2nd=2,
2055 skip_first=False,
2056 expected_call_id=None,
2057 expected_context_id=None,
2058 conc_mpx=False,
2059 not_executed=False,
2060 forced_call_id=None,
2061 forced_context_id=None,
2062 forced_opnum=None,
2063 forced_auth_context_id=None,
2064 forced_auth_type=None,
2065 forced_auth_level=None):
2066 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
2067 auth_level1 = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
2068 auth_context_id1=1
2069 auth_level2 = dcerpc.DCERPC_AUTH_LEVEL_PACKET
2070 auth_context_id2=2
2071
2072 creds = self.get_user_creds()
2073
2074 abstract = samba.dcerpc.mgmt.abstract_syntax()
2075 transfer = base.transfer_syntax_ndr()
2076
2077 tsf1_list = [transfer]
2078 ctx = samba.dcerpc.dcerpc.ctx_list()
2079 ctx.context_id = 1
2080 ctx.num_transfer_syntaxes = len(tsf1_list)
2081 ctx.abstract_syntax = abstract
2082 ctx.transfer_syntaxes = tsf1_list
2083
2084 auth_context1 = self.get_auth_context_creds(creds=creds,
2085 auth_type=auth_type,
2086 auth_level=auth_level1,
2087 auth_context_id=auth_context_id1,
2088 hdr_signing=False)
2089 auth_context2 = self.get_auth_context_creds(creds=creds,
2090 auth_type=auth_type,
2091 auth_level=auth_level2,
2092 auth_context_id=auth_context_id2,
2093 hdr_signing=False)
2094
2095 bind_pfc_flags = dcerpc.DCERPC_PFC_FLAG_FIRST | dcerpc.DCERPC_PFC_FLAG_LAST
2096 if conc_mpx:
2097 bind_pfc_flags |= dcerpc.DCERPC_PFC_FLAG_CONC_MPX
2098
2099 ack0 = self.do_generic_bind(call_id=0,
2100 ctx=ctx,
2101 pfc_flags=bind_pfc_flags)
2102
2103 ack1 = self.do_generic_bind(call_id=1,
2104 ctx=ctx,
2105 auth_context=auth_context1,
2106 assoc_group_id = ack0.u.assoc_group_id,
2107 start_with_alter=True)
2108 if auth_context_2nd == 2:
2109 ack2 = self.do_generic_bind(call_id=2,
2110 ctx=ctx,
2111 auth_context=auth_context2,
2112 assoc_group_id = ack0.u.assoc_group_id,
2113 start_with_alter=True)
2114
2115 ndr_print = self.do_ndr_print
2116 hexdump = self.do_hexdump
2117 inq_if_ids = samba.dcerpc.mgmt.inq_if_ids()
2118 io = inq_if_ids
2119 if ndr_print:
2120 sys.stderr.write("in: %s" % samba.ndr.ndr_print_in(io))
2121 stub_in = samba.ndr.ndr_pack_in(io)
2122 stub_in += b'\xfe'*45 # add some padding in order to have some payload
2123 if hexdump:
2124 sys.stderr.write("stub_in: %d\n%s" % (len(stub_in), self.hexdump(stub_in)))
2125
2126 call_id = 3
2127 context_id = ctx.context_id
2128 opnum = io.opnum()
2129
2130 if not skip_first:
2131 pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST
2132 stub_in_tmp = stub_in[0:16]
2133 req = self.generate_request_auth(call_id=call_id,
2134 context_id=context_id,
2135 pfc_flags=pfc_flags,
2136 opnum=opnum,
2137 alloc_hint=len(stub_in),
2138 stub=stub_in_tmp,
2139 auth_context=auth_context1)
2140 self.send_pdu(req, ndr_print=ndr_print, hexdump=hexdump)
2141 rep = self.recv_pdu(timeout=0.01)
2142 self.assertIsNone(rep)
2143 self.assertIsConnected()
2144
2145 # context_id, opnum and auth header values are completely ignored
2146 if auth_context_2nd == 1:
2147 auth_context_copy = auth_context1.copy()
2148 elif auth_context_2nd == 2:
2149 auth_context_copy = auth_context2.copy()
2150 else:
2151 auth_context_copy = None
2152
2153 expected_pfc_flags = dcerpc.DCERPC_PFC_FLAG_FIRST | dcerpc.DCERPC_PFC_FLAG_LAST
2154 if expected_context_id is None:
2155 expected_context_id = context_id
2156 if expected_call_id is None:
2157 expected_call_id = call_id
2158 if not_executed:
2159 expected_pfc_flags |= dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE
2160
2161 if forced_call_id is not None:
2162 call_id = forced_call_id
2163 if forced_context_id is not None:
2164 context_id = forced_context_id
2165 if forced_opnum is not None:
2166 opnum = forced_opnum
2167 if forced_auth_context_id is not None:
2168 auth_context_copy["auth_context_id"] = forced_auth_context_id
2169 if forced_auth_type is not None:
2170 auth_context_copy["auth_type"] = forced_auth_type
2171 if forced_auth_level is not None:
2172 auth_context_copy["auth_level"] = forced_auth_level
2173
2174 pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST
2175 stub_in_tmp = stub_in[16:-1]
2176 req = self.generate_request_auth(call_id=call_id,
2177 context_id=context_id,
2178 pfc_flags=pfc_flags_2nd,
2179 opnum=opnum,
2180 alloc_hint=len(stub_in_tmp),
2181 stub=stub_in_tmp,
2182 auth_context=auth_context_copy)
2183 self.send_pdu(req, ndr_print=ndr_print, hexdump=hexdump)
2184 if expected_fault is None:
2185 self.do_single_request(call_id=3, ctx=ctx, io=io, send_req=False, auth_context=auth_context1)
2186 return
2187 rep = self.recv_pdu()
2188 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, expected_call_id,
2189 pfc_flags=expected_pfc_flags,
2190 auth_length=0)
2191 self.assertNotEqual(rep.u.alloc_hint, 0)
2192 self.assertEqual(rep.u.context_id, expected_context_id)
2193 self.assertEqual(rep.u.cancel_count, 0)
2194 self.assertEqual(rep.u.flags, 0)
2195 self.assertEqual(rep.u.status, expected_fault)
2196 self.assertEqual(rep.u.reserved, 0)
2197 self.assertEqual(len(rep.u.error_and_verifier), 0)
2198
2199 if not_executed:
2200 # still alive
2201 rep = self.recv_pdu(timeout=0.01)
2202 self.assertIsNone(rep)
2203 self.assertIsConnected()
2204 return
2205
2206 # wait for a disconnect
2207 rep = self.recv_pdu()
2208 self.assertIsNone(rep)
2209 self.assertNotConnected()
2210
2211 def _test_generic_auth_first_last(self,
2212 auth_type,
2213 expected_fault,
2214 auth_context_2nd=2,
2215 expected_call_id=None,
2216 expected_context_id=None,
2217 conc_mpx=False,
2218 not_executed=False,
2219 forced_call_id=None,
2220 forced_context_id=None,
2221 forced_opnum=None,
2222 forced_auth_context_id=None,
2223 forced_auth_type=None,
2224 forced_auth_level=None):
2225 pfc_flags_2nd = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST
2226 return self._test_generic_auth_first_2nd(auth_type,
2227 pfc_flags_2nd,
2228 expected_fault,
2229 auth_context_2nd=auth_context_2nd,
2230 expected_call_id=expected_call_id,
2231 expected_context_id=expected_context_id,
2232 not_executed=not_executed,
2233 conc_mpx=conc_mpx,
2234 forced_call_id=forced_call_id,
2235 forced_context_id=forced_context_id,
2236 forced_opnum=forced_opnum,
2237 forced_auth_context_id=forced_auth_context_id,
2238 forced_auth_type=forced_auth_type,
2239 forced_auth_level=forced_auth_level)
2240
2241 def _test_generic_auth_first_first(self,
2242 auth_type,
2243 expected_fault,
2244 auth_context_2nd=2,
2245 expected_call_id=None,
2246 expected_context_id=None,
2247 conc_mpx=False,
2248 not_executed=False,
2249 forced_call_id=None,
2250 forced_context_id=None,
2251 forced_opnum=None,
2252 forced_auth_context_id=None,
2253 forced_auth_type=None,
2254 forced_auth_level=None):
2255 pfc_flags_2nd = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST
2256 return self._test_generic_auth_first_2nd(auth_type,
2257 pfc_flags_2nd,
2258 expected_fault,
2259 auth_context_2nd=auth_context_2nd,
2260 expected_call_id=expected_call_id,
2261 expected_context_id=expected_context_id,
2262 not_executed=not_executed,
2263 conc_mpx=conc_mpx,
2264 forced_call_id=forced_call_id,
2265 forced_context_id=forced_context_id,
2266 forced_opnum=forced_opnum,
2267 forced_auth_context_id=forced_auth_context_id,
2268 forced_auth_type=forced_auth_type,
2269 forced_auth_level=forced_auth_level)
2270
2271 def test_ntlmssp_multi_auth_first1_firstSame2(self):
2272 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
2273 expected_fault = dcerpc.DCERPC_FAULT_SEC_PKG_ERROR
2274 auth_context_2nd = 2
2275 expected_call_id = None
2276 expected_context_id = None
2277 not_executed = False
2278 conc_mpx = False
2279 forced_call_id = None
2280 forced_context_id = None
2281 forced_opnum = None
2282 forced_auth_context_id = None
2283 forced_auth_type = None
2284 forced_auth_level = None
2285 return self._test_generic_auth_first_first(auth_type,
2286 expected_fault,
2287 auth_context_2nd=auth_context_2nd,
2288 expected_call_id=expected_call_id,
2289 expected_context_id=expected_context_id,
2290 not_executed=not_executed,
2291 conc_mpx=conc_mpx,
2292 forced_call_id=forced_call_id,
2293 forced_context_id=forced_context_id,
2294 forced_opnum=forced_opnum,
2295 forced_auth_context_id=forced_auth_context_id,
2296 forced_auth_type=forced_auth_type,
2297 forced_auth_level=forced_auth_level)
2298
2299 def test_ntlmssp_multi_auth_first1_firstNext2(self):
2300 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
2301 expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
2302 auth_context_2nd = 2
2303 expected_call_id = 3
2304 expected_context_id = None
2305 not_executed = False
2306 conc_mpx = False
2307 forced_call_id = 4
2308 forced_context_id = None
2309 forced_opnum = None
2310 forced_auth_context_id = None
2311 forced_auth_type = None
2312 forced_auth_level = None
2313 return self._test_generic_auth_first_first(auth_type,
2314 expected_fault,
2315 auth_context_2nd=auth_context_2nd,
2316 expected_call_id=expected_call_id,
2317 expected_context_id=expected_context_id,
2318 not_executed=not_executed,
2319 conc_mpx=conc_mpx,
2320 forced_call_id=forced_call_id,
2321 forced_context_id=forced_context_id,
2322 forced_opnum=forced_opnum,
2323 forced_auth_context_id=forced_auth_context_id,
2324 forced_auth_type=forced_auth_type,
2325 forced_auth_level=forced_auth_level)
2326
2327 def test_ntlmssp_multi_auth_first1_firstSame111(self):
2328 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
2329 expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
2330 auth_context_2nd = 1
2331 expected_call_id = None
2332 expected_context_id = None
2333 not_executed = False
2334 conc_mpx = False
2335 forced_call_id = None
2336 forced_context_id = 111
2337 forced_opnum = 111
2338 forced_auth_context_id = 111
2339 forced_auth_type = 111
2340 forced_auth_level = 111
2341 return self._test_generic_auth_first_first(auth_type,
2342 expected_fault,
2343 auth_context_2nd=auth_context_2nd,
2344 expected_call_id=expected_call_id,
2345 expected_context_id=expected_context_id,
2346 not_executed=not_executed,
2347 conc_mpx=conc_mpx,
2348 forced_call_id=forced_call_id,
2349 forced_context_id=forced_context_id,
2350 forced_opnum=forced_opnum,
2351 forced_auth_context_id=forced_auth_context_id,
2352 forced_auth_type=forced_auth_type,
2353 forced_auth_level=forced_auth_level)
2354
2355 def test_ntlmssp_multi_auth_MPX_first1_firstSame111(self):
2356 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
2357 expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
2358 auth_context_2nd = 1
2359 expected_call_id = None
2360 expected_context_id = None
2361 not_executed = False
2362 conc_mpx = True
2363 forced_call_id = None
2364 forced_context_id = 111
2365 forced_opnum = 111
2366 forced_auth_context_id = 111
2367 forced_auth_type = 111
2368 forced_auth_level = 111
2369 return self._test_generic_auth_first_first(auth_type,
2370 expected_fault,
2371 auth_context_2nd=auth_context_2nd,
2372 expected_call_id=expected_call_id,
2373 expected_context_id=expected_context_id,
2374 not_executed=not_executed,
2375 conc_mpx=conc_mpx,
2376 forced_call_id=forced_call_id,
2377 forced_context_id=forced_context_id,
2378 forced_opnum=forced_opnum,
2379 forced_auth_context_id=forced_auth_context_id,
2380 forced_auth_type=forced_auth_type,
2381 forced_auth_level=forced_auth_level)
2382
2383 def test_ntlmssp_multi_auth_first1_firstNext111(self):
2384 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
2385 expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
2386 auth_context_2nd = 1
2387 expected_call_id = 3
2388 expected_context_id = None
2389 not_executed = False
2390 conc_mpx = False
2391 forced_call_id = 4
2392 forced_context_id = 111
2393 forced_opnum = 111
2394 forced_auth_context_id = 111
2395 forced_auth_type = 111
2396 forced_auth_level = 111
2397 return self._test_generic_auth_first_first(auth_type,
2398 expected_fault,
2399 auth_context_2nd=auth_context_2nd,
2400 expected_call_id=expected_call_id,
2401 expected_context_id=expected_context_id,
2402 not_executed=not_executed,
2403 conc_mpx=conc_mpx,
2404 forced_call_id=forced_call_id,
2405 forced_context_id=forced_context_id,
2406 forced_opnum=forced_opnum,
2407 forced_auth_context_id=forced_auth_context_id,
2408 forced_auth_type=forced_auth_type,
2409 forced_auth_level=forced_auth_level)
2410
2411 def test_ntlmssp_multi_auth_MPX_first1_firstNext111(self):
2412 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
2413 expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
2414 auth_context_2nd = 1
2415 expected_call_id = 4
2416 expected_context_id = 0
2417 not_executed = False
2418 conc_mpx = True
2419 forced_call_id = 4
2420 forced_context_id = 111
2421 forced_opnum = 111
2422 forced_auth_context_id = 111
2423 forced_auth_type = 111
2424 forced_auth_level = 111
2425 return self._test_generic_auth_first_first(auth_type,
2426 expected_fault,
2427 auth_context_2nd=auth_context_2nd,
2428 expected_call_id=expected_call_id,
2429 expected_context_id=expected_context_id,
2430 not_executed=not_executed,
2431 conc_mpx=conc_mpx,
2432 forced_call_id=forced_call_id,
2433 forced_context_id=forced_context_id,
2434 forced_opnum=forced_opnum,
2435 forced_auth_context_id=forced_auth_context_id,
2436 forced_auth_type=forced_auth_type,
2437 forced_auth_level=forced_auth_level)
2438
2439 def test_ntlmssp_multi_auth_first1_firstSameNone(self):
2440 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
2441 expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
2442 auth_context_2nd = None
2443 expected_call_id = None
2444 expected_context_id = None
2445 not_executed = False
2446 conc_mpx = False
2447 forced_call_id = None
2448 forced_context_id = None
2449 forced_opnum = None
2450 forced_auth_context_id = None
2451 forced_auth_type = None
2452 forced_auth_level = None
2453 return self._test_generic_auth_first_first(auth_type,
2454 expected_fault,
2455 auth_context_2nd=auth_context_2nd,
2456 expected_call_id=expected_call_id,
2457 expected_context_id=expected_context_id,
2458 not_executed=not_executed,
2459 conc_mpx=conc_mpx,
2460 forced_call_id=forced_call_id,
2461 forced_context_id=forced_context_id,
2462 forced_opnum=forced_opnum,
2463 forced_auth_context_id=forced_auth_context_id,
2464 forced_auth_type=forced_auth_type,
2465 forced_auth_level=forced_auth_level)
2466
2467 def test_ntlmssp_multi_auth_MPX_first1_firstSameNone(self):
2468 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
2469 expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
2470 auth_context_2nd = None
2471 expected_call_id = None
2472 expected_context_id = None
2473 not_executed = False
2474 conc_mpx = True
2475 forced_call_id = None
2476 forced_context_id = None
2477 forced_opnum = None
2478 forced_auth_context_id = None
2479 forced_auth_type = None
2480 forced_auth_level = None
2481 return self._test_generic_auth_first_first(auth_type,
2482 expected_fault,
2483 auth_context_2nd=auth_context_2nd,
2484 expected_call_id=expected_call_id,
2485 expected_context_id=expected_context_id,
2486 not_executed=not_executed,
2487 conc_mpx=conc_mpx,
2488 forced_call_id=forced_call_id,
2489 forced_context_id=forced_context_id,
2490 forced_opnum=forced_opnum,
2491 forced_auth_context_id=forced_auth_context_id,
2492 forced_auth_type=forced_auth_type,
2493 forced_auth_level=forced_auth_level)
2494
2495 def test_ntlmssp_multi_auth_first1_firstNextNone(self):
2496 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
2497 expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
2498 auth_context_2nd = None
2499 expected_call_id = None
2500 expected_context_id = None
2501 not_executed = False
2502 conc_mpx = False
2503 forced_call_id = 4
2504 forced_context_id = None
2505 forced_opnum = None
2506 forced_auth_context_id = None
2507 forced_auth_type = None
2508 forced_auth_level = None
2509 return self._test_generic_auth_first_first(auth_type,
2510 expected_fault,
2511 auth_context_2nd=auth_context_2nd,
2512 expected_call_id=expected_call_id,
2513 expected_context_id=expected_context_id,
2514 not_executed=not_executed,
2515 conc_mpx=conc_mpx,
2516 forced_call_id=forced_call_id,
2517 forced_context_id=forced_context_id,
2518 forced_opnum=forced_opnum,
2519 forced_auth_context_id=forced_auth_context_id,
2520 forced_auth_type=forced_auth_type,
2521 forced_auth_level=forced_auth_level)
2522
2523 def test_ntlmssp_multi_auth_MPX_first1_firstNextNone(self):
2524 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
2525 expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
2526 auth_context_2nd = None
2527 expected_call_id = 4
2528 expected_context_id = 0
2529 not_executed = False
2530 conc_mpx = True
2531 forced_call_id = 4
2532 forced_context_id = None
2533 forced_opnum = None
2534 forced_auth_context_id = None
2535 forced_auth_type = None
2536 forced_auth_level = None
2537 return self._test_generic_auth_first_first(auth_type,
2538 expected_fault,
2539 auth_context_2nd=auth_context_2nd,
2540 expected_call_id=expected_call_id,
2541 expected_context_id=expected_context_id,
2542 not_executed=not_executed,
2543 conc_mpx=conc_mpx,
2544 forced_call_id=forced_call_id,
2545 forced_context_id=forced_context_id,
2546 forced_opnum=forced_opnum,
2547 forced_auth_context_id=forced_auth_context_id,
2548 forced_auth_type=forced_auth_type,
2549 forced_auth_level=forced_auth_level)
2550
2551 def test_ntlmssp_multi_auth_first1_firstSameNone111(self):
2552 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
2553 expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
2554 auth_context_2nd = None
2555 expected_call_id = None
2556 expected_context_id = None
2557 not_executed = False
2558 conc_mpx = False
2559 forced_call_id = None
2560 forced_context_id = 111
2561 forced_opnum = 111
2562 forced_auth_context_id = None
2563 forced_auth_type = None
2564 forced_auth_level = None
2565 return self._test_generic_auth_first_first(auth_type,
2566 expected_fault,
2567 auth_context_2nd=auth_context_2nd,
2568 expected_call_id=expected_call_id,
2569 expected_context_id=expected_context_id,
2570 not_executed=not_executed,
2571 conc_mpx=conc_mpx,
2572 forced_call_id=forced_call_id,
2573 forced_context_id=forced_context_id,
2574 forced_opnum=forced_opnum,
2575 forced_auth_context_id=forced_auth_context_id,
2576 forced_auth_type=forced_auth_type,
2577 forced_auth_level=forced_auth_level)
2578
2579 def test_ntlmssp_multi_auth_MPX_first1_firstSameNone111(self):
2580 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
2581 expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
2582 auth_context_2nd = None
2583 expected_call_id = None
2584 expected_context_id = None
2585 not_executed = False
2586 conc_mpx = True
2587 forced_call_id = None
2588 forced_context_id = 111
2589 forced_opnum = 111
2590 forced_auth_context_id = None
2591 forced_auth_type = None
2592 forced_auth_level = None
2593 return self._test_generic_auth_first_first(auth_type,
2594 expected_fault,
2595 auth_context_2nd=auth_context_2nd,
2596 expected_call_id=expected_call_id,
2597 expected_context_id=expected_context_id,
2598 not_executed=not_executed,
2599 conc_mpx=conc_mpx,
2600 forced_call_id=forced_call_id,
2601 forced_context_id=forced_context_id,
2602 forced_opnum=forced_opnum,
2603 forced_auth_context_id=forced_auth_context_id,
2604 forced_auth_type=forced_auth_type,
2605 forced_auth_level=forced_auth_level)
2606
2607 def test_ntlmssp_multi_auth_first1_firstNextNone111(self):
2608 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
2609 expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
2610 auth_context_2nd = None
2611 expected_call_id = None
2612 expected_context_id = None
2613 not_executed = False
2614 conc_mpx = False
2615 forced_call_id = 4
2616 forced_context_id = 111
2617 forced_opnum = 111
2618 forced_auth_context_id = None
2619 forced_auth_type = None
2620 forced_auth_level = None
2621 return self._test_generic_auth_first_first(auth_type,
2622 expected_fault,
2623 auth_context_2nd=auth_context_2nd,
2624 expected_call_id=expected_call_id,
2625 expected_context_id=expected_context_id,
2626 not_executed=not_executed,
2627 conc_mpx=conc_mpx,
2628 forced_call_id=forced_call_id,
2629 forced_context_id=forced_context_id,
2630 forced_opnum=forced_opnum,
2631 forced_auth_context_id=forced_auth_context_id,
2632 forced_auth_type=forced_auth_type,
2633 forced_auth_level=forced_auth_level)
2634
2635 def test_ntlmssp_multi_auth_MPX_first1_firstNextNone111(self):
2636 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
2637 expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
2638 auth_context_2nd = None
2639 expected_call_id = 4
2640 expected_context_id = 0
2641 not_executed = False
2642 conc_mpx = True
2643 forced_call_id = 4
2644 forced_context_id = 111
2645 forced_opnum = 111
2646 forced_auth_context_id = None
2647 forced_auth_type = None
2648 forced_auth_level = None
2649 return self._test_generic_auth_first_first(auth_type,
2650 expected_fault,
2651 auth_context_2nd=auth_context_2nd,
2652 expected_call_id=expected_call_id,
2653 expected_context_id=expected_context_id,
2654 not_executed=not_executed,
2655 conc_mpx=conc_mpx,
2656 forced_call_id=forced_call_id,
2657 forced_context_id=forced_context_id,
2658 forced_opnum=forced_opnum,
2659 forced_auth_context_id=forced_auth_context_id,
2660 forced_auth_type=forced_auth_type,
2661 forced_auth_level=forced_auth_level)
2662
2663 def _test_generic_auth_middle(self,
2664 auth_type,
2665 expected_fault,
2666 expected_context_id=None,
2667 not_executed=False,
2668 conc_mpx=False,
2669 forced_context_id=None,
2670 forced_opnum=None,
2671 forced_auth_context_id=None,
2672 forced_auth_type=None,
2673 forced_auth_level=None):
2674 auth_context_2nd = 1
2675 skip_first = True
2676 pfc_flags_2nd = 0
2677 expected_call_id = None
2678 forced_call_id = None
2679 return self._test_generic_auth_first_2nd(auth_type,
2680 pfc_flags_2nd,
2681 expected_fault,
2682 auth_context_2nd=auth_context_2nd,
2683 skip_first=skip_first,
2684 expected_call_id=expected_call_id,
2685 expected_context_id=expected_context_id,
2686 not_executed=not_executed,
2687 conc_mpx=conc_mpx,
2688 forced_call_id=forced_call_id,
2689 forced_context_id=forced_context_id,
2690 forced_opnum=forced_opnum,
2691 forced_auth_context_id=forced_auth_context_id,
2692 forced_auth_type=forced_auth_type,
2693 forced_auth_level=forced_auth_level)
2694
2695 def test_ntlmssp_auth_middle_alone(self):
2696 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
2697 expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
2698 expected_context_id = 0
2699 not_executed = False
2700 conc_mpx = False
2701 forced_context_id = None
2702 forced_opnum = None
2703 forced_auth_context_id = None
2704 forced_auth_type = None
2705 forced_auth_level = None
2706 return self._test_generic_auth_middle(auth_type,
2707 expected_fault,
2708 expected_context_id=expected_context_id,
2709 not_executed=not_executed,
2710 conc_mpx=conc_mpx,
2711 forced_context_id=forced_context_id,
2712 forced_opnum=forced_opnum,
2713 forced_auth_context_id=forced_auth_context_id,
2714 forced_auth_type=forced_auth_type,
2715 forced_auth_level=forced_auth_level)
2716
2717 def test_ntlmssp_auth_MPX_middle_alone(self):
2718 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
2719 expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
2720 expected_context_id = None
2721 not_executed = False
2722 conc_mpx = True
2723 forced_context_id = None
2724 forced_opnum = None
2725 forced_auth_context_id = None
2726 forced_auth_type = None
2727 forced_auth_level = None
2728 return self._test_generic_auth_middle(auth_type,
2729 expected_fault,
2730 expected_context_id=expected_context_id,
2731 not_executed=not_executed,
2732 conc_mpx=conc_mpx,
2733 forced_context_id=forced_context_id,
2734 forced_opnum=forced_opnum,
2735 forced_auth_context_id=forced_auth_context_id,
2736 forced_auth_type=forced_auth_type,
2737 forced_auth_level=forced_auth_level)
2738
2739 def test_ntlmssp_auth_middle_all_111(self):
2740 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
2741 expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
2742 expected_context_id = 0
2743 not_executed = False
2744 conc_mpx = False
2745 forced_context_id = 111
2746 forced_opnum = 111
2747 forced_auth_context_id = 111
2748 forced_auth_type = 111
2749 forced_auth_level = 111
2750 return self._test_generic_auth_middle(auth_type,
2751 expected_fault,
2752 expected_context_id=expected_context_id,
2753 not_executed=not_executed,
2754 conc_mpx=conc_mpx,
2755 forced_context_id=forced_context_id,
2756 forced_opnum=forced_opnum,
2757 forced_auth_context_id=forced_auth_context_id,
2758 forced_auth_type=forced_auth_type,
2759 forced_auth_level=forced_auth_level)
2760
2761 def test_ntlmssp_auth_MPX_middle_all_111(self):
2762 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
2763 expected_fault = dcerpc.DCERPC_NCA_S_UNKNOWN_IF
2764 expected_context_id = 0
2765 not_executed = True
2766 conc_mpx = True
2767 forced_context_id = 111
2768 forced_opnum = 111
2769 forced_auth_context_id = 111
2770 forced_auth_type = 111
2771 forced_auth_level = 111
2772 return self._test_generic_auth_middle(auth_type,
2773 expected_fault,
2774 expected_context_id=expected_context_id,
2775 not_executed=not_executed,
2776 conc_mpx=conc_mpx,
2777 forced_context_id=forced_context_id,
2778 forced_opnum=forced_opnum,
2779 forced_auth_context_id=forced_auth_context_id,
2780 forced_auth_type=forced_auth_type,
2781 forced_auth_level=forced_auth_level)
2782
2783 def test_ntlmssp_auth_middle_auth_all_111(self):
2784 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
2785 expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
2786 expected_context_id = 0
2787 not_executed = False
2788 conc_mpx = False
2789 forced_context_id = None
2790 forced_opnum = 111
2791 forced_auth_context_id = 111
2792 forced_auth_type = 111
2793 forced_auth_level = 111
2794 return self._test_generic_auth_middle(auth_type,
2795 expected_fault,
2796 expected_context_id=expected_context_id,
2797 not_executed=not_executed,
2798 conc_mpx=conc_mpx,
2799 forced_context_id=forced_context_id,
2800 forced_opnum=forced_opnum,
2801 forced_auth_context_id=forced_auth_context_id,
2802 forced_auth_type=forced_auth_type,
2803 forced_auth_level=forced_auth_level)
2804
2805 def test_ntlmssp_auth_MPX_middle_auth_all_111(self):
2806 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
2807 expected_fault = dcerpc.DCERPC_FAULT_ACCESS_DENIED
2808 expected_context_id = None
2809 not_executed = False
2810 conc_mpx = True
2811 forced_context_id = None
2812 forced_opnum = 111
2813 forced_auth_context_id = 111
2814 forced_auth_type = 111
2815 forced_auth_level = 111
2816 return self._test_generic_auth_middle(auth_type,
2817 expected_fault,
2818 expected_context_id=expected_context_id,
2819 not_executed=not_executed,
2820 conc_mpx=conc_mpx,
2821 forced_context_id=forced_context_id,
2822 forced_opnum=forced_opnum,
2823 forced_auth_context_id=forced_auth_context_id,
2824 forced_auth_type=forced_auth_type,
2825 forced_auth_level=forced_auth_level)
2826
2827 def test_ntlmssp_auth_middle_auth_context_111(self):
2828 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
2829 expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
2830 expected_context_id = 0
2831 not_executed = False
2832 conc_mpx = False
2833 forced_context_id = None
2834 forced_opnum = None
2835 forced_auth_context_id = 111
2836 forced_auth_type = None
2837 forced_auth_level = None
2838 return self._test_generic_auth_middle(auth_type,
2839 expected_fault,
2840 expected_context_id=expected_context_id,
2841 not_executed=not_executed,
2842 conc_mpx=conc_mpx,
2843 forced_context_id=forced_context_id,
2844 forced_opnum=forced_opnum,
2845 forced_auth_context_id=forced_auth_context_id,
2846 forced_auth_type=forced_auth_type,
2847 forced_auth_level=forced_auth_level)
2848
2849 def test_ntlmssp_auth_MPX_middle_auth_context_111(self):
2850 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
2851 expected_fault = dcerpc.DCERPC_FAULT_ACCESS_DENIED
2852 expected_context_id = None
2853 not_executed = False
2854 conc_mpx = True
2855 forced_context_id = None
2856 forced_opnum = None
2857 forced_auth_context_id = 111
2858 forced_auth_type = None
2859 forced_auth_level = None
2860 return self._test_generic_auth_middle(auth_type,
2861 expected_fault,
2862 expected_context_id=expected_context_id,
2863 not_executed=not_executed,
2864 conc_mpx=conc_mpx,
2865 forced_context_id=forced_context_id,
2866 forced_opnum=forced_opnum,
2867 forced_auth_context_id=forced_auth_context_id,
2868 forced_auth_type=forced_auth_type,
2869 forced_auth_level=forced_auth_level)
2870
2871 def test_ntlmssp_auth_middle_auth_type_111(self):
2872 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
2873 expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
2874 expected_context_id = 0
2875 not_executed = False
2876 conc_mpx = False
2877 forced_context_id = None
2878 forced_opnum = None
2879 forced_auth_context_id = None
2880 forced_auth_type = 111
2881 forced_auth_level = None
2882 return self._test_generic_auth_middle(auth_type,
2883 expected_fault,
2884 expected_context_id=expected_context_id,
2885 not_executed=not_executed,
2886 conc_mpx=conc_mpx,
2887 forced_context_id=forced_context_id,
2888 forced_opnum=forced_opnum,
2889 forced_auth_context_id=forced_auth_context_id,
2890 forced_auth_type=forced_auth_type,
2891 forced_auth_level=forced_auth_level)
2892
2893 def test_ntlmssp_auth_MPX_middle_auth_type_111(self):
2894 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
2895 expected_fault = dcerpc.DCERPC_FAULT_ACCESS_DENIED
2896 expected_context_id = None
2897 not_executed = False
2898 conc_mpx = True
2899 forced_context_id = None
2900 forced_opnum = None
2901 forced_auth_context_id = None
2902 forced_auth_type = 111
2903 forced_auth_level = None
2904 return self._test_generic_auth_middle(auth_type,
2905 expected_fault,
2906 expected_context_id=expected_context_id,
2907 not_executed=not_executed,
2908 conc_mpx=conc_mpx,
2909 forced_context_id=forced_context_id,
2910 forced_opnum=forced_opnum,
2911 forced_auth_context_id=forced_auth_context_id,
2912 forced_auth_type=forced_auth_type,
2913 forced_auth_level=forced_auth_level)
2914
2915 def test_ntlmssp_auth_middle_auth_level_111(self):
2916 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
2917 expected_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
2918 expected_context_id = 0
2919 not_executed = False
2920 conc_mpx = False
2921 forced_context_id = None
2922 forced_opnum = None
2923 forced_auth_context_id = None
2924 forced_auth_type = None
2925 forced_auth_level = 111
2926 return self._test_generic_auth_middle(auth_type,
2927 expected_fault,
2928 expected_context_id=expected_context_id,
2929 not_executed=not_executed,
2930 conc_mpx=conc_mpx,
2931 forced_context_id=forced_context_id,
2932 forced_opnum=forced_opnum,
2933 forced_auth_context_id=forced_auth_context_id,
2934 forced_auth_type=forced_auth_type,
2935 forced_auth_level=forced_auth_level)
2936
2937 def test_ntlmssp_auth_MPX_middle_auth_level_111(self):
2938 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
2939 expected_fault = dcerpc.DCERPC_FAULT_ACCESS_DENIED
2940 expected_context_id = None
2941 not_executed = False
2942 conc_mpx = True
2943 forced_context_id = None
2944 forced_opnum = None
2945 forced_auth_context_id = None
2946 forced_auth_type = None
2947 forced_auth_level = 111
2948 return self._test_generic_auth_middle(auth_type,
2949 expected_fault,
2950 expected_context_id=expected_context_id,
2951 not_executed=not_executed,
2952 conc_mpx=conc_mpx,
2953 forced_context_id=forced_context_id,
2954 forced_opnum=forced_opnum,
2955 forced_auth_context_id=forced_auth_context_id,
2956 forced_auth_type=forced_auth_type,
2957 forced_auth_level=forced_auth_level)
2958
2959 def _test_neg_xmit_check_values(self,
2960 req_xmit=None,
2961 req_recv=None,
2962 rep_both=None,
2963 alter_xmit=None,
2964 alter_recv=None):
2965 ndr32 = base.transfer_syntax_ndr()
2966
2967 tsf1_list = [ndr32]
2968 ctx1 = dcerpc.ctx_list()
2969 ctx1.context_id = 1
2970 ctx1.num_transfer_syntaxes = len(tsf1_list)
2971 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
2972 ctx1.transfer_syntaxes = tsf1_list
2973
2974 req = self.generate_bind(call_id=0,
2975 max_xmit_frag=req_xmit,
2976 max_recv_frag=req_recv,
2977 ctx_list=[ctx1])
2978 self.send_pdu(req)
2979 rep = self.recv_pdu()
2980 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
2981 auth_length=0)
2982 self.assertEqual(rep.u.max_xmit_frag, rep_both)
2983 self.assertEqual(rep.u.max_recv_frag, rep_both)
2984 self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
2985 self.assertEqual(rep.u.secondary_address_size, 4)
2986 self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
2987 self.assertPadding(rep.u._pad1, 2)
2988 self.assertEqual(rep.u.num_results, 1)
2989 self.assertEqual(rep.u.ctx_list[0].result,
2990 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
2991 self.assertEqual(rep.u.ctx_list[0].reason,
2992 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
2993 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
2994 self.assertEqual(rep.u.auth_info, b'\0' * 0)
2995
2996 assoc_group_id = rep.u.assoc_group_id
2997 if alter_xmit is None:
2998 alter_xmit = rep_both - 8
2999 if alter_recv is None:
3000 alter_recv = rep_both - 8
3001
3002 # max_{xmit,recv}_frag and assoc_group_id are completely
3003 # ignored in alter_context requests
3004 req = self.generate_alter(call_id=1,
3005 max_xmit_frag=alter_xmit,
3006 max_recv_frag=alter_recv,
3007 assoc_group_id=0xffffffff - rep.u.assoc_group_id,
3008 ctx_list=[ctx1])
3009 self.send_pdu(req)
3010 rep = self.recv_pdu()
3011 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id,
3012 auth_length=0)
3013 self.assertEqual(rep.u.max_xmit_frag, rep_both)
3014 self.assertEqual(rep.u.max_recv_frag, rep_both)
3015 self.assertEqual(rep.u.assoc_group_id, rep.u.assoc_group_id)
3016 self.assertEqual(rep.u.secondary_address_size, 0)
3017 self.assertPadding(rep.u._pad1, 2)
3018 self.assertEqual(rep.u.num_results, 1)
3019 self.assertEqual(rep.u.ctx_list[0].result,
3020 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3021 self.assertEqual(rep.u.ctx_list[0].reason,
3022 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3023 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3024 self.assertEqual(rep.u.auth_info, b'\0' * 0)
3025
3026 chunk_size = rep_both - dcerpc.DCERPC_REQUEST_LENGTH
3027 req = self.generate_request(call_id=2,
3028 context_id=ctx1.context_id,
3029 opnum=0,
3030 alloc_hint=0xffffffff,
3031 stub=b"\00" * chunk_size)
3032 self.send_pdu(req, ndr_print=True, hexdump=True)
3033 rep = self.recv_pdu(ndr_print=True, hexdump=True)
3034 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3035 auth_length=0)
3036 self.assertNotEqual(rep.u.alloc_hint, 0)
3037 self.assertEqual(rep.u.context_id, req.u.context_id)
3038 self.assertEqual(rep.u.cancel_count, 0)
3039 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3040
3041 chunk_size = 5840 - dcerpc.DCERPC_REQUEST_LENGTH
3042 req = self.generate_request(call_id=2,
3043 context_id=ctx1.context_id,
3044 opnum=0,
3045 alloc_hint=0xffffffff,
3046 stub=b"\00" * chunk_size)
3047 self.send_pdu(req)
3048 rep = self.recv_pdu()
3049 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3050 auth_length=0)
3051 self.assertNotEqual(rep.u.alloc_hint, 0)
3052 self.assertEqual(rep.u.context_id, req.u.context_id)
3053 self.assertEqual(rep.u.cancel_count, 0)
3054 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3055
3056 chunk_size += 1
3057 req = self.generate_request(call_id=3,
3058 context_id=ctx1.context_id,
3059 opnum=0,
3060 alloc_hint=0xffffffff,
3061 stub=b"\00" * chunk_size)
3062 self.send_pdu(req)
3063 rep = self.recv_pdu()
3064 # We get a fault
3065 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3066 auth_length=0)
3067 self.assertNotEqual(rep.u.alloc_hint, 0)
3068 self.assertEqual(rep.u.context_id, 0)
3069 self.assertEqual(rep.u.cancel_count, 0)
3070 self.assertEqual(rep.u.flags, 0)
3071 self.assertEqual(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
3072 self.assertEqual(rep.u.reserved, 0)
3073 self.assertEqual(len(rep.u.error_and_verifier), 0)
3074
3075 # wait for a disconnect
3076 rep = self.recv_pdu()
3077 self.assertIsNone(rep)
3078 self.assertNotConnected()
3079
3080 def test_neg_xmit_ffff_ffff(self):
3081 return self._test_neg_xmit_check_values(req_xmit=0xffff,
3082 req_recv=0xffff,
3083 rep_both=5840)
3084
3085 def test_neg_xmit_0_ffff(self):
3086 return self._test_neg_xmit_check_values(req_xmit=0,
3087 req_recv=0xffff,
3088 rep_both=2048,
3089 alter_xmit=0xffff,
3090 alter_recv=0xffff)
3091
3092 def test_neg_xmit_ffff_0(self):
3093 return self._test_neg_xmit_check_values(req_xmit=0xffff,
3094 req_recv=0,
3095 rep_both=2048)
3096
3097 def test_neg_xmit_0_0(self):
3098 return self._test_neg_xmit_check_values(req_xmit=0,
3099 req_recv=0,
3100 rep_both=2048,
3101 alter_xmit=0xffff,
3102 alter_recv=0xffff)
3103
3104 def test_neg_xmit_3199_0(self):
3105 return self._test_neg_xmit_check_values(req_xmit=3199,
3106 req_recv=0,
3107 rep_both=2048)
3108
3109 def test_neg_xmit_0_3199(self):
3110 return self._test_neg_xmit_check_values(req_xmit=0,
3111 req_recv=3199,
3112 rep_both=2048)
3113
3114 def test_neg_xmit_3199_ffff(self):
3115 return self._test_neg_xmit_check_values(req_xmit=3199,
3116 req_recv=0xffff,
3117 rep_both=3192)
3118
3119 def test_neg_xmit_ffff_3199(self):
3120 return self._test_neg_xmit_check_values(req_xmit=0xffff,
3121 req_recv=3199,
3122 rep_both=3192)
3123
3124 def test_alloc_hint(self):
3125 ndr32 = base.transfer_syntax_ndr()
3126
3127 tsf1_list = [ndr32]
3128 ctx = dcerpc.ctx_list()
3129 ctx.context_id = 0
3130 ctx.num_transfer_syntaxes = len(tsf1_list)
3131 ctx.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3132 ctx.transfer_syntaxes = tsf1_list
3133
3134 req = self.generate_bind(call_id=0,
3135 ctx_list=[ctx])
3136 self.send_pdu(req)
3137 rep = self.recv_pdu()
3138 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id,
3139 auth_length=0)
3140 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3141 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
3142 self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
3143 self.assertEqual(rep.u.secondary_address_size, 4)
3144 self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
3145 self.assertPadding(rep.u._pad1, 2)
3146 self.assertEqual(rep.u.num_results, 1)
3147 self.assertEqual(rep.u.ctx_list[0].result,
3148 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3149 self.assertEqual(rep.u.ctx_list[0].reason,
3150 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3151 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3152 self.assertEqual(rep.u.auth_info, b'\0' * 0)
3153
3154 # And now try a request without auth_info
3155 req = self.generate_request(call_id=2,
3156 context_id=ctx.context_id,
3157 opnum=0,
3158 alloc_hint=0xffffffff,
3159 stub=b"")
3160 self.send_pdu(req)
3161 rep = self.recv_pdu()
3162 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3163 auth_length=0)
3164 self.assertNotEqual(rep.u.alloc_hint, 0)
3165 self.assertEqual(rep.u.context_id, req.u.context_id)
3166 self.assertEqual(rep.u.cancel_count, 0)
3167 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3168
3169 req = self.generate_request(call_id=3,
3170 context_id=ctx.context_id,
3171 opnum=1,
3172 alloc_hint=0xffffffff,
3173 stub=b"\04\00\00\00\00\00\00\00")
3174 self.send_pdu(req)
3175 rep = self.recv_pdu()
3176 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3177 auth_length=0)
3178 self.assertNotEqual(rep.u.alloc_hint, 0)
3179 self.assertEqual(rep.u.context_id, req.u.context_id)
3180 self.assertEqual(rep.u.cancel_count, 0)
3181 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3182
3183 req = self.generate_request(call_id=4,
3184 context_id=ctx.context_id,
3185 opnum=1,
3186 alloc_hint=1,
3187 stub=b"\04\00\00\00\00\00\00\00")
3188 self.send_pdu(req)
3189 rep = self.recv_pdu()
3190 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3191 auth_length=0)
3192 self.assertNotEqual(rep.u.alloc_hint, 0)
3193 self.assertEqual(rep.u.context_id, req.u.context_id)
3194 self.assertEqual(rep.u.cancel_count, 0)
3195 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3196
3197 def _get_netlogon_ctx(self):
3198 abstract = samba.dcerpc.netlogon.abstract_syntax()
3199 ndr32 = base.transfer_syntax_ndr()
3200
3201 (ctx, ack) = self.prepare_presentation(abstract, ndr32, context_id=0,
3202 epmap=True, return_ack=True)
3203
3204 server = '\\\\' + self.target_hostname
3205 if isinstance(server, bytes):
3206 server_utf16 = server.decode('utf-8').encode('utf-16-le')
3207 else:
3208 server_utf16 = server.encode('utf-16-le')
3209 computer = 'UNKNOWNCOMPUTER'
3210 if isinstance(server, bytes):
3211 computer_utf16 = computer.decode('utf-8').encode('utf-16-le')
3212 else:
3213 computer_utf16 = computer.encode('utf-16-le')
3214
3215 real_stub = struct.pack('<IIII', 0x00200000,
3216 len(server) + 1, 0, len(server) + 1)
3217 real_stub += server_utf16 + b'\x00\x00'
3218 mod_len = len(real_stub) % 4
3219 if mod_len != 0:
3220 real_stub += b'\x00' * (4 - mod_len)
3221 real_stub += struct.pack('<III',
3222 len(computer) + 1, 0, len(computer) + 1)
3223 real_stub += computer_utf16 + b'\x00\x00'
3224 real_stub += b'\x11\x22\x33\x44\x55\x66\x77\x88'
3225
3226 return (ctx, ack, real_stub)
3227
3228 def _test_fragmented_requests(self, remaining=None, alloc_hint=None,
3229 fault_first=None, fault_last=None):
3230 (ctx, rep, real_stub) = self._get_netlogon_ctx()
3231
3232 chunk = rep.u.max_recv_frag - dcerpc.DCERPC_REQUEST_LENGTH
3233
3234 total = 0
3235 first = True
3236 while remaining > 0:
3237 thistime = min(remaining, chunk)
3238 remaining -= thistime
3239 total += thistime
3240
3241 pfc_flags = 0
3242 if first:
3243 pfc_flags |= dcerpc.DCERPC_PFC_FLAG_FIRST
3244 first = False
3245 stub = real_stub + b'\x00' * (thistime - len(real_stub))
3246 else:
3247 stub = b"\x00" * thistime
3248
3249 if remaining == 0:
3250 pfc_flags |= dcerpc.DCERPC_PFC_FLAG_LAST
3251
3252 # And now try a request without auth_info
3253 # netr_ServerReqChallenge()
3254 req = self.generate_request(call_id=0x21234,
3255 pfc_flags=pfc_flags,
3256 context_id=ctx.context_id,
3257 opnum=4,
3258 alloc_hint=alloc_hint,
3259 stub=stub)
3260 if alloc_hint >= thistime:
3261 alloc_hint -= thistime
3262 else:
3263 alloc_hint = 0
3264 self.send_pdu(req, hexdump=False)
3265 if fault_first is not None:
3266 rep = self.recv_pdu()
3267 # We get a fault back
3268 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3269 auth_length=0)
3270 self.assertNotEqual(rep.u.alloc_hint, 0)
3271 self.assertEqual(rep.u.context_id, req.u.context_id)
3272 self.assertEqual(rep.u.cancel_count, 0)
3273 self.assertEqual(rep.u.flags, 0)
3274 self.assertEqual(rep.u.status, fault_first)
3275 self.assertEqual(rep.u.reserved, 0)
3276 self.assertEqual(len(rep.u.error_and_verifier), 0)
3277
3278 # wait for a disconnect
3279 rep = self.recv_pdu()
3280 self.assertIsNone(rep)
3281 self.assertNotConnected()
3282 return
3283 if remaining == 0:
3284 break
3285 if total >= 0x400000 and fault_last is not None:
3286 rep = self.recv_pdu()
3287 # We get a fault back
3288 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3289 auth_length=0)
3290 self.assertNotEqual(rep.u.alloc_hint, 0)
3291 self.assertEqual(rep.u.context_id, req.u.context_id)
3292 self.assertEqual(rep.u.cancel_count, 0)
3293 self.assertEqual(rep.u.flags, 0)
3294 self.assertEqual(rep.u.status, fault_last)
3295 self.assertEqual(rep.u.reserved, 0)
3296 self.assertEqual(len(rep.u.error_and_verifier), 0)
3297
3298 # wait for a disconnect
3299 rep = self.recv_pdu()
3300 self.assertIsNone(rep)
3301 self.assertNotConnected()
3302 return
3303 rep = self.recv_pdu(timeout=0.01)
3304 self.assertIsNone(rep)
3305 self.assertIsConnected()
3306
3307 if total >= 0x400000 and fault_last is not None:
3308 rep = self.recv_pdu()
3309 # We get a fault back
3310 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3311 auth_length=0)
3312 self.assertNotEqual(rep.u.alloc_hint, 0)
3313 self.assertEqual(rep.u.context_id, req.u.context_id)
3314 self.assertEqual(rep.u.cancel_count, 0)
3315 self.assertEqual(rep.u.flags, 0)
3316 self.assertEqual(rep.u.status, fault_last)
3317 self.assertEqual(rep.u.reserved, 0)
3318 self.assertEqual(len(rep.u.error_and_verifier), 0)
3319
3320 # wait for a disconnect
3321 rep = self.recv_pdu()
3322 self.assertIsNone(rep)
3323 self.assertNotConnected()
3324 return
3325 rep = self.recv_pdu()
3326 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3327 auth_length=0)
3328 self.assertNotEqual(rep.u.alloc_hint, 0)
3329 self.assertEqual(rep.u.context_id, req.u.context_id)
3330 self.assertEqual(rep.u.cancel_count, 0)
3331 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3332
3333 self.assertEqual(len(rep.u.stub_and_verifier), 12)
3334 status = struct.unpack_from("<I", rep.u.stub_and_verifier, len(rep.u.stub_and_verifier) - 4)
3335 self.assertEqual(status[0], 0)
3336
3337 def test_fragmented_requests01(self):
3338 return self._test_fragmented_requests(remaining=0x400000,
3339 alloc_hint=0x400000)
3340
3341 def test_fragmented_requests02(self):
3342 return self._test_fragmented_requests(remaining=0x400000,
3343 alloc_hint=0x100000)
3344
3345 def test_fragmented_requests03(self):
3346 return self._test_fragmented_requests(remaining=0x400000,
3347 alloc_hint=0)
3348
3349 def test_fragmented_requests04(self):
3350 return self._test_fragmented_requests(remaining=0x400000,
3351 alloc_hint=0x400001,
3352 fault_first=dcerpc.DCERPC_FAULT_ACCESS_DENIED)
3353
3354 def test_fragmented_requests05(self):
3355 return self._test_fragmented_requests(remaining=0x500001,
3356 alloc_hint=0,
3357 fault_last=dcerpc.DCERPC_FAULT_ACCESS_DENIED)
3358
3359 def _test_same_requests(self, pfc_flags, fault_1st=False, fault_2nd=False):
3360 (ctx, rep, real_stub) = self._get_netlogon_ctx()
3361
3362 # netr_ServerReqChallenge with given flags
3363 req = self.generate_request(call_id=2,
3364 pfc_flags=pfc_flags,
3365 context_id=ctx.context_id,
3366 opnum=4,
3367 stub=real_stub)
3368 self.send_pdu(req)
3369 if fault_1st:
3370 rep = self.recv_pdu()
3371 # We get a fault back
3372 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3373 auth_length=0)
3374 self.assertNotEqual(rep.u.alloc_hint, 0)
3375 self.assertEqual(rep.u.context_id, 0)
3376 self.assertEqual(rep.u.cancel_count, 0)
3377 self.assertEqual(rep.u.flags, 0)
3378 self.assertEqual(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
3379 self.assertEqual(rep.u.reserved, 0)
3380 self.assertEqual(len(rep.u.error_and_verifier), 0)
3381
3382 # wait for a disconnect
3383 rep = self.recv_pdu()
3384 self.assertIsNone(rep)
3385 self.assertNotConnected()
3386 return
3387 rep = self.recv_pdu(timeout=0.1)
3388 self.assertIsNone(rep)
3389 self.assertIsConnected()
3390
3391 # netr_ServerReqChallenge without DCERPC_PFC_FLAG_LAST
3392 # with the same call_id
3393 req = self.generate_request(call_id=2,
3394 pfc_flags=pfc_flags,
3395 context_id=ctx.context_id,
3396 opnum=4,
3397 stub=real_stub)
3398 self.send_pdu(req)
3399 if fault_2nd:
3400 rep = self.recv_pdu()
3401 # We get a fault back
3402 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3403 auth_length=0)
3404 self.assertNotEqual(rep.u.alloc_hint, 0)
3405 self.assertEqual(rep.u.context_id, req.u.context_id)
3406 self.assertEqual(rep.u.cancel_count, 0)
3407 self.assertEqual(rep.u.flags, 0)
3408 self.assertEqual(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
3409 self.assertEqual(rep.u.reserved, 0)
3410 self.assertEqual(len(rep.u.error_and_verifier), 0)
3411
3412 # wait for a disconnect
3413 rep = self.recv_pdu()
3414 self.assertIsNone(rep)
3415 self.assertNotConnected()
3416 return
3417
3418 rep = self.recv_pdu(timeout=0.1)
3419 self.assertIsNone(rep)
3420 self.assertIsConnected()
3421
3422 def test_first_only_requests(self):
3423 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
3424 fault_2nd=True)
3425
3426 def test_none_only_requests(self):
3427 return self._test_same_requests(pfc_flags=0, fault_1st=True)
3428
3429 def test_last_only_requests(self):
3430 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
3431 fault_1st=True)
3432
3433 def test_first_maybe_requests(self):
3434 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
3435 dcerpc.DCERPC_PFC_FLAG_MAYBE,
3436 fault_2nd=True)
3437
3438 def test_first_didnot_requests(self):
3439 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
3440 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3441 fault_2nd=True)
3442
3443 def test_first_cmpx_requests(self):
3444 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
3445 dcerpc.DCERPC_PFC_FLAG_CONC_MPX,
3446 fault_2nd=True)
3447
3448 def test_first_08_requests(self):
3449 return self._test_same_requests(pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
3450 0x08,
3451 fault_2nd=True)
3452
3453 def test_first_cancel_requests(self):
3454 (ctx, rep, real_stub) = self._get_netlogon_ctx()
3455
3456 # netr_ServerReqChallenge with given flags
3457 req = self.generate_request(call_id=2,
3458 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
3459 dcerpc.DCERPC_PFC_FLAG_PENDING_CANCEL,
3460 context_id=ctx.context_id,
3461 opnum=4,
3462 stub=real_stub)
3463 self.send_pdu(req)
3464 rep = self.recv_pdu()
3465 # We get a fault back
3466 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
3467 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
3468 dcerpc.DCERPC_PFC_FLAG_LAST |
3469 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
3470 auth_length=0)
3471 self.assertNotEqual(rep.u.alloc_hint, 0)
3472 self.assertEqual(rep.u.context_id, 0)
3473 self.assertEqual(rep.u.cancel_count, 0)
3474 self.assertEqual(rep.u.flags, 0)
3475 self.assertEqual(rep.u.status, dcerpc.DCERPC_FAULT_NO_CALL_ACTIVE)
3476 self.assertEqual(rep.u.reserved, 0)
3477 self.assertEqual(len(rep.u.error_and_verifier), 0)
3478
3479 # wait for a disconnect
3480 rep = self.recv_pdu()
3481 self.assertIsNone(rep)
3482 self.assertNotConnected()
3483
3484 def test_2nd_cancel_requests(self):
3485 (ctx, rep, real_stub) = self._get_netlogon_ctx()
3486
3487 # netr_ServerReqChallenge with given flags
3488 req = self.generate_request(call_id=2,
3489 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
3490 context_id=ctx.context_id,
3491 opnum=4,
3492 stub=real_stub)
3493 self.send_pdu(req)
3494 rep = self.recv_pdu(timeout=0.1)
3495 self.assertIsNone(rep)
3496 self.assertIsConnected()
3497
3498 # netr_ServerReqChallenge with given flags
3499 req = self.generate_request(call_id=2,
3500 pfc_flags=dcerpc.DCERPC_PFC_FLAG_PENDING_CANCEL,
3501 context_id=ctx.context_id,
3502 opnum=4,
3503 stub=real_stub)
3504 self.send_pdu(req)
3505 rep = self.recv_pdu(timeout=0.1)
3506 self.assertIsNone(rep)
3507 self.assertIsConnected()
3508
3509 # netr_ServerReqChallenge with given flags
3510 req = self.generate_request(call_id=2,
3511 pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
3512 context_id=ctx.context_id,
3513 opnum=4,
3514 stub=real_stub)
3515 self.send_pdu(req)
3516 rep = self.recv_pdu()
3517 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3518 auth_length=0)
3519 self.assertNotEqual(rep.u.alloc_hint, 0)
3520 self.assertEqual(rep.u.context_id, req.u.context_id)
3521 self.assertEqual(rep.u.cancel_count, 0)
3522 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3523
3524 self.assertEqual(len(rep.u.stub_and_verifier), 12)
3525 status = struct.unpack_from("<I", rep.u.stub_and_verifier, len(rep.u.stub_and_verifier) - 4)
3526 self.assertEqual(status[0], 0)
3527
3528 def test_last_cancel_requests(self):
3529 (ctx, rep, real_stub) = self._get_netlogon_ctx()
3530
3531 # netr_ServerReqChallenge with given flags
3532 req = self.generate_request(call_id=2,
3533 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
3534 context_id=ctx.context_id,
3535 opnum=4,
3536 stub=real_stub[:4])
3537 self.send_pdu(req)
3538 rep = self.recv_pdu(timeout=0.1)
3539 self.assertIsNone(rep)
3540 self.assertIsConnected()
3541
3542 # netr_ServerReqChallenge with given flags
3543 req = self.generate_request(call_id=2,
3544 pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST |
3545 dcerpc.DCERPC_PFC_FLAG_PENDING_CANCEL,
3546 context_id=ctx.context_id,
3547 opnum=4,
3548 stub=real_stub[4:])
3549 self.send_pdu(req)
3550 rep = self.recv_pdu()
3551 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3552 auth_length=0)
3553 self.assertNotEqual(rep.u.alloc_hint, 0)
3554 self.assertEqual(rep.u.context_id, req.u.context_id)
3555 self.assertEqual(rep.u.cancel_count, 0)
3556 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3557
3558 self.assertEqual(len(rep.u.stub_and_verifier), 12)
3559 status = struct.unpack_from("<I", rep.u.stub_and_verifier, len(rep.u.stub_and_verifier) - 4)
3560 self.assertEqual(status[0], 0)
3561
3562 def test_mix_requests(self):
3563 (ctx, rep, real_stub) = self._get_netlogon_ctx()
3564
3565 # netr_ServerReqChallenge with given flags
3566 req = self.generate_request(call_id=50,
3567 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
3568 context_id=ctx.context_id,
3569 opnum=4,
3570 stub=real_stub)
3571 self.send_pdu(req)
3572 rep = self.recv_pdu(timeout=0.1)
3573 self.assertIsNone(rep)
3574 self.assertIsConnected()
3575
3576 # netr_ServerReqChallenge with given flags
3577 req = self.generate_request(call_id=51,
3578 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
3579 context_id=ctx.context_id,
3580 opnum=4,
3581 stub=real_stub)
3582 self.send_pdu(req)
3583 rep = self.recv_pdu()
3584 # We get a fault back
3585 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, 50,
3586 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
3587 dcerpc.DCERPC_PFC_FLAG_LAST,
3588 auth_length=0)
3589 self.assertNotEqual(rep.u.alloc_hint, 0)
3590 self.assertEqual(rep.u.context_id, req.u.context_id)
3591 self.assertEqual(rep.u.cancel_count, 0)
3592 self.assertEqual(rep.u.flags, 0)
3593 self.assertEqual(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
3594 self.assertEqual(rep.u.reserved, 0)
3595 self.assertEqual(len(rep.u.error_and_verifier), 0)
3596
3597 def test_co_cancel_no_request(self):
3598 ndr32 = base.transfer_syntax_ndr()
3599 abstract = samba.dcerpc.mgmt.abstract_syntax()
3600 ctx = self.prepare_presentation(abstract, ndr32, context_id=0xff)
3601
3602 req = self.generate_co_cancel(call_id=3)
3603 self.send_pdu(req)
3604 rep = self.recv_pdu(timeout=0.01)
3605 self.assertIsNone(rep)
3606 self.assertIsConnected()
3607
3608 # And now try a request
3609 req = self.generate_request(call_id=1,
3610 context_id=ctx.context_id,
3611 opnum=0,
3612 stub=b"")
3613 self.send_pdu(req)
3614 rep = self.recv_pdu()
3615 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3616 auth_length=0)
3617 self.assertNotEqual(rep.u.alloc_hint, 0)
3618 self.assertEqual(rep.u.context_id, req.u.context_id)
3619 self.assertEqual(rep.u.cancel_count, 0)
3620 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3621
3622 def test_co_cancel_request_after_first(self):
3623 ndr32 = base.transfer_syntax_ndr()
3624 abstract = samba.dcerpc.mgmt.abstract_syntax()
3625 ctx = self.prepare_presentation(abstract, ndr32, context_id=0xff)
3626
3627 req = self.generate_request(call_id=1,
3628 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
3629 context_id=ctx.context_id,
3630 opnum=0,
3631 stub=b"")
3632 self.send_pdu(req)
3633 rep = self.recv_pdu(timeout=0.01)
3634 self.assertIsNone(rep)
3635 self.assertIsConnected()
3636
3637 req = self.generate_co_cancel(call_id=1)
3638 self.send_pdu(req)
3639 rep = self.recv_pdu(timeout=0.01)
3640 self.assertIsNone(rep)
3641 self.assertIsConnected()
3642
3643 req = self.generate_request(call_id=1,
3644 pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
3645 context_id=ctx.context_id,
3646 opnum=0,
3647 stub=b"")
3648 self.send_pdu(req)
3649 rep = self.recv_pdu()
3650 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3651 auth_length=0)
3652 self.assertNotEqual(rep.u.alloc_hint, 0)
3653 self.assertEqual(rep.u.context_id, req.u.context_id)
3654 self.assertEqual(rep.u.cancel_count, 0)
3655 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3656
3657 # And now try a request
3658 req = self.generate_request(call_id=2,
3659 context_id=ctx.context_id,
3660 opnum=0,
3661 stub=b"")
3662 self.send_pdu(req)
3663 rep = self.recv_pdu()
3664 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3665 auth_length=0)
3666 self.assertNotEqual(rep.u.alloc_hint, 0)
3667 self.assertEqual(rep.u.context_id, req.u.context_id)
3668 self.assertEqual(rep.u.cancel_count, 0)
3669 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3670
3671 def test_orphaned_no_request(self):
3672 ndr32 = base.transfer_syntax_ndr()
3673 abstract = samba.dcerpc.mgmt.abstract_syntax()
3674 ctx = self.prepare_presentation(abstract, ndr32)
3675
3676 req = self.generate_orphaned(call_id=3)
3677 self.send_pdu(req)
3678 rep = self.recv_pdu(timeout=0.01)
3679 self.assertIsNone(rep)
3680 self.assertIsConnected()
3681
3682 # And now try a request
3683 req = self.generate_request(call_id=1,
3684 context_id=ctx.context_id,
3685 opnum=0,
3686 stub=b"")
3687 self.send_pdu(req)
3688 rep = self.recv_pdu()
3689 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3690 auth_length=0)
3691 self.assertNotEqual(rep.u.alloc_hint, 0)
3692 self.assertEqual(rep.u.context_id, req.u.context_id & 0xff)
3693 self.assertEqual(rep.u.cancel_count, 0)
3694 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3695
3696 def test_orphaned_request_after_first_last(self):
3697 ndr32 = base.transfer_syntax_ndr()
3698 abstract = samba.dcerpc.mgmt.abstract_syntax()
3699 ctx = self.prepare_presentation(abstract, ndr32)
3700
3701 req = self.generate_request(call_id=1,
3702 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
3703 context_id=ctx.context_id,
3704 opnum=0,
3705 stub=b"")
3706 self.send_pdu(req)
3707 rep = self.recv_pdu(timeout=0.1)
3708 self.assertIsNone(rep)
3709 self.assertIsConnected()
3710
3711 req = self.generate_orphaned(call_id=1)
3712 self.send_pdu(req)
3713 rep = self.recv_pdu(timeout=0.1)
3714 self.assertIsNone(rep)
3715 self.assertIsConnected()
3716
3717 req = self.generate_request(call_id=1,
3718 pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
3719 context_id=ctx.context_id,
3720 opnum=0,
3721 stub=b"")
3722 self.send_pdu(req)
3723 rep = self.recv_pdu()
3724 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3725 auth_length=0)
3726 self.assertNotEqual(rep.u.alloc_hint, 0)
3727 self.assertEqual(rep.u.context_id, req.u.context_id & 0xff)
3728 self.assertEqual(rep.u.cancel_count, 0)
3729 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3730
3731 # And now try a request
3732 req = self.generate_request(call_id=2,
3733 context_id=ctx.context_id,
3734 opnum=0,
3735 stub=b"")
3736 self.send_pdu(req)
3737 rep = self.recv_pdu()
3738 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3739 auth_length=0)
3740 self.assertNotEqual(rep.u.alloc_hint, 0)
3741 self.assertEqual(rep.u.context_id, req.u.context_id & 0xff)
3742 self.assertEqual(rep.u.cancel_count, 0)
3743 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3744
3745 def test_orphaned_request_after_first_mpx_last(self):
3746 ndr32 = base.transfer_syntax_ndr()
3747 abstract = samba.dcerpc.mgmt.abstract_syntax()
3748
3749 pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST
3750 pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST
3751 pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_CONC_MPX
3752 ctx = self.prepare_presentation(abstract, ndr32, pfc_flags=pfc_flags)
3753
3754 req = self.generate_request(call_id=1,
3755 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
3756 context_id=ctx.context_id,
3757 opnum=0,
3758 stub=b"")
3759 self.send_pdu(req)
3760 rep = self.recv_pdu(timeout=0.1)
3761 self.assertIsNone(rep)
3762 self.assertIsConnected()
3763
3764 req = self.generate_orphaned(call_id=1)
3765 self.send_pdu(req)
3766 rep = self.recv_pdu(timeout=0.1)
3767 self.assertIsNone(rep)
3768 self.assertIsConnected()
3769
3770 req = self.generate_request(call_id=1,
3771 pfc_flags=dcerpc.DCERPC_PFC_FLAG_LAST,
3772 context_id=ctx.context_id,
3773 opnum=0,
3774 stub=b"")
3775 self.send_pdu(req)
3776 rep = self.recv_pdu()
3777 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3778 auth_length=0)
3779 self.assertNotEqual(rep.u.alloc_hint, 0)
3780 self.assertEqual(rep.u.context_id, req.u.context_id & 0xff)
3781 self.assertEqual(rep.u.cancel_count, 0)
3782 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3783
3784 # And now try a request
3785 req = self.generate_request(call_id=2,
3786 context_id=ctx.context_id,
3787 opnum=0,
3788 stub=b"")
3789 self.send_pdu(req)
3790 rep = self.recv_pdu()
3791 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3792 auth_length=0)
3793 self.assertNotEqual(rep.u.alloc_hint, 0)
3794 self.assertEqual(rep.u.context_id, req.u.context_id & 0xff)
3795 self.assertEqual(rep.u.cancel_count, 0)
3796 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3797
3798 def test_orphaned_request_after_first_no_last(self):
3799 ndr32 = base.transfer_syntax_ndr()
3800 abstract = samba.dcerpc.mgmt.abstract_syntax()
3801 ctx = self.prepare_presentation(abstract, ndr32)
3802
3803 req1 = self.generate_request(call_id=1,
3804 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
3805 context_id=ctx.context_id,
3806 opnum=0,
3807 stub=b"")
3808 self.send_pdu(req1)
3809 rep = self.recv_pdu(timeout=0.1)
3810 self.assertIsNone(rep)
3811 self.assertIsConnected()
3812
3813 req = self.generate_orphaned(call_id=1)
3814 self.send_pdu(req)
3815 rep = self.recv_pdu(timeout=0.1)
3816 self.assertIsNone(rep)
3817 self.assertIsConnected()
3818
3819 # And now try a new request
3820 req2 = self.generate_request(call_id=2,
3821 context_id=ctx.context_id,
3822 opnum=0,
3823 stub=b"")
3824 self.send_pdu(req2)
3825 rep = self.recv_pdu()
3826 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req1.call_id,
3827 auth_length=0)
3828 self.assertNotEqual(rep.u.alloc_hint, 0)
3829 self.assertEqual(rep.u.context_id, req1.u.context_id)
3830 self.assertEqual(rep.u.cancel_count, 0)
3831 self.assertEqual(rep.u.flags, 0)
3832 self.assertEqual(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
3833 self.assertEqual(rep.u.reserved, 0)
3834 self.assertEqual(len(rep.u.error_and_verifier), 0)
3835
3836 # wait for a disconnect
3837 rep = self.recv_pdu()
3838 self.assertIsNone(rep)
3839 self.assertNotConnected()
3840
3841 def test_orphaned_request_after_first_mpx_no_last(self):
3842 ndr32 = base.transfer_syntax_ndr()
3843 abstract = samba.dcerpc.mgmt.abstract_syntax()
3844
3845 pfc_flags = samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST
3846 pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST
3847 pfc_flags |= samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_CONC_MPX
3848 ctx = self.prepare_presentation(abstract, ndr32,
3849 pfc_flags=pfc_flags)
3850
3851 req1 = self.generate_request(call_id=1,
3852 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST,
3853 context_id=ctx.context_id,
3854 opnum=0,
3855 stub=b"")
3856 self.send_pdu(req1)
3857 rep = self.recv_pdu(timeout=0.1)
3858 self.assertIsNone(rep)
3859 self.assertIsConnected()
3860
3861 req = self.generate_orphaned(call_id=1)
3862 self.send_pdu(req)
3863 rep = self.recv_pdu(timeout=0.1)
3864 self.assertIsNone(rep)
3865 self.assertIsConnected()
3866
3867 # And now try a new request
3868 req2 = self.generate_request(call_id=2,
3869 context_id=ctx.context_id - 1,
3870 opnum=0,
3871 stub=b"")
3872 self.send_pdu(req2)
3873 rep = self.recv_pdu()
3874 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req2.call_id,
3875 auth_length=0)
3876 self.assertNotEqual(rep.u.alloc_hint, 0)
3877 self.assertEqual(rep.u.context_id, 0)
3878 self.assertEqual(rep.u.cancel_count, 0)
3879 self.assertEqual(rep.u.flags, 0)
3880 self.assertEqual(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
3881 self.assertEqual(rep.u.reserved, 0)
3882 self.assertEqual(len(rep.u.error_and_verifier), 0)
3883
3884 # wait for a disconnect
3885 rep = self.recv_pdu()
3886 self.assertIsNone(rep)
3887 self.assertNotConnected()
3888
3889 def _test_spnego_connect_upgrade_request(self, upgrade_auth_level):
3890 ndr32 = base.transfer_syntax_ndr()
3891
3892 tsf1_list = [ndr32]
3893 ctx1 = dcerpc.ctx_list()
3894 ctx1.context_id = 1
3895 ctx1.num_transfer_syntaxes = len(tsf1_list)
3896 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
3897 ctx1.transfer_syntaxes = tsf1_list
3898 ctx_list = [ctx1]
3899
3900 c = self.get_anon_creds()
3901 g = gensec.Security.start_client(self.settings)
3902 g.set_credentials(c)
3903 g.want_feature(gensec.FEATURE_DCE_STYLE)
3904 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
3905 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
3906 auth_context_id = 2
3907 g.start_mech_by_authtype(auth_type, auth_level)
3908 from_server = b""
3909 (finished, to_server) = g.update(from_server)
3910 self.assertFalse(finished)
3911
3912 auth_info = self.generate_auth(auth_type=auth_type,
3913 auth_level=auth_level,
3914 auth_context_id=auth_context_id,
3915 auth_blob=to_server)
3916
3917 req = self.generate_bind(call_id=0,
3918 ctx_list=ctx_list,
3919 auth_info=auth_info)
3920
3921 self.send_pdu(req)
3922 rep = self.recv_pdu()
3923 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
3924 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3925 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
3926 self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
3927 self.assertEqual(rep.u.secondary_address_size, 4)
3928 self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
3929 self.assertPadding(rep.u._pad1, 2)
3930 self.assertEqual(rep.u.num_results, 1)
3931 self.assertEqual(rep.u.ctx_list[0].result,
3932 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3933 self.assertEqual(rep.u.ctx_list[0].reason,
3934 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3935 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3936 self.assertNotEqual(len(rep.u.auth_info), 0)
3937 a = self.parse_auth(rep.u.auth_info)
3938
3939 from_server = a.credentials
3940 (finished, to_server) = g.update(from_server)
3941 self.assertFalse(finished)
3942
3943 auth_info = self.generate_auth(auth_type=auth_type,
3944 auth_level=auth_level,
3945 auth_context_id=auth_context_id,
3946 auth_blob=to_server)
3947
3948 req = self.generate_alter(call_id=0,
3949 ctx_list=ctx_list,
3950 assoc_group_id=rep.u.assoc_group_id,
3951 auth_info=auth_info)
3952
3953 self.send_pdu(req)
3954 rep = self.recv_pdu()
3955 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
3956 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
3957 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
3958 self.assertEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
3959 self.assertEqual(rep.u.secondary_address_size, 0)
3960 self.assertPadding(rep.u._pad1, 2)
3961 self.assertEqual(rep.u.num_results, 1)
3962 self.assertEqual(rep.u.ctx_list[0].result,
3963 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
3964 self.assertEqual(rep.u.ctx_list[0].reason,
3965 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
3966 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
3967 self.assertNotEqual(len(rep.u.auth_info), 0)
3968 a = self.parse_auth(rep.u.auth_info)
3969
3970 from_server = a.credentials
3971 (finished, to_server) = g.update(from_server)
3972 self.assertTrue(finished)
3973
3974 # And now try a request without auth_info
3975 req = self.generate_request(call_id=2,
3976 context_id=ctx1.context_id,
3977 opnum=0,
3978 stub=b"")
3979 self.send_pdu(req)
3980 rep = self.recv_pdu()
3981 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
3982 auth_length=0)
3983 self.assertNotEqual(rep.u.alloc_hint, 0)
3984 self.assertEqual(rep.u.context_id, req.u.context_id & 0xff)
3985 self.assertEqual(rep.u.cancel_count, 0)
3986 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
3987
3988 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
3989 auth_info = self.generate_auth(auth_type=auth_type,
3990 auth_level=auth_level,
3991 auth_context_id=auth_context_id,
3992 auth_blob=b"\x01" +b"\x00" *15)
3993 req = self.generate_request(call_id=3,
3994 context_id=ctx1.context_id,
3995 opnum=0,
3996 stub=b"",
3997 auth_info=auth_info)
3998 self.send_pdu(req)
3999 rep = self.recv_pdu()
4000 # We don't get an auth_info back
4001 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4002 auth_length=0)
4003 self.assertNotEqual(rep.u.alloc_hint, 0)
4004 self.assertEqual(rep.u.context_id, req.u.context_id & 0xff)
4005 self.assertEqual(rep.u.cancel_count, 0)
4006 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4007
4008 # Now a request with auth_info upgrade_auth_level
4009 auth_info = self.generate_auth(auth_type=auth_type,
4010 auth_level=upgrade_auth_level,
4011 auth_context_id=auth_context_id,
4012 auth_blob=b"\x01" + b"\x00" * 15)
4013 req = self.generate_request(call_id=4,
4014 context_id=ctx1.context_id,
4015 opnum=0,
4016 stub=b"",
4017 auth_info=auth_info)
4018 self.send_pdu(req)
4019 rep = self.recv_pdu()
4020 # We get a fault back
4021 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
4022 auth_length=0)
4023 self.assertNotEqual(rep.u.alloc_hint, 0)
4024 self.assertEqual(rep.u.context_id, req.u.context_id)
4025 self.assertEqual(rep.u.cancel_count, 0)
4026 self.assertEqual(rep.u.flags, 0)
4027 self.assertEqual(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
4028 self.assertEqual(rep.u.reserved, 0)
4029 self.assertEqual(len(rep.u.error_and_verifier), 0)
4030
4031 # wait for a disconnect
4032 rep = self.recv_pdu()
4033 self.assertIsNone(rep)
4034 self.assertNotConnected()
4035
4036 def test_spnego_connect_packet_upgrade(self):
4037 return self._test_spnego_connect_upgrade_request(
4038 dcerpc.DCERPC_AUTH_LEVEL_PACKET)
4039
4040 def test_spnego_connect_integrity_upgrade(self):
4041 return self._test_spnego_connect_upgrade_request(
4042 dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
4043
4044 def _test_spnego_connect_downgrade_request(self, initial_auth_level):
4045 ndr32 = base.transfer_syntax_ndr()
4046
4047 tsf1_list = [ndr32]
4048 ctx1 = dcerpc.ctx_list()
4049 ctx1.context_id = 1
4050 ctx1.num_transfer_syntaxes = len(tsf1_list)
4051 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4052 ctx1.transfer_syntaxes = tsf1_list
4053 ctx_list = [ctx1]
4054
4055 c = self.get_anon_creds()
4056 g = gensec.Security.start_client(self.settings)
4057 g.set_credentials(c)
4058 g.want_feature(gensec.FEATURE_DCE_STYLE)
4059 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
4060 auth_level = initial_auth_level
4061 auth_context_id = 2
4062 g.start_mech_by_authtype(auth_type, auth_level)
4063 from_server = b""
4064 (finished, to_server) = g.update(from_server)
4065 self.assertFalse(finished)
4066
4067 auth_info = self.generate_auth(auth_type=auth_type,
4068 auth_level=auth_level,
4069 auth_context_id=auth_context_id,
4070 auth_blob=to_server)
4071
4072 req = self.generate_bind(call_id=0,
4073 ctx_list=ctx_list,
4074 auth_info=auth_info)
4075
4076 self.send_pdu(req)
4077 rep = self.recv_pdu()
4078 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
4079 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
4080 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
4081 self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
4082 self.assertEqual(rep.u.secondary_address_size, 4)
4083 self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
4084 self.assertPadding(rep.u._pad1, 2)
4085 self.assertEqual(rep.u.num_results, 1)
4086 self.assertEqual(rep.u.ctx_list[0].result,
4087 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
4088 self.assertEqual(rep.u.ctx_list[0].reason,
4089 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
4090 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
4091 self.assertNotEqual(len(rep.u.auth_info), 0)
4092 a = self.parse_auth(rep.u.auth_info)
4093
4094 from_server = a.credentials
4095 (finished, to_server) = g.update(from_server)
4096 self.assertFalse(finished)
4097
4098 auth_info = self.generate_auth(auth_type=auth_type,
4099 auth_level=auth_level,
4100 auth_context_id=auth_context_id,
4101 auth_blob=to_server)
4102
4103 req = self.generate_alter(call_id=0,
4104 ctx_list=ctx_list,
4105 assoc_group_id=rep.u.assoc_group_id,
4106 auth_info=auth_info)
4107
4108 self.send_pdu(req)
4109 rep = self.recv_pdu()
4110 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
4111 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
4112 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
4113 self.assertEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
4114 self.assertEqual(rep.u.secondary_address_size, 0)
4115 self.assertPadding(rep.u._pad1, 2)
4116 self.assertEqual(rep.u.num_results, 1)
4117 self.assertEqual(rep.u.ctx_list[0].result,
4118 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
4119 self.assertEqual(rep.u.ctx_list[0].reason,
4120 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
4121 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
4122 self.assertNotEqual(len(rep.u.auth_info), 0)
4123 a = self.parse_auth(rep.u.auth_info)
4124
4125 from_server = a.credentials
4126 (finished, to_server) = g.update(from_server)
4127 self.assertTrue(finished)
4128
4129 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
4130 auth_info = self.generate_auth(auth_type=auth_type,
4131 auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
4132 auth_context_id=auth_context_id,
4133 auth_blob=b"\x01" + b"\x00" * 15)
4134 req = self.generate_request(call_id=3,
4135 context_id=ctx1.context_id,
4136 opnum=0,
4137 stub=b"",
4138 auth_info=auth_info)
4139 self.send_pdu(req)
4140 rep = self.recv_pdu()
4141 # We get a fault back
4142 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
4143 auth_length=0)
4144 self.assertNotEqual(rep.u.alloc_hint, 0)
4145 self.assertEqual(rep.u.context_id, req.u.context_id)
4146 self.assertEqual(rep.u.cancel_count, 0)
4147 self.assertEqual(rep.u.flags, 0)
4148 self.assertEqual(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
4149 self.assertEqual(rep.u.reserved, 0)
4150 self.assertEqual(len(rep.u.error_and_verifier), 0)
4151
4152 # wait for a disconnect
4153 rep = self.recv_pdu()
4154 self.assertIsNone(rep)
4155 self.assertNotConnected()
4156
4157 def test_spnego_packet_downgrade_connect(self):
4158 return self._test_spnego_connect_downgrade_request(
4159 dcerpc.DCERPC_AUTH_LEVEL_PACKET)
4160
4161 def test_spnego_integrity_downgrade_connect(self):
4162 return self._test_spnego_connect_upgrade_request(
4163 dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
4164
4165 def test_spnego_unfinished_request(self):
4166 ndr32 = base.transfer_syntax_ndr()
4167
4168 tsf1_list = [ndr32]
4169 ctx1 = dcerpc.ctx_list()
4170 ctx1.context_id = 1
4171 ctx1.num_transfer_syntaxes = len(tsf1_list)
4172 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4173 ctx1.transfer_syntaxes = tsf1_list
4174 ctx_list = [ctx1]
4175
4176 c = self.get_anon_creds()
4177 g = gensec.Security.start_client(self.settings)
4178 g.set_credentials(c)
4179 g.want_feature(gensec.FEATURE_DCE_STYLE)
4180 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
4181 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
4182 auth_context_id = 2
4183 g.start_mech_by_authtype(auth_type, auth_level)
4184 from_server = b""
4185 (finished, to_server) = g.update(from_server)
4186 self.assertFalse(finished)
4187
4188 auth_info = self.generate_auth(auth_type=auth_type,
4189 auth_level=auth_level,
4190 auth_context_id=auth_context_id,
4191 auth_blob=to_server)
4192
4193 req = self.generate_bind(call_id=0,
4194 ctx_list=ctx_list,
4195 auth_info=auth_info)
4196
4197 self.send_pdu(req)
4198 rep = self.recv_pdu()
4199 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
4200 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
4201 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
4202 self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
4203 assoc_group_id = rep.u.assoc_group_id
4204 self.assertEqual(rep.u.secondary_address_size, 4)
4205 self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
4206 self.assertPadding(rep.u._pad1, 2)
4207 self.assertEqual(rep.u.num_results, 1)
4208 self.assertEqual(rep.u.ctx_list[0].result,
4209 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
4210 self.assertEqual(rep.u.ctx_list[0].reason,
4211 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
4212 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
4213 self.assertNotEqual(len(rep.u.auth_info), 0)
4214 a = self.parse_auth(rep.u.auth_info)
4215
4216 from_server = a.credentials
4217 (finished, to_server) = g.update(from_server)
4218 self.assertFalse(finished)
4219
4220 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
4221 auth_info = self.generate_auth(auth_type=auth_type,
4222 auth_level=auth_level,
4223 auth_context_id=auth_context_id,
4224 auth_blob=b"\x01" + b"\x00" * 15)
4225 req = self.generate_request(call_id=1,
4226 context_id=ctx1.context_id,
4227 opnum=0,
4228 stub=b"",
4229 auth_info=auth_info)
4230 self.send_pdu(req)
4231 rep = self.recv_pdu()
4232 # We get a fault
4233 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
4234 pfc_flags=req.pfc_flags |
4235 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
4236 auth_length=0)
4237 self.assertNotEqual(rep.u.alloc_hint, 0)
4238 self.assertEqual(rep.u.context_id, 0)
4239 self.assertEqual(rep.u.cancel_count, 0)
4240 self.assertEqual(rep.u.flags, 0)
4241 self.assertEqual(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
4242 self.assertEqual(rep.u.reserved, 0)
4243 self.assertEqual(len(rep.u.error_and_verifier), 0)
4244
4245 # wait for a disconnect
4246 rep = self.recv_pdu()
4247 self.assertIsNone(rep)
4248 self.assertNotConnected()
4249
4250 def test_spnego_auth3(self):
4251 ndr32 = base.transfer_syntax_ndr()
4252
4253 tsf1_list = [ndr32]
4254 ctx1 = dcerpc.ctx_list()
4255 ctx1.context_id = 1
4256 ctx1.num_transfer_syntaxes = len(tsf1_list)
4257 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4258 ctx1.transfer_syntaxes = tsf1_list
4259 ctx_list = [ctx1]
4260
4261 c = self.get_anon_creds()
4262 g = gensec.Security.start_client(self.settings)
4263 g.set_credentials(c)
4264 g.want_feature(gensec.FEATURE_DCE_STYLE)
4265 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
4266 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
4267 auth_context_id = 2
4268 g.start_mech_by_authtype(auth_type, auth_level)
4269 from_server = b""
4270 (finished, to_server) = g.update(from_server)
4271 self.assertFalse(finished)
4272
4273 auth_info = self.generate_auth(auth_type=auth_type,
4274 auth_level=auth_level,
4275 auth_context_id=auth_context_id,
4276 auth_blob=to_server)
4277 req = self.generate_bind(call_id=0,
4278 ctx_list=ctx_list,
4279 auth_info=auth_info)
4280 self.send_pdu(req)
4281 rep = self.recv_pdu()
4282 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
4283 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
4284 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
4285 self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
4286 self.assertEqual(rep.u.secondary_address_size, 4)
4287 self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
4288 self.assertPadding(rep.u._pad1, 2)
4289 self.assertEqual(rep.u.num_results, 1)
4290 self.assertEqual(rep.u.ctx_list[0].result,
4291 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
4292 self.assertEqual(rep.u.ctx_list[0].reason,
4293 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
4294 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
4295 self.assertNotEqual(len(rep.u.auth_info), 0)
4296 a = self.parse_auth(rep.u.auth_info)
4297
4298 from_server = a.credentials
4299 (finished, to_server) = g.update(from_server)
4300 self.assertFalse(finished)
4301
4302 auth_info = self.generate_auth(auth_type=auth_type,
4303 auth_level=auth_level,
4304 auth_context_id=auth_context_id,
4305 auth_blob=to_server)
4306 req = self.generate_auth3(call_id=0,
4307 auth_info=auth_info)
4308 self.send_pdu(req)
4309 rep = self.recv_pdu(timeout=0.01)
4310 self.assertIsNone(rep)
4311 self.assertIsConnected()
4312
4313 # And now try a request without auth_info
4314 req = self.generate_request(call_id=2,
4315 context_id=ctx1.context_id,
4316 opnum=0,
4317 stub=b"")
4318 self.send_pdu(req)
4319 rep = self.recv_pdu()
4320 # We get a fault back
4321 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
4322 auth_length=0)
4323 self.assertNotEqual(rep.u.alloc_hint, 0)
4324 self.assertEqual(rep.u.context_id, req.u.context_id)
4325 self.assertEqual(rep.u.cancel_count, 0)
4326 self.assertEqual(rep.u.flags, 0)
4327 self.assertEqual(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
4328 self.assertEqual(rep.u.reserved, 0)
4329 self.assertEqual(len(rep.u.error_and_verifier), 0)
4330
4331 # wait for a disconnect
4332 rep = self.recv_pdu()
4333 self.assertIsNone(rep)
4334 self.assertNotConnected()
4335
4336 def test_spnego_connect_reauth_alter(self):
4337 ndr32 = base.transfer_syntax_ndr()
4338 ndr64 = base.transfer_syntax_ndr64()
4339
4340 tsf1_list = [ndr32]
4341 ctx1 = dcerpc.ctx_list()
4342 ctx1.context_id = 1
4343 ctx1.num_transfer_syntaxes = len(tsf1_list)
4344 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4345 ctx1.transfer_syntaxes = tsf1_list
4346 ctx_list = [ctx1]
4347
4348 c = self.get_anon_creds()
4349 g = gensec.Security.start_client(self.settings)
4350 g.set_credentials(c)
4351 g.want_feature(gensec.FEATURE_DCE_STYLE)
4352 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
4353 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
4354 auth_context_id = 2
4355 g.start_mech_by_authtype(auth_type, auth_level)
4356 from_server = b""
4357 (finished, to_server) = g.update(from_server)
4358 self.assertFalse(finished)
4359
4360 auth_info = self.generate_auth(auth_type=auth_type,
4361 auth_level=auth_level,
4362 auth_context_id=auth_context_id,
4363 auth_blob=to_server)
4364
4365 req = self.generate_bind(call_id=0,
4366 ctx_list=ctx_list,
4367 auth_info=auth_info)
4368
4369 self.send_pdu(req)
4370 rep = self.recv_pdu()
4371 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
4372 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
4373 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
4374 self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
4375 self.assertEqual(rep.u.secondary_address_size, 4)
4376 self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
4377 self.assertPadding(rep.u._pad1, 2)
4378 self.assertEqual(rep.u.num_results, 1)
4379 self.assertEqual(rep.u.ctx_list[0].result,
4380 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
4381 self.assertEqual(rep.u.ctx_list[0].reason,
4382 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
4383 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
4384 self.assertNotEqual(len(rep.u.auth_info), 0)
4385 a = self.parse_auth(rep.u.auth_info)
4386
4387 from_server = a.credentials
4388 (finished, to_server) = g.update(from_server)
4389 self.assertFalse(finished)
4390
4391 auth_info = self.generate_auth(auth_type=auth_type,
4392 auth_level=auth_level,
4393 auth_context_id=auth_context_id,
4394 auth_blob=to_server)
4395 req = self.generate_alter(call_id=0,
4396 ctx_list=[ctx1],
4397 assoc_group_id=rep.u.assoc_group_id,
4398 auth_info=auth_info)
4399 self.send_pdu(req)
4400 rep = self.recv_pdu()
4401 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
4402 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
4403 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
4404 self.assertEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
4405 self.assertEqual(rep.u.secondary_address_size, 0)
4406 self.assertPadding(rep.u._pad1, 2)
4407 self.assertEqual(rep.u.num_results, 1)
4408 self.assertEqual(rep.u.ctx_list[0].result,
4409 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
4410 self.assertEqual(rep.u.ctx_list[0].reason,
4411 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
4412 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
4413 self.assertNotEqual(len(rep.u.auth_info), 0)
4414 a = self.parse_auth(rep.u.auth_info)
4415
4416 from_server = a.credentials
4417 (finished, to_server) = g.update(from_server)
4418 self.assertTrue(finished)
4419
4420 # And now try a request without auth_info
4421 req = self.generate_request(call_id=2,
4422 context_id=ctx1.context_id,
4423 opnum=0,
4424 stub=b"")
4425 self.send_pdu(req)
4426 rep = self.recv_pdu()
4427 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4428 auth_length=0)
4429 self.assertNotEqual(rep.u.alloc_hint, 0)
4430 self.assertEqual(rep.u.context_id, req.u.context_id & 0xff)
4431 self.assertEqual(rep.u.cancel_count, 0)
4432 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4433
4434 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
4435 auth_info = self.generate_auth(auth_type=auth_type,
4436 auth_level=auth_level,
4437 auth_context_id=auth_context_id,
4438 auth_blob=b"\x01" + b"\x00" * 15)
4439 req = self.generate_request(call_id=3,
4440 context_id=ctx1.context_id,
4441 opnum=0,
4442 stub=b"",
4443 auth_info=auth_info)
4444 self.send_pdu(req)
4445 rep = self.recv_pdu()
4446 # We don't get an auth_info back
4447 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4448 auth_length=0)
4449 self.assertNotEqual(rep.u.alloc_hint, 0)
4450 self.assertEqual(rep.u.context_id, req.u.context_id)
4451 self.assertEqual(rep.u.cancel_count, 0)
4452 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4453
4454 # Now a reauth
4455
4456 g = gensec.Security.start_client(self.settings)
4457 g.set_credentials(c)
4458 g.want_feature(gensec.FEATURE_DCE_STYLE)
4459 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
4460 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
4461 auth_context_id = 2
4462 g.start_mech_by_authtype(auth_type, auth_level)
4463 from_server = b""
4464 (finished, to_server) = g.update(from_server)
4465 self.assertFalse(finished)
4466
4467 auth_info = self.generate_auth(auth_type=auth_type,
4468 auth_level=auth_level,
4469 auth_context_id=auth_context_id,
4470 auth_blob=to_server)
4471 req = self.generate_alter(call_id=0,
4472 ctx_list=ctx_list,
4473 auth_info=auth_info)
4474 self.send_pdu(req)
4475 rep = self.recv_pdu()
4476 # We get a fault
4477 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
4478 pfc_flags=req.pfc_flags |
4479 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
4480 auth_length=0)
4481 self.assertNotEqual(rep.u.alloc_hint, 0)
4482 self.assertEqual(rep.u.context_id, 0)
4483 self.assertEqual(rep.u.cancel_count, 0)
4484 self.assertEqual(rep.u.flags, 0)
4485 self.assertEqual(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
4486 self.assertEqual(rep.u.reserved, 0)
4487 self.assertEqual(len(rep.u.error_and_verifier), 0)
4488
4489 # wait for a disconnect
4490 rep = self.recv_pdu()
4491 self.assertIsNone(rep)
4492 self.assertNotConnected()
4493
4494 def test_spnego_connect_reauth_auth3(self):
4495 ndr32 = base.transfer_syntax_ndr()
4496 ndr64 = base.transfer_syntax_ndr64()
4497
4498 tsf1_list = [ndr32]
4499 ctx1 = dcerpc.ctx_list()
4500 ctx1.context_id = 1
4501 ctx1.num_transfer_syntaxes = len(tsf1_list)
4502 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4503 ctx1.transfer_syntaxes = tsf1_list
4504 ctx_list = [ctx1]
4505
4506 c = self.get_anon_creds()
4507 g = gensec.Security.start_client(self.settings)
4508 g.set_credentials(c)
4509 g.want_feature(gensec.FEATURE_DCE_STYLE)
4510 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
4511 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
4512 auth_context_id = 2
4513 g.start_mech_by_authtype(auth_type, auth_level)
4514 from_server = b""
4515 (finished, to_server) = g.update(from_server)
4516 self.assertFalse(finished)
4517
4518 auth_info = self.generate_auth(auth_type=auth_type,
4519 auth_level=auth_level,
4520 auth_context_id=auth_context_id,
4521 auth_blob=to_server)
4522
4523 req = self.generate_bind(call_id=0,
4524 ctx_list=ctx_list,
4525 auth_info=auth_info)
4526
4527 self.send_pdu(req)
4528 rep = self.recv_pdu()
4529 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
4530 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
4531 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
4532 self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
4533 self.assertEqual(rep.u.secondary_address_size, 4)
4534 self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
4535 self.assertPadding(rep.u._pad1, 2)
4536 self.assertEqual(rep.u.num_results, 1)
4537 self.assertEqual(rep.u.ctx_list[0].result,
4538 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
4539 self.assertEqual(rep.u.ctx_list[0].reason,
4540 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
4541 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
4542 self.assertNotEqual(len(rep.u.auth_info), 0)
4543 a = self.parse_auth(rep.u.auth_info)
4544
4545 from_server = a.credentials
4546 (finished, to_server) = g.update(from_server)
4547 self.assertFalse(finished)
4548
4549 auth_info = self.generate_auth(auth_type=auth_type,
4550 auth_level=auth_level,
4551 auth_context_id=auth_context_id,
4552 auth_blob=to_server)
4553 req = self.generate_alter(call_id=0,
4554 ctx_list=[ctx1],
4555 assoc_group_id=rep.u.assoc_group_id,
4556 auth_info=auth_info)
4557 self.send_pdu(req)
4558 rep = self.recv_pdu()
4559 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
4560 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
4561 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
4562 self.assertEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
4563 self.assertEqual(rep.u.secondary_address_size, 0)
4564 self.assertPadding(rep.u._pad1, 2)
4565 self.assertEqual(rep.u.num_results, 1)
4566 self.assertEqual(rep.u.ctx_list[0].result,
4567 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
4568 self.assertEqual(rep.u.ctx_list[0].reason,
4569 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
4570 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
4571 self.assertNotEqual(len(rep.u.auth_info), 0)
4572 a = self.parse_auth(rep.u.auth_info)
4573
4574 from_server = a.credentials
4575 (finished, to_server) = g.update(from_server)
4576 self.assertTrue(finished)
4577
4578 # And now try a request without auth_info
4579 req = self.generate_request(call_id=2,
4580 context_id=ctx1.context_id,
4581 opnum=0,
4582 stub=b"")
4583 self.send_pdu(req)
4584 rep = self.recv_pdu()
4585 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4586 auth_length=0)
4587 self.assertNotEqual(rep.u.alloc_hint, 0)
4588 self.assertEqual(rep.u.context_id, req.u.context_id)
4589 self.assertEqual(rep.u.cancel_count, 0)
4590 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4591
4592 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
4593 auth_info = self.generate_auth(auth_type=auth_type,
4594 auth_level=auth_level,
4595 auth_context_id=auth_context_id,
4596 auth_blob=b"\x01" + b"\x00" * 15)
4597 req = self.generate_request(call_id=3,
4598 context_id=ctx1.context_id,
4599 opnum=0,
4600 stub=b"",
4601 auth_info=auth_info)
4602 self.send_pdu(req)
4603 rep = self.recv_pdu()
4604 # We don't get an auth_info back
4605 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
4606 auth_length=0)
4607 self.assertNotEqual(rep.u.alloc_hint, 0)
4608 self.assertEqual(rep.u.context_id, req.u.context_id)
4609 self.assertEqual(rep.u.cancel_count, 0)
4610 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
4611
4612 # Now a reauth
4613
4614 g = gensec.Security.start_client(self.settings)
4615 g.set_credentials(c)
4616 g.want_feature(gensec.FEATURE_DCE_STYLE)
4617 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
4618 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
4619 auth_context_id = 2
4620 g.start_mech_by_authtype(auth_type, auth_level)
4621 from_server = b""
4622 (finished, to_server) = g.update(from_server)
4623 self.assertFalse(finished)
4624
4625 auth_info = self.generate_auth(auth_type=auth_type,
4626 auth_level=auth_level,
4627 auth_context_id=auth_context_id,
4628 auth_blob=to_server)
4629 req = self.generate_auth3(call_id=0,
4630 auth_info=auth_info)
4631 self.send_pdu(req)
4632 rep = self.recv_pdu()
4633 # We get a fault
4634 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
4635 pfc_flags=req.pfc_flags |
4636 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
4637 auth_length=0)
4638 self.assertNotEqual(rep.u.alloc_hint, 0)
4639 self.assertEqual(rep.u.context_id, 0)
4640 self.assertEqual(rep.u.cancel_count, 0)
4641 self.assertEqual(rep.u.flags, 0)
4642 self.assertEqual(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
4643 self.assertEqual(rep.u.reserved, 0)
4644 self.assertEqual(len(rep.u.error_and_verifier), 0)
4645
4646 # wait for a disconnect
4647 rep = self.recv_pdu()
4648 self.assertIsNone(rep)
4649 self.assertNotConnected()
4650
4651 def test_spnego_change_auth_level(self):
4652 ndr32 = base.transfer_syntax_ndr()
4653
4654 tsf1_list = [ndr32]
4655 ctx1 = dcerpc.ctx_list()
4656 ctx1.context_id = 1
4657 ctx1.num_transfer_syntaxes = len(tsf1_list)
4658 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4659 ctx1.transfer_syntaxes = tsf1_list
4660
4661 c = self.get_anon_creds()
4662 g = gensec.Security.start_client(self.settings)
4663 g.set_credentials(c)
4664 g.want_feature(gensec.FEATURE_DCE_STYLE)
4665 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
4666 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
4667 auth_context_id = 2
4668 g.start_mech_by_authtype(auth_type, auth_level)
4669 from_server = b""
4670 (finished, to_server) = g.update(from_server)
4671 self.assertFalse(finished)
4672
4673 auth_info = self.generate_auth(auth_type=auth_type,
4674 auth_level=auth_level,
4675 auth_context_id=auth_context_id,
4676 auth_blob=to_server)
4677 req = self.generate_bind(call_id=0,
4678 ctx_list=[ctx1],
4679 auth_info=auth_info)
4680 self.send_pdu(req)
4681 rep = self.recv_pdu()
4682 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
4683 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
4684 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
4685 self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
4686 self.assertEqual(rep.u.secondary_address_size, 4)
4687 self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
4688 self.assertPadding(rep.u._pad1, 2)
4689 self.assertEqual(rep.u.num_results, 1)
4690 self.assertEqual(rep.u.ctx_list[0].result,
4691 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
4692 self.assertEqual(rep.u.ctx_list[0].reason,
4693 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
4694 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
4695 self.assertNotEqual(len(rep.u.auth_info), 0)
4696 a = self.parse_auth(rep.u.auth_info)
4697
4698 from_server = a.credentials
4699 (finished, to_server) = g.update(from_server)
4700 self.assertFalse(finished)
4701
4702 auth_info = self.generate_auth(auth_type=auth_type,
4703 auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
4704 auth_context_id=auth_context_id,
4705 auth_blob=to_server)
4706 req = self.generate_alter(call_id=0,
4707 ctx_list=[ctx1],
4708 assoc_group_id=rep.u.assoc_group_id,
4709 auth_info=auth_info)
4710 self.send_pdu(req)
4711 rep = self.recv_pdu()
4712 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
4713 pfc_flags=req.pfc_flags |
4714 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
4715 auth_length=0)
4716 self.assertNotEqual(rep.u.alloc_hint, 0)
4717 self.assertEqual(rep.u.context_id, 0)
4718 self.assertEqual(rep.u.cancel_count, 0)
4719 self.assertEqual(rep.u.flags, 0)
4720 self.assertEqual(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
4721 self.assertEqual(rep.u.reserved, 0)
4722 self.assertEqual(len(rep.u.error_and_verifier), 0)
4723
4724 # wait for a disconnect
4725 rep = self.recv_pdu()
4726 self.assertIsNone(rep)
4727 self.assertNotConnected()
4728
4729 def test_spnego_change_abstract(self):
4730 ndr32 = base.transfer_syntax_ndr()
4731
4732 tsf1_list = [ndr32]
4733 ctx1 = dcerpc.ctx_list()
4734 ctx1.context_id = 1
4735 ctx1.num_transfer_syntaxes = len(tsf1_list)
4736 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4737 ctx1.transfer_syntaxes = tsf1_list
4738
4739 ctx1b = dcerpc.ctx_list()
4740 ctx1b.context_id = 1
4741 ctx1b.num_transfer_syntaxes = len(tsf1_list)
4742 ctx1b.abstract_syntax = samba.dcerpc.epmapper.abstract_syntax()
4743 ctx1b.transfer_syntaxes = tsf1_list
4744
4745 c = self.get_anon_creds()
4746 g = gensec.Security.start_client(self.settings)
4747 g.set_credentials(c)
4748 g.want_feature(gensec.FEATURE_DCE_STYLE)
4749 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
4750 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
4751 auth_context_id = 2
4752 g.start_mech_by_authtype(auth_type, auth_level)
4753 from_server = b""
4754 (finished, to_server) = g.update(from_server)
4755 self.assertFalse(finished)
4756
4757 auth_info = self.generate_auth(auth_type=auth_type,
4758 auth_level=auth_level,
4759 auth_context_id=auth_context_id,
4760 auth_blob=to_server)
4761 req = self.generate_bind(call_id=0,
4762 ctx_list=[ctx1],
4763 auth_info=auth_info)
4764 self.send_pdu(req)
4765 rep = self.recv_pdu()
4766 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
4767 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
4768 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
4769 self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
4770 self.assertEqual(rep.u.secondary_address_size, 4)
4771 self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
4772 self.assertPadding(rep.u._pad1, 2)
4773 self.assertEqual(rep.u.num_results, 1)
4774 self.assertEqual(rep.u.ctx_list[0].result,
4775 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
4776 self.assertEqual(rep.u.ctx_list[0].reason,
4777 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
4778 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
4779 self.assertNotEqual(len(rep.u.auth_info), 0)
4780 a = self.parse_auth(rep.u.auth_info)
4781
4782 from_server = a.credentials
4783 (finished, to_server) = g.update(from_server)
4784 self.assertFalse(finished)
4785
4786 auth_info = self.generate_auth(auth_type=auth_type,
4787 auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
4788 auth_context_id=auth_context_id,
4789 auth_blob=to_server)
4790 req = self.generate_alter(call_id=0,
4791 ctx_list=[ctx1b],
4792 assoc_group_id=rep.u.assoc_group_id,
4793 auth_info=auth_info)
4794 self.send_pdu(req)
4795 rep = self.recv_pdu()
4796 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
4797 pfc_flags=req.pfc_flags |
4798 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
4799 auth_length=0)
4800 self.assertNotEqual(rep.u.alloc_hint, 0)
4801 self.assertEqual(rep.u.context_id, 0)
4802 self.assertEqual(rep.u.cancel_count, 0)
4803 self.assertEqual(rep.u.flags, 0)
4804 self.assertEqual(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
4805 self.assertEqual(rep.u.reserved, 0)
4806 self.assertEqual(len(rep.u.error_and_verifier), 0)
4807
4808 # wait for a disconnect
4809 rep = self.recv_pdu()
4810 self.assertIsNone(rep)
4811 self.assertNotConnected()
4812
4813 def test_spnego_change_transfer(self):
4814 ndr32 = base.transfer_syntax_ndr()
4815 ndr64 = base.transfer_syntax_ndr64()
4816
4817 tsf1_list = [ndr32]
4818 ctx1 = dcerpc.ctx_list()
4819 ctx1.context_id = 1
4820 ctx1.num_transfer_syntaxes = len(tsf1_list)
4821 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4822 ctx1.transfer_syntaxes = tsf1_list
4823
4824 tsf1b_list = [ndr32, ndr64]
4825 ctx1b = dcerpc.ctx_list()
4826 ctx1b.context_id = 1
4827 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
4828 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4829 ctx1b.transfer_syntaxes = tsf1b_list
4830
4831 c = self.get_anon_creds()
4832 g = gensec.Security.start_client(self.settings)
4833 g.set_credentials(c)
4834 g.want_feature(gensec.FEATURE_DCE_STYLE)
4835 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
4836 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
4837 auth_context_id = 2
4838 g.start_mech_by_authtype(auth_type, auth_level)
4839 from_server = b""
4840 (finished, to_server) = g.update(from_server)
4841 self.assertFalse(finished)
4842
4843 auth_info = self.generate_auth(auth_type=auth_type,
4844 auth_level=auth_level,
4845 auth_context_id=auth_context_id,
4846 auth_blob=to_server)
4847 req = self.generate_bind(call_id=0,
4848 ctx_list=[ctx1],
4849 auth_info=auth_info)
4850 self.send_pdu(req)
4851 rep = self.recv_pdu()
4852 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
4853 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
4854 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
4855 self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
4856 self.assertEqual(rep.u.secondary_address_size, 4)
4857 self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
4858 self.assertPadding(rep.u._pad1, 2)
4859 self.assertEqual(rep.u.num_results, 1)
4860 self.assertEqual(rep.u.ctx_list[0].result,
4861 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
4862 self.assertEqual(rep.u.ctx_list[0].reason,
4863 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
4864 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
4865 self.assertNotEqual(len(rep.u.auth_info), 0)
4866 a = self.parse_auth(rep.u.auth_info)
4867
4868 from_server = a.credentials
4869 (finished, to_server) = g.update(from_server)
4870 self.assertFalse(finished)
4871
4872 # We change ctx_list and auth_level
4873 auth_info = self.generate_auth(auth_type=auth_type,
4874 auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
4875 auth_context_id=auth_context_id,
4876 auth_blob=to_server)
4877 req = self.generate_alter(call_id=0,
4878 ctx_list=[ctx1b],
4879 assoc_group_id=rep.u.assoc_group_id,
4880 auth_info=auth_info)
4881 self.send_pdu(req)
4882 rep = self.recv_pdu()
4883 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
4884 pfc_flags=req.pfc_flags |
4885 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
4886 auth_length=0)
4887 self.assertNotEqual(rep.u.alloc_hint, 0)
4888 self.assertEqual(rep.u.context_id, 0)
4889 self.assertEqual(rep.u.cancel_count, 0)
4890 self.assertEqual(rep.u.flags, 0)
4891 self.assertEqual(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
4892 self.assertEqual(rep.u.reserved, 0)
4893 self.assertEqual(len(rep.u.error_and_verifier), 0)
4894
4895 # wait for a disconnect
4896 rep = self.recv_pdu()
4897 self.assertIsNone(rep)
4898 self.assertNotConnected()
4899
4900 def test_spnego_change_auth_type1(self):
4901 ndr32 = base.transfer_syntax_ndr()
4902 ndr64 = base.transfer_syntax_ndr64()
4903
4904 tsf1_list = [ndr32]
4905 ctx1 = dcerpc.ctx_list()
4906 ctx1.context_id = 1
4907 ctx1.num_transfer_syntaxes = len(tsf1_list)
4908 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4909 ctx1.transfer_syntaxes = tsf1_list
4910
4911 c = self.get_anon_creds()
4912 g = gensec.Security.start_client(self.settings)
4913 g.set_credentials(c)
4914 g.want_feature(gensec.FEATURE_DCE_STYLE)
4915 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
4916 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
4917 auth_context_id = 2
4918 g.start_mech_by_authtype(auth_type, auth_level)
4919 from_server = b""
4920 (finished, to_server) = g.update(from_server)
4921 self.assertFalse(finished)
4922
4923 auth_info = self.generate_auth(auth_type=auth_type,
4924 auth_level=auth_level,
4925 auth_context_id=auth_context_id,
4926 auth_blob=to_server)
4927 req = self.generate_bind(call_id=0,
4928 ctx_list=[ctx1],
4929 auth_info=auth_info)
4930 self.send_pdu(req)
4931 rep = self.recv_pdu()
4932 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
4933 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
4934 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
4935 self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
4936 self.assertEqual(rep.u.secondary_address_size, 4)
4937 self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
4938 self.assertPadding(rep.u._pad1, 2)
4939 self.assertEqual(rep.u.num_results, 1)
4940 self.assertEqual(rep.u.ctx_list[0].result,
4941 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
4942 self.assertEqual(rep.u.ctx_list[0].reason,
4943 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
4944 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
4945 self.assertNotEqual(len(rep.u.auth_info), 0)
4946 a = self.parse_auth(rep.u.auth_info)
4947
4948 from_server = a.credentials
4949 (finished, to_server) = g.update(from_server)
4950 self.assertFalse(finished)
4951
4952 # We change ctx_list and auth_level
4953 auth_info = self.generate_auth(auth_type=dcerpc.DCERPC_AUTH_TYPE_KRB5,
4954 auth_level=auth_level,
4955 auth_context_id=auth_context_id,
4956 auth_blob=to_server)
4957 req = self.generate_alter(call_id=0,
4958 ctx_list=[ctx1],
4959 assoc_group_id=rep.u.assoc_group_id,
4960 auth_info=auth_info)
4961 self.send_pdu(req)
4962 rep = self.recv_pdu()
4963 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
4964 pfc_flags=req.pfc_flags |
4965 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
4966 auth_length=0)
4967 self.assertNotEqual(rep.u.alloc_hint, 0)
4968 self.assertEqual(rep.u.context_id, 0)
4969 self.assertEqual(rep.u.cancel_count, 0)
4970 self.assertEqual(rep.u.flags, 0)
4971 self.assertEqual(rep.u.status, dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
4972 self.assertEqual(rep.u.reserved, 0)
4973 self.assertEqual(len(rep.u.error_and_verifier), 0)
4974
4975 # wait for a disconnect
4976 rep = self.recv_pdu()
4977 self.assertIsNone(rep)
4978 self.assertNotConnected()
4979
4980 def test_spnego_change_auth_type2(self):
4981 ndr32 = base.transfer_syntax_ndr()
4982 ndr64 = base.transfer_syntax_ndr64()
4983
4984 tsf1_list = [ndr32]
4985 ctx1 = dcerpc.ctx_list()
4986 ctx1.context_id = 1
4987 ctx1.num_transfer_syntaxes = len(tsf1_list)
4988 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4989 ctx1.transfer_syntaxes = tsf1_list
4990
4991 tsf1b_list = [ndr32, ndr64]
4992 ctx1b = dcerpc.ctx_list()
4993 ctx1b.context_id = 1
4994 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
4995 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
4996 ctx1b.transfer_syntaxes = tsf1b_list
4997
4998 c = self.get_anon_creds()
4999 g = gensec.Security.start_client(self.settings)
5000 g.set_credentials(c)
5001 g.want_feature(gensec.FEATURE_DCE_STYLE)
5002 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
5003 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
5004 auth_context_id = 2
5005 g.start_mech_by_authtype(auth_type, auth_level)
5006 from_server = b""
5007 (finished, to_server) = g.update(from_server)
5008 self.assertFalse(finished)
5009
5010 auth_info = self.generate_auth(auth_type=auth_type,
5011 auth_level=auth_level,
5012 auth_context_id=auth_context_id,
5013 auth_blob=to_server)
5014 req = self.generate_bind(call_id=0,
5015 ctx_list=[ctx1],
5016 auth_info=auth_info)
5017 self.send_pdu(req)
5018 rep = self.recv_pdu()
5019 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
5020 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
5021 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
5022 self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
5023 self.assertEqual(rep.u.secondary_address_size, 4)
5024 self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
5025 self.assertPadding(rep.u._pad1, 2)
5026 self.assertEqual(rep.u.num_results, 1)
5027 self.assertEqual(rep.u.ctx_list[0].result,
5028 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
5029 self.assertEqual(rep.u.ctx_list[0].reason,
5030 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
5031 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
5032 self.assertNotEqual(len(rep.u.auth_info), 0)
5033 a = self.parse_auth(rep.u.auth_info)
5034
5035 from_server = a.credentials
5036 (finished, to_server) = g.update(from_server)
5037 self.assertFalse(finished)
5038
5039 # We change ctx_list and auth_level
5040 auth_info = self.generate_auth(auth_type=dcerpc.DCERPC_AUTH_TYPE_KRB5,
5041 auth_level=auth_level,
5042 auth_context_id=auth_context_id,
5043 auth_blob=to_server)
5044 req = self.generate_alter(call_id=0,
5045 ctx_list=[ctx1b],
5046 assoc_group_id=rep.u.assoc_group_id,
5047 auth_info=auth_info)
5048 self.send_pdu(req)
5049 rep = self.recv_pdu()
5050 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
5051 pfc_flags=req.pfc_flags |
5052 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
5053 auth_length=0)
5054 self.assertNotEqual(rep.u.alloc_hint, 0)
5055 self.assertEqual(rep.u.context_id, 0)
5056 self.assertEqual(rep.u.cancel_count, 0)
5057 self.assertEqual(rep.u.flags, 0)
5058 self.assertEqual(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
5059 self.assertEqual(rep.u.reserved, 0)
5060 self.assertEqual(len(rep.u.error_and_verifier), 0)
5061
5062 # wait for a disconnect
5063 rep = self.recv_pdu()
5064 self.assertIsNone(rep)
5065 self.assertNotConnected()
5066
5067 def test_spnego_change_auth_type3(self):
5068 ndr32 = base.transfer_syntax_ndr()
5069 ndr64 = base.transfer_syntax_ndr64()
5070
5071 tsf1_list = [ndr32]
5072 ctx1 = dcerpc.ctx_list()
5073 ctx1.context_id = 1
5074 ctx1.num_transfer_syntaxes = len(tsf1_list)
5075 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
5076 ctx1.transfer_syntaxes = tsf1_list
5077
5078 tsf1b_list = [ndr32, ndr64]
5079 ctx1b = dcerpc.ctx_list()
5080 ctx1b.context_id = 1
5081 ctx1b.num_transfer_syntaxes = len(tsf1b_list)
5082 ctx1b.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
5083 ctx1b.transfer_syntaxes = tsf1b_list
5084
5085 c = self.get_anon_creds()
5086 g = gensec.Security.start_client(self.settings)
5087 g.set_credentials(c)
5088 g.want_feature(gensec.FEATURE_DCE_STYLE)
5089 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
5090 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
5091 auth_context_id = 2
5092 g.start_mech_by_authtype(auth_type, auth_level)
5093 from_server = b""
5094 (finished, to_server) = g.update(from_server)
5095 self.assertFalse(finished)
5096
5097 auth_info = self.generate_auth(auth_type=auth_type,
5098 auth_level=auth_level,
5099 auth_context_id=auth_context_id,
5100 auth_blob=to_server)
5101 req = self.generate_bind(call_id=0,
5102 ctx_list=[ctx1],
5103 auth_info=auth_info)
5104 self.send_pdu(req)
5105 rep = self.recv_pdu()
5106 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
5107 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
5108 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
5109 self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
5110 self.assertEqual(rep.u.secondary_address_size, 4)
5111 self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
5112 self.assertPadding(rep.u._pad1, 2)
5113 self.assertEqual(rep.u.num_results, 1)
5114 self.assertEqual(rep.u.ctx_list[0].result,
5115 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
5116 self.assertEqual(rep.u.ctx_list[0].reason,
5117 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
5118 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
5119 self.assertNotEqual(len(rep.u.auth_info), 0)
5120 a = self.parse_auth(rep.u.auth_info)
5121
5122 from_server = a.credentials
5123 (finished, to_server) = g.update(from_server)
5124 self.assertFalse(finished)
5125
5126 # We change ctx_list and auth_level
5127 auth_info = self.generate_auth(auth_type=dcerpc.DCERPC_AUTH_TYPE_NONE,
5128 auth_level=auth_level,
5129 auth_context_id=auth_context_id,
5130 auth_blob=to_server)
5131 req = self.generate_alter(call_id=0,
5132 ctx_list=[ctx1b],
5133 assoc_group_id=rep.u.assoc_group_id,
5134 auth_info=auth_info)
5135 self.send_pdu(req)
5136 rep = self.recv_pdu()
5137 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
5138 pfc_flags=req.pfc_flags |
5139 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
5140 auth_length=0)
5141 self.assertNotEqual(rep.u.alloc_hint, 0)
5142 self.assertEqual(rep.u.context_id, 0)
5143 self.assertEqual(rep.u.cancel_count, 0)
5144 self.assertEqual(rep.u.flags, 0)
5145 self.assertEqual(rep.u.status, dcerpc.DCERPC_FAULT_ACCESS_DENIED)
5146 self.assertEqual(rep.u.reserved, 0)
5147 self.assertEqual(len(rep.u.error_and_verifier), 0)
5148
5149 # wait for a disconnect
5150 rep = self.recv_pdu()
5151 self.assertIsNone(rep)
5152 self.assertNotConnected()
5153
5154 def test_spnego_auth_pad_ok(self):
5155 ndr32 = base.transfer_syntax_ndr()
5156
5157 tsf1_list = [ndr32]
5158 ctx1 = dcerpc.ctx_list()
5159 ctx1.context_id = 1
5160 ctx1.num_transfer_syntaxes = len(tsf1_list)
5161 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
5162 ctx1.transfer_syntaxes = tsf1_list
5163 ctx_list = [ctx1]
5164
5165 c = self.get_anon_creds()
5166 g = gensec.Security.start_client(self.settings)
5167 g.set_credentials(c)
5168 g.want_feature(gensec.FEATURE_DCE_STYLE)
5169 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
5170 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
5171 auth_context_id = 2
5172 g.start_mech_by_authtype(auth_type, auth_level)
5173 from_server = b""
5174 (finished, to_server) = g.update(from_server)
5175 self.assertFalse(finished)
5176
5177 auth_info = self.generate_auth(auth_type=auth_type,
5178 auth_level=auth_level,
5179 auth_context_id=auth_context_id,
5180 auth_blob=to_server)
5181
5182 req = self.generate_bind(call_id=0,
5183 ctx_list=ctx_list,
5184 auth_info=auth_info)
5185 req_pdu = samba.ndr.ndr_pack(req)
5186
5187 auth_pad_ok = len(req_pdu)
5188 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
5189 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
5190 auth_pad_ok -= len(to_server)
5191
5192 auth_info = self.generate_auth(auth_type=auth_type,
5193 auth_level=auth_level,
5194 auth_context_id=auth_context_id,
5195 auth_pad_length=auth_pad_ok,
5196 auth_blob=to_server)
5197
5198 req = self.generate_bind(call_id=0,
5199 ctx_list=ctx_list,
5200 auth_info=auth_info)
5201 self.send_pdu(req)
5202 rep = self.recv_pdu()
5203 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
5204 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
5205 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
5206 self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
5207 self.assertEqual(rep.u.secondary_address_size, 4)
5208 self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
5209 self.assertPadding(rep.u._pad1, 2)
5210 self.assertEqual(rep.u.num_results, 1)
5211 self.assertEqual(rep.u.ctx_list[0].result,
5212 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
5213 self.assertEqual(rep.u.ctx_list[0].reason,
5214 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
5215 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
5216 self.assertNotEqual(len(rep.u.auth_info), 0)
5217 a = self.parse_auth(rep.u.auth_info)
5218
5219 from_server = a.credentials
5220 (finished, to_server) = g.update(from_server)
5221 self.assertFalse(finished)
5222
5223 auth_info = self.generate_auth(auth_type=auth_type,
5224 auth_level=auth_level,
5225 auth_context_id=auth_context_id,
5226 auth_blob=to_server)
5227 req = self.generate_alter(call_id=0,
5228 ctx_list=ctx_list,
5229 assoc_group_id=rep.u.assoc_group_id,
5230 auth_info=auth_info)
5231 req_pdu = samba.ndr.ndr_pack(req)
5232
5233 auth_pad_ok = len(req_pdu)
5234 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
5235 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
5236 auth_pad_ok -= len(to_server)
5237 auth_info = self.generate_auth(auth_type=auth_type,
5238 auth_level=auth_level,
5239 auth_context_id=auth_context_id,
5240 auth_pad_length=auth_pad_ok,
5241 auth_blob=to_server)
5242 req = self.generate_alter(call_id=0,
5243 ctx_list=ctx_list,
5244 assoc_group_id=rep.u.assoc_group_id,
5245 auth_info=auth_info)
5246 self.send_pdu(req)
5247 rep = self.recv_pdu()
5248 self.verify_pdu(rep, dcerpc.DCERPC_PKT_ALTER_RESP, req.call_id)
5249 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
5250 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
5251 self.assertEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
5252 self.assertEqual(rep.u.secondary_address_size, 0)
5253 self.assertPadding(rep.u._pad1, 2)
5254 self.assertEqual(rep.u.num_results, 1)
5255 self.assertEqual(rep.u.ctx_list[0].result,
5256 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
5257 self.assertEqual(rep.u.ctx_list[0].reason,
5258 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
5259 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
5260 self.assertNotEqual(len(rep.u.auth_info), 0)
5261 a = self.parse_auth(rep.u.auth_info)
5262
5263 from_server = a.credentials
5264 (finished, to_server) = g.update(from_server)
5265 self.assertTrue(finished)
5266
5267 # And now try a request without auth_info
5268 req = self.generate_request(call_id=2,
5269 context_id=ctx1.context_id,
5270 opnum=0,
5271 stub=b"")
5272 self.send_pdu(req)
5273 rep = self.recv_pdu()
5274 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
5275 auth_length=0)
5276 self.assertNotEqual(rep.u.alloc_hint, 0)
5277 self.assertEqual(rep.u.context_id, req.u.context_id)
5278 self.assertEqual(rep.u.cancel_count, 0)
5279 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
5280
5281 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
5282 auth_info = self.generate_auth(auth_type=auth_type,
5283 auth_level=auth_level,
5284 auth_context_id=auth_context_id,
5285 auth_blob=b"\x01" + b"\x00" * 15)
5286 req = self.generate_request(call_id=3,
5287 context_id=ctx1.context_id,
5288 opnum=0,
5289 stub=b"",
5290 auth_info=auth_info)
5291 self.send_pdu(req)
5292 rep = self.recv_pdu()
5293 # We don't get an auth_info back
5294 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
5295 auth_length=0)
5296 self.assertNotEqual(rep.u.alloc_hint, 0)
5297 self.assertEqual(rep.u.context_id, req.u.context_id)
5298 self.assertEqual(rep.u.cancel_count, 0)
5299 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
5300
5301 self._disconnect("disconnect")
5302 self.assertNotConnected()
5303
5304 def test_spnego_auth_pad_fail_bind(self):
5305 ndr32 = base.transfer_syntax_ndr()
5306
5307 tsf1_list = [ndr32]
5308 ctx1 = dcerpc.ctx_list()
5309 ctx1.context_id = 1
5310 ctx1.num_transfer_syntaxes = len(tsf1_list)
5311 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
5312 ctx1.transfer_syntaxes = tsf1_list
5313 ctx_list = [ctx1]
5314
5315 c = self.get_anon_creds()
5316 g = gensec.Security.start_client(self.settings)
5317 g.set_credentials(c)
5318 g.want_feature(gensec.FEATURE_DCE_STYLE)
5319 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
5320 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
5321 auth_context_id = 2
5322 g.start_mech_by_authtype(auth_type, auth_level)
5323 from_server = b""
5324 (finished, to_server) = g.update(from_server)
5325 self.assertFalse(finished)
5326
5327 auth_info = self.generate_auth(auth_type=auth_type,
5328 auth_level=auth_level,
5329 auth_context_id=auth_context_id,
5330 auth_blob=to_server)
5331
5332 req = self.generate_bind(call_id=0,
5333 ctx_list=ctx_list,
5334 auth_info=auth_info)
5335 req_pdu = samba.ndr.ndr_pack(req)
5336
5337 auth_pad_ok = len(req_pdu)
5338 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
5339 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
5340 auth_pad_ok -= len(to_server)
5341 auth_pad_bad = auth_pad_ok + 1
5342 auth_info = self.generate_auth(auth_type=auth_type,
5343 auth_level=auth_level,
5344 auth_context_id=auth_context_id,
5345 auth_pad_length=auth_pad_bad,
5346 auth_blob=to_server)
5347
5348 req = self.generate_bind(call_id=0,
5349 ctx_list=ctx_list,
5350 auth_info=auth_info)
5351 self.send_pdu(req)
5352 rep = self.recv_pdu()
5353 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_NAK, req.call_id,
5354 auth_length=0)
5355 self.assertEqual(rep.u.reject_reason,
5356 dcerpc.DCERPC_BIND_NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED)
5357 self.assertEqual(rep.u.num_versions, 1)
5358 self.assertEqual(rep.u.versions[0].rpc_vers, req.rpc_vers)
5359 self.assertEqual(rep.u.versions[0].rpc_vers_minor, req.rpc_vers_minor)
5360 self.assertEqual(len(rep.u._pad), 3)
5361 self.assertEqual(rep.u._pad, b'\0' * 3)
5362
5363 # wait for a disconnect
5364 rep = self.recv_pdu()
5365 self.assertIsNone(rep)
5366 self.assertNotConnected()
5367
5368 def test_spnego_auth_pad_fail_alter(self):
5369 ndr32 = base.transfer_syntax_ndr()
5370
5371 tsf1_list = [ndr32]
5372 ctx1 = dcerpc.ctx_list()
5373 ctx1.context_id = 1
5374 ctx1.num_transfer_syntaxes = len(tsf1_list)
5375 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
5376 ctx1.transfer_syntaxes = tsf1_list
5377 ctx_list = [ctx1]
5378
5379 c = self.get_anon_creds()
5380 g = gensec.Security.start_client(self.settings)
5381 g.set_credentials(c)
5382 g.want_feature(gensec.FEATURE_DCE_STYLE)
5383 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
5384 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
5385 auth_context_id = 2
5386 g.start_mech_by_authtype(auth_type, auth_level)
5387 from_server = b""
5388 (finished, to_server) = g.update(from_server)
5389 self.assertFalse(finished)
5390
5391 auth_info = self.generate_auth(auth_type=auth_type,
5392 auth_level=auth_level,
5393 auth_context_id=auth_context_id,
5394 auth_blob=to_server)
5395
5396 req = self.generate_bind(call_id=0,
5397 ctx_list=ctx_list,
5398 auth_info=auth_info)
5399 req_pdu = samba.ndr.ndr_pack(req)
5400
5401 auth_pad_ok = len(req_pdu)
5402 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
5403 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
5404 auth_pad_ok -= len(to_server)
5405
5406 auth_info = self.generate_auth(auth_type=auth_type,
5407 auth_level=auth_level,
5408 auth_context_id=auth_context_id,
5409 auth_pad_length=auth_pad_ok,
5410 auth_blob=to_server)
5411
5412 req = self.generate_bind(call_id=0,
5413 ctx_list=ctx_list,
5414 auth_info=auth_info)
5415 self.send_pdu(req)
5416 rep = self.recv_pdu()
5417 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
5418 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
5419 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
5420 self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
5421 self.assertEqual(rep.u.secondary_address_size, 4)
5422 self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
5423 self.assertPadding(rep.u._pad1, 2)
5424 self.assertEqual(rep.u.num_results, 1)
5425 self.assertEqual(rep.u.ctx_list[0].result,
5426 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
5427 self.assertEqual(rep.u.ctx_list[0].reason,
5428 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
5429 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
5430 self.assertNotEqual(len(rep.u.auth_info), 0)
5431 a = self.parse_auth(rep.u.auth_info)
5432
5433 from_server = a.credentials
5434 (finished, to_server) = g.update(from_server)
5435 self.assertFalse(finished)
5436
5437 auth_info = self.generate_auth(auth_type=auth_type,
5438 auth_level=auth_level,
5439 auth_context_id=auth_context_id,
5440 auth_blob=to_server)
5441 req = self.generate_alter(call_id=0,
5442 ctx_list=ctx_list,
5443 assoc_group_id=rep.u.assoc_group_id,
5444 auth_info=auth_info)
5445 req_pdu = samba.ndr.ndr_pack(req)
5446
5447 auth_pad_ok = len(req_pdu)
5448 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
5449 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
5450 auth_pad_ok -= len(to_server)
5451 auth_pad_bad = auth_pad_ok + 1
5452 auth_info = self.generate_auth(auth_type=auth_type,
5453 auth_level=auth_level,
5454 auth_context_id=auth_context_id,
5455 auth_pad_length=auth_pad_bad,
5456 auth_blob=to_server)
5457 req = self.generate_alter(call_id=0,
5458 ctx_list=ctx_list,
5459 assoc_group_id=rep.u.assoc_group_id,
5460 auth_info=auth_info)
5461 self.send_pdu(req)
5462 rep = self.recv_pdu()
5463 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
5464 pfc_flags=req.pfc_flags |
5465 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
5466 auth_length=0)
5467 self.assertNotEqual(rep.u.alloc_hint, 0)
5468 self.assertEqual(rep.u.context_id, 0)
5469 self.assertEqual(rep.u.cancel_count, 0)
5470 self.assertEqual(rep.u.flags, 0)
5471 self.assertEqual(rep.u.status, dcerpc.DCERPC_NCA_S_PROTO_ERROR)
5472 self.assertEqual(rep.u.reserved, 0)
5473 self.assertEqual(len(rep.u.error_and_verifier), 0)
5474
5475 # wait for a disconnect
5476 rep = self.recv_pdu()
5477 self.assertIsNone(rep)
5478 self.assertNotConnected()
5479
5480 def test_ntlmssp_auth_pad_ok(self):
5481 ndr32 = base.transfer_syntax_ndr()
5482
5483 tsf1_list = [ndr32]
5484 ctx1 = dcerpc.ctx_list()
5485 ctx1.context_id = 1
5486 ctx1.num_transfer_syntaxes = len(tsf1_list)
5487 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
5488 ctx1.transfer_syntaxes = tsf1_list
5489 ctx_list = [ctx1]
5490
5491 c = self.get_anon_creds()
5492 g = gensec.Security.start_client(self.settings)
5493 g.set_credentials(c)
5494 g.want_feature(gensec.FEATURE_DCE_STYLE)
5495 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
5496 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
5497 auth_context_id = 2
5498 g.start_mech_by_authtype(auth_type, auth_level)
5499 from_server = b""
5500 (finished, to_server) = g.update(from_server)
5501 self.assertFalse(finished)
5502
5503 auth_info = self.generate_auth(auth_type=auth_type,
5504 auth_level=auth_level,
5505 auth_context_id=auth_context_id,
5506 auth_blob=to_server)
5507
5508 req = self.generate_bind(call_id=0,
5509 ctx_list=ctx_list,
5510 auth_info=auth_info)
5511 req_pdu = samba.ndr.ndr_pack(req)
5512
5513 auth_pad_ok = len(req_pdu)
5514 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
5515 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
5516 auth_pad_ok -= len(to_server)
5517
5518 auth_info = self.generate_auth(auth_type=auth_type,
5519 auth_level=auth_level,
5520 auth_context_id=auth_context_id,
5521 auth_pad_length=auth_pad_ok,
5522 auth_blob=to_server)
5523
5524 req = self.generate_bind(call_id=0,
5525 ctx_list=ctx_list,
5526 auth_info=auth_info)
5527 self.send_pdu(req)
5528 rep = self.recv_pdu()
5529 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
5530 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
5531 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
5532 self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
5533 self.assertEqual(rep.u.secondary_address_size, 4)
5534 self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
5535 self.assertPadding(rep.u._pad1, 2)
5536 self.assertEqual(rep.u.num_results, 1)
5537 self.assertEqual(rep.u.ctx_list[0].result,
5538 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
5539 self.assertEqual(rep.u.ctx_list[0].reason,
5540 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
5541 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
5542 self.assertNotEqual(len(rep.u.auth_info), 0)
5543 a = self.parse_auth(rep.u.auth_info)
5544
5545 from_server = a.credentials
5546 (finished, to_server) = g.update(from_server)
5547 self.assertTrue(finished)
5548
5549 auth_pad_ok = 0
5550 auth_info = self.generate_auth(auth_type=auth_type,
5551 auth_level=auth_level,
5552 auth_context_id=auth_context_id,
5553 auth_pad_length=auth_pad_ok,
5554 auth_blob=to_server)
5555 req = self.generate_auth3(call_id=0,
5556 auth_info=auth_info)
5557 self.send_pdu(req)
5558 rep = self.recv_pdu(timeout=0.01)
5559 self.assertIsNone(rep)
5560 self.assertIsConnected()
5561
5562 # And now try a request without auth_info
5563 req = self.generate_request(call_id=2,
5564 context_id=ctx1.context_id,
5565 opnum=0,
5566 stub=b"")
5567 self.send_pdu(req)
5568 rep = self.recv_pdu()
5569 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
5570 auth_length=0)
5571 self.assertNotEqual(rep.u.alloc_hint, 0)
5572 self.assertEqual(rep.u.context_id, req.u.context_id)
5573 self.assertEqual(rep.u.cancel_count, 0)
5574 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
5575
5576 # Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
5577 auth_info = self.generate_auth(auth_type=auth_type,
5578 auth_level=auth_level,
5579 auth_context_id=auth_context_id,
5580 auth_blob=b"\x01" + b"\x00" * 15)
5581 req = self.generate_request(call_id=3,
5582 context_id=ctx1.context_id,
5583 opnum=0,
5584 stub=b"",
5585 auth_info=auth_info)
5586 self.send_pdu(req)
5587 rep = self.recv_pdu()
5588 # We don't get an auth_info back
5589 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
5590 auth_length=0)
5591 self.assertNotEqual(rep.u.alloc_hint, 0)
5592 self.assertEqual(rep.u.context_id, req.u.context_id)
5593 self.assertEqual(rep.u.cancel_count, 0)
5594 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
5595
5596 self._disconnect("disconnect")
5597 self.assertNotConnected()
5598
5599 def test_ntlmssp_auth_pad_fail_auth3(self):
5600 ndr32 = base.transfer_syntax_ndr()
5601
5602 tsf1_list = [ndr32]
5603 ctx1 = dcerpc.ctx_list()
5604 ctx1.context_id = 1
5605 ctx1.num_transfer_syntaxes = len(tsf1_list)
5606 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
5607 ctx1.transfer_syntaxes = tsf1_list
5608 ctx_list = [ctx1]
5609
5610 c = self.get_anon_creds()
5611 g = gensec.Security.start_client(self.settings)
5612 g.set_credentials(c)
5613 g.want_feature(gensec.FEATURE_DCE_STYLE)
5614 auth_type = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
5615 auth_level = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
5616 auth_context_id = 2
5617 g.start_mech_by_authtype(auth_type, auth_level)
5618 from_server = b""
5619 (finished, to_server) = g.update(from_server)
5620 self.assertFalse(finished)
5621
5622 auth_info = self.generate_auth(auth_type=auth_type,
5623 auth_level=auth_level,
5624 auth_context_id=auth_context_id,
5625 auth_blob=to_server)
5626
5627 req = self.generate_bind(call_id=0,
5628 ctx_list=ctx_list,
5629 auth_info=auth_info)
5630 req_pdu = samba.ndr.ndr_pack(req)
5631
5632 auth_pad_ok = len(req_pdu)
5633 auth_pad_ok -= dcerpc.DCERPC_REQUEST_LENGTH
5634 auth_pad_ok -= dcerpc.DCERPC_AUTH_TRAILER_LENGTH
5635 auth_pad_ok -= len(to_server)
5636
5637 auth_info = self.generate_auth(auth_type=auth_type,
5638 auth_level=auth_level,
5639 auth_context_id=auth_context_id,
5640 auth_pad_length=auth_pad_ok,
5641 auth_blob=to_server)
5642
5643 req = self.generate_bind(call_id=0,
5644 ctx_list=ctx_list,
5645 auth_info=auth_info)
5646 self.send_pdu(req)
5647 rep = self.recv_pdu()
5648 self.verify_pdu(rep, dcerpc.DCERPC_PKT_BIND_ACK, req.call_id)
5649 self.assertEqual(rep.u.max_xmit_frag, req.u.max_xmit_frag)
5650 self.assertEqual(rep.u.max_recv_frag, req.u.max_recv_frag)
5651 self.assertNotEqual(rep.u.assoc_group_id, req.u.assoc_group_id)
5652 self.assertEqual(rep.u.secondary_address_size, 4)
5653 self.assertEqual(rep.u.secondary_address, "%d" % self.tcp_port)
5654 self.assertPadding(rep.u._pad1, 2)
5655 self.assertEqual(rep.u.num_results, 1)
5656 self.assertEqual(rep.u.ctx_list[0].result,
5657 dcerpc.DCERPC_BIND_ACK_RESULT_ACCEPTANCE)
5658 self.assertEqual(rep.u.ctx_list[0].reason,
5659 dcerpc.DCERPC_BIND_ACK_REASON_NOT_SPECIFIED)
5660 self.assertNDRSyntaxEquals(rep.u.ctx_list[0].syntax, ndr32)
5661 self.assertNotEqual(len(rep.u.auth_info), 0)
5662 a = self.parse_auth(rep.u.auth_info)
5663
5664 from_server = a.credentials
5665 (finished, to_server) = g.update(from_server)
5666 self.assertTrue(finished)
5667
5668 auth_pad_bad = 1
5669 auth_info = self.generate_auth(auth_type=auth_type,
5670 auth_level=auth_level,
5671 auth_context_id=auth_context_id,
5672 auth_pad_length=auth_pad_bad,
5673 auth_blob=to_server)
5674 req = self.generate_auth3(call_id=0,
5675 auth_info=auth_info)
5676 self.send_pdu(req)
5677 rep = self.recv_pdu()
5678 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
5679 pfc_flags=req.pfc_flags |
5680 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
5681 auth_length=0)
5682 self.assertNotEqual(rep.u.alloc_hint, 0)
5683 self.assertEqual(rep.u.context_id, 0)
5684 self.assertEqual(rep.u.cancel_count, 0)
5685 self.assertEqual(rep.u.flags, 0)
5686 self.assertEqual(rep.u.status, dcerpc.DCERPC_NCA_S_FAULT_REMOTE_NO_MEMORY)
5687 self.assertEqual(rep.u.reserved, 0)
5688 self.assertEqual(len(rep.u.error_and_verifier), 0)
5689
5690 # wait for a disconnect
5691 rep = self.recv_pdu()
5692 self.assertIsNone(rep)
5693 self.assertNotConnected()
5694
5695 def _test_auth_bind_auth_level(self, auth_type, auth_level, auth_context_id, ctx,
5696 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
5697 hdr_signing=False,
5698 alter_fault=None):
5699 creds = self.get_user_creds()
5700 auth_context = self.get_auth_context_creds(creds=creds,
5701 auth_type=auth_type,
5702 auth_level=auth_level,
5703 auth_context_id=auth_context_id,
5704 g_auth_level=g_auth_level,
5705 hdr_signing=hdr_signing)
5706 if auth_context is None:
5707 return None
5708 ack = self.do_generic_bind(ctx=ctx,
5709 auth_context=auth_context,
5710 alter_fault=alter_fault)
5711 if ack is None:
5712 return None
5713 return auth_context
5714
5715 def _test_spnego_level_bind_nak(self, auth_level,
5716 reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_CHECKSUM):
5717 c = self.get_user_creds()
5718 return self._test_auth_type_level_bind_nak(auth_type=dcerpc.DCERPC_AUTH_TYPE_SPNEGO,
5719 auth_level=auth_level, creds=c, reason=reason)
5720
5721 def _test_spnego_level_bind(self, auth_level,
5722 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
5723 alter_fault=None,
5724 request_fault=None,
5725 response_fault_flags=0):
5726 ndr32 = base.transfer_syntax_ndr()
5727
5728 tsf1_list = [ndr32]
5729 ctx1 = dcerpc.ctx_list()
5730 ctx1.context_id = 0x1001
5731 ctx1.num_transfer_syntaxes = len(tsf1_list)
5732 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
5733 ctx1.transfer_syntaxes = tsf1_list
5734
5735 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
5736 auth_context_id = 2
5737
5738 auth_context = self._test_auth_bind_auth_level(auth_type=auth_type,
5739 auth_level=auth_level,
5740 auth_context_id=auth_context_id,
5741 ctx=ctx1,
5742 g_auth_level=g_auth_level,
5743 alter_fault=alter_fault)
5744 if request_fault is None:
5745 return
5746
5747 self.assertIsNotNone(auth_context)
5748 g = auth_context["gensec"]
5749 self.assertIsNotNone(g)
5750
5751 stub_bin = b'\x00' * 17
5752 mod_len = len(stub_bin) % dcerpc.DCERPC_AUTH_PAD_ALIGNMENT
5753 auth_pad_length = 0
5754 if mod_len > 0:
5755 auth_pad_length = dcerpc.DCERPC_AUTH_PAD_ALIGNMENT - mod_len
5756 stub_bin += b'\x00' * auth_pad_length
5757
5758 if g_auth_level >= dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY:
5759 sig_size = g.sig_size(len(stub_bin))
5760 else:
5761 sig_size = 16
5762 zero_sig = b"\x00" * sig_size
5763
5764 auth_info = self.generate_auth(auth_type=auth_type,
5765 auth_level=auth_level,
5766 auth_pad_length=auth_pad_length,
5767 auth_context_id=auth_context_id,
5768 auth_blob=zero_sig)
5769 req = self.generate_request(call_id=4,
5770 context_id=ctx1.context_id,
5771 opnum=0xffff,
5772 stub=stub_bin,
5773 auth_info=auth_info)
5774 if g_auth_level >= dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY:
5775 req_blob = samba.ndr.ndr_pack(req)
5776 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
5777 ofs_sig = len(req_blob) - req.auth_length
5778 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
5779 req_data = req_blob[ofs_stub:ofs_trailer]
5780 req_whole = req_blob[0:ofs_sig]
5781 sig = g.sign_packet(req_data, req_whole)
5782 auth_info = self.generate_auth(auth_type=auth_type,
5783 auth_level=auth_level,
5784 auth_pad_length=auth_pad_length,
5785 auth_context_id=auth_context_id,
5786 auth_blob=sig)
5787 req = self.generate_request(call_id=4,
5788 context_id=ctx1.context_id,
5789 opnum=0xffff,
5790 stub=stub_bin,
5791 auth_info=auth_info)
5792 self.send_pdu(req)
5793 rep = self.recv_pdu()
5794 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
5795 pfc_flags=req.pfc_flags | response_fault_flags,
5796 auth_length=0)
5797 self.assertNotEqual(rep.u.alloc_hint, 0)
5798 self.assertEqual(rep.u.context_id, ctx1.context_id)
5799 self.assertEqual(rep.u.cancel_count, 0)
5800 self.assertEqual(rep.u.flags, 0)
5801 self.assertEqual(rep.u.status, request_fault)
5802 self.assertEqual(rep.u.reserved, 0)
5803 self.assertEqual(len(rep.u.error_and_verifier), 0)
5804
5805 if response_fault_flags & dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE:
5806 return
5807
5808 # wait for a disconnect
5809 rep = self.recv_pdu()
5810 self.assertIsNone(rep)
5811 self.assertNotConnected()
5812
5813 def test_spnego_none_bind(self):
5814 return self._test_spnego_level_bind_nak(dcerpc.DCERPC_AUTH_LEVEL_NONE,
5815 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
5816
5817 def test_spnego_call_bind(self):
5818 return self._test_spnego_level_bind_nak(dcerpc.DCERPC_AUTH_LEVEL_CALL,
5819 reason=dcerpc.DCERPC_BIND_NAK_REASON_INVALID_CHECKSUM)
5820
5821 def test_spnego_0_bind(self):
5822 return self._test_spnego_level_bind_nak(0,
5823 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
5824
5825 def test_spnego_7_bind(self):
5826 return self._test_spnego_level_bind_nak(7,
5827 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
5828
5829 def test_spnego_255_bind(self):
5830 return self._test_spnego_level_bind_nak(255,
5831 reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
5832
5833 def test_spnego_connect_bind_none(self):
5834 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
5835 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT)
5836
5837 def test_spnego_connect_bind_sign(self):
5838 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
5839 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
5840
5841 def test_spnego_connect_bind_seal(self):
5842 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
5843 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY)
5844
5845 def test_spnego_packet_bind_none(self):
5846 # DCERPC_AUTH_LEVEL_PACKET is handled as alias of
5847 # DCERPC_AUTH_LEVEL_INTEGRITY
5848 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PACKET,
5849 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
5850 request_fault=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
5851
5852 def test_spnego_packet_bind_sign(self):
5853 # DCERPC_AUTH_LEVEL_PACKET is handled as alias of
5854 # DCERPC_AUTH_LEVEL_INTEGRITY
5855 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PACKET,
5856 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
5857 request_fault=dcerpc.DCERPC_NCA_S_OP_RNG_ERROR,
5858 response_fault_flags=dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE)
5859
5860 def test_spnego_packet_bind_seal(self):
5861 # DCERPC_AUTH_LEVEL_PACKET is handled as alias of
5862 # DCERPC_AUTH_LEVEL_INTEGRITY
5863 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PACKET,
5864 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
5865 request_fault=dcerpc.DCERPC_NCA_S_OP_RNG_ERROR,
5866 response_fault_flags=dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE)
5867
5868 def test_spnego_integrity_bind_none(self):
5869 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
5870 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
5871 request_fault=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
5872
5873 def test_spnego_integrity_bind_sign(self):
5874 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
5875 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
5876 request_fault=dcerpc.DCERPC_NCA_S_OP_RNG_ERROR,
5877 response_fault_flags=dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE)
5878
5879 def test_spnego_integrity_bind_seal(self):
5880 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
5881 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
5882 request_fault=dcerpc.DCERPC_NCA_S_OP_RNG_ERROR,
5883 response_fault_flags=dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE)
5884
5885 def test_spnego_privacy_bind_none(self):
5886 # This fails...
5887 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
5888 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_CONNECT,
5889 alter_fault=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
5890
5891 def test_spnego_privacy_bind_sign(self):
5892 # This fails...
5893 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
5894 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
5895 alter_fault=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
5896
5897 def test_spnego_privacy_bind_seal(self):
5898 return self._test_spnego_level_bind(auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY,
5899 g_auth_level=dcerpc.DCERPC_AUTH_LEVEL_PRIVACY)
5900
5901 def _test_auth_signing_auth_level_request(self, auth_type, auth_level, hdr_sign=False):
5902 ndr32 = base.transfer_syntax_ndr()
5903
5904 tsf1_list = [ndr32]
5905 ctx1 = dcerpc.ctx_list()
5906 ctx1.context_id = 0x1001
5907 ctx1.num_transfer_syntaxes = len(tsf1_list)
5908 ctx1.abstract_syntax = samba.dcerpc.mgmt.abstract_syntax()
5909 ctx1.transfer_syntaxes = tsf1_list
5910 ctx_list = [ctx1]
5911
5912 auth_context_id = 2
5913
5914 auth_context = self._test_auth_bind_auth_level(auth_type=auth_type,
5915 auth_level=auth_level,
5916 auth_context_id=auth_context_id,
5917 hdr_signing=hdr_sign,
5918 ctx=ctx1)
5919 self.assertIsNotNone(auth_context)
5920 g = auth_context["gensec"]
5921 self.assertIsNotNone(g)
5922
5923 stub_bin = b'\x00' * 0
5924 mod_len = len(stub_bin) % dcerpc.DCERPC_AUTH_PAD_ALIGNMENT
5925 auth_pad_length = 0
5926 if mod_len > 0:
5927 auth_pad_length = dcerpc.DCERPC_AUTH_PAD_ALIGNMENT - mod_len
5928 stub_bin += b'\x00' * auth_pad_length
5929
5930 sig_size = g.sig_size(len(stub_bin))
5931 zero_sig = b"\x00" * sig_size
5932
5933 auth_info = self.generate_auth(auth_type=auth_type,
5934 auth_level=auth_level,
5935 auth_pad_length=auth_pad_length,
5936 auth_context_id=auth_context_id,
5937 auth_blob=zero_sig)
5938 req = self.generate_request(call_id=3,
5939 context_id=ctx1.context_id,
5940 opnum=0,
5941 stub=stub_bin,
5942 auth_info=auth_info)
5943 req_blob = samba.ndr.ndr_pack(req)
5944 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
5945 ofs_sig = len(req_blob) - req.auth_length
5946 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
5947 req_data = req_blob[ofs_stub:ofs_trailer]
5948 req_whole = req_blob[0:ofs_sig]
5949 sig = g.sign_packet(req_data, req_whole)
5950 auth_info = self.generate_auth(auth_type=auth_type,
5951 auth_level=auth_level,
5952 auth_pad_length=auth_pad_length,
5953 auth_context_id=auth_context_id,
5954 auth_blob=sig)
5955 req = self.generate_request(call_id=3,
5956 context_id=ctx1.context_id,
5957 opnum=0,
5958 stub=stub_bin,
5959 auth_info=auth_info)
5960 self.send_pdu(req)
5961 (rep, rep_blob) = self.recv_pdu_raw()
5962 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
5963 auth_length=sig_size)
5964 self.assertNotEqual(rep.u.alloc_hint, 0)
5965 self.assertEqual(rep.u.context_id, req.u.context_id & 0xff)
5966 self.assertEqual(rep.u.cancel_count, 0)
5967 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
5968 self.assertEqual(rep.auth_length, sig_size)
5969
5970 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
5971 ofs_sig = rep.frag_length - rep.auth_length
5972 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
5973 rep_data = rep_blob[ofs_stub:ofs_trailer]
5974 rep_whole = rep_blob[0:ofs_sig]
5975 rep_sig = rep_blob[ofs_sig:]
5976 rep_auth_info_blob = rep_blob[ofs_trailer:]
5977
5978 rep_auth_info = self.parse_auth(rep_auth_info_blob)
5979 self.assertEqual(rep_auth_info.auth_type, auth_type)
5980 self.assertEqual(rep_auth_info.auth_level, auth_level)
5981 # mgmt_inq_if_ids() returns no fixed size results
5982 #self.assertEqual(rep_auth_info.auth_pad_length, 0)
5983 self.assertEqual(rep_auth_info.auth_reserved, 0)
5984 self.assertEqual(rep_auth_info.auth_context_id, auth_context_id)
5985 self.assertEqual(rep_auth_info.credentials, rep_sig)
5986
5987 g.check_packet(rep_data, rep_whole, rep_sig)
5988
5989 stub_bin = b'\x00' * 17
5990 mod_len = len(stub_bin) % dcerpc.DCERPC_AUTH_PAD_ALIGNMENT
5991 auth_pad_length = 0
5992 if mod_len > 0:
5993 auth_pad_length = dcerpc.DCERPC_AUTH_PAD_ALIGNMENT - mod_len
5994 stub_bin += b'\x00' * auth_pad_length
5995
5996 sig_size = g.sig_size(len(stub_bin))
5997 zero_sig = b"\x00" * sig_size
5998
5999 auth_info = self.generate_auth(auth_type=auth_type,
6000 auth_level=auth_level,
6001 auth_pad_length=auth_pad_length,
6002 auth_context_id=auth_context_id,
6003 auth_blob=zero_sig)
6004 req = self.generate_request(call_id=4,
6005 context_id=ctx1.context_id,
6006 opnum=0xffff,
6007 stub=stub_bin,
6008 auth_info=auth_info)
6009 req_blob = samba.ndr.ndr_pack(req)
6010 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
6011 ofs_sig = len(req_blob) - req.auth_length
6012 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
6013 req_data = req_blob[ofs_stub:ofs_trailer]
6014 req_whole = req_blob[0:ofs_sig]
6015 sig = g.sign_packet(req_data, req_whole)
6016 auth_info = self.generate_auth(auth_type=auth_type,
6017 auth_level=auth_level,
6018 auth_pad_length=auth_pad_length,
6019 auth_context_id=auth_context_id,
6020 auth_blob=sig)
6021 req = self.generate_request(call_id=4,
6022 context_id=ctx1.context_id,
6023 opnum=0xffff,
6024 stub=stub_bin,
6025 auth_info=auth_info)
6026 self.send_pdu(req)
6027 rep = self.recv_pdu()
6028 self.verify_pdu(rep, dcerpc.DCERPC_PKT_FAULT, req.call_id,
6029 pfc_flags=req.pfc_flags |
6030 dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
6031 auth_length=0)
6032 self.assertNotEqual(rep.u.alloc_hint, 0)
6033 self.assertEqual(rep.u.context_id, ctx1.context_id)
6034 self.assertEqual(rep.u.cancel_count, 0)
6035 self.assertEqual(rep.u.flags, 0)
6036 self.assertEqual(rep.u.status, dcerpc.DCERPC_NCA_S_OP_RNG_ERROR)
6037 self.assertEqual(rep.u.reserved, 0)
6038 self.assertEqual(len(rep.u.error_and_verifier), 0)
6039
6040 stub_bin = b'\x00' * 8
6041 mod_len = len(stub_bin) % dcerpc.DCERPC_AUTH_PAD_ALIGNMENT
6042 auth_pad_length = 0
6043 if mod_len > 0:
6044 auth_pad_length = dcerpc.DCERPC_AUTH_PAD_ALIGNMENT - mod_len
6045 stub_bin += b'\x00' * auth_pad_length
6046
6047 sig_size = g.sig_size(len(stub_bin))
6048 zero_sig = b"\x00" * sig_size
6049
6050 auth_info = self.generate_auth(auth_type=auth_type,
6051 auth_level=auth_level,
6052 auth_pad_length=auth_pad_length,
6053 auth_context_id=auth_context_id,
6054 auth_blob=zero_sig)
6055 req = self.generate_request(call_id=5,
6056 context_id=ctx1.context_id,
6057 opnum=1,
6058 stub=stub_bin,
6059 auth_info=auth_info)
6060 req_blob = samba.ndr.ndr_pack(req)
6061 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
6062 ofs_sig = len(req_blob) - req.auth_length
6063 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
6064 req_data = req_blob[ofs_stub:ofs_trailer]
6065 req_whole = req_blob[0:ofs_sig]
6066 sig = g.sign_packet(req_data, req_whole)
6067 auth_info = self.generate_auth(auth_type=auth_type,
6068 auth_level=auth_level,
6069 auth_pad_length=auth_pad_length,
6070 auth_context_id=auth_context_id,
6071 auth_blob=sig)
6072 req = self.generate_request(call_id=5,
6073 context_id=ctx1.context_id,
6074 opnum=1,
6075 stub=stub_bin,
6076 auth_info=auth_info)
6077 self.send_pdu(req)
6078 (rep, rep_blob) = self.recv_pdu_raw()
6079 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
6080 auth_length=sig_size)
6081 self.assertNotEqual(rep.u.alloc_hint, 0)
6082 self.assertEqual(rep.u.context_id, req.u.context_id & 0xff)
6083 self.assertEqual(rep.u.cancel_count, 0)
6084 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
6085 self.assertEqual(rep.auth_length, sig_size)
6086
6087 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
6088 ofs_sig = rep.frag_length - rep.auth_length
6089 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
6090 rep_data = rep_blob[ofs_stub:ofs_trailer]
6091 rep_whole = rep_blob[0:ofs_sig]
6092 rep_sig = rep_blob[ofs_sig:]
6093 rep_auth_info_blob = rep_blob[ofs_trailer:]
6094
6095 rep_auth_info = self.parse_auth(rep_auth_info_blob)
6096 self.assertEqual(rep_auth_info.auth_type, auth_type)
6097 self.assertEqual(rep_auth_info.auth_level, auth_level)
6098 self.assertEqual(rep_auth_info.auth_pad_length, 4)
6099 self.assertEqual(rep_auth_info.auth_reserved, 0)
6100 self.assertEqual(rep_auth_info.auth_context_id, auth_context_id)
6101 self.assertEqual(rep_auth_info.credentials, rep_sig)
6102
6103 g.check_packet(rep_data, rep_whole, rep_sig)
6104
6105 stub_bin = b'\x00' * 8
6106 mod_len = len(stub_bin) % dcerpc.DCERPC_AUTH_PAD_ALIGNMENT
6107 auth_pad_length = 0
6108 if mod_len > 0:
6109 auth_pad_length = dcerpc.DCERPC_AUTH_PAD_ALIGNMENT - mod_len
6110 stub_bin += b'\x00' * auth_pad_length
6111
6112 sig_size = g.sig_size(len(stub_bin))
6113 zero_sig = b"\x00" * sig_size
6114
6115 auth_info = self.generate_auth(auth_type=auth_type,
6116 auth_level=auth_level,
6117 auth_pad_length=auth_pad_length,
6118 auth_context_id=auth_context_id,
6119 auth_blob=zero_sig)
6120 req = self.generate_request(call_id=6,
6121 context_id=ctx1.context_id,
6122 opnum=3,
6123 stub=stub_bin,
6124 auth_info=auth_info)
6125 req_blob = samba.ndr.ndr_pack(req)
6126 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
6127 ofs_sig = len(req_blob) - req.auth_length
6128 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
6129 req_data = req_blob[ofs_stub:ofs_trailer]
6130 req_whole = req_blob[0:ofs_sig]
6131 sig = g.sign_packet(req_data, req_whole)
6132 auth_info = self.generate_auth(auth_type=auth_type,
6133 auth_level=auth_level,
6134 auth_pad_length=auth_pad_length,
6135 auth_context_id=auth_context_id,
6136 auth_blob=sig)
6137 req = self.generate_request(call_id=6,
6138 context_id=ctx1.context_id,
6139 opnum=3,
6140 stub=stub_bin,
6141 auth_info=auth_info)
6142 self.send_pdu(req)
6143 (rep, rep_blob) = self.recv_pdu_raw()
6144 self.verify_pdu(rep, dcerpc.DCERPC_PKT_RESPONSE, req.call_id,
6145 auth_length=sig_size)
6146 self.assertNotEqual(rep.u.alloc_hint, 0)
6147 self.assertEqual(rep.u.context_id, req.u.context_id & 0xff)
6148 self.assertEqual(rep.u.cancel_count, 0)
6149 self.assertGreaterEqual(len(rep.u.stub_and_verifier), rep.u.alloc_hint)
6150 self.assertEqual(rep.auth_length, sig_size)
6151
6152 ofs_stub = dcerpc.DCERPC_REQUEST_LENGTH
6153 ofs_sig = rep.frag_length - rep.auth_length
6154 ofs_trailer = ofs_sig - dcerpc.DCERPC_AUTH_TRAILER_LENGTH
6155 rep_data = rep_blob[ofs_stub:ofs_trailer]
6156 rep_whole = rep_blob[0:ofs_sig]
6157 rep_sig = rep_blob[ofs_sig:]
6158 rep_auth_info_blob = rep_blob[ofs_trailer:]
6159
6160 rep_auth_info = self.parse_auth(rep_auth_info_blob)
6161 self.assertEqual(rep_auth_info.auth_type, auth_type)
6162 self.assertEqual(rep_auth_info.auth_level, auth_level)
6163 self.assertEqual(rep_auth_info.auth_pad_length, 12)
6164 self.assertEqual(rep_auth_info.auth_reserved, 0)
6165 self.assertEqual(rep_auth_info.auth_context_id, auth_context_id)
6166 self.assertEqual(rep_auth_info.credentials, rep_sig)
6167
6168 g.check_packet(rep_data, rep_whole, rep_sig)
6169
6170 def test_spnego_signing_packet(self):
6171 # DCERPC_AUTH_LEVEL_PACKET is handled as alias of
6172 # DCERPC_AUTH_LEVEL_INTEGRITY
6173 return self._test_auth_signing_auth_level_request(dcerpc.DCERPC_AUTH_TYPE_SPNEGO,
6174 dcerpc.DCERPC_AUTH_LEVEL_PACKET)
6175
6176 def test_spnego_hdr_signing_packet(self):
6177 # DCERPC_AUTH_LEVEL_PACKET is handled as alias of
6178 # DCERPC_AUTH_LEVEL_INTEGRITY
6179 return self._test_auth_signing_auth_level_request(dcerpc.DCERPC_AUTH_TYPE_SPNEGO,
6180 dcerpc.DCERPC_AUTH_LEVEL_PACKET,
6181 hdr_sign=True)
6182
6183 def test_spnego_signing_integrity(self):
6184 return self._test_auth_signing_auth_level_request(dcerpc.DCERPC_AUTH_TYPE_SPNEGO,
6185 dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
6186
6187 def test_spnego_hdr_signing_integrity(self):
6188 return self._test_auth_signing_auth_level_request(dcerpc.DCERPC_AUTH_TYPE_SPNEGO,
6189 dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
6190 hdr_sign=True)
6191
6192 def test_ntlm_signing_packet(self):
6193 # DCERPC_AUTH_LEVEL_PACKET is handled as alias of
6194 # DCERPC_AUTH_LEVEL_INTEGRITY
6195 return self._test_auth_signing_auth_level_request(dcerpc.DCERPC_AUTH_TYPE_NTLMSSP,
6196 dcerpc.DCERPC_AUTH_LEVEL_PACKET)
6197
6198 def test_ntlm_hdr_signing_packet(self):
6199 # DCERPC_AUTH_LEVEL_PACKET is handled as alias of
6200 # DCERPC_AUTH_LEVEL_INTEGRITY
6201 return self._test_auth_signing_auth_level_request(dcerpc.DCERPC_AUTH_TYPE_NTLMSSP,
6202 dcerpc.DCERPC_AUTH_LEVEL_PACKET,
6203 hdr_sign=True)
6204
6205 def test_ntlm_signing_integrity(self):
6206 return self._test_auth_signing_auth_level_request(dcerpc.DCERPC_AUTH_TYPE_NTLMSSP,
6207 dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
6208
6209 def test_ntlm_hdr_signing_integrity(self):
6210 return self._test_auth_signing_auth_level_request(dcerpc.DCERPC_AUTH_TYPE_NTLMSSP,
6211 dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
6212 hdr_sign=True)
6213
6214 def test_krb5_signing_packet(self):
6215 # DCERPC_AUTH_LEVEL_PACKET is handled as alias of
6216 # DCERPC_AUTH_LEVEL_INTEGRITY
6217 return self._test_auth_signing_auth_level_request(dcerpc.DCERPC_AUTH_TYPE_KRB5,
6218 dcerpc.DCERPC_AUTH_LEVEL_PACKET)
6219
6220 def test_krb5_hdr_signing_packet(self):
6221 # DCERPC_AUTH_LEVEL_PACKET is handled as alias of
6222 # DCERPC_AUTH_LEVEL_INTEGRITY
6223 return self._test_auth_signing_auth_level_request(dcerpc.DCERPC_AUTH_TYPE_KRB5,
6224 dcerpc.DCERPC_AUTH_LEVEL_PACKET,
6225 hdr_sign=True)
6226
6227 def test_krb5_signing_integrity(self):
6228 return self._test_auth_signing_auth_level_request(dcerpc.DCERPC_AUTH_TYPE_KRB5,
6229 dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY)
6230
6231 def test_krb5_hdr_signing_integrity(self):
6232 return self._test_auth_signing_auth_level_request(dcerpc.DCERPC_AUTH_TYPE_KRB5,
6233 dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY,
6234 hdr_sign=True)
6235
6236 def test_assoc_group_fail1(self):
6237 abstract = samba.dcerpc.mgmt.abstract_syntax()
6238 transfer = base.transfer_syntax_ndr()
6239
6240 tsf1_list = [transfer]
6241 ctx = samba.dcerpc.dcerpc.ctx_list()
6242 ctx.context_id = 1
6243 ctx.num_transfer_syntaxes = len(tsf1_list)
6244 ctx.abstract_syntax = abstract
6245 ctx.transfer_syntaxes = tsf1_list
6246
6247 ack = self.do_generic_bind(ctx=ctx, assoc_group_id=1,
6248 nak_reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
6249 return
6250
6251 def test_assoc_group_fail2(self):
6252 abstract = samba.dcerpc.mgmt.abstract_syntax()
6253 transfer = base.transfer_syntax_ndr()
6254
6255 tsf1_list = [transfer]
6256 ctx = samba.dcerpc.dcerpc.ctx_list()
6257 ctx.context_id = 1
6258 ctx.num_transfer_syntaxes = len(tsf1_list)
6259 ctx.abstract_syntax = abstract
6260 ctx.transfer_syntaxes = tsf1_list
6261
6262 ack = self.do_generic_bind(ctx=ctx)
6263
6264 self._disconnect("test_assoc_group_fail2")
6265 self.assertNotConnected()
6266 time.sleep(0.5)
6267 self.connect()
6268
6269 ack2 = self.do_generic_bind(ctx=ctx, assoc_group_id=ack.u.assoc_group_id,
6270 nak_reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
6271 return
6272
6273 def test_assoc_group_diff1(self):
6274 abstract = samba.dcerpc.mgmt.abstract_syntax()
6275 transfer = base.transfer_syntax_ndr()
6276
6277 (ctx1, ack1) = self.prepare_presentation(abstract, transfer,
6278 context_id=1, return_ack=True)
6279
6280 conn2 = self.second_connection()
6281 (ctx2, ack2) = conn2.prepare_presentation(abstract, transfer,
6282 context_id=2, return_ack=True)
6283 self.assertNotEqual(ack2.u.assoc_group_id, ack1.u.assoc_group_id)
6284
6285 conn2._disconnect("End of Test")
6286 return
6287
6288 def test_assoc_group_ok1(self):
6289 abstract = samba.dcerpc.mgmt.abstract_syntax()
6290 transfer = base.transfer_syntax_ndr()
6291
6292 (ctx1, ack1) = self.prepare_presentation(abstract, transfer,
6293 context_id=1, return_ack=True)
6294
6295 conn2 = self.second_connection()
6296 (ctx2, ack2) = conn2.prepare_presentation(abstract, transfer,
6297 assoc_group_id=ack1.u.assoc_group_id,
6298 context_id=2, return_ack=True)
6299
6300 inq_if_ids = samba.dcerpc.mgmt.inq_if_ids()
6301 self.do_single_request(call_id=1, ctx=ctx1, io=inq_if_ids)
6302 conn2.do_single_request(call_id=1, ctx=ctx2, io=inq_if_ids)
6303
6304 conn2.do_single_request(call_id=1, ctx=ctx1, io=inq_if_ids,
6305 fault_pfc_flags=(
6306 samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST |
6307 samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST |
6308 samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE),
6309 fault_status=dcerpc.DCERPC_NCA_S_UNKNOWN_IF,
6310 fault_context_id=0)
6311
6312 self.do_single_request(call_id=1, ctx=ctx1, io=inq_if_ids)
6313 conn2.do_single_request(call_id=1, ctx=ctx2, io=inq_if_ids)
6314 conn2._disconnect("End of Test")
6315 return
6316
6317 def test_assoc_group_ok2(self):
6318 abstract = samba.dcerpc.mgmt.abstract_syntax()
6319 transfer = base.transfer_syntax_ndr()
6320
6321 self.reconnect_smb_pipe(primary_address='\\pipe\\lsarpc',
6322 secondary_address='\\pipe\\lsass',
6323 transport_creds=self.get_user_creds())
6324 (ctx1, ack1) = self.prepare_presentation(abstract, transfer,
6325 context_id=1, return_ack=True)
6326
6327 conn2 = self.second_connection()
6328 (ctx2, ack2) = conn2.prepare_presentation(abstract, transfer,
6329 assoc_group_id=ack1.u.assoc_group_id,
6330 context_id=2, return_ack=True)
6331
6332 inq_if_ids = samba.dcerpc.mgmt.inq_if_ids()
6333 self.do_single_request(call_id=1, ctx=ctx1, io=inq_if_ids)
6334 conn2.do_single_request(call_id=1, ctx=ctx2, io=inq_if_ids)
6335
6336 conn2.do_single_request(call_id=1, ctx=ctx1, io=inq_if_ids,
6337 fault_pfc_flags=(
6338 samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST |
6339 samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST |
6340 samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE),
6341 fault_status=dcerpc.DCERPC_NCA_S_UNKNOWN_IF,
6342 fault_context_id=0)
6343
6344 self.do_single_request(call_id=1, ctx=ctx1, io=inq_if_ids)
6345 conn2.do_single_request(call_id=1, ctx=ctx2, io=inq_if_ids)
6346 conn2._disconnect("End of Test")
6347 return
6348
6349 def test_assoc_group_fail3(self):
6350 abstract = samba.dcerpc.mgmt.abstract_syntax()
6351 transfer = base.transfer_syntax_ndr()
6352
6353 (ctx1, ack1) = self.prepare_presentation(abstract, transfer,
6354 context_id=1, return_ack=True)
6355
6356 # assoc groups are per transport
6357 connF = self.second_connection(primary_address="\\pipe\\lsarpc",
6358 secondary_address="\\pipe\\lsass",
6359 transport_creds=self.get_user_creds())
6360 tsfF_list = [transfer]
6361 ctxF = samba.dcerpc.dcerpc.ctx_list()
6362 ctxF.context_id = 0xF
6363 ctxF.num_transfer_syntaxes = len(tsfF_list)
6364 ctxF.abstract_syntax = abstract
6365 ctxF.transfer_syntaxes = tsfF_list
6366 ack = connF.do_generic_bind(ctx=ctxF, assoc_group_id=ack1.u.assoc_group_id,
6367 nak_reason=dcerpc.DCERPC_BIND_NAK_REASON_NOT_SPECIFIED)
6368 # wait for a disconnect
6369 rep = connF.recv_pdu()
6370 self.assertIsNone(rep)
6371 connF.assertNotConnected()
6372
6373 conn2 = self.second_connection()
6374 (ctx2, ack2) = conn2.prepare_presentation(abstract, transfer,
6375 assoc_group_id=ack1.u.assoc_group_id,
6376 context_id=2, return_ack=True)
6377
6378 inq_if_ids = samba.dcerpc.mgmt.inq_if_ids()
6379 self.do_single_request(call_id=1, ctx=ctx1, io=inq_if_ids)
6380 conn2.do_single_request(call_id=1, ctx=ctx2, io=inq_if_ids)
6381
6382 conn2.do_single_request(call_id=1, ctx=ctx1, io=inq_if_ids,
6383 fault_pfc_flags=(
6384 samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_FIRST |
6385 samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_LAST |
6386 samba.dcerpc.dcerpc.DCERPC_PFC_FLAG_DID_NOT_EXECUTE),
6387 fault_status=dcerpc.DCERPC_NCA_S_UNKNOWN_IF,
6388 fault_context_id=0)
6389
6390 self.do_single_request(call_id=1, ctx=ctx1, io=inq_if_ids)
6391 conn2.do_single_request(call_id=1, ctx=ctx2, io=inq_if_ids)
6392 conn2._disconnect("End of Test")
6393 return
6394
6395 def _test_krb5_hdr_sign_delayed1(self, do_upgrade):
6396 auth_type = dcerpc.DCERPC_AUTH_TYPE_KRB5
6397 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
6398 auth_context_id = 1
6399
6400 creds = self.get_user_creds()
6401
6402 abstract = samba.dcerpc.mgmt.abstract_syntax()
6403 transfer = base.transfer_syntax_ndr()
6404
6405 tsf1_list = [transfer]
6406 ctx = samba.dcerpc.dcerpc.ctx_list()
6407 ctx.context_id = 1
6408 ctx.num_transfer_syntaxes = len(tsf1_list)
6409 ctx.abstract_syntax = abstract
6410 ctx.transfer_syntaxes = tsf1_list
6411
6412 auth_context = self.get_auth_context_creds(creds=creds,
6413 auth_type=auth_type,
6414 auth_level=auth_level,
6415 auth_context_id=auth_context_id,
6416 hdr_signing=False)
6417
6418 ack = self.do_generic_bind(call_id=1,
6419 ctx=ctx,
6420 auth_context=auth_context)
6421
6422 inq_if_ids = samba.dcerpc.mgmt.inq_if_ids()
6423 self.do_single_request(call_id=2, ctx=ctx, io=inq_if_ids,
6424 auth_context=auth_context)
6425
6426 #
6427 # This is just an alter context without authentication
6428 # But it can turn on header signing for the whole connection
6429 #
6430 ack2 = self.do_generic_bind(call_id=3, ctx=ctx,
6431 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
6432 dcerpc.DCERPC_PFC_FLAG_LAST |
6433 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN,
6434 assoc_group_id = ack.u.assoc_group_id,
6435 start_with_alter=True)
6436
6437 self.assertFalse(auth_context['hdr_signing'])
6438 if do_upgrade:
6439 auth_context['hdr_signing'] = True
6440 auth_context["gensec"].want_feature(gensec.FEATURE_SIGN_PKT_HEADER)
6441 fault_status=None
6442 else:
6443 fault_status=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR
6444
6445 self.do_single_request(call_id=4, ctx=ctx, io=inq_if_ids,
6446 auth_context=auth_context,
6447 fault_status=fault_status)
6448
6449 if fault_status is not None:
6450 # wait for a disconnect
6451 rep = self.recv_pdu()
6452 self.assertIsNone(rep)
6453 self.assertNotConnected()
6454 return
6455
6456 self.do_single_request(call_id=5, ctx=ctx, io=inq_if_ids,
6457 auth_context=auth_context)
6458 return
6459
6460 def test_krb5_hdr_sign_delayed1_ok1(self):
6461 return self._test_krb5_hdr_sign_delayed1(do_upgrade=True)
6462
6463 def test_krb5_hdr_sign_delayed1_fail1(self):
6464 return self._test_krb5_hdr_sign_delayed1(do_upgrade=False)
6465
6466 def _test_krb5_hdr_sign_delayed2(self, do_upgrade):
6467 auth_type = dcerpc.DCERPC_AUTH_TYPE_KRB5
6468 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
6469 auth_context_id = 1
6470
6471 creds = self.get_user_creds()
6472
6473 abstract = samba.dcerpc.mgmt.abstract_syntax()
6474 transfer = base.transfer_syntax_ndr()
6475
6476 tsf1_list = [transfer]
6477 ctx = samba.dcerpc.dcerpc.ctx_list()
6478 ctx.context_id = 1
6479 ctx.num_transfer_syntaxes = len(tsf1_list)
6480 ctx.abstract_syntax = abstract
6481 ctx.transfer_syntaxes = tsf1_list
6482
6483 auth_context = self.get_auth_context_creds(creds=creds,
6484 auth_type=auth_type,
6485 auth_level=auth_level,
6486 auth_context_id=auth_context_id,
6487 hdr_signing=False)
6488
6489 #
6490 # SUPPORT_HEADER_SIGN on alter context activates header signing
6491 #
6492 ack = self.do_generic_bind(call_id=1,
6493 ctx=ctx,
6494 auth_context=auth_context,
6495 pfc_flags_2nd=dcerpc.DCERPC_PFC_FLAG_FIRST |
6496 dcerpc.DCERPC_PFC_FLAG_LAST |
6497 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)
6498
6499 self.assertFalse(auth_context['hdr_signing'])
6500 if do_upgrade:
6501 auth_context['hdr_signing'] = True
6502 auth_context["gensec"].want_feature(gensec.FEATURE_SIGN_PKT_HEADER)
6503 fault_status=None
6504 else:
6505 fault_status=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR
6506
6507 inq_if_ids = samba.dcerpc.mgmt.inq_if_ids()
6508 self.do_single_request(call_id=4, ctx=ctx, io=inq_if_ids,
6509 auth_context=auth_context,
6510 fault_status=fault_status)
6511
6512 if fault_status is not None:
6513 # wait for a disconnect
6514 rep = self.recv_pdu()
6515 self.assertIsNone(rep)
6516 self.assertNotConnected()
6517 return
6518
6519 self.do_single_request(call_id=5, ctx=ctx, io=inq_if_ids,
6520 auth_context=auth_context)
6521 return
6522
6523 def test_krb5_hdr_sign_delayed2_ok1(self):
6524 return self._test_krb5_hdr_sign_delayed2(do_upgrade=True)
6525
6526 def test_krb5_hdr_sign_delayed2_fail1(self):
6527 return self._test_krb5_hdr_sign_delayed2(do_upgrade=False)
6528
6529 def test_krb5_hdr_sign_delayed3_fail1(self):
6530 auth_type = dcerpc.DCERPC_AUTH_TYPE_KRB5
6531 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
6532 auth_context_id = 1
6533
6534 creds = self.get_user_creds()
6535
6536 abstract = samba.dcerpc.mgmt.abstract_syntax()
6537 transfer = base.transfer_syntax_ndr()
6538
6539 tsf1_list = [transfer]
6540 ctx = samba.dcerpc.dcerpc.ctx_list()
6541 ctx.context_id = 1
6542 ctx.num_transfer_syntaxes = len(tsf1_list)
6543 ctx.abstract_syntax = abstract
6544 ctx.transfer_syntaxes = tsf1_list
6545
6546 auth_context = self.get_auth_context_creds(creds=creds,
6547 auth_type=auth_type,
6548 auth_level=auth_level,
6549 auth_context_id=auth_context_id,
6550 hdr_signing=False)
6551
6552 #
6553 # SUPPORT_HEADER_SIGN on auth3 doesn't activate header signing
6554 #
6555 ack = self.do_generic_bind(call_id=1,
6556 ctx=ctx,
6557 auth_context=auth_context,
6558 pfc_flags_2nd=dcerpc.DCERPC_PFC_FLAG_FIRST |
6559 dcerpc.DCERPC_PFC_FLAG_LAST |
6560 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN,
6561 use_auth3=True)
6562
6563 inq_if_ids = samba.dcerpc.mgmt.inq_if_ids()
6564 self.do_single_request(call_id=2, ctx=ctx, io=inq_if_ids,
6565 auth_context=auth_context)
6566
6567 self.assertFalse(auth_context['hdr_signing'])
6568 auth_context['hdr_signing'] = True
6569 auth_context["gensec"].want_feature(gensec.FEATURE_SIGN_PKT_HEADER)
6570 fault_status=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR
6571
6572 self.do_single_request(call_id=4, ctx=ctx, io=inq_if_ids,
6573 auth_context=auth_context,
6574 fault_status=fault_status)
6575
6576 # wait for a disconnect
6577 rep = self.recv_pdu()
6578 self.assertIsNone(rep)
6579 self.assertNotConnected()
6580 return
6581
6582 def _test_lsa_multi_auth_connect1(self, smb_creds,
6583 account_name0, authority_name0):
6584 creds1 = self.get_anon_creds()
6585 account_name1 = "ANONYMOUS LOGON"
6586 authority_name1 = "NT AUTHORITY"
6587 auth_type1 = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
6588 auth_level1 = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
6589 auth_context_id1 = 1
6590
6591 creds2 = self.get_user_creds()
6592 account_name2 = creds2.get_username()
6593 authority_name2 = creds2.get_domain()
6594 auth_type2 = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
6595 auth_level2 = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
6596 auth_context_id2 = 2
6597
6598 abstract = samba.dcerpc.lsa.abstract_syntax()
6599 transfer = base.transfer_syntax_ndr()
6600
6601 self.reconnect_smb_pipe(primary_address='\\pipe\\lsarpc',
6602 secondary_address='\\pipe\\lsass',
6603 transport_creds=smb_creds)
6604 self.assertIsConnected()
6605
6606 tsf1_list = [transfer]
6607 ctx1 = samba.dcerpc.dcerpc.ctx_list()
6608 ctx1.context_id = 1
6609 ctx1.num_transfer_syntaxes = len(tsf1_list)
6610 ctx1.abstract_syntax = abstract
6611 ctx1.transfer_syntaxes = tsf1_list
6612
6613 auth_context1 = self.get_auth_context_creds(creds=creds1,
6614 auth_type=auth_type1,
6615 auth_level=auth_level1,
6616 auth_context_id=auth_context_id1,
6617 hdr_signing=False)
6618 auth_context2 = self.get_auth_context_creds(creds=creds2,
6619 auth_type=auth_type2,
6620 auth_level=auth_level2,
6621 auth_context_id=auth_context_id2,
6622 hdr_signing=False)
6623
6624 get_user_name = samba.dcerpc.lsa.GetUserName()
6625 get_user_name.in_system_name = self.target_hostname
6626 get_user_name.in_account_name = None
6627 get_user_name.in_authority_name = base.ndr_pointer(None)
6628
6629 ack1 = self.do_generic_bind(call_id=0,
6630 ctx=ctx1,
6631 auth_context=auth_context1)
6632
6633 #
6634 # With just one explicit auth context and that
6635 # uses AUTH_LEVEL_CONNECT context.
6636 #
6637 # We always get that by default instead of the one default one
6638 # inherited from the transport
6639 #
6640 self.do_single_request(call_id=1, ctx=ctx1, io=get_user_name)
6641 self.assertEqual(get_user_name.result[0], NT_STATUS_SUCCESS)
6642 self.assertEqualsStrLower(get_user_name.out_account_name, account_name1)
6643 self.assertEqualsStrLower(get_user_name.out_authority_name.value, authority_name1)
6644
6645 self.do_single_request(call_id=2, ctx=ctx1, io=get_user_name,
6646 auth_context=auth_context1)
6647 self.assertEqual(get_user_name.result[0], NT_STATUS_SUCCESS)
6648 self.assertEqualsStrLower(get_user_name.out_account_name, account_name1)
6649 self.assertEqualsStrLower(get_user_name.out_authority_name.value, authority_name1)
6650
6651 ack2 = self.do_generic_bind(call_id=3,
6652 ctx=ctx1,
6653 auth_context=auth_context2,
6654 assoc_group_id = ack1.u.assoc_group_id,
6655 start_with_alter=True)
6656
6657 #
6658 # Now we have two explicit auth contexts
6659 #
6660 # If we don't specify one of them we get the default one
6661 # inherited from the transport
6662 #
6663 self.do_single_request(call_id=4, ctx=ctx1, io=get_user_name)
6664 self.assertEqual(get_user_name.result[0], NT_STATUS_SUCCESS)
6665 self.assertEqualsStrLower(get_user_name.out_account_name, account_name0)
6666 self.assertEqualsStrLower(get_user_name.out_authority_name.value, authority_name0)
6667
6668 self.do_single_request(call_id=5, ctx=ctx1, io=get_user_name,
6669 auth_context=auth_context1)
6670 self.assertEqual(get_user_name.result[0], NT_STATUS_SUCCESS)
6671 self.assertEqualsStrLower(get_user_name.out_account_name, account_name1)
6672 self.assertEqualsStrLower(get_user_name.out_authority_name.value, authority_name1)
6673
6674 self.do_single_request(call_id=6, ctx=ctx1, io=get_user_name,
6675 auth_context=auth_context2)
6676 self.assertEqual(get_user_name.result[0], NT_STATUS_SUCCESS)
6677 self.assertEqualsStrLower(get_user_name.out_account_name, account_name2)
6678 self.assertEqualsStrLower(get_user_name.out_authority_name.value, authority_name2)
6679
6680 self.do_single_request(call_id=7, ctx=ctx1, io=get_user_name)
6681 self.assertEqual(get_user_name.result[0], NT_STATUS_SUCCESS)
6682 self.assertEqualsStrLower(get_user_name.out_account_name, account_name0)
6683 self.assertEqualsStrLower(get_user_name.out_authority_name.value, authority_name0)
6684
6685 return
6686
6687 def test_lsa_multi_auth_connect1u(self):
6688 smb_auth_creds = self.get_user_creds()
6689 account_name0 = smb_auth_creds.get_username()
6690 authority_name0 = smb_auth_creds.get_domain()
6691 return self._test_lsa_multi_auth_connect1(smb_auth_creds,
6692 account_name0,
6693 authority_name0)
6694
6695 def test_lsa_multi_auth_connect1a(self):
6696 smb_auth_creds = self.get_anon_creds()
6697 account_name0 = "ANONYMOUS LOGON"
6698 authority_name0 = "NT AUTHORITY"
6699 return self._test_lsa_multi_auth_connect1(smb_auth_creds,
6700 account_name0,
6701 authority_name0)
6702
6703 def _test_lsa_multi_auth_connect2(self, smb_creds,
6704 account_name0, authority_name0):
6705 creds1 = self.get_anon_creds()
6706 account_name1 = "ANONYMOUS LOGON"
6707 authority_name1 = "NT AUTHORITY"
6708 auth_type1 = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
6709 auth_level1 = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
6710 auth_context_id1 = 1
6711
6712 creds2 = self.get_user_creds()
6713 account_name2 = creds2.get_username()
6714 authority_name2 = creds2.get_domain()
6715 auth_type2 = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
6716 auth_level2 = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
6717 auth_context_id2 = 2
6718
6719 abstract = samba.dcerpc.lsa.abstract_syntax()
6720 transfer = base.transfer_syntax_ndr()
6721
6722 self.reconnect_smb_pipe(primary_address='\\pipe\\lsarpc',
6723 secondary_address='\\pipe\\lsass',
6724 transport_creds=smb_creds)
6725 self.assertIsConnected()
6726
6727 tsf1_list = [transfer]
6728 ctx1 = samba.dcerpc.dcerpc.ctx_list()
6729 ctx1.context_id = 1
6730 ctx1.num_transfer_syntaxes = len(tsf1_list)
6731 ctx1.abstract_syntax = abstract
6732 ctx1.transfer_syntaxes = tsf1_list
6733
6734 auth_context1 = self.get_auth_context_creds(creds=creds1,
6735 auth_type=auth_type1,
6736 auth_level=auth_level1,
6737 auth_context_id=auth_context_id1,
6738 hdr_signing=False)
6739 auth_context2 = self.get_auth_context_creds(creds=creds2,
6740 auth_type=auth_type2,
6741 auth_level=auth_level2,
6742 auth_context_id=auth_context_id2,
6743 hdr_signing=False)
6744
6745 get_user_name = samba.dcerpc.lsa.GetUserName()
6746 get_user_name.in_system_name = self.target_hostname
6747 get_user_name.in_account_name = None
6748 get_user_name.in_authority_name = base.ndr_pointer(None)
6749
6750 ack0 = self.do_generic_bind(call_id=0, ctx=ctx1)
6751
6752 #
6753 # We use the default auth context
6754 # inherited from the transport
6755 #
6756 self.do_single_request(call_id=1, ctx=ctx1, io=get_user_name)
6757 self.assertEqual(get_user_name.result[0], NT_STATUS_SUCCESS)
6758 self.assertEqualsStrLower(get_user_name.out_account_name, account_name0)
6759 self.assertEqualsStrLower(get_user_name.out_authority_name.value, authority_name0)
6760
6761 ack1 = self.do_generic_bind(call_id=2,
6762 ctx=ctx1,
6763 auth_context=auth_context1,
6764 assoc_group_id = ack0.u.assoc_group_id,
6765 start_with_alter=True)
6766
6767 #
6768 # With just one explicit auth context and that
6769 # uses AUTH_LEVEL_CONNECT context.
6770 #
6771 # We always get that by default instead of the one default one
6772 # inherited from the transport
6773 #
6774 self.do_single_request(call_id=3, ctx=ctx1, io=get_user_name)
6775 self.assertEqual(get_user_name.result[0], NT_STATUS_SUCCESS)
6776 self.assertEqualsStrLower(get_user_name.out_account_name, account_name1)
6777 self.assertEqualsStrLower(get_user_name.out_authority_name.value, authority_name1)
6778
6779 self.do_single_request(call_id=4, ctx=ctx1, io=get_user_name,
6780 auth_context=auth_context1)
6781 self.assertEqual(get_user_name.result[0], NT_STATUS_SUCCESS)
6782 self.assertEqualsStrLower(get_user_name.out_account_name, account_name1)
6783 self.assertEqualsStrLower(get_user_name.out_authority_name.value, authority_name1)
6784
6785 ack2 = self.do_generic_bind(call_id=5,
6786 ctx=ctx1,
6787 auth_context=auth_context2,
6788 assoc_group_id = ack0.u.assoc_group_id,
6789 start_with_alter=True)
6790
6791 #
6792 # Now we have two explicit auth contexts
6793 #
6794 # If we don't specify one of them we get the default one
6795 # inherited from the transport (again)
6796 #
6797 self.do_single_request(call_id=6, ctx=ctx1, io=get_user_name)
6798 self.assertEqual(get_user_name.result[0], NT_STATUS_SUCCESS)
6799 self.assertEqualsStrLower(get_user_name.out_account_name, account_name0)
6800 self.assertEqualsStrLower(get_user_name.out_authority_name.value, authority_name0)
6801
6802 self.do_single_request(call_id=7, ctx=ctx1, io=get_user_name,
6803 auth_context=auth_context1)
6804 self.assertEqual(get_user_name.result[0], NT_STATUS_SUCCESS)
6805 self.assertEqualsStrLower(get_user_name.out_account_name, account_name1)
6806 self.assertEqualsStrLower(get_user_name.out_authority_name.value, authority_name1)
6807
6808 self.do_single_request(call_id=8, ctx=ctx1, io=get_user_name,
6809 auth_context=auth_context2)
6810 self.assertEqual(get_user_name.result[0], NT_STATUS_SUCCESS)
6811 self.assertEqualsStrLower(get_user_name.out_account_name, account_name2)
6812 self.assertEqualsStrLower(get_user_name.out_authority_name.value, authority_name2)
6813
6814 self.do_single_request(call_id=9, ctx=ctx1, io=get_user_name)
6815 self.assertEqual(get_user_name.result[0], NT_STATUS_SUCCESS)
6816 self.assertEqualsStrLower(get_user_name.out_account_name, account_name0)
6817 self.assertEqualsStrLower(get_user_name.out_authority_name.value, authority_name0)
6818
6819 return
6820
6821 def test_lsa_multi_auth_connect2u(self):
6822 smb_auth_creds = self.get_user_creds()
6823 account_name0 = smb_auth_creds.get_username()
6824 authority_name0 = smb_auth_creds.get_domain()
6825 return self._test_lsa_multi_auth_connect2(smb_auth_creds,
6826 account_name0,
6827 authority_name0)
6828
6829 def test_lsa_multi_auth_connect2a(self):
6830 smb_auth_creds = self.get_anon_creds()
6831 account_name0 = "ANONYMOUS LOGON"
6832 authority_name0 = "NT AUTHORITY"
6833 return self._test_lsa_multi_auth_connect2(smb_auth_creds,
6834 account_name0,
6835 authority_name0)
6836
6837 def _test_lsa_multi_auth_connect3(self, smb_creds,
6838 account_name0, authority_name0):
6839 creds1 = self.get_anon_creds()
6840 account_name1 = "ANONYMOUS LOGON"
6841 authority_name1 = "NT AUTHORITY"
6842 auth_type1 = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
6843 auth_level1 = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
6844 auth_context_id1 = 1
6845
6846 creds2 = self.get_user_creds()
6847 account_name2 = creds2.get_username()
6848 authority_name2 = creds2.get_domain()
6849 auth_type2 = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
6850 auth_level2 = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
6851 auth_context_id2 = 2
6852
6853 abstract = samba.dcerpc.lsa.abstract_syntax()
6854 transfer = base.transfer_syntax_ndr()
6855
6856 self.reconnect_smb_pipe(primary_address='\\pipe\\lsarpc',
6857 secondary_address='\\pipe\\lsass',
6858 transport_creds=smb_creds)
6859 self.assertIsConnected()
6860
6861 tsf1_list = [transfer]
6862 ctx1 = samba.dcerpc.dcerpc.ctx_list()
6863 ctx1.context_id = 1
6864 ctx1.num_transfer_syntaxes = len(tsf1_list)
6865 ctx1.abstract_syntax = abstract
6866 ctx1.transfer_syntaxes = tsf1_list
6867
6868 auth_context1 = self.get_auth_context_creds(creds=creds1,
6869 auth_type=auth_type1,
6870 auth_level=auth_level1,
6871 auth_context_id=auth_context_id1,
6872 hdr_signing=False)
6873 auth_context2 = self.get_auth_context_creds(creds=creds2,
6874 auth_type=auth_type2,
6875 auth_level=auth_level2,
6876 auth_context_id=auth_context_id2,
6877 hdr_signing=False)
6878
6879 get_user_name = samba.dcerpc.lsa.GetUserName()
6880 get_user_name.in_system_name = self.target_hostname
6881 get_user_name.in_account_name = None
6882 get_user_name.in_authority_name = base.ndr_pointer(None)
6883
6884 ack0 = self.do_generic_bind(call_id=0, ctx=ctx1)
6885
6886 #
6887 # We use the default auth context
6888 # inherited from the transport
6889 #
6890 self.do_single_request(call_id=1, ctx=ctx1, io=get_user_name)
6891 self.assertEqual(get_user_name.result[0], NT_STATUS_SUCCESS)
6892 self.assertEqualsStrLower(get_user_name.out_account_name, account_name0)
6893 self.assertEqualsStrLower(get_user_name.out_authority_name.value, authority_name0)
6894
6895 ack1 = self.do_generic_bind(call_id=2,
6896 ctx=ctx1,
6897 auth_context=auth_context1,
6898 assoc_group_id = ack0.u.assoc_group_id,
6899 start_with_alter=True)
6900
6901 #
6902 # With just one explicit auth context and that
6903 # uses AUTH_LEVEL_CONNECT context.
6904 #
6905 # We always get that by default instead of the one default one
6906 # inherited from the transport
6907 #
6908 # Until an explicit usage resets that mode
6909 #
6910 self.do_single_request(call_id=3, ctx=ctx1, io=get_user_name)
6911 self.assertEqual(get_user_name.result[0], NT_STATUS_SUCCESS)
6912 self.assertEqualsStrLower(get_user_name.out_account_name, account_name1)
6913 self.assertEqualsStrLower(get_user_name.out_authority_name.value, authority_name1)
6914
6915 self.do_single_request(call_id=4, ctx=ctx1, io=get_user_name)
6916 self.assertEqual(get_user_name.result[0], NT_STATUS_SUCCESS)
6917 self.assertEqualsStrLower(get_user_name.out_account_name, account_name1)
6918 self.assertEqualsStrLower(get_user_name.out_authority_name.value, authority_name1)
6919
6920 self.do_single_request(call_id=5, ctx=ctx1, io=get_user_name,
6921 auth_context=auth_context1)
6922 self.assertEqual(get_user_name.result[0], NT_STATUS_SUCCESS)
6923 self.assertEqualsStrLower(get_user_name.out_account_name, account_name1)
6924 self.assertEqualsStrLower(get_user_name.out_authority_name.value, authority_name1)
6925
6926 self.do_single_request(call_id=6, ctx=ctx1, io=get_user_name)
6927 self.assertEqual(get_user_name.result[0], NT_STATUS_SUCCESS)
6928 self.assertEqualsStrLower(get_user_name.out_account_name, account_name0)
6929 self.assertEqualsStrLower(get_user_name.out_authority_name.value, authority_name0)
6930
6931 ack2 = self.do_generic_bind(call_id=7,
6932 ctx=ctx1,
6933 auth_context=auth_context2,
6934 assoc_group_id = ack0.u.assoc_group_id,
6935 start_with_alter=True)
6936 #
6937 # A new auth context won't change that mode again.
6938 #
6939 self.do_single_request(call_id=8, ctx=ctx1, io=get_user_name)
6940 self.assertEqual(get_user_name.result[0], NT_STATUS_SUCCESS)
6941 self.assertEqualsStrLower(get_user_name.out_account_name, account_name0)
6942 self.assertEqualsStrLower(get_user_name.out_authority_name.value, authority_name0)
6943
6944 self.do_single_request(call_id=9, ctx=ctx1, io=get_user_name,
6945 auth_context=auth_context1)
6946 self.assertEqual(get_user_name.result[0], NT_STATUS_SUCCESS)
6947 self.assertEqualsStrLower(get_user_name.out_account_name, account_name1)
6948 self.assertEqualsStrLower(get_user_name.out_authority_name.value, authority_name1)
6949
6950 self.do_single_request(call_id=10, ctx=ctx1, io=get_user_name,
6951 auth_context=auth_context2)
6952 self.assertEqual(get_user_name.result[0], NT_STATUS_SUCCESS)
6953 self.assertEqualsStrLower(get_user_name.out_account_name, account_name2)
6954 self.assertEqualsStrLower(get_user_name.out_authority_name.value, authority_name2)
6955
6956 self.do_single_request(call_id=11, ctx=ctx1, io=get_user_name)
6957 self.assertEqual(get_user_name.result[0], NT_STATUS_SUCCESS)
6958 self.assertEqualsStrLower(get_user_name.out_account_name, account_name0)
6959 self.assertEqualsStrLower(get_user_name.out_authority_name.value, authority_name0)
6960
6961 return
6962
6963 def test_lsa_multi_auth_connect3u(self):
6964 smb_auth_creds = self.get_user_creds()
6965 account_name0 = smb_auth_creds.get_username()
6966 authority_name0 = smb_auth_creds.get_domain()
6967 return self._test_lsa_multi_auth_connect3(smb_auth_creds,
6968 account_name0,
6969 authority_name0)
6970
6971 def test_lsa_multi_auth_connect3a(self):
6972 smb_auth_creds = self.get_anon_creds()
6973 account_name0 = "ANONYMOUS LOGON"
6974 authority_name0 = "NT AUTHORITY"
6975 return self._test_lsa_multi_auth_connect3(smb_auth_creds,
6976 account_name0,
6977 authority_name0)
6978
6979 def _test_lsa_multi_auth_connect4(self, smb_creds,
6980 account_name0, authority_name0):
6981 creds1 = self.get_anon_creds()
6982 account_name1 = "ANONYMOUS LOGON"
6983 authority_name1 = "NT AUTHORITY"
6984 auth_type1 = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
6985 auth_level1 = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
6986 auth_context_id1 = 1
6987
6988 creds2 = self.get_user_creds()
6989 account_name2 = creds2.get_username()
6990 authority_name2 = creds2.get_domain()
6991 auth_type2 = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
6992 auth_level2 = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
6993 auth_context_id2 = 2
6994
6995 creds3 = self.get_anon_creds()
6996 account_name3 = "ANONYMOUS LOGON"
6997 authority_name3 = "NT AUTHORITY"
6998 auth_type3 = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
6999 auth_level3 = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
7000 auth_context_id3 = 3
7001
7002 creds4 = self.get_user_creds()
7003 account_name4 = creds4.get_username()
7004 authority_name4 = creds4.get_domain()
7005 auth_type4 = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
7006 auth_level4 = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
7007 auth_context_id4 = 4
7008
7009 abstract = samba.dcerpc.lsa.abstract_syntax()
7010 transfer = base.transfer_syntax_ndr()
7011
7012 self.reconnect_smb_pipe(primary_address='\\pipe\\lsarpc',
7013 secondary_address='\\pipe\\lsass',
7014 transport_creds=smb_creds)
7015 self.assertIsConnected()
7016
7017 tsf1_list = [transfer]
7018 ctx1 = samba.dcerpc.dcerpc.ctx_list()
7019 ctx1.context_id = 1
7020 ctx1.num_transfer_syntaxes = len(tsf1_list)
7021 ctx1.abstract_syntax = abstract
7022 ctx1.transfer_syntaxes = tsf1_list
7023
7024 auth_context1 = self.get_auth_context_creds(creds=creds1,
7025 auth_type=auth_type1,
7026 auth_level=auth_level1,
7027 auth_context_id=auth_context_id1,
7028 hdr_signing=False)
7029 auth_context2 = self.get_auth_context_creds(creds=creds2,
7030 auth_type=auth_type2,
7031 auth_level=auth_level2,
7032 auth_context_id=auth_context_id2,
7033 hdr_signing=False)
7034 auth_context3 = self.get_auth_context_creds(creds=creds3,
7035 auth_type=auth_type3,
7036 auth_level=auth_level3,
7037 auth_context_id=auth_context_id3,
7038 hdr_signing=False)
7039 auth_context4 = self.get_auth_context_creds(creds=creds4,
7040 auth_type=auth_type4,
7041 auth_level=auth_level4,
7042 auth_context_id=auth_context_id4,
7043 hdr_signing=False)
7044
7045 get_user_name = samba.dcerpc.lsa.GetUserName()
7046 get_user_name.in_system_name = self.target_hostname
7047 get_user_name.in_account_name = None
7048 get_user_name.in_authority_name = base.ndr_pointer(None)
7049
7050 ack0 = self.do_generic_bind(call_id=0, ctx=ctx1)
7051
7052 #
7053 # We use the default auth context
7054 # inherited from the transport
7055 #
7056 self.do_single_request(call_id=1, ctx=ctx1, io=get_user_name)
7057 self.assertEqual(get_user_name.result[0], NT_STATUS_SUCCESS)
7058 self.assertEqualsStrLower(get_user_name.out_account_name, account_name0)
7059 self.assertEqualsStrLower(get_user_name.out_authority_name.value, authority_name0)
7060
7061 ack1 = self.do_generic_bind(call_id=2,
7062 ctx=ctx1,
7063 auth_context=auth_context1,
7064 assoc_group_id = ack0.u.assoc_group_id,
7065 start_with_alter=True)
7066
7067 #
7068 # With just one explicit auth context and that
7069 # uses AUTH_LEVEL_CONNECT context.
7070 #
7071 # We always get that by default instead of the one default one
7072 # inherited from the transport
7073 #
7074 # Until a new explicit context resets the mode
7075 #
7076 self.do_single_request(call_id=3, ctx=ctx1, io=get_user_name)
7077 self.assertEqual(get_user_name.result[0], NT_STATUS_SUCCESS)
7078 self.assertEqualsStrLower(get_user_name.out_account_name, account_name1)
7079 self.assertEqualsStrLower(get_user_name.out_authority_name.value, authority_name1)
7080
7081 self.do_single_request(call_id=4, ctx=ctx1, io=get_user_name)
7082 self.assertEqual(get_user_name.result[0], NT_STATUS_SUCCESS)
7083 self.assertEqualsStrLower(get_user_name.out_account_name, account_name1)
7084 self.assertEqualsStrLower(get_user_name.out_authority_name.value, authority_name1)
7085
7086 ack2 = self.do_generic_bind(call_id=5,
7087 ctx=ctx1,
7088 auth_context=auth_context2,
7089 assoc_group_id = ack0.u.assoc_group_id,
7090 start_with_alter=True)
7091
7092 #
7093 # A new auth context with LEVEL_CONNECT resets the default.
7094 #
7095 self.do_single_request(call_id=6, ctx=ctx1, io=get_user_name)
7096 self.assertEqual(get_user_name.result[0], NT_STATUS_SUCCESS)
7097 self.assertEqualsStrLower(get_user_name.out_account_name, account_name2)
7098 self.assertEqualsStrLower(get_user_name.out_authority_name.value, authority_name2)
7099
7100 self.do_single_request(call_id=7, ctx=ctx1, io=get_user_name)
7101 self.assertEqual(get_user_name.result[0], NT_STATUS_SUCCESS)
7102 self.assertEqualsStrLower(get_user_name.out_account_name, account_name2)
7103 self.assertEqualsStrLower(get_user_name.out_authority_name.value, authority_name2)
7104
7105 ack3 = self.do_generic_bind(call_id=8,
7106 ctx=ctx1,
7107 auth_context=auth_context3,
7108 assoc_group_id = ack0.u.assoc_group_id,
7109 start_with_alter=True)
7110
7111 #
7112 # A new auth context with LEVEL_CONNECT resets the default.
7113 #
7114 self.do_single_request(call_id=9, ctx=ctx1, io=get_user_name)
7115 self.assertEqual(get_user_name.result[0], NT_STATUS_SUCCESS)
7116 self.assertEqualsStrLower(get_user_name.out_account_name, account_name3)
7117 self.assertEqualsStrLower(get_user_name.out_authority_name.value, authority_name3)
7118
7119 self.do_single_request(call_id=10, ctx=ctx1, io=get_user_name)
7120 self.assertEqual(get_user_name.result[0], NT_STATUS_SUCCESS)
7121 self.assertEqualsStrLower(get_user_name.out_account_name, account_name3)
7122 self.assertEqualsStrLower(get_user_name.out_authority_name.value, authority_name3)
7123
7124 ack4 = self.do_generic_bind(call_id=11,
7125 ctx=ctx1,
7126 auth_context=auth_context4,
7127 assoc_group_id = ack0.u.assoc_group_id,
7128 start_with_alter=True)
7129
7130 #
7131 # A new auth context with LEVEL_CONNECT resets the default.
7132 #
7133 self.do_single_request(call_id=12, ctx=ctx1, io=get_user_name)
7134 self.assertEqual(get_user_name.result[0], NT_STATUS_SUCCESS)
7135 self.assertEqualsStrLower(get_user_name.out_account_name, account_name4)
7136 self.assertEqualsStrLower(get_user_name.out_authority_name.value, authority_name4)
7137
7138 self.do_single_request(call_id=13, ctx=ctx1, io=get_user_name)
7139 self.assertEqual(get_user_name.result[0], NT_STATUS_SUCCESS)
7140 self.assertEqualsStrLower(get_user_name.out_account_name, account_name4)
7141 self.assertEqualsStrLower(get_user_name.out_authority_name.value, authority_name4)
7142
7143 #
7144 # Only the explicit usage of any context reset that mode
7145 #
7146 self.do_single_request(call_id=14, ctx=ctx1, io=get_user_name,
7147 auth_context=auth_context1)
7148 self.assertEqual(get_user_name.result[0], NT_STATUS_SUCCESS)
7149 self.assertEqualsStrLower(get_user_name.out_account_name, account_name1)
7150 self.assertEqualsStrLower(get_user_name.out_authority_name.value, authority_name1)
7151
7152 self.do_single_request(call_id=15, ctx=ctx1, io=get_user_name)
7153 self.assertEqual(get_user_name.result[0], NT_STATUS_SUCCESS)
7154 self.assertEqualsStrLower(get_user_name.out_account_name, account_name0)
7155 self.assertEqualsStrLower(get_user_name.out_authority_name.value, authority_name0)
7156
7157 self.do_single_request(call_id=16, ctx=ctx1, io=get_user_name,
7158 auth_context=auth_context1)
7159 self.assertEqual(get_user_name.result[0], NT_STATUS_SUCCESS)
7160 self.assertEqualsStrLower(get_user_name.out_account_name, account_name1)
7161 self.assertEqualsStrLower(get_user_name.out_authority_name.value, authority_name1)
7162
7163 self.do_single_request(call_id=17, ctx=ctx1, io=get_user_name,
7164 auth_context=auth_context2)
7165 self.assertEqual(get_user_name.result[0], NT_STATUS_SUCCESS)
7166 self.assertEqualsStrLower(get_user_name.out_account_name, account_name2)
7167 self.assertEqualsStrLower(get_user_name.out_authority_name.value, authority_name2)
7168
7169 self.do_single_request(call_id=18, ctx=ctx1, io=get_user_name,
7170 auth_context=auth_context3)
7171 self.assertEqual(get_user_name.result[0], NT_STATUS_SUCCESS)
7172 self.assertEqualsStrLower(get_user_name.out_account_name, account_name3)
7173 self.assertEqualsStrLower(get_user_name.out_authority_name.value, authority_name3)
7174
7175 self.do_single_request(call_id=19, ctx=ctx1, io=get_user_name,
7176 auth_context=auth_context4)
7177 self.assertEqual(get_user_name.result[0], NT_STATUS_SUCCESS)
7178 self.assertEqualsStrLower(get_user_name.out_account_name, account_name4)
7179 self.assertEqualsStrLower(get_user_name.out_authority_name.value, authority_name4)
7180
7181 self.do_single_request(call_id=20, ctx=ctx1, io=get_user_name)
7182 self.assertEqual(get_user_name.result[0], NT_STATUS_SUCCESS)
7183 self.assertEqualsStrLower(get_user_name.out_account_name, account_name0)
7184 self.assertEqualsStrLower(get_user_name.out_authority_name.value, authority_name0)
7185
7186 return
7187
7188 def test_lsa_multi_auth_connect4u(self):
7189 smb_auth_creds = self.get_user_creds()
7190 account_name0 = smb_auth_creds.get_username()
7191 authority_name0 = smb_auth_creds.get_domain()
7192 return self._test_lsa_multi_auth_connect4(smb_auth_creds,
7193 account_name0,
7194 authority_name0)
7195
7196 def test_lsa_multi_auth_connect4a(self):
7197 smb_auth_creds = self.get_anon_creds()
7198 account_name0 = "ANONYMOUS LOGON"
7199 authority_name0 = "NT AUTHORITY"
7200 return self._test_lsa_multi_auth_connect4(smb_auth_creds,
7201 account_name0,
7202 authority_name0)
7203
7204 def _test_lsa_multi_auth_sign_connect1(self, smb_creds,
7205 account_name0, authority_name0):
7206
7207 creds1 = self.get_user_creds()
7208 account_name1 = creds1.get_username()
7209 authority_name1 = creds1.get_domain()
7210 auth_type1 = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
7211 auth_level1 = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
7212 auth_context_id1 = 1
7213
7214 creds2 = self.get_user_creds()
7215 account_name2 = creds2.get_username()
7216 authority_name2 = creds2.get_domain()
7217 auth_type2 = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
7218 auth_level2 = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
7219 auth_context_id2 = 2
7220
7221 creds3 = self.get_anon_creds()
7222 account_name3 = "ANONYMOUS LOGON"
7223 authority_name3 = "NT AUTHORITY"
7224 auth_type3 = dcerpc.DCERPC_AUTH_TYPE_NTLMSSP
7225 auth_level3 = dcerpc.DCERPC_AUTH_LEVEL_CONNECT
7226 auth_context_id3 = 3
7227
7228 abstract = samba.dcerpc.lsa.abstract_syntax()
7229 transfer = base.transfer_syntax_ndr()
7230
7231 self.reconnect_smb_pipe(primary_address='\\pipe\\lsarpc',
7232 secondary_address='\\pipe\\lsass',
7233 transport_creds=smb_creds)
7234 self.assertIsConnected()
7235
7236 tsf1_list = [transfer]
7237 ctx1 = samba.dcerpc.dcerpc.ctx_list()
7238 ctx1.context_id = 1
7239 ctx1.num_transfer_syntaxes = len(tsf1_list)
7240 ctx1.abstract_syntax = abstract
7241 ctx1.transfer_syntaxes = tsf1_list
7242
7243 auth_context1 = self.get_auth_context_creds(creds=creds1,
7244 auth_type=auth_type1,
7245 auth_level=auth_level1,
7246 auth_context_id=auth_context_id1,
7247 hdr_signing=False)
7248 auth_context2 = self.get_auth_context_creds(creds=creds2,
7249 auth_type=auth_type2,
7250 auth_level=auth_level2,
7251 auth_context_id=auth_context_id2,
7252 hdr_signing=False)
7253 auth_context3 = self.get_auth_context_creds(creds=creds3,
7254 auth_type=auth_type3,
7255 auth_level=auth_level3,
7256 auth_context_id=auth_context_id3,
7257 hdr_signing=False)
7258
7259 get_user_name = samba.dcerpc.lsa.GetUserName()
7260 get_user_name.in_system_name = self.target_hostname
7261 get_user_name.in_account_name = None
7262 get_user_name.in_authority_name = base.ndr_pointer(None)
7263
7264 ack1 = self.do_generic_bind(call_id=0,
7265 ctx=ctx1,
7266 auth_context=auth_context1)
7267
7268 #
7269 # With just one explicit auth context and that
7270 # *not* uses AUTH_LEVEL_CONNECT context.
7271 #
7272 # We don't get the by default (auth_context1)
7273 #
7274 self.do_single_request(call_id=1, ctx=ctx1, io=get_user_name)
7275 self.assertEqual(get_user_name.result[0], NT_STATUS_SUCCESS)
7276 self.assertEqualsStrLower(get_user_name.out_account_name, account_name0)
7277 self.assertEqualsStrLower(get_user_name.out_authority_name.value, authority_name0)
7278
7279 self.do_single_request(call_id=2, ctx=ctx1, io=get_user_name,
7280 auth_context=auth_context1)
7281 self.assertEqual(get_user_name.result[0], NT_STATUS_SUCCESS)
7282 self.assertEqualsStrLower(get_user_name.out_account_name, account_name1)
7283 self.assertEqualsStrLower(get_user_name.out_authority_name.value, authority_name1)
7284
7285 self.do_single_request(call_id=3, ctx=ctx1, io=get_user_name)
7286 self.assertEqual(get_user_name.result[0], NT_STATUS_SUCCESS)
7287 self.assertEqualsStrLower(get_user_name.out_account_name, account_name0)
7288 self.assertEqualsStrLower(get_user_name.out_authority_name.value, authority_name0)
7289
7290 ack2 = self.do_generic_bind(call_id=4,
7291 ctx=ctx1,
7292 auth_context=auth_context2,
7293 assoc_group_id = ack1.u.assoc_group_id,
7294 start_with_alter=True)
7295
7296 #
7297 # With just two explicit auth context and
7298 # *none* uses AUTH_LEVEL_CONNECT context.
7299 #
7300 # We don't get auth_context1 or auth_context2 by default
7301 #
7302 self.do_single_request(call_id=5, ctx=ctx1, io=get_user_name)
7303 self.assertEqual(get_user_name.result[0], NT_STATUS_SUCCESS)
7304 self.assertEqualsStrLower(get_user_name.out_account_name, account_name0)
7305 self.assertEqualsStrLower(get_user_name.out_authority_name.value, authority_name0)
7306
7307 self.do_single_request(call_id=6, ctx=ctx1, io=get_user_name,
7308 auth_context=auth_context1)
7309 self.assertEqual(get_user_name.result[0], NT_STATUS_SUCCESS)
7310 self.assertEqualsStrLower(get_user_name.out_account_name, account_name1)
7311 self.assertEqualsStrLower(get_user_name.out_authority_name.value, authority_name1)
7312
7313 self.do_single_request(call_id=7, ctx=ctx1, io=get_user_name,
7314 auth_context=auth_context2)
7315 self.assertEqual(get_user_name.result[0], NT_STATUS_SUCCESS)
7316 self.assertEqualsStrLower(get_user_name.out_account_name, account_name2)
7317 self.assertEqualsStrLower(get_user_name.out_authority_name.value, authority_name2)
7318
7319 self.do_single_request(call_id=8, ctx=ctx1, io=get_user_name)
7320 self.assertEqual(get_user_name.result[0], NT_STATUS_SUCCESS)
7321 self.assertEqualsStrLower(get_user_name.out_account_name, account_name0)
7322 self.assertEqualsStrLower(get_user_name.out_authority_name.value, authority_name0)
7323
7324 ack3 = self.do_generic_bind(call_id=9,
7325 ctx=ctx1,
7326 auth_context=auth_context3,
7327 assoc_group_id = ack1.u.assoc_group_id,
7328 start_with_alter=True)
7329
7330 #
7331 # Now we have tree explicit auth contexts,
7332 # but just one with AUTH_LEVEL_CONNECT
7333 #
7334 # If we don't specify one of them we get
7335 # that one auth_level_connect context.
7336 #
7337 # Until an explicit usage of any auth context reset that mode.
7338 #
7339 self.do_single_request(call_id=10, ctx=ctx1, io=get_user_name)
7340 self.assertEqual(get_user_name.result[0], NT_STATUS_SUCCESS)
7341 self.assertEqualsStrLower(get_user_name.out_account_name, account_name3)
7342 self.assertEqualsStrLower(get_user_name.out_authority_name.value, authority_name3)
7343
7344 self.do_single_request(call_id=11, ctx=ctx1, io=get_user_name)
7345 self.assertEqual(get_user_name.result[0], NT_STATUS_SUCCESS)
7346 self.assertEqualsStrLower(get_user_name.out_account_name, account_name3)
7347 self.assertEqualsStrLower(get_user_name.out_authority_name.value, authority_name3)
7348
7349 self.do_single_request(call_id=12, ctx=ctx1, io=get_user_name,
7350 auth_context=auth_context1)
7351 self.assertEqual(get_user_name.result[0], NT_STATUS_SUCCESS)
7352 self.assertEqualsStrLower(get_user_name.out_account_name, account_name1)
7353 self.assertEqualsStrLower(get_user_name.out_authority_name.value, authority_name1)
7354
7355 self.do_single_request(call_id=13, ctx=ctx1, io=get_user_name)
7356 self.assertEqual(get_user_name.result[0], NT_STATUS_SUCCESS)
7357 self.assertEqualsStrLower(get_user_name.out_account_name, account_name0)
7358 self.assertEqualsStrLower(get_user_name.out_authority_name.value, authority_name0)
7359
7360 return
7361
7362 def test_lsa_multi_auth_sign_connect1u(self):
7363 smb_auth_creds = self.get_user_creds()
7364 account_name0 = smb_auth_creds.get_username()
7365 authority_name0 = smb_auth_creds.get_domain()
7366 return self._test_lsa_multi_auth_sign_connect1(smb_auth_creds,
7367 account_name0,
7368 authority_name0)
7369 def test_lsa_multi_auth_sign_connect1a(self):
7370 smb_auth_creds = self.get_anon_creds()
7371 account_name0 = "ANONYMOUS LOGON"
7372 authority_name0 = "NT AUTHORITY"
7373 return self._test_lsa_multi_auth_sign_connect1(smb_auth_creds,
7374 account_name0,
7375 authority_name0)
7376
7377 def test_spnego_multiple_auth_hdr_signing(self):
7378 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
7379 auth_level1 = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
7380 auth_context_id1=1
7381 auth_level2 = dcerpc.DCERPC_AUTH_LEVEL_PACKET
7382 auth_context_id2=2
7383
7384 creds = self.get_user_creds()
7385
7386 abstract = samba.dcerpc.mgmt.abstract_syntax()
7387 transfer = base.transfer_syntax_ndr()
7388
7389 tsf1_list = [transfer]
7390 ctx = samba.dcerpc.dcerpc.ctx_list()
7391 ctx.context_id = 1
7392 ctx.num_transfer_syntaxes = len(tsf1_list)
7393 ctx.abstract_syntax = abstract
7394 ctx.transfer_syntaxes = tsf1_list
7395
7396 auth_context1 = self.get_auth_context_creds(creds=creds,
7397 auth_type=auth_type,
7398 auth_level=auth_level1,
7399 auth_context_id=auth_context_id1,
7400 hdr_signing=False)
7401 auth_context2 = self.get_auth_context_creds(creds=creds,
7402 auth_type=auth_type,
7403 auth_level=auth_level2,
7404 auth_context_id=auth_context_id2,
7405 hdr_signing=False)
7406
7407 ack0 = self.do_generic_bind(call_id=1, ctx=ctx)
7408
7409 ack1 = self.do_generic_bind(call_id=2,
7410 ctx=ctx,
7411 auth_context=auth_context1,
7412 assoc_group_id = ack0.u.assoc_group_id,
7413 start_with_alter=True)
7414 ack2 = self.do_generic_bind(call_id=3,
7415 ctx=ctx,
7416 auth_context=auth_context2,
7417 assoc_group_id = ack0.u.assoc_group_id,
7418 start_with_alter=True)
7419
7420 inq_if_ids = samba.dcerpc.mgmt.inq_if_ids()
7421 self.do_single_request(call_id=4, ctx=ctx, io=inq_if_ids)
7422 self.do_single_request(call_id=5, ctx=ctx, io=inq_if_ids,
7423 auth_context=auth_context1)
7424 self.do_single_request(call_id=6, ctx=ctx, io=inq_if_ids,
7425 auth_context=auth_context2)
7426
7427 ack3 = self.do_generic_bind(call_id=7, ctx=ctx,
7428 pfc_flags=dcerpc.DCERPC_PFC_FLAG_FIRST |
7429 dcerpc.DCERPC_PFC_FLAG_LAST |
7430 dcerpc.DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN,
7431 assoc_group_id = ack0.u.assoc_group_id,
7432 start_with_alter=True)
7433
7434 self.assertFalse(auth_context1['hdr_signing'])
7435 auth_context1['hdr_signing'] = True
7436 auth_context1["gensec"].want_feature(gensec.FEATURE_SIGN_PKT_HEADER)
7437
7438 self.do_single_request(call_id=8, ctx=ctx, io=inq_if_ids)
7439 self.do_single_request(call_id=9, ctx=ctx, io=inq_if_ids,
7440 auth_context=auth_context1)
7441 self.do_single_request(call_id=10, ctx=ctx, io=inq_if_ids,
7442 auth_context=auth_context2,
7443 fault_status=dcerpc.DCERPC_FAULT_SEC_PKG_ERROR)
7444
7445 # wait for a disconnect
7446 rep = self.recv_pdu()
7447 self.assertIsNone(rep)
7448 self.assertNotConnected()
7449
7450 def test_multiple_auth_limit(self):
7451 creds = self.get_user_creds()
7452
7453 abstract = samba.dcerpc.mgmt.abstract_syntax()
7454 transfer = base.transfer_syntax_ndr()
7455
7456 tsf1_list = [transfer]
7457 ctx = samba.dcerpc.dcerpc.ctx_list()
7458 ctx.context_id = 1
7459 ctx.num_transfer_syntaxes = len(tsf1_list)
7460 ctx.abstract_syntax = abstract
7461 ctx.transfer_syntaxes = tsf1_list
7462
7463 ack0 = self.do_generic_bind(call_id=0, ctx=ctx)
7464
7465 is_server_listening = samba.dcerpc.mgmt.is_server_listening()
7466
7467 max_num_auth_str = samba.tests.env_get_var_value('MAX_NUM_AUTH', allow_missing=True)
7468 if max_num_auth_str is not None:
7469 max_num_auth = int(max_num_auth_str)
7470 else:
7471 max_num_auth = 2049
7472
7473 for i in range(1, max_num_auth+2):
7474 auth_type = dcerpc.DCERPC_AUTH_TYPE_SPNEGO
7475 auth_level = dcerpc.DCERPC_AUTH_LEVEL_INTEGRITY
7476 auth_context_id = i
7477
7478 auth_context = self.get_auth_context_creds(creds=creds,
7479 auth_type=auth_type,
7480 auth_level=auth_level,
7481 auth_context_id=auth_context_id,
7482 hdr_signing=False)
7483
7484 alter_fault = None
7485 if i > max_num_auth:
7486 alter_fault = dcerpc.DCERPC_NCA_S_PROTO_ERROR
7487
7488 ack = self.do_generic_bind(call_id=auth_context_id,
7489 ctx=ctx,
7490 auth_context=auth_context,
7491 assoc_group_id = ack0.u.assoc_group_id,
7492 alter_fault=alter_fault,
7493 start_with_alter=True,
7494 )
7495 if alter_fault is not None:
7496 break
7497
7498
7499 self.do_single_request(call_id=auth_context_id,
7500 ctx=ctx, io=is_server_listening,
7501 auth_context=auth_context)
7502
7503 # wait for a disconnect
7504 rep = self.recv_pdu()
7505 self.assertIsNone(rep)
7506 self.assertNotConnected()
7507 return
7508
7509
7510 if __name__ == "__main__":
7511 global_ndr_print = True
7512 global_hexdump = True
7513 import unittest
7514 unittest.main()
Samba GIT mirror