2018-12-12 03:43:21 +03:00
#!/usr/bin/env python3
2014-03-27 01:42:19 +04:00
# Unix SMB/CIFS implementation.
# Copyright (C) Stefan Metzmacher 2014,2015
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
import sys
import os
2018-06-21 07:31:03 +03:00
import time
2014-03-27 01:42:19 +04:00
sys . path . insert ( 0 , " bin/python " )
os . environ [ " PYTHONUNBUFFERED " ] = " 1 "
import samba . dcerpc . dcerpc as dcerpc
import samba . dcerpc . base as base
2015-10-23 16:39:34 +03:00
import samba . dcerpc . misc as misc
2014-03-27 01:42:19 +04:00
import samba . dcerpc . epmapper
import samba . dcerpc . mgmt
import samba . dcerpc . netlogon
import struct
from samba import gensec
2016-09-08 10:05:22 +03:00
from samba . tests . dcerpc . raw_testcase import RawDCERPCTest
2018-05-01 14:24:47 +03:00
from samba . compat import binary_type
2014-03-27 01:42:19 +04:00
global_ndr_print = False
global_hexdump = False
2018-07-30 09:20:39 +03:00
2014-03-27 01:42:19 +04:00
class TestDCERPC_BIND ( RawDCERPCTest ) :
def setUp ( self ) :
super ( TestDCERPC_BIND , self ) . setUp ( )
self . do_ndr_print = global_ndr_print
self . do_hexdump = global_hexdump
def _test_no_auth_request_bind_pfc_flags ( self , req_pfc_flags , rep_pfc_flags ) :
ndr32 = base . transfer_syntax_ndr ( )
tsf1_list = [ ndr32 ]
ctx1 = dcerpc . ctx_list ( )
ctx1 . context_id = 1
ctx1 . num_transfer_syntaxes = len ( tsf1_list )
ctx1 . abstract_syntax = samba . dcerpc . mgmt . abstract_syntax ( )
ctx1 . transfer_syntaxes = tsf1_list
req = self . generate_bind ( call_id = 0 , pfc_flags = req_pfc_flags , ctx_list = [ ctx1 ] )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_BIND_ACK , req . call_id ,
pfc_flags = rep_pfc_flags , auth_length = 0 )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertNotEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 4 )
self . assertEquals ( rep . u . secondary_address , " %d " % self . tcp_port )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . num_results , 1 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_ACCEPTANCE )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_NOT_SPECIFIED )
2014-03-27 01:42:19 +04:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , ndr32 )
2018-05-01 14:24:47 +03:00
self . assertEquals ( rep . u . auth_info , b ' \0 ' * 0 )
2014-03-27 01:42:19 +04:00
# And now try a request
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 1 ,
2014-03-27 01:42:19 +04:00
context_id = ctx1 . context_id ,
opnum = 0 ,
2018-05-01 14:24:47 +03:00
stub = b " " )
2014-03-27 01:42:19 +04:00
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_RESPONSE , req . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , req . u . context_id )
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertGreaterEqual ( len ( rep . u . stub_and_verifier ) , rep . u . alloc_hint )
def _test_no_auth_request_alter_pfc_flags ( self , req_pfc_flags , rep_pfc_flags ) :
ndr32 = base . transfer_syntax_ndr ( )
tsf1_list = [ ndr32 ]
ctx1 = dcerpc . ctx_list ( )
ctx1 . context_id = 1
ctx1 . num_transfer_syntaxes = len ( tsf1_list )
ctx1 . abstract_syntax = samba . dcerpc . mgmt . abstract_syntax ( )
ctx1 . transfer_syntaxes = tsf1_list
req = self . generate_bind ( call_id = 0 , ctx_list = [ ctx1 ] )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_BIND_ACK , req . call_id ,
auth_length = 0 )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertNotEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 4 )
self . assertEquals ( rep . u . secondary_address , " %d " % self . tcp_port )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . num_results , 1 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_ACCEPTANCE )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_NOT_SPECIFIED )
2014-03-27 01:42:19 +04:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , ndr32 )
2018-05-01 14:24:47 +03:00
self . assertEquals ( rep . u . auth_info , b ' \0 ' * 0 )
2014-03-27 01:42:19 +04:00
# And now try a alter context
req = self . generate_alter ( call_id = 0 , pfc_flags = req_pfc_flags , ctx_list = [ ctx1 ] )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_ALTER_RESP , req . call_id ,
pfc_flags = rep_pfc_flags , auth_length = 0 )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertNotEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 0 )
self . assertEquals ( rep . u . secondary_address , " " )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . num_results , 1 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_ACCEPTANCE )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_NOT_SPECIFIED )
2014-03-27 01:42:19 +04:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , ndr32 )
2018-05-01 14:24:47 +03:00
self . assertEquals ( rep . u . auth_info , b ' \0 ' * 0 )
2014-03-27 01:42:19 +04:00
# And now try a request
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 1 ,
2014-03-27 01:42:19 +04:00
context_id = ctx1 . context_id ,
opnum = 0 ,
2018-05-01 14:24:47 +03:00
stub = b " " )
2014-03-27 01:42:19 +04:00
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_RESPONSE , req . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , req . u . context_id )
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertGreaterEqual ( len ( rep . u . stub_and_verifier ) , rep . u . alloc_hint )
def test_no_auth_request ( self ) :
return self . _test_no_auth_request_bind_pfc_flags (
req_pfc_flags = 0 |
dcerpc . DCERPC_PFC_FLAG_FIRST |
dcerpc . DCERPC_PFC_FLAG_LAST ,
rep_pfc_flags = 0 |
dcerpc . DCERPC_PFC_FLAG_FIRST |
dcerpc . DCERPC_PFC_FLAG_LAST )
def test_no_auth_request_bind_pfc_00 ( self ) :
return self . _test_no_auth_request_bind_pfc_flags (
req_pfc_flags = 0 |
0 ,
rep_pfc_flags = 0 |
dcerpc . DCERPC_PFC_FLAG_FIRST |
dcerpc . DCERPC_PFC_FLAG_LAST )
def test_no_auth_request_bind_pfc_FIRST ( self ) :
return self . _test_no_auth_request_bind_pfc_flags (
req_pfc_flags = 0 |
dcerpc . DCERPC_PFC_FLAG_FIRST |
0 ,
rep_pfc_flags = 0 |
dcerpc . DCERPC_PFC_FLAG_FIRST |
dcerpc . DCERPC_PFC_FLAG_LAST )
def test_no_auth_request_bind_pfc_LAST ( self ) :
return self . _test_no_auth_request_bind_pfc_flags (
req_pfc_flags = 0 |
dcerpc . DCERPC_PFC_FLAG_LAST |
0 ,
rep_pfc_flags = 0 |
dcerpc . DCERPC_PFC_FLAG_FIRST |
dcerpc . DCERPC_PFC_FLAG_LAST )
# TODO: doesn't announce DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
# without authentication
def _test_no_auth_request_bind_pfc_HDR_SIGNING ( self ) :
return self . _test_no_auth_request_bind_pfc_flags (
req_pfc_flags = 0 |
dcerpc . DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN |
0 ,
rep_pfc_flags = 0 |
dcerpc . DCERPC_PFC_FLAG_FIRST |
dcerpc . DCERPC_PFC_FLAG_LAST |
dcerpc . DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN )
def test_no_auth_request_bind_pfc_08 ( self ) :
return self . _test_no_auth_request_bind_pfc_flags (
req_pfc_flags = 0 |
8 |
0 ,
rep_pfc_flags = 0 |
dcerpc . DCERPC_PFC_FLAG_FIRST |
dcerpc . DCERPC_PFC_FLAG_LAST )
2016-09-15 02:18:28 +03:00
def test_no_auth_request_bind_pfc_CONC_MPX ( self ) :
2014-03-27 01:42:19 +04:00
return self . _test_no_auth_request_bind_pfc_flags (
req_pfc_flags = 0 |
dcerpc . DCERPC_PFC_FLAG_CONC_MPX |
0 ,
rep_pfc_flags = 0 |
dcerpc . DCERPC_PFC_FLAG_FIRST |
dcerpc . DCERPC_PFC_FLAG_LAST |
dcerpc . DCERPC_PFC_FLAG_CONC_MPX )
def test_no_auth_request_bind_pfc_DID_NOT_EXECUTE ( self ) :
return self . _test_no_auth_request_bind_pfc_flags (
req_pfc_flags = 0 |
dcerpc . DCERPC_PFC_FLAG_DID_NOT_EXECUTE |
0 ,
rep_pfc_flags = 0 |
dcerpc . DCERPC_PFC_FLAG_FIRST |
dcerpc . DCERPC_PFC_FLAG_LAST )
def test_no_auth_request_bind_pfc_MAYBE ( self ) :
return self . _test_no_auth_request_bind_pfc_flags (
req_pfc_flags = 0 |
dcerpc . DCERPC_PFC_FLAG_MAYBE |
0 ,
rep_pfc_flags = 0 |
dcerpc . DCERPC_PFC_FLAG_FIRST |
dcerpc . DCERPC_PFC_FLAG_LAST )
def test_no_auth_request_bind_pfc_OBJECT_UUID ( self ) :
return self . _test_no_auth_request_bind_pfc_flags (
req_pfc_flags = 0 |
dcerpc . DCERPC_PFC_FLAG_OBJECT_UUID |
0 ,
rep_pfc_flags = 0 |
dcerpc . DCERPC_PFC_FLAG_FIRST |
dcerpc . DCERPC_PFC_FLAG_LAST )
# TODO: doesn't announce DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
# without authentication
# TODO: doesn't announce DCERPC_PFC_FLAG_CONC_MPX
# by default
def _test_no_auth_request_bind_pfc_ff ( self ) :
return self . _test_no_auth_request_bind_pfc_flags (
req_pfc_flags = 0 |
0xff |
0 ,
rep_pfc_flags = 0 |
dcerpc . DCERPC_PFC_FLAG_FIRST |
dcerpc . DCERPC_PFC_FLAG_LAST |
dcerpc . DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN |
dcerpc . DCERPC_PFC_FLAG_CONC_MPX )
def test_no_auth_request_alter_pfc_00 ( self ) :
return self . _test_no_auth_request_alter_pfc_flags (
req_pfc_flags = 0 |
0 ,
rep_pfc_flags = 0 |
dcerpc . DCERPC_PFC_FLAG_FIRST |
dcerpc . DCERPC_PFC_FLAG_LAST )
def test_no_auth_request_alter_pfc_FIRST ( self ) :
return self . _test_no_auth_request_alter_pfc_flags (
req_pfc_flags = 0 |
dcerpc . DCERPC_PFC_FLAG_FIRST |
0 ,
rep_pfc_flags = 0 |
dcerpc . DCERPC_PFC_FLAG_FIRST |
dcerpc . DCERPC_PFC_FLAG_LAST )
def test_no_auth_request_alter_pfc_LAST ( self ) :
return self . _test_no_auth_request_alter_pfc_flags (
req_pfc_flags = 0 |
dcerpc . DCERPC_PFC_FLAG_LAST |
0 ,
rep_pfc_flags = 0 |
dcerpc . DCERPC_PFC_FLAG_FIRST |
dcerpc . DCERPC_PFC_FLAG_LAST )
# TODO: doesn't announce DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
# without authentication
def _test_no_auth_request_alter_pfc_HDR_SIGNING ( self ) :
return self . _test_no_auth_request_alter_pfc_flags (
req_pfc_flags = 0 |
dcerpc . DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN |
0 ,
rep_pfc_flags = 0 |
dcerpc . DCERPC_PFC_FLAG_FIRST |
dcerpc . DCERPC_PFC_FLAG_LAST |
dcerpc . DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN )
def test_no_auth_request_alter_pfc_08 ( self ) :
return self . _test_no_auth_request_alter_pfc_flags (
req_pfc_flags = 0 |
8 |
0 ,
rep_pfc_flags = 0 |
dcerpc . DCERPC_PFC_FLAG_FIRST |
dcerpc . DCERPC_PFC_FLAG_LAST )
def test_no_auth_request_alter_pfc_CONC_MPX ( self ) :
return self . _test_no_auth_request_alter_pfc_flags (
req_pfc_flags = 0 |
dcerpc . DCERPC_PFC_FLAG_CONC_MPX |
0 ,
rep_pfc_flags = 0 |
dcerpc . DCERPC_PFC_FLAG_FIRST |
dcerpc . DCERPC_PFC_FLAG_LAST )
def test_no_auth_request_alter_pfc_DID_NOT_EXECUTE ( self ) :
return self . _test_no_auth_request_alter_pfc_flags (
req_pfc_flags = 0 |
dcerpc . DCERPC_PFC_FLAG_DID_NOT_EXECUTE |
0 ,
rep_pfc_flags = 0 |
dcerpc . DCERPC_PFC_FLAG_FIRST |
dcerpc . DCERPC_PFC_FLAG_LAST )
def test_no_auth_request_alter_pfc_MAYBE ( self ) :
return self . _test_no_auth_request_alter_pfc_flags (
req_pfc_flags = 0 |
dcerpc . DCERPC_PFC_FLAG_MAYBE |
0 ,
rep_pfc_flags = 0 |
dcerpc . DCERPC_PFC_FLAG_FIRST |
dcerpc . DCERPC_PFC_FLAG_LAST )
def test_no_auth_request_alter_pfc_OBJECT_UUID ( self ) :
return self . _test_no_auth_request_alter_pfc_flags (
req_pfc_flags = 0 |
dcerpc . DCERPC_PFC_FLAG_OBJECT_UUID |
0 ,
rep_pfc_flags = 0 |
dcerpc . DCERPC_PFC_FLAG_FIRST |
dcerpc . DCERPC_PFC_FLAG_LAST )
# TODO: doesn't announce DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
# without authentication
def _test_no_auth_request_alter_pfc_ff ( self ) :
return self . _test_no_auth_request_alter_pfc_flags (
req_pfc_flags = 0 |
0xff |
0 ,
rep_pfc_flags = 0 |
dcerpc . DCERPC_PFC_FLAG_FIRST |
dcerpc . DCERPC_PFC_FLAG_LAST |
dcerpc . DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN )
def test_no_auth_no_ctx ( self ) :
# send an useless bind
req = self . generate_bind ( call_id = 0 )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_BIND_NAK , req . call_id ,
auth_length = 0 )
self . assertEquals ( rep . u . reject_reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_NAK_REASON_NOT_SPECIFIED )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . num_versions , 1 )
self . assertEquals ( rep . u . versions [ 0 ] . rpc_vers , req . rpc_vers )
self . assertEquals ( rep . u . versions [ 0 ] . rpc_vers_minor , req . rpc_vers_minor )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad , 3 )
2014-03-27 01:42:19 +04:00
def test_invalid_auth_noctx ( self ) :
req = self . generate_bind ( call_id = 0 )
req . auth_length = dcerpc . DCERPC_AUTH_TRAILER_LENGTH
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_BIND_NAK , req . call_id ,
auth_length = 0 )
self . assertEquals ( rep . u . reject_reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . num_versions , 1 )
self . assertEquals ( rep . u . versions [ 0 ] . rpc_vers , req . rpc_vers )
self . assertEquals ( rep . u . versions [ 0 ] . rpc_vers_minor , req . rpc_vers_minor )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad , 3 )
2014-03-27 01:42:19 +04:00
def test_no_auth_valid_valid_request ( self ) :
ndr32 = base . transfer_syntax_ndr ( )
tsf1_list = [ ndr32 ]
ctx1 = dcerpc . ctx_list ( )
ctx1 . context_id = 1
ctx1 . num_transfer_syntaxes = len ( tsf1_list )
ctx1 . abstract_syntax = samba . dcerpc . mgmt . abstract_syntax ( )
ctx1 . transfer_syntaxes = tsf1_list
req = self . generate_bind ( call_id = 0 , ctx_list = [ ctx1 ] )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_BIND_ACK , req . call_id ,
auth_length = 0 )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertNotEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 4 )
self . assertEquals ( rep . u . secondary_address , " %d " % self . tcp_port )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . num_results , 1 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_ACCEPTANCE )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_NOT_SPECIFIED )
2014-03-27 01:42:19 +04:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , ndr32 )
2018-05-01 14:24:47 +03:00
self . assertEquals ( rep . u . auth_info , b ' \0 ' * 0 )
2014-03-27 01:42:19 +04:00
# Send a bind again
tsf2_list = [ ndr32 ]
ctx2 = dcerpc . ctx_list ( )
ctx2 . context_id = 2
ctx2 . num_transfer_syntaxes = len ( tsf2_list )
ctx2 . abstract_syntax = samba . dcerpc . mgmt . abstract_syntax ( )
ctx2 . transfer_syntaxes = tsf2_list
req = self . generate_bind ( call_id = 1 , ctx_list = [ ctx2 ] )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_BIND_NAK , req . call_id ,
auth_length = 0 )
self . assertEquals ( rep . u . reject_reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_NAK_REASON_NOT_SPECIFIED )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . num_versions , 1 )
self . assertEquals ( rep . u . versions [ 0 ] . rpc_vers , req . rpc_vers )
self . assertEquals ( rep . u . versions [ 0 ] . rpc_vers_minor , req . rpc_vers_minor )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad , 3 )
2014-03-27 01:42:19 +04:00
# wait for a disconnect
rep = self . recv_pdu ( )
self . assertIsNone ( rep )
self . assertNotConnected ( )
def test_no_auth_invalid_valid_request ( self ) :
# send an useless bind
req = self . generate_bind ( call_id = 0 )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_BIND_NAK , req . call_id ,
auth_length = 0 )
self . assertEquals ( rep . u . reject_reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_NAK_REASON_NOT_SPECIFIED )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . num_versions , 1 )
self . assertEquals ( rep . u . versions [ 0 ] . rpc_vers , req . rpc_vers )
self . assertEquals ( rep . u . versions [ 0 ] . rpc_vers_minor , req . rpc_vers_minor )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad , 3 )
2014-03-27 01:42:19 +04:00
2015-10-23 16:39:34 +03:00
# wait for a disconnect
rep = self . recv_pdu ( )
self . assertIsNone ( rep )
self . assertNotConnected ( )
def test_alter_no_auth_no_ctx ( self ) :
2014-03-27 01:42:19 +04:00
ndr32 = base . transfer_syntax_ndr ( )
tsf1_list = [ ndr32 ]
ctx1 = dcerpc . ctx_list ( )
ctx1 . context_id = 1
ctx1 . num_transfer_syntaxes = len ( tsf1_list )
ctx1 . abstract_syntax = samba . dcerpc . mgmt . abstract_syntax ( )
ctx1 . transfer_syntaxes = tsf1_list
2015-10-23 16:39:34 +03:00
req = self . generate_bind ( call_id = 0 , ctx_list = [ ctx1 ] )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_BIND_ACK , req . call_id ,
auth_length = 0 )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertNotEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 4 )
self . assertEquals ( rep . u . secondary_address , " %d " % self . tcp_port )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . num_results , 1 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_ACCEPTANCE )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_NOT_SPECIFIED )
2015-10-23 16:39:34 +03:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , ndr32 )
2018-05-01 14:24:47 +03:00
self . assertEquals ( rep . u . auth_info , b ' \0 ' * 0 )
2015-10-23 16:39:34 +03:00
# Send a alter
req = self . generate_alter ( call_id = 1 , ctx_list = [ ] )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_FAULT , req . call_id ,
pfc_flags = req . pfc_flags |
dcerpc . DCERPC_PFC_FLAG_DID_NOT_EXECUTE ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , 0 )
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertEquals ( rep . u . flags , 0 )
self . assertEquals ( rep . u . status , dcerpc . DCERPC_NCA_S_PROTO_ERROR )
self . assertEquals ( rep . u . reserved , 0 )
self . assertEquals ( len ( rep . u . error_and_verifier ) , 0 )
2014-03-27 01:42:19 +04:00
# wait for a disconnect
rep = self . recv_pdu ( )
self . assertIsNone ( rep )
self . assertNotConnected ( )
2015-10-23 16:39:34 +03:00
def test_no_auth_presentation_ctx_valid1 ( self ) :
2014-03-27 01:42:19 +04:00
ndr32 = base . transfer_syntax_ndr ( )
2015-10-23 16:39:34 +03:00
zero_syntax = misc . ndr_syntax_id ( )
tsf1_list = [ zero_syntax , ndr32 ]
2014-03-27 01:42:19 +04:00
ctx1 = dcerpc . ctx_list ( )
ctx1 . context_id = 1
ctx1 . num_transfer_syntaxes = len ( tsf1_list )
ctx1 . abstract_syntax = samba . dcerpc . mgmt . abstract_syntax ( )
ctx1 . transfer_syntaxes = tsf1_list
req = self . generate_bind ( call_id = 0 , ctx_list = [ ctx1 ] )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_BIND_ACK , req . call_id ,
auth_length = 0 )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertNotEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 4 )
self . assertEquals ( rep . u . secondary_address , " %d " % self . tcp_port )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . num_results , 1 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_ACCEPTANCE )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_NOT_SPECIFIED )
2014-03-27 01:42:19 +04:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , ndr32 )
2018-05-01 14:24:47 +03:00
self . assertEquals ( rep . u . auth_info , b ' \0 ' * 0 )
2014-03-27 01:42:19 +04:00
# Send a alter
2015-10-23 16:39:34 +03:00
req = self . generate_alter ( call_id = 1 , ctx_list = [ ctx1 ] )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_ALTER_RESP , req . call_id ,
auth_length = 0 )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertNotEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 0 )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . num_results , 1 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_ACCEPTANCE )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_NOT_SPECIFIED )
2015-10-23 16:39:34 +03:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , ndr32 )
2018-05-01 14:24:47 +03:00
self . assertEquals ( rep . u . auth_info , b ' \0 ' * 0 )
2015-10-23 16:39:34 +03:00
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 2 ,
2015-10-23 16:39:34 +03:00
context_id = ctx1 . context_id ,
opnum = 0xffff ,
2018-05-01 14:24:47 +03:00
stub = b " " )
2015-10-23 16:39:34 +03:00
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_FAULT , req . call_id ,
pfc_flags = req . pfc_flags |
dcerpc . DCERPC_PFC_FLAG_DID_NOT_EXECUTE ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , ctx1 . context_id )
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertEquals ( rep . u . flags , 0 )
self . assertEquals ( rep . u . status , dcerpc . DCERPC_NCA_S_OP_RNG_ERROR )
self . assertEquals ( rep . u . reserved , 0 )
self . assertEquals ( len ( rep . u . error_and_verifier ) , 0 )
def test_no_auth_presentation_ctx_invalid1 ( self ) :
ndr32 = base . transfer_syntax_ndr ( )
zero_syntax = misc . ndr_syntax_id ( )
tsf1_list = [ ndr32 ]
ctx1 = dcerpc . ctx_list ( )
ctx1 . context_id = 1
ctx1 . num_transfer_syntaxes = len ( tsf1_list )
ctx1 . abstract_syntax = ndr32
ctx1 . transfer_syntaxes = tsf1_list
req = self . generate_bind ( call_id = 0 , ctx_list = [ ctx1 ] )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_BIND_ACK , req . call_id ,
auth_length = 0 )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertNotEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 4 )
self . assertEquals ( rep . u . secondary_address , " %d " % self . tcp_port )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . num_results , 1 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED )
2015-10-23 16:39:34 +03:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , zero_syntax )
2018-05-01 14:24:47 +03:00
self . assertEquals ( rep . u . auth_info , b ' \0 ' * 0 )
2015-10-23 16:39:34 +03:00
# Send a alter
req = self . generate_alter ( call_id = 1 , ctx_list = [ ctx1 ] )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_ALTER_RESP , req . call_id ,
auth_length = 0 )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertNotEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 0 )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . num_results , 1 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED )
2015-10-23 16:39:34 +03:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , zero_syntax )
2018-05-01 14:24:47 +03:00
self . assertEquals ( rep . u . auth_info , b ' \0 ' * 0 )
2015-10-23 16:39:34 +03:00
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 2 ,
2015-10-23 16:39:34 +03:00
context_id = 12345 ,
opnum = 0 ,
2018-05-01 14:24:47 +03:00
stub = b " " )
2015-10-23 16:39:34 +03:00
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_FAULT , req . call_id ,
pfc_flags = req . pfc_flags |
dcerpc . DCERPC_PFC_FLAG_DID_NOT_EXECUTE ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , 0 )
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertEquals ( rep . u . flags , 0 )
self . assertEquals ( rep . u . status , dcerpc . DCERPC_NCA_S_UNKNOWN_IF )
self . assertEquals ( rep . u . reserved , 0 )
self . assertEquals ( len ( rep . u . error_and_verifier ) , 0 )
# Send a alter again to prove the connection is still alive
req = self . generate_alter ( call_id = 3 , ctx_list = [ ctx1 ] )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_ALTER_RESP , req . call_id ,
auth_length = 0 )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertNotEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 0 )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . num_results , 1 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED )
2015-10-23 16:39:34 +03:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , zero_syntax )
2018-05-01 14:24:47 +03:00
self . assertEquals ( rep . u . auth_info , b ' \0 ' * 0 )
2015-10-23 16:39:34 +03:00
def test_no_auth_presentation_ctx_invalid2 ( self ) :
ndr32 = base . transfer_syntax_ndr ( )
zero_syntax = misc . ndr_syntax_id ( )
tsf1a_list = [ ]
ctx1a = dcerpc . ctx_list ( )
ctx1a . context_id = 1
ctx1a . num_transfer_syntaxes = len ( tsf1a_list )
ctx1a . abstract_syntax = samba . dcerpc . mgmt . abstract_syntax ( )
ctx1a . transfer_syntaxes = tsf1a_list
req = self . generate_bind ( call_id = 0 , ctx_list = [ ctx1a ] )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_BIND_NAK , req . call_id ,
auth_length = 0 )
self . assertEquals ( rep . u . reject_reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_NAK_REASON_NOT_SPECIFIED )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . num_versions , 1 )
self . assertEquals ( rep . u . versions [ 0 ] . rpc_vers , req . rpc_vers )
self . assertEquals ( rep . u . versions [ 0 ] . rpc_vers_minor , req . rpc_vers_minor )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad , 3 )
2015-10-23 16:39:34 +03:00
# wait for a disconnect
rep = self . recv_pdu ( )
self . assertIsNone ( rep )
self . assertNotConnected ( )
def test_no_auth_presentation_ctx_invalid3 ( self ) :
ndr32 = base . transfer_syntax_ndr ( )
zero_syntax = misc . ndr_syntax_id ( )
tsf1a_list = [ zero_syntax , ndr32 , ndr32 , ndr32 ]
ctx1a = dcerpc . ctx_list ( )
ctx1a . context_id = 1
ctx1a . num_transfer_syntaxes = len ( tsf1a_list )
ctx1a . abstract_syntax = samba . dcerpc . mgmt . abstract_syntax ( )
ctx1a . transfer_syntaxes = tsf1a_list
req = self . generate_bind ( call_id = 0 , ctx_list = [ ctx1a ] )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_BIND_ACK , req . call_id ,
auth_length = 0 )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertNotEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 4 )
self . assertEquals ( rep . u . secondary_address , " %d " % self . tcp_port )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . num_results , 1 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_ACCEPTANCE )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_NOT_SPECIFIED )
2015-10-23 16:39:34 +03:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , ndr32 )
2018-05-01 14:24:47 +03:00
self . assertEquals ( rep . u . auth_info , b ' \0 ' * 0 )
2015-10-23 16:39:34 +03:00
tsf1b_list = [ ]
ctx1b = dcerpc . ctx_list ( )
ctx1b . context_id = 1
ctx1b . num_transfer_syntaxes = len ( tsf1b_list )
ctx1b . abstract_syntax = samba . dcerpc . mgmt . abstract_syntax ( )
ctx1b . transfer_syntaxes = tsf1b_list
# Send a alter
req = self . generate_alter ( call_id = 1 , ctx_list = [ ctx1b ] )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_FAULT , req . call_id ,
pfc_flags = req . pfc_flags |
dcerpc . DCERPC_PFC_FLAG_DID_NOT_EXECUTE ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , 0 )
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertEquals ( rep . u . flags , 0 )
self . assertEquals ( rep . u . status , dcerpc . DCERPC_NCA_S_PROTO_ERROR )
self . assertEquals ( rep . u . reserved , 0 )
self . assertEquals ( len ( rep . u . error_and_verifier ) , 0 )
# wait for a disconnect
rep = self . recv_pdu ( )
self . assertIsNone ( rep )
self . assertNotConnected ( )
def test_no_auth_presentation_ctx_invalid4 ( self ) :
ndr32 = base . transfer_syntax_ndr ( )
ndr64 = base . transfer_syntax_ndr64 ( )
zero_syntax = misc . ndr_syntax_id ( )
tsf1a_list = [ zero_syntax , ndr32 , ndr32 , ndr32 ]
ctx1a = dcerpc . ctx_list ( )
ctx1a . context_id = 1
ctx1a . num_transfer_syntaxes = len ( tsf1a_list )
ctx1a . abstract_syntax = samba . dcerpc . mgmt . abstract_syntax ( )
ctx1a . transfer_syntaxes = tsf1a_list
req = self . generate_bind ( call_id = 0 , ctx_list = [ ctx1a ] )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_BIND_ACK , req . call_id ,
auth_length = 0 )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertNotEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 4 )
self . assertEquals ( rep . u . secondary_address , " %d " % self . tcp_port )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . num_results , 1 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_ACCEPTANCE )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_NOT_SPECIFIED )
2015-10-23 16:39:34 +03:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , ndr32 )
2018-05-01 14:24:47 +03:00
self . assertEquals ( rep . u . auth_info , b ' \0 ' * 0 )
2015-10-23 16:39:34 +03:00
# With a known but wrong syntax we get a protocol error
# see test_no_auth_presentation_ctx_valid2
2018-07-30 09:19:05 +03:00
tsf1b_list = [ zero_syntax , samba . dcerpc . epmapper . abstract_syntax ( ) , ndr64 ]
2015-10-23 16:39:34 +03:00
ctx1b = dcerpc . ctx_list ( )
ctx1b . context_id = 1
ctx1b . num_transfer_syntaxes = len ( tsf1b_list )
ctx1b . abstract_syntax = samba . dcerpc . mgmt . abstract_syntax ( )
ctx1b . transfer_syntaxes = tsf1b_list
# Send a alter
req = self . generate_alter ( call_id = 1 , ctx_list = [ ctx1b ] )
2014-03-27 01:42:19 +04:00
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_FAULT , req . call_id ,
pfc_flags = req . pfc_flags |
dcerpc . DCERPC_PFC_FLAG_DID_NOT_EXECUTE ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , 0 )
self . assertEquals ( rep . u . cancel_count , 0 )
2015-10-09 07:51:16 +03:00
self . assertEquals ( rep . u . flags , 0 )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . status , dcerpc . DCERPC_NCA_S_PROTO_ERROR )
2015-10-09 07:51:16 +03:00
self . assertEquals ( rep . u . reserved , 0 )
self . assertEquals ( len ( rep . u . error_and_verifier ) , 0 )
2014-03-27 01:42:19 +04:00
# wait for a disconnect
rep = self . recv_pdu ( )
self . assertIsNone ( rep )
self . assertNotConnected ( )
2015-10-23 16:39:34 +03:00
def test_no_auth_presentation_ctx_valid2 ( self ) :
ndr32 = base . transfer_syntax_ndr ( )
zero_syntax = misc . ndr_syntax_id ( )
tsf1a_list = [ zero_syntax , ndr32 , ndr32 , ndr32 ]
ctx1a = dcerpc . ctx_list ( )
ctx1a . context_id = 1
ctx1a . num_transfer_syntaxes = len ( tsf1a_list )
ctx1a . abstract_syntax = samba . dcerpc . mgmt . abstract_syntax ( )
ctx1a . transfer_syntaxes = tsf1a_list
req = self . generate_bind ( call_id = 0 , ctx_list = [ ctx1a ] )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_BIND_ACK , req . call_id ,
auth_length = 0 )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertNotEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 4 )
self . assertEquals ( rep . u . secondary_address , " %d " % self . tcp_port )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . num_results , 1 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_ACCEPTANCE )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_NOT_SPECIFIED )
2015-10-23 16:39:34 +03:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , ndr32 )
2018-05-01 14:24:47 +03:00
self . assertEquals ( rep . u . auth_info , b ' \0 ' * 0 )
2015-10-23 16:39:34 +03:00
# With a unknown but wrong syntaxes we get NO protocol error
# see test_no_auth_presentation_ctx_invalid4
2018-07-30 09:19:05 +03:00
tsf1b_list = [ zero_syntax , samba . dcerpc . epmapper . abstract_syntax ( ) ]
2015-10-23 16:39:34 +03:00
ctx1b = dcerpc . ctx_list ( )
ctx1b . context_id = 1
ctx1b . num_transfer_syntaxes = len ( tsf1b_list )
ctx1b . abstract_syntax = samba . dcerpc . mgmt . abstract_syntax ( )
ctx1b . transfer_syntaxes = tsf1b_list
# Send a alter
req = self . generate_alter ( call_id = 1 , ctx_list = [ ctx1b ] )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_ALTER_RESP , req . call_id ,
auth_length = 0 )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertNotEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 0 )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . num_results , 1 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED )
2015-10-23 16:39:34 +03:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , zero_syntax )
2018-05-01 14:24:47 +03:00
self . assertEquals ( rep . u . auth_info , b ' \0 ' * 0 )
2015-10-23 16:39:34 +03:00
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 2 ,
2015-10-23 16:39:34 +03:00
context_id = ctx1a . context_id ,
opnum = 0xffff ,
2018-05-01 14:24:47 +03:00
stub = b " " )
2015-10-23 16:39:34 +03:00
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_FAULT , req . call_id ,
pfc_flags = req . pfc_flags |
dcerpc . DCERPC_PFC_FLAG_DID_NOT_EXECUTE ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , ctx1a . context_id )
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertEquals ( rep . u . flags , 0 )
self . assertEquals ( rep . u . status , dcerpc . DCERPC_NCA_S_OP_RNG_ERROR )
self . assertEquals ( rep . u . reserved , 0 )
self . assertEquals ( len ( rep . u . error_and_verifier ) , 0 )
def test_no_auth_presentation_ctx_no_ndr64 ( self ) :
ndr32 = base . transfer_syntax_ndr ( )
zero_syntax = misc . ndr_syntax_id ( )
tsfZ_list = [ zero_syntax ]
ctxZ = dcerpc . ctx_list ( )
ctxZ . context_id = 54321
ctxZ . num_transfer_syntaxes = len ( tsfZ_list )
ctxZ . abstract_syntax = zero_syntax
ctxZ . transfer_syntaxes = tsfZ_list
req = self . generate_bind ( call_id = 0 , ctx_list = [ ctxZ ] )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_BIND_ACK , req . call_id ,
auth_length = 0 )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertNotEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 4 )
self . assertEquals ( rep . u . secondary_address , " %d " % self . tcp_port )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . num_results , 1 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED )
2015-10-23 16:39:34 +03:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , zero_syntax )
2018-05-01 14:24:47 +03:00
self . assertEquals ( rep . u . auth_info , b ' \0 ' * 0 )
2015-10-23 16:39:34 +03:00
tsf0_list = [ ndr32 ]
ctx0 = dcerpc . ctx_list ( )
ctx0 . context_id = 0
ctx0 . num_transfer_syntaxes = len ( tsf0_list )
ctx0 . abstract_syntax = samba . dcerpc . mgmt . abstract_syntax ( )
ctx0 . transfer_syntaxes = tsf0_list
req = self . generate_alter ( call_id = 0 , ctx_list = [ ctx0 ] )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_ALTER_RESP , req . call_id ,
auth_length = 0 )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertNotEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 0 )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . num_results , 1 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_ACCEPTANCE )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_NOT_SPECIFIED )
2015-10-23 16:39:34 +03:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , ndr32 )
2018-05-01 14:24:47 +03:00
self . assertEquals ( rep . u . auth_info , b ' \0 ' * 0 )
2015-10-23 16:39:34 +03:00
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 1 ,
2015-10-23 16:39:34 +03:00
context_id = ctx0 . context_id ,
opnum = 0 ,
2018-05-01 14:24:47 +03:00
stub = b " " )
2015-10-23 16:39:34 +03:00
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_RESPONSE , req . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , req . u . context_id )
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertGreaterEqual ( len ( rep . u . stub_and_verifier ) , rep . u . alloc_hint )
2018-07-30 09:19:05 +03:00
tsf1_list = [ zero_syntax , ndr32 ]
2015-10-23 16:39:34 +03:00
ctx1 = dcerpc . ctx_list ( )
ctx1 . context_id = 1
ctx1 . num_transfer_syntaxes = len ( tsf1_list )
ctx1 . abstract_syntax = samba . dcerpc . mgmt . abstract_syntax ( )
ctx1 . transfer_syntaxes = tsf1_list
req = self . generate_alter ( call_id = 1 , ctx_list = [ ctx1 ] )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_ALTER_RESP , req . call_id ,
auth_length = 0 )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertNotEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 0 )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . num_results , 1 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_ACCEPTANCE )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_NOT_SPECIFIED )
2015-10-23 16:39:34 +03:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , ndr32 )
2018-05-01 14:24:47 +03:00
self . assertEquals ( rep . u . auth_info , b ' \0 ' * 0 )
2015-10-23 16:39:34 +03:00
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 1 ,
2015-10-23 16:39:34 +03:00
context_id = ctx1 . context_id ,
opnum = 0 ,
2018-05-01 14:24:47 +03:00
stub = b " " )
2015-10-23 16:39:34 +03:00
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_RESPONSE , req . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , req . u . context_id )
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertGreaterEqual ( len ( rep . u . stub_and_verifier ) , rep . u . alloc_hint )
2018-07-30 09:19:05 +03:00
tsf2_list = [ ndr32 , ndr32 ]
2015-10-23 16:39:34 +03:00
ctx2 = dcerpc . ctx_list ( )
ctx2 . context_id = 2
ctx2 . num_transfer_syntaxes = len ( tsf2_list )
ctx2 . abstract_syntax = samba . dcerpc . mgmt . abstract_syntax ( )
ctx2 . transfer_syntaxes = tsf2_list
req = self . generate_alter ( call_id = 2 , ctx_list = [ ctx2 ] )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_ALTER_RESP , req . call_id ,
auth_length = 0 )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertNotEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 0 )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . num_results , 1 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_ACCEPTANCE )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_NOT_SPECIFIED )
2015-10-23 16:39:34 +03:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , ndr32 )
2018-05-01 14:24:47 +03:00
self . assertEquals ( rep . u . auth_info , b ' \0 ' * 0 )
2015-10-23 16:39:34 +03:00
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 1 ,
2015-10-23 16:39:34 +03:00
context_id = ctx2 . context_id ,
opnum = 0 ,
2018-05-01 14:24:47 +03:00
stub = b " " )
2015-10-23 16:39:34 +03:00
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_RESPONSE , req . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , req . u . context_id )
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertGreaterEqual ( len ( rep . u . stub_and_verifier ) , rep . u . alloc_hint )
tsf3_list = [ ndr32 ]
ctx3 = dcerpc . ctx_list ( )
ctx3 . context_id = 3
ctx3 . num_transfer_syntaxes = len ( tsf3_list )
ctx3 . abstract_syntax = samba . dcerpc . mgmt . abstract_syntax ( )
ctx3 . transfer_syntaxes = tsf3_list
tsf4_list = [ ndr32 ]
ctx4 = dcerpc . ctx_list ( )
ctx4 . context_id = 4
ctx4 . num_transfer_syntaxes = len ( tsf4_list )
ctx4 . abstract_syntax = samba . dcerpc . mgmt . abstract_syntax ( )
ctx4 . transfer_syntaxes = tsf4_list
2018-07-30 09:19:05 +03:00
req = self . generate_alter ( call_id = 34 , ctx_list = [ ctx3 , ctx4 ] )
2015-10-23 16:39:34 +03:00
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_ALTER_RESP , req . call_id ,
auth_length = 0 )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertNotEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 0 )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . num_results , 2 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_ACCEPTANCE )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_NOT_SPECIFIED )
2015-10-23 16:39:34 +03:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , ndr32 )
self . assertEquals ( rep . u . ctx_list [ 1 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . ctx_list [ 1 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED )
2015-10-23 16:39:34 +03:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 1 ] . syntax , zero_syntax )
2018-05-01 14:24:47 +03:00
self . assertEquals ( rep . u . auth_info , b ' \0 ' * 0 )
2015-10-23 16:39:34 +03:00
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 1 ,
2015-10-23 16:39:34 +03:00
context_id = ctx3 . context_id ,
opnum = 0 ,
2018-05-01 14:24:47 +03:00
stub = b " " )
2015-10-23 16:39:34 +03:00
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_RESPONSE , req . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , req . u . context_id )
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertGreaterEqual ( len ( rep . u . stub_and_verifier ) , rep . u . alloc_hint )
2018-07-30 09:19:05 +03:00
req = self . generate_alter ( call_id = 43 , ctx_list = [ ctx4 , ctx3 ] )
2015-10-23 16:39:34 +03:00
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_ALTER_RESP , req . call_id ,
auth_length = 0 )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertNotEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 0 )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . num_results , 2 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_ACCEPTANCE )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_NOT_SPECIFIED )
2015-10-23 16:39:34 +03:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , ndr32 )
self . assertEquals ( rep . u . ctx_list [ 1 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . ctx_list [ 1 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED )
2015-10-23 16:39:34 +03:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 1 ] . syntax , zero_syntax )
2018-05-01 14:24:47 +03:00
self . assertEquals ( rep . u . auth_info , b ' \0 ' * 0 )
2015-10-23 16:39:34 +03:00
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 1 ,
2015-10-23 16:39:34 +03:00
context_id = ctx4 . context_id ,
opnum = 0 ,
2018-05-01 14:24:47 +03:00
stub = b " " )
2015-10-23 16:39:34 +03:00
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_RESPONSE , req . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , req . u . context_id )
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertGreaterEqual ( len ( rep . u . stub_and_verifier ) , rep . u . alloc_hint )
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 1 ,
2015-10-23 16:39:34 +03:00
context_id = ctx3 . context_id ,
opnum = 0 ,
2018-05-01 14:24:47 +03:00
stub = b " " )
2015-10-23 16:39:34 +03:00
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_RESPONSE , req . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , req . u . context_id )
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertGreaterEqual ( len ( rep . u . stub_and_verifier ) , rep . u . alloc_hint )
2018-07-30 09:19:05 +03:00
req = self . generate_alter ( call_id = 44 , ctx_list = [ ctx4 , ctx4 ] )
2015-10-23 16:39:34 +03:00
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_ALTER_RESP , req . call_id ,
auth_length = 0 )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertNotEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 0 )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . num_results , 2 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_ACCEPTANCE )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_NOT_SPECIFIED )
2015-10-23 16:39:34 +03:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , ndr32 )
self . assertEquals ( rep . u . ctx_list [ 1 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . ctx_list [ 1 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED )
2015-10-23 16:39:34 +03:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 1 ] . syntax , zero_syntax )
2018-05-01 14:24:47 +03:00
self . assertEquals ( rep . u . auth_info , b ' \0 ' * 0 )
2015-10-23 16:39:34 +03:00
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 1 ,
2015-10-23 16:39:34 +03:00
context_id = ctx4 . context_id ,
opnum = 0 ,
2018-05-01 14:24:47 +03:00
stub = b " " )
2015-10-23 16:39:34 +03:00
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_RESPONSE , req . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , req . u . context_id )
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertGreaterEqual ( len ( rep . u . stub_and_verifier ) , rep . u . alloc_hint )
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 1 ,
2015-10-23 16:39:34 +03:00
context_id = ctx3 . context_id ,
opnum = 0 ,
2018-05-01 14:24:47 +03:00
stub = b " " )
2015-10-23 16:39:34 +03:00
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_RESPONSE , req . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , req . u . context_id )
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertGreaterEqual ( len ( rep . u . stub_and_verifier ) , rep . u . alloc_hint )
tsf5mgmt_list = [ ndr32 ]
ctx5mgmt = dcerpc . ctx_list ( )
ctx5mgmt . context_id = 5
ctx5mgmt . num_transfer_syntaxes = len ( tsf5mgmt_list )
ctx5mgmt . abstract_syntax = samba . dcerpc . mgmt . abstract_syntax ( )
ctx5mgmt . transfer_syntaxes = tsf5mgmt_list
tsf5epm_list = [ ndr32 ]
ctx5epm = dcerpc . ctx_list ( )
ctx5epm . context_id = 5
ctx5epm . num_transfer_syntaxes = len ( tsf5epm_list )
ctx5epm . abstract_syntax = samba . dcerpc . mgmt . abstract_syntax ( )
ctx5epm . transfer_syntaxes = tsf5epm_list
2018-07-30 09:19:05 +03:00
req = self . generate_alter ( call_id = 55 , ctx_list = [ ctx5mgmt , ctx5epm ] )
2015-10-23 16:39:34 +03:00
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_ALTER_RESP , req . call_id ,
auth_length = 0 )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertNotEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 0 )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . num_results , 2 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_ACCEPTANCE )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_NOT_SPECIFIED )
2015-10-23 16:39:34 +03:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , ndr32 )
self . assertEquals ( rep . u . ctx_list [ 1 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . ctx_list [ 1 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED )
2015-10-23 16:39:34 +03:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 1 ] . syntax , zero_syntax )
2018-05-01 14:24:47 +03:00
self . assertEquals ( rep . u . auth_info , b ' \0 ' * 0 )
2015-10-23 16:39:34 +03:00
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 1 ,
2015-10-23 16:39:34 +03:00
context_id = ctx5mgmt . context_id ,
opnum = 0 ,
2018-05-01 14:24:47 +03:00
stub = b " " )
2015-10-23 16:39:34 +03:00
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_RESPONSE , req . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , req . u . context_id )
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertGreaterEqual ( len ( rep . u . stub_and_verifier ) , rep . u . alloc_hint )
2018-07-30 09:19:05 +03:00
req = self . generate_alter ( call_id = 55 , ctx_list = [ ctx5mgmt , ctx5epm ] )
2015-10-23 16:39:34 +03:00
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_ALTER_RESP , req . call_id ,
auth_length = 0 )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertNotEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 0 )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . num_results , 2 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_ACCEPTANCE )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_NOT_SPECIFIED )
2015-10-23 16:39:34 +03:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , ndr32 )
self . assertEquals ( rep . u . ctx_list [ 1 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . ctx_list [ 1 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED )
2015-10-23 16:39:34 +03:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 1 ] . syntax , zero_syntax )
2018-05-01 14:24:47 +03:00
self . assertEquals ( rep . u . auth_info , b ' \0 ' * 0 )
2015-10-23 16:39:34 +03:00
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 1 ,
2015-10-23 16:39:34 +03:00
context_id = ctx5mgmt . context_id ,
opnum = 0 ,
2018-05-01 14:24:47 +03:00
stub = b " " )
2015-10-23 16:39:34 +03:00
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_RESPONSE , req . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , req . u . context_id )
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertGreaterEqual ( len ( rep . u . stub_and_verifier ) , rep . u . alloc_hint )
2015-10-23 16:39:34 +03:00
def test_no_auth_bind_time_none_simple ( self ) :
features = 0
btf = base . bind_time_features_syntax ( features )
zero_syntax = misc . ndr_syntax_id ( )
tsf1_list = [ btf ]
ctx1 = dcerpc . ctx_list ( )
ctx1 . context_id = 1
ctx1 . num_transfer_syntaxes = len ( tsf1_list )
ctx1 . abstract_syntax = zero_syntax
ctx1 . transfer_syntaxes = tsf1_list
req = self . generate_bind ( call_id = 0 , ctx_list = [ ctx1 ] )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_BIND_ACK , req . call_id ,
auth_length = 0 )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertNotEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 4 )
self . assertEquals ( rep . u . secondary_address , " %d " % self . tcp_port )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . num_results , 1 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason , features )
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , zero_syntax )
2018-05-01 14:24:47 +03:00
self . assertEquals ( rep . u . auth_info , b ' \0 ' * 0 )
2015-10-23 16:39:34 +03:00
def test_no_auth_bind_time_none_ignore_additional ( self ) :
features1 = 0
btf1 = base . bind_time_features_syntax ( features1 )
2018-07-30 09:17:44 +03:00
features2 = dcerpc . DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
2015-10-23 16:39:34 +03:00
features2 | = dcerpc . DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
btf2 = base . bind_time_features_syntax ( features2 )
zero_syntax = misc . ndr_syntax_id ( )
ndr64 = base . transfer_syntax_ndr64 ( )
2018-07-30 09:19:05 +03:00
tsf1_list = [ btf1 , btf2 , zero_syntax ]
2015-10-23 16:39:34 +03:00
ctx1 = dcerpc . ctx_list ( )
ctx1 . context_id = 1
ctx1 . num_transfer_syntaxes = len ( tsf1_list )
ctx1 . abstract_syntax = ndr64
ctx1 . transfer_syntaxes = tsf1_list
req = self . generate_bind ( call_id = 0 , ctx_list = [ ctx1 ] )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_BIND_ACK , req . call_id ,
auth_length = 0 )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertNotEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 4 )
self . assertEquals ( rep . u . secondary_address , " %d " % self . tcp_port )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . num_results , 1 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason , features1 )
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , zero_syntax )
2018-05-01 14:24:47 +03:00
self . assertEquals ( rep . u . auth_info , b ' \0 ' * 0 )
2015-10-23 16:39:34 +03:00
def test_no_auth_bind_time_only_first ( self ) :
features1 = dcerpc . DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
btf1 = base . bind_time_features_syntax ( features1 )
features2 = dcerpc . DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
btf2 = base . bind_time_features_syntax ( features2 )
zero_syntax = misc . ndr_syntax_id ( )
2018-07-30 09:19:05 +03:00
tsf1_list = [ zero_syntax , btf1 , btf2 , zero_syntax ]
2015-10-23 16:39:34 +03:00
ctx1 = dcerpc . ctx_list ( )
ctx1 . context_id = 1
ctx1 . num_transfer_syntaxes = len ( tsf1_list )
ctx1 . abstract_syntax = zero_syntax
ctx1 . transfer_syntaxes = tsf1_list
req = self . generate_bind ( call_id = 0 , ctx_list = [ ctx1 ] )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_BIND_ACK , req . call_id ,
auth_length = 0 )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertNotEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 4 )
self . assertEquals ( rep . u . secondary_address , " %d " % self . tcp_port )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . num_results , 1 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED )
2015-10-23 16:39:34 +03:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , zero_syntax )
2018-05-01 14:24:47 +03:00
self . assertEquals ( rep . u . auth_info , b ' \0 ' * 0 )
2015-10-23 16:39:34 +03:00
def test_no_auth_bind_time_twice ( self ) :
features1 = dcerpc . DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
btf1 = base . bind_time_features_syntax ( features1 )
features2 = dcerpc . DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
btf2 = base . bind_time_features_syntax ( features2 )
zero_syntax = misc . ndr_syntax_id ( )
tsf1_list = [ btf1 ]
ctx1 = dcerpc . ctx_list ( )
ctx1 . context_id = 1
ctx1 . num_transfer_syntaxes = len ( tsf1_list )
ctx1 . abstract_syntax = zero_syntax
ctx1 . transfer_syntaxes = tsf1_list
tsf2_list = [ btf2 ]
ctx2 = dcerpc . ctx_list ( )
ctx2 . context_id = 2
ctx2 . num_transfer_syntaxes = len ( tsf2_list )
ctx2 . abstract_syntax = zero_syntax
ctx2 . transfer_syntaxes = tsf2_list
2018-07-30 09:19:05 +03:00
req = self . generate_bind ( call_id = 0 , ctx_list = [ ctx1 , ctx2 ] )
2015-10-23 16:39:34 +03:00
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_BIND_NAK , req . call_id ,
auth_length = 0 )
self . assertEquals ( rep . u . reject_reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_NAK_REASON_NOT_SPECIFIED )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . num_versions , 1 )
self . assertEquals ( rep . u . versions [ 0 ] . rpc_vers , req . rpc_vers )
self . assertEquals ( rep . u . versions [ 0 ] . rpc_vers_minor , req . rpc_vers_minor )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad , 3 )
2015-10-23 16:39:34 +03:00
# wait for a disconnect
rep = self . recv_pdu ( )
self . assertIsNone ( rep )
self . assertNotConnected ( )
2015-10-23 16:39:34 +03:00
def test_no_auth_bind_time_keep_on_orphan_simple ( self ) :
features = dcerpc . DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
btf = base . bind_time_features_syntax ( features )
zero_syntax = misc . ndr_syntax_id ( )
tsf1_list = [ btf ]
ctx1 = dcerpc . ctx_list ( )
ctx1 . context_id = 1
ctx1 . num_transfer_syntaxes = len ( tsf1_list )
ctx1 . abstract_syntax = zero_syntax
ctx1 . transfer_syntaxes = tsf1_list
req = self . generate_bind ( call_id = 0 , ctx_list = [ ctx1 ] )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_BIND_ACK , req . call_id ,
auth_length = 0 )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertNotEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 4 )
self . assertEquals ( rep . u . secondary_address , " %d " % self . tcp_port )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . num_results , 1 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason , features )
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , zero_syntax )
2018-05-01 14:24:47 +03:00
self . assertEquals ( rep . u . auth_info , b ' \0 ' * 0 )
2015-10-23 16:39:34 +03:00
def test_no_auth_bind_time_keep_on_orphan_ignore_additional ( self ) :
features1 = dcerpc . DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN
btf1 = base . bind_time_features_syntax ( features1 )
features2 = dcerpc . DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING
btf2 = base . bind_time_features_syntax ( features2 )
zero_syntax = misc . ndr_syntax_id ( )
ndr64 = base . transfer_syntax_ndr64 ( )
2018-07-30 09:19:05 +03:00
tsf1_list = [ btf1 , btf2 , zero_syntax ]
2015-10-23 16:39:34 +03:00
ctx1 = dcerpc . ctx_list ( )
ctx1 . context_id = 1
ctx1 . num_transfer_syntaxes = len ( tsf1_list )
ctx1 . abstract_syntax = ndr64
ctx1 . transfer_syntaxes = tsf1_list
req = self . generate_bind ( call_id = 0 , ctx_list = [ ctx1 ] )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_BIND_ACK , req . call_id ,
auth_length = 0 )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertNotEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 4 )
self . assertEquals ( rep . u . secondary_address , " %d " % self . tcp_port )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . num_results , 1 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK )
2015-10-23 16:39:34 +03:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason , features1 )
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , zero_syntax )
2018-05-01 14:24:47 +03:00
self . assertEquals ( rep . u . auth_info , b ' \0 ' * 0 )
2015-10-23 16:39:34 +03:00
2016-08-31 14:15:01 +03:00
def _test_auth_type_level_bind_nak ( self , auth_type , auth_level , creds = None ,
2018-07-30 09:16:12 +03:00
reason = dcerpc . DCERPC_BIND_NAK_REASON_INVALID_AUTH_TYPE ) :
2014-03-27 01:42:19 +04:00
ndr32 = base . transfer_syntax_ndr ( )
tsf1_list = [ ndr32 ]
ctx1 = dcerpc . ctx_list ( )
ctx1 . context_id = 1
ctx1 . num_transfer_syntaxes = len ( tsf1_list )
ctx1 . abstract_syntax = samba . dcerpc . mgmt . abstract_syntax ( )
ctx1 . transfer_syntaxes = tsf1_list
ctx_list = [ ctx1 ]
auth_context_id = 0
2016-08-31 14:15:01 +03:00
if creds is not None :
# We always start with DCERPC_AUTH_LEVEL_INTEGRITY
2016-09-16 12:13:14 +03:00
auth_context = self . get_auth_context_creds ( creds ,
2018-07-30 09:16:12 +03:00
auth_type = auth_type ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
g_auth_level = dcerpc . DCERPC_AUTH_LEVEL_INTEGRITY )
2018-05-01 14:24:47 +03:00
from_server = b " "
2016-09-16 12:13:14 +03:00
( finished , to_server ) = auth_context [ " gensec " ] . update ( from_server )
2016-08-31 14:15:01 +03:00
self . assertFalse ( finished )
2016-09-16 12:13:14 +03:00
auth_info = self . generate_auth ( auth_type = auth_context [ " auth_type " ] ,
auth_level = auth_context [ " auth_level " ] ,
auth_context_id = auth_context [ " auth_context_id " ] ,
auth_blob = to_server )
2016-08-31 14:15:01 +03:00
else :
2018-05-01 14:24:47 +03:00
to_server = b " none "
2016-09-16 12:13:14 +03:00
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
auth_blob = to_server )
2016-08-31 14:15:01 +03:00
2014-03-27 01:42:19 +04:00
req = self . generate_bind ( call_id = 0 ,
ctx_list = ctx_list ,
auth_info = auth_info )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_BIND_NAK , req . call_id ,
auth_length = 0 )
self . assertEquals ( rep . u . reject_reason , reason )
self . assertEquals ( rep . u . num_versions , 1 )
self . assertEquals ( rep . u . versions [ 0 ] . rpc_vers , req . rpc_vers )
self . assertEquals ( rep . u . versions [ 0 ] . rpc_vers_minor , req . rpc_vers_minor )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad , 3 )
2014-03-27 01:42:19 +04:00
# wait for a disconnect
rep = self . recv_pdu ( )
self . assertIsNone ( rep )
self . assertNotConnected ( )
2016-08-31 14:15:01 +03:00
def _test_auth_none_level_bind ( self , auth_level ,
reason = dcerpc . DCERPC_BIND_NAK_REASON_INVALID_AUTH_TYPE ) :
return self . _test_auth_type_level_bind_nak ( auth_type = dcerpc . DCERPC_AUTH_LEVEL_NONE ,
2018-07-30 09:16:12 +03:00
auth_level = auth_level , reason = reason )
2016-08-31 14:15:01 +03:00
2014-03-27 01:42:19 +04:00
def test_auth_none_none_bind ( self ) :
return self . _test_auth_none_level_bind ( dcerpc . DCERPC_AUTH_LEVEL_NONE ,
2018-07-30 09:16:12 +03:00
reason = dcerpc . DCERPC_BIND_NAK_REASON_NOT_SPECIFIED )
2014-03-27 01:42:19 +04:00
def test_auth_none_connect_bind ( self ) :
return self . _test_auth_none_level_bind ( dcerpc . DCERPC_AUTH_LEVEL_CONNECT )
def test_auth_none_call_bind ( self ) :
return self . _test_auth_none_level_bind ( dcerpc . DCERPC_AUTH_LEVEL_CALL )
def test_auth_none_packet_bind ( self ) :
return self . _test_auth_none_level_bind ( dcerpc . DCERPC_AUTH_LEVEL_PACKET )
def test_auth_none_integrity_bind ( self ) :
return self . _test_auth_none_level_bind ( dcerpc . DCERPC_AUTH_LEVEL_INTEGRITY )
def test_auth_none_privacy_bind ( self ) :
return self . _test_auth_none_level_bind ( dcerpc . DCERPC_AUTH_LEVEL_PRIVACY )
def test_auth_none_0_bind ( self ) :
return self . _test_auth_none_level_bind ( 0 ,
2018-07-30 09:16:12 +03:00
reason = dcerpc . DCERPC_BIND_NAK_REASON_NOT_SPECIFIED )
2014-03-27 01:42:19 +04:00
def test_auth_none_7_bind ( self ) :
return self . _test_auth_none_level_bind ( 7 ,
2018-07-30 09:16:12 +03:00
reason = dcerpc . DCERPC_BIND_NAK_REASON_NOT_SPECIFIED )
2014-03-27 01:42:19 +04:00
def test_auth_none_255_bind ( self ) :
return self . _test_auth_none_level_bind ( 255 ,
2018-07-30 09:16:12 +03:00
reason = dcerpc . DCERPC_BIND_NAK_REASON_NOT_SPECIFIED )
2014-03-27 01:42:19 +04:00
def _test_auth_none_level_request ( self , auth_level ) :
ndr32 = base . transfer_syntax_ndr ( )
tsf1_list = [ ndr32 ]
ctx1 = dcerpc . ctx_list ( )
ctx1 . context_id = 1
ctx1 . num_transfer_syntaxes = len ( tsf1_list )
ctx1 . abstract_syntax = samba . dcerpc . mgmt . abstract_syntax ( )
ctx1 . transfer_syntaxes = tsf1_list
ctx_list = [ ctx1 ]
auth_type = dcerpc . DCERPC_AUTH_TYPE_NONE
auth_context_id = 0
req = self . generate_bind ( call_id = 0 ,
ctx_list = ctx_list )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_BIND_ACK , req . call_id )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertNotEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 4 )
self . assertEquals ( rep . u . secondary_address , " %d " % self . tcp_port )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . num_results , 1 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_ACCEPTANCE )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_NOT_SPECIFIED )
2014-03-27 01:42:19 +04:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , ndr32 )
self . assertEquals ( len ( rep . u . auth_info ) , 0 )
# And now try a request without auth_info
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 2 ,
2014-03-27 01:42:19 +04:00
context_id = ctx1 . context_id ,
opnum = 0 ,
2018-05-01 14:24:47 +03:00
stub = b " " )
2014-03-27 01:42:19 +04:00
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_RESPONSE , req . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , req . u . context_id )
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertGreaterEqual ( len ( rep . u . stub_and_verifier ) , rep . u . alloc_hint )
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
2018-05-01 14:24:47 +03:00
auth_blob = b " none " )
2014-03-27 01:42:19 +04:00
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 3 ,
2014-03-27 01:42:19 +04:00
context_id = ctx1 . context_id ,
opnum = 0 ,
2018-05-01 14:24:47 +03:00
stub = b " " ,
2014-03-27 01:42:19 +04:00
auth_info = auth_info )
self . send_pdu ( req )
rep = self . recv_pdu ( )
# We get a fault back
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_FAULT , req . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , req . u . context_id )
self . assertEquals ( rep . u . cancel_count , 0 )
2015-10-09 07:51:16 +03:00
self . assertEquals ( rep . u . flags , 0 )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . status , dcerpc . DCERPC_FAULT_ACCESS_DENIED )
2015-10-09 07:51:16 +03:00
self . assertEquals ( rep . u . reserved , 0 )
self . assertEquals ( len ( rep . u . error_and_verifier ) , 0 )
2014-03-27 01:42:19 +04:00
# wait for a disconnect
rep = self . recv_pdu ( )
self . assertIsNone ( rep )
self . assertNotConnected ( )
def test_auth_none_none_request ( self ) :
return self . _test_auth_none_level_request ( dcerpc . DCERPC_AUTH_LEVEL_NONE )
def test_auth_none_connect_request ( self ) :
return self . _test_auth_none_level_request ( dcerpc . DCERPC_AUTH_LEVEL_CONNECT )
def test_auth_none_call_request ( self ) :
return self . _test_auth_none_level_request ( dcerpc . DCERPC_AUTH_LEVEL_CALL )
def _test_neg_xmit_check_values ( self ,
req_xmit = None ,
req_recv = None ,
rep_both = None ,
alter_xmit = None ,
alter_recv = None ) :
ndr32 = base . transfer_syntax_ndr ( )
tsf1_list = [ ndr32 ]
ctx1 = dcerpc . ctx_list ( )
ctx1 . context_id = 1
ctx1 . num_transfer_syntaxes = len ( tsf1_list )
ctx1 . abstract_syntax = samba . dcerpc . mgmt . abstract_syntax ( )
ctx1 . transfer_syntaxes = tsf1_list
req = self . generate_bind ( call_id = 0 ,
max_xmit_frag = req_xmit ,
max_recv_frag = req_recv ,
ctx_list = [ ctx1 ] )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_BIND_ACK , req . call_id ,
auth_length = 0 )
self . assertEquals ( rep . u . max_xmit_frag , rep_both )
self . assertEquals ( rep . u . max_recv_frag , rep_both )
self . assertNotEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 4 )
self . assertEquals ( rep . u . secondary_address , " %d " % self . tcp_port )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . num_results , 1 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_ACCEPTANCE )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_NOT_SPECIFIED )
2014-03-27 01:42:19 +04:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , ndr32 )
2018-05-01 14:24:47 +03:00
self . assertEquals ( rep . u . auth_info , b ' \0 ' * 0 )
2014-03-27 01:42:19 +04:00
assoc_group_id = rep . u . assoc_group_id
if alter_xmit is None :
alter_xmit = rep_both - 8
if alter_recv is None :
alter_recv = rep_both - 8
# max_{xmit,recv}_frag and assoc_group_id are completely
# ignored in alter_context requests
req = self . generate_alter ( call_id = 1 ,
max_xmit_frag = alter_xmit ,
max_recv_frag = alter_recv ,
2018-07-30 09:18:25 +03:00
assoc_group_id = 0xffffffff - rep . u . assoc_group_id ,
2014-03-27 01:42:19 +04:00
ctx_list = [ ctx1 ] )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_ALTER_RESP , req . call_id ,
auth_length = 0 )
self . assertEquals ( rep . u . max_xmit_frag , rep_both )
self . assertEquals ( rep . u . max_recv_frag , rep_both )
self . assertEquals ( rep . u . assoc_group_id , rep . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 0 )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . num_results , 1 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_ACCEPTANCE )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_NOT_SPECIFIED )
2014-03-27 01:42:19 +04:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , ndr32 )
2018-05-01 14:24:47 +03:00
self . assertEquals ( rep . u . auth_info , b ' \0 ' * 0 )
2014-03-27 01:42:19 +04:00
chunk_size = rep_both - dcerpc . DCERPC_REQUEST_LENGTH
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 2 ,
2014-03-27 01:42:19 +04:00
context_id = ctx1 . context_id ,
opnum = 0 ,
alloc_hint = 0xffffffff ,
2018-05-01 14:24:47 +03:00
stub = b " \00 " * chunk_size )
2018-07-30 09:19:05 +03:00
self . send_pdu ( req , ndr_print = True , hexdump = True )
rep = self . recv_pdu ( ndr_print = True , hexdump = True )
2014-03-27 01:42:19 +04:00
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_RESPONSE , req . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , req . u . context_id )
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertGreaterEqual ( len ( rep . u . stub_and_verifier ) , rep . u . alloc_hint )
chunk_size = 5840 - dcerpc . DCERPC_REQUEST_LENGTH
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 2 ,
2014-03-27 01:42:19 +04:00
context_id = ctx1 . context_id ,
opnum = 0 ,
alloc_hint = 0xffffffff ,
2018-05-01 14:24:47 +03:00
stub = b " \00 " * chunk_size )
2014-03-27 01:42:19 +04:00
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_RESPONSE , req . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , req . u . context_id )
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertGreaterEqual ( len ( rep . u . stub_and_verifier ) , rep . u . alloc_hint )
chunk_size + = 1
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 3 ,
2014-03-27 01:42:19 +04:00
context_id = ctx1 . context_id ,
opnum = 0 ,
alloc_hint = 0xffffffff ,
2018-05-01 14:24:47 +03:00
stub = b " \00 " * chunk_size )
2014-03-27 01:42:19 +04:00
self . send_pdu ( req )
rep = self . recv_pdu ( )
# We get a fault
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_FAULT , req . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , 0 )
self . assertEquals ( rep . u . cancel_count , 0 )
2015-10-09 07:51:16 +03:00
self . assertEquals ( rep . u . flags , 0 )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . status , dcerpc . DCERPC_NCA_S_PROTO_ERROR )
2015-10-09 07:51:16 +03:00
self . assertEquals ( rep . u . reserved , 0 )
self . assertEquals ( len ( rep . u . error_and_verifier ) , 0 )
2014-03-27 01:42:19 +04:00
# wait for a disconnect
rep = self . recv_pdu ( )
self . assertIsNone ( rep )
self . assertNotConnected ( )
def test_neg_xmit_ffff_ffff ( self ) :
return self . _test_neg_xmit_check_values ( req_xmit = 0xffff ,
req_recv = 0xffff ,
rep_both = 5840 )
def test_neg_xmit_0_ffff ( self ) :
return self . _test_neg_xmit_check_values ( req_xmit = 0 ,
req_recv = 0xffff ,
rep_both = 2048 ,
alter_xmit = 0xffff ,
alter_recv = 0xffff )
def test_neg_xmit_ffff_0 ( self ) :
return self . _test_neg_xmit_check_values ( req_xmit = 0xffff ,
req_recv = 0 ,
rep_both = 2048 )
def test_neg_xmit_0_0 ( self ) :
return self . _test_neg_xmit_check_values ( req_xmit = 0 ,
req_recv = 0 ,
rep_both = 2048 ,
alter_xmit = 0xffff ,
alter_recv = 0xffff )
def test_neg_xmit_3199_0 ( self ) :
return self . _test_neg_xmit_check_values ( req_xmit = 3199 ,
req_recv = 0 ,
rep_both = 2048 )
2018-07-30 09:19:59 +03:00
2014-03-27 01:42:19 +04:00
def test_neg_xmit_0_3199 ( self ) :
return self . _test_neg_xmit_check_values ( req_xmit = 0 ,
req_recv = 3199 ,
rep_both = 2048 )
def test_neg_xmit_3199_ffff ( self ) :
return self . _test_neg_xmit_check_values ( req_xmit = 3199 ,
req_recv = 0xffff ,
rep_both = 3192 )
2018-07-30 09:19:59 +03:00
2014-03-27 01:42:19 +04:00
def test_neg_xmit_ffff_3199 ( self ) :
return self . _test_neg_xmit_check_values ( req_xmit = 0xffff ,
req_recv = 3199 ,
rep_both = 3192 )
def test_alloc_hint ( self ) :
ndr32 = base . transfer_syntax_ndr ( )
tsf1_list = [ ndr32 ]
ctx = dcerpc . ctx_list ( )
ctx . context_id = 0
ctx . num_transfer_syntaxes = len ( tsf1_list )
ctx . abstract_syntax = samba . dcerpc . mgmt . abstract_syntax ( )
ctx . transfer_syntaxes = tsf1_list
req = self . generate_bind ( call_id = 0 ,
ctx_list = [ ctx ] )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_BIND_ACK , req . call_id ,
auth_length = 0 )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertNotEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 4 )
self . assertEquals ( rep . u . secondary_address , " %d " % self . tcp_port )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . num_results , 1 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_ACCEPTANCE )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_NOT_SPECIFIED )
2014-03-27 01:42:19 +04:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , ndr32 )
2018-05-01 14:24:47 +03:00
self . assertEquals ( rep . u . auth_info , b ' \0 ' * 0 )
2014-03-27 01:42:19 +04:00
# And now try a request without auth_info
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 2 ,
2014-03-27 01:42:19 +04:00
context_id = ctx . context_id ,
opnum = 0 ,
alloc_hint = 0xffffffff ,
2018-05-01 14:24:47 +03:00
stub = b " " )
2014-03-27 01:42:19 +04:00
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_RESPONSE , req . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , req . u . context_id )
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertGreaterEqual ( len ( rep . u . stub_and_verifier ) , rep . u . alloc_hint )
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 3 ,
2014-03-27 01:42:19 +04:00
context_id = ctx . context_id ,
opnum = 1 ,
alloc_hint = 0xffffffff ,
2018-05-01 14:24:47 +03:00
stub = b " \04 \00 \00 \00 \00 \00 \00 \00 " )
2014-03-27 01:42:19 +04:00
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_RESPONSE , req . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , req . u . context_id )
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertGreaterEqual ( len ( rep . u . stub_and_verifier ) , rep . u . alloc_hint )
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 4 ,
2014-03-27 01:42:19 +04:00
context_id = ctx . context_id ,
opnum = 1 ,
alloc_hint = 1 ,
2018-05-01 14:24:47 +03:00
stub = b " \04 \00 \00 \00 \00 \00 \00 \00 " )
2014-03-27 01:42:19 +04:00
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_RESPONSE , req . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , req . u . context_id )
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertGreaterEqual ( len ( rep . u . stub_and_verifier ) , rep . u . alloc_hint )
def _get_netlogon_ctx ( self ) :
abstract = samba . dcerpc . netlogon . abstract_syntax ( )
ndr32 = base . transfer_syntax_ndr ( )
2016-09-20 22:07:13 +03:00
( ctx , ack ) = self . prepare_presentation ( abstract , ndr32 , context_id = 0 ,
epmap = True , return_ack = True )
2014-03-27 01:42:19 +04:00
2016-09-20 22:06:39 +03:00
server = ' \\ \\ ' + self . target_hostname
2018-05-01 14:24:47 +03:00
if isinstance ( server , binary_type ) :
server_utf16 = server . decode ( ' utf-8 ' ) . encode ( ' utf-16-le ' )
else :
server_utf16 = server . encode ( ' utf-16-le ' )
2014-03-27 01:42:19 +04:00
computer = ' UNKNOWNCOMPUTER '
2018-05-01 14:24:47 +03:00
if isinstance ( server , binary_type ) :
computer_utf16 = computer . decode ( ' utf-8 ' ) . encode ( ' utf-16-le ' )
else :
computer_utf16 = computer . encode ( ' utf-16-le ' )
2014-03-27 01:42:19 +04:00
2018-07-30 09:18:25 +03:00
real_stub = struct . pack ( ' <IIII ' , 0x00200000 ,
2018-09-03 16:05:48 +03:00
len ( server ) + 1 , 0 , len ( server ) + 1 )
2018-05-01 14:24:47 +03:00
real_stub + = server_utf16 + b ' \x00 \x00 '
2014-03-27 01:42:19 +04:00
mod_len = len ( real_stub ) % 4
if mod_len != 0 :
2018-05-01 14:24:47 +03:00
real_stub + = b ' \x00 ' * ( 4 - mod_len )
2014-03-27 01:42:19 +04:00
real_stub + = struct . pack ( ' <III ' ,
2018-07-30 09:18:25 +03:00
len ( computer ) + 1 , 0 , len ( computer ) + 1 )
2018-05-01 14:24:47 +03:00
real_stub + = computer_utf16 + b ' \x00 \x00 '
real_stub + = b ' \x11 \x22 \x33 \x44 \x55 \x66 \x77 \x88 '
2014-03-27 01:42:19 +04:00
2016-09-20 22:07:13 +03:00
return ( ctx , ack , real_stub )
2014-03-27 01:42:19 +04:00
def _test_fragmented_requests ( self , remaining = None , alloc_hint = None ,
fault_first = None , fault_last = None ) :
( ctx , rep , real_stub ) = self . _get_netlogon_ctx ( )
chunk = rep . u . max_recv_frag - dcerpc . DCERPC_REQUEST_LENGTH
total = 0
first = True
while remaining > 0 :
thistime = min ( remaining , chunk )
remaining - = thistime
total + = thistime
pfc_flags = 0
if first :
pfc_flags | = dcerpc . DCERPC_PFC_FLAG_FIRST
first = False
2018-05-01 14:24:47 +03:00
stub = real_stub + b ' \x00 ' * ( thistime - len ( real_stub ) )
2014-03-27 01:42:19 +04:00
else :
2018-05-01 14:24:47 +03:00
stub = b " \x00 " * thistime
2014-03-27 01:42:19 +04:00
if remaining == 0 :
pfc_flags | = dcerpc . DCERPC_PFC_FLAG_LAST
# And now try a request without auth_info
# netr_ServerReqChallenge()
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 0x21234 ,
2014-03-27 01:42:19 +04:00
pfc_flags = pfc_flags ,
context_id = ctx . context_id ,
opnum = 4 ,
alloc_hint = alloc_hint ,
stub = stub )
if alloc_hint > = thistime :
alloc_hint - = thistime
else :
alloc_hint = 0
2018-07-30 09:19:05 +03:00
self . send_pdu ( req , hexdump = False )
2014-03-27 01:42:19 +04:00
if fault_first is not None :
rep = self . recv_pdu ( )
# We get a fault back
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_FAULT , req . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , req . u . context_id )
self . assertEquals ( rep . u . cancel_count , 0 )
2015-10-09 07:51:16 +03:00
self . assertEquals ( rep . u . flags , 0 )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . status , fault_first )
2015-10-09 07:51:16 +03:00
self . assertEquals ( rep . u . reserved , 0 )
self . assertEquals ( len ( rep . u . error_and_verifier ) , 0 )
2014-03-27 01:42:19 +04:00
# wait for a disconnect
rep = self . recv_pdu ( )
self . assertIsNone ( rep )
self . assertNotConnected ( )
return
if remaining == 0 :
break
if total > = 0x400000 and fault_last is not None :
rep = self . recv_pdu ( )
# We get a fault back
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_FAULT , req . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , req . u . context_id )
self . assertEquals ( rep . u . cancel_count , 0 )
2015-10-09 07:51:16 +03:00
self . assertEquals ( rep . u . flags , 0 )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . status , fault_last )
2015-10-09 07:51:16 +03:00
self . assertEquals ( rep . u . reserved , 0 )
self . assertEquals ( len ( rep . u . error_and_verifier ) , 0 )
2014-03-27 01:42:19 +04:00
# wait for a disconnect
rep = self . recv_pdu ( )
self . assertIsNone ( rep )
self . assertNotConnected ( )
return
rep = self . recv_pdu ( timeout = 0.01 )
self . assertIsNone ( rep )
self . assertIsConnected ( )
if total > = 0x400000 and fault_last is not None :
rep = self . recv_pdu ( )
# We get a fault back
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_FAULT , req . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , req . u . context_id )
self . assertEquals ( rep . u . cancel_count , 0 )
2015-10-09 07:51:16 +03:00
self . assertEquals ( rep . u . flags , 0 )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . status , fault_last )
2015-10-09 07:51:16 +03:00
self . assertEquals ( rep . u . reserved , 0 )
self . assertEquals ( len ( rep . u . error_and_verifier ) , 0 )
2014-03-27 01:42:19 +04:00
# wait for a disconnect
rep = self . recv_pdu ( )
self . assertIsNone ( rep )
self . assertNotConnected ( )
return
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_RESPONSE , req . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , req . u . context_id )
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertGreaterEqual ( len ( rep . u . stub_and_verifier ) , rep . u . alloc_hint )
self . assertEquals ( len ( rep . u . stub_and_verifier ) , 12 )
status = struct . unpack_from ( " <I " , rep . u . stub_and_verifier , len ( rep . u . stub_and_verifier ) - 4 )
self . assertEquals ( status [ 0 ] , 0 )
def test_fragmented_requests01 ( self ) :
return self . _test_fragmented_requests ( remaining = 0x400000 ,
alloc_hint = 0x400000 )
def test_fragmented_requests02 ( self ) :
return self . _test_fragmented_requests ( remaining = 0x400000 ,
alloc_hint = 0x100000 )
def test_fragmented_requests03 ( self ) :
return self . _test_fragmented_requests ( remaining = 0x400000 ,
alloc_hint = 0 )
def test_fragmented_requests04 ( self ) :
return self . _test_fragmented_requests ( remaining = 0x400000 ,
alloc_hint = 0x400001 ,
fault_first = dcerpc . DCERPC_FAULT_ACCESS_DENIED )
def test_fragmented_requests05 ( self ) :
return self . _test_fragmented_requests ( remaining = 0x500001 ,
alloc_hint = 0 ,
fault_last = dcerpc . DCERPC_FAULT_ACCESS_DENIED )
def _test_same_requests ( self , pfc_flags , fault_1st = False , fault_2nd = False ) :
( ctx , rep , real_stub ) = self . _get_netlogon_ctx ( )
# netr_ServerReqChallenge with given flags
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 2 ,
2014-03-27 01:42:19 +04:00
pfc_flags = pfc_flags ,
context_id = ctx . context_id ,
opnum = 4 ,
stub = real_stub )
self . send_pdu ( req )
if fault_1st :
rep = self . recv_pdu ( )
# We get a fault back
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_FAULT , req . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
2016-09-14 01:27:02 +03:00
self . assertEquals ( rep . u . context_id , 0 )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . cancel_count , 0 )
2015-10-09 07:51:16 +03:00
self . assertEquals ( rep . u . flags , 0 )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . status , dcerpc . DCERPC_NCA_S_PROTO_ERROR )
2015-10-09 07:51:16 +03:00
self . assertEquals ( rep . u . reserved , 0 )
self . assertEquals ( len ( rep . u . error_and_verifier ) , 0 )
2014-03-27 01:42:19 +04:00
# wait for a disconnect
rep = self . recv_pdu ( )
self . assertIsNone ( rep )
self . assertNotConnected ( )
return
rep = self . recv_pdu ( timeout = 0.1 )
self . assertIsNone ( rep )
self . assertIsConnected ( )
# netr_ServerReqChallenge without DCERPC_PFC_FLAG_LAST
# with the same call_id
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 2 ,
2014-03-27 01:42:19 +04:00
pfc_flags = pfc_flags ,
context_id = ctx . context_id ,
opnum = 4 ,
stub = real_stub )
self . send_pdu ( req )
if fault_2nd :
rep = self . recv_pdu ( )
# We get a fault back
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_FAULT , req . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , req . u . context_id )
self . assertEquals ( rep . u . cancel_count , 0 )
2015-10-09 07:51:16 +03:00
self . assertEquals ( rep . u . flags , 0 )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . status , dcerpc . DCERPC_NCA_S_PROTO_ERROR )
2015-10-09 07:51:16 +03:00
self . assertEquals ( rep . u . reserved , 0 )
self . assertEquals ( len ( rep . u . error_and_verifier ) , 0 )
2014-03-27 01:42:19 +04:00
# wait for a disconnect
rep = self . recv_pdu ( )
self . assertIsNone ( rep )
self . assertNotConnected ( )
return
rep = self . recv_pdu ( timeout = 0.1 )
self . assertIsNone ( rep )
self . assertIsConnected ( )
def test_first_only_requests ( self ) :
return self . _test_same_requests ( pfc_flags = dcerpc . DCERPC_PFC_FLAG_FIRST ,
fault_2nd = True )
def test_none_only_requests ( self ) :
return self . _test_same_requests ( pfc_flags = 0 , fault_1st = True )
def test_last_only_requests ( self ) :
return self . _test_same_requests ( pfc_flags = dcerpc . DCERPC_PFC_FLAG_LAST ,
fault_1st = True )
def test_first_maybe_requests ( self ) :
return self . _test_same_requests ( pfc_flags = dcerpc . DCERPC_PFC_FLAG_FIRST |
dcerpc . DCERPC_PFC_FLAG_MAYBE ,
fault_2nd = True )
def test_first_didnot_requests ( self ) :
return self . _test_same_requests ( pfc_flags = dcerpc . DCERPC_PFC_FLAG_FIRST |
dcerpc . DCERPC_PFC_FLAG_DID_NOT_EXECUTE ,
fault_2nd = True )
def test_first_cmpx_requests ( self ) :
return self . _test_same_requests ( pfc_flags = dcerpc . DCERPC_PFC_FLAG_FIRST |
dcerpc . DCERPC_PFC_FLAG_CONC_MPX ,
fault_2nd = True )
def test_first_08_requests ( self ) :
return self . _test_same_requests ( pfc_flags = dcerpc . DCERPC_PFC_FLAG_FIRST |
0x08 ,
fault_2nd = True )
def test_first_cancel_requests ( self ) :
( ctx , rep , real_stub ) = self . _get_netlogon_ctx ( )
# netr_ServerReqChallenge with given flags
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 2 ,
2014-03-27 01:42:19 +04:00
pfc_flags = dcerpc . DCERPC_PFC_FLAG_FIRST |
2018-07-30 09:15:34 +03:00
dcerpc . DCERPC_PFC_FLAG_PENDING_CANCEL ,
2014-03-27 01:42:19 +04:00
context_id = ctx . context_id ,
opnum = 4 ,
stub = real_stub )
self . send_pdu ( req )
rep = self . recv_pdu ( )
# We get a fault back
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_FAULT , req . call_id ,
pfc_flags = dcerpc . DCERPC_PFC_FLAG_FIRST |
dcerpc . DCERPC_PFC_FLAG_LAST |
dcerpc . DCERPC_PFC_FLAG_DID_NOT_EXECUTE ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
2016-09-14 01:27:02 +03:00
self . assertEquals ( rep . u . context_id , 0 )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . cancel_count , 0 )
2015-10-09 07:51:16 +03:00
self . assertEquals ( rep . u . flags , 0 )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . status , dcerpc . DCERPC_FAULT_NO_CALL_ACTIVE )
2015-10-09 07:51:16 +03:00
self . assertEquals ( rep . u . reserved , 0 )
self . assertEquals ( len ( rep . u . error_and_verifier ) , 0 )
2014-03-27 01:42:19 +04:00
# wait for a disconnect
rep = self . recv_pdu ( )
self . assertIsNone ( rep )
self . assertNotConnected ( )
def test_2nd_cancel_requests ( self ) :
( ctx , rep , real_stub ) = self . _get_netlogon_ctx ( )
# netr_ServerReqChallenge with given flags
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 2 ,
2014-03-27 01:42:19 +04:00
pfc_flags = dcerpc . DCERPC_PFC_FLAG_FIRST ,
context_id = ctx . context_id ,
opnum = 4 ,
stub = real_stub )
self . send_pdu ( req )
rep = self . recv_pdu ( timeout = 0.1 )
self . assertIsNone ( rep )
self . assertIsConnected ( )
# netr_ServerReqChallenge with given flags
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 2 ,
2014-03-27 01:42:19 +04:00
pfc_flags = dcerpc . DCERPC_PFC_FLAG_PENDING_CANCEL ,
context_id = ctx . context_id ,
opnum = 4 ,
stub = real_stub )
self . send_pdu ( req )
rep = self . recv_pdu ( timeout = 0.1 )
self . assertIsNone ( rep )
self . assertIsConnected ( )
# netr_ServerReqChallenge with given flags
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 2 ,
2014-03-27 01:42:19 +04:00
pfc_flags = dcerpc . DCERPC_PFC_FLAG_LAST ,
context_id = ctx . context_id ,
opnum = 4 ,
stub = real_stub )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_RESPONSE , req . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , req . u . context_id )
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertGreaterEqual ( len ( rep . u . stub_and_verifier ) , rep . u . alloc_hint )
self . assertEquals ( len ( rep . u . stub_and_verifier ) , 12 )
status = struct . unpack_from ( " <I " , rep . u . stub_and_verifier , len ( rep . u . stub_and_verifier ) - 4 )
self . assertEquals ( status [ 0 ] , 0 )
def test_last_cancel_requests ( self ) :
( ctx , rep , real_stub ) = self . _get_netlogon_ctx ( )
# netr_ServerReqChallenge with given flags
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 2 ,
2014-03-27 01:42:19 +04:00
pfc_flags = dcerpc . DCERPC_PFC_FLAG_FIRST ,
context_id = ctx . context_id ,
opnum = 4 ,
stub = real_stub [ : 4 ] )
self . send_pdu ( req )
rep = self . recv_pdu ( timeout = 0.1 )
self . assertIsNone ( rep )
self . assertIsConnected ( )
# netr_ServerReqChallenge with given flags
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 2 ,
2014-03-27 01:42:19 +04:00
pfc_flags = dcerpc . DCERPC_PFC_FLAG_LAST |
dcerpc . DCERPC_PFC_FLAG_PENDING_CANCEL ,
context_id = ctx . context_id ,
opnum = 4 ,
stub = real_stub [ 4 : ] )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_RESPONSE , req . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , req . u . context_id )
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertGreaterEqual ( len ( rep . u . stub_and_verifier ) , rep . u . alloc_hint )
self . assertEquals ( len ( rep . u . stub_and_verifier ) , 12 )
status = struct . unpack_from ( " <I " , rep . u . stub_and_verifier , len ( rep . u . stub_and_verifier ) - 4 )
self . assertEquals ( status [ 0 ] , 0 )
def test_mix_requests ( self ) :
( ctx , rep , real_stub ) = self . _get_netlogon_ctx ( )
# netr_ServerReqChallenge with given flags
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 50 ,
2014-03-27 01:42:19 +04:00
pfc_flags = dcerpc . DCERPC_PFC_FLAG_FIRST ,
context_id = ctx . context_id ,
opnum = 4 ,
stub = real_stub )
self . send_pdu ( req )
rep = self . recv_pdu ( timeout = 0.1 )
self . assertIsNone ( rep )
self . assertIsConnected ( )
# netr_ServerReqChallenge with given flags
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 51 ,
2014-03-27 01:42:19 +04:00
pfc_flags = dcerpc . DCERPC_PFC_FLAG_FIRST ,
context_id = ctx . context_id ,
opnum = 4 ,
stub = real_stub )
self . send_pdu ( req )
rep = self . recv_pdu ( )
# We get a fault back
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_FAULT , 50 ,
pfc_flags = dcerpc . DCERPC_PFC_FLAG_FIRST |
dcerpc . DCERPC_PFC_FLAG_LAST ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , req . u . context_id )
self . assertEquals ( rep . u . cancel_count , 0 )
2015-10-09 07:51:16 +03:00
self . assertEquals ( rep . u . flags , 0 )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . status , dcerpc . DCERPC_NCA_S_PROTO_ERROR )
2015-10-09 07:51:16 +03:00
self . assertEquals ( rep . u . reserved , 0 )
self . assertEquals ( len ( rep . u . error_and_verifier ) , 0 )
2014-03-27 01:42:19 +04:00
2016-09-12 00:25:49 +03:00
def test_co_cancel_no_request ( self ) :
ndr32 = base . transfer_syntax_ndr ( )
abstract = samba . dcerpc . mgmt . abstract_syntax ( )
ctx = self . prepare_presentation ( abstract , ndr32 , context_id = 0xff )
2018-07-30 09:19:21 +03:00
req = self . generate_co_cancel ( call_id = 3 )
2016-09-12 00:25:49 +03:00
self . send_pdu ( req )
rep = self . recv_pdu ( timeout = 0.01 )
self . assertIsNone ( rep )
self . assertIsConnected ( )
# And now try a request
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 1 ,
2016-09-12 00:25:49 +03:00
context_id = ctx . context_id ,
opnum = 0 ,
2018-05-01 14:24:47 +03:00
stub = b " " )
2016-09-12 00:25:49 +03:00
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_RESPONSE , req . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , req . u . context_id )
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertGreaterEqual ( len ( rep . u . stub_and_verifier ) , rep . u . alloc_hint )
def test_co_cancel_request_after_first ( self ) :
ndr32 = base . transfer_syntax_ndr ( )
abstract = samba . dcerpc . mgmt . abstract_syntax ( )
ctx = self . prepare_presentation ( abstract , ndr32 , context_id = 0xff )
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 1 ,
2016-09-12 00:25:49 +03:00
pfc_flags = dcerpc . DCERPC_PFC_FLAG_FIRST ,
context_id = ctx . context_id ,
opnum = 0 ,
2018-05-01 14:24:47 +03:00
stub = b " " )
2016-09-12 00:25:49 +03:00
self . send_pdu ( req )
rep = self . recv_pdu ( timeout = 0.01 )
self . assertIsNone ( rep )
self . assertIsConnected ( )
2018-07-30 09:19:21 +03:00
req = self . generate_co_cancel ( call_id = 1 )
2016-09-12 00:25:49 +03:00
self . send_pdu ( req )
rep = self . recv_pdu ( timeout = 0.01 )
self . assertIsNone ( rep )
self . assertIsConnected ( )
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 1 ,
2016-09-12 00:25:49 +03:00
pfc_flags = dcerpc . DCERPC_PFC_FLAG_LAST ,
context_id = ctx . context_id ,
opnum = 0 ,
2018-05-01 14:24:47 +03:00
stub = b " " )
2016-09-12 00:25:49 +03:00
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_RESPONSE , req . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , req . u . context_id )
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertGreaterEqual ( len ( rep . u . stub_and_verifier ) , rep . u . alloc_hint )
# And now try a request
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 2 ,
2016-09-12 00:25:49 +03:00
context_id = ctx . context_id ,
opnum = 0 ,
2018-05-01 14:24:47 +03:00
stub = b " " )
2016-09-12 00:25:49 +03:00
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_RESPONSE , req . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , req . u . context_id )
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertGreaterEqual ( len ( rep . u . stub_and_verifier ) , rep . u . alloc_hint )
2016-09-12 00:25:49 +03:00
def test_orphaned_no_request ( self ) :
ndr32 = base . transfer_syntax_ndr ( )
abstract = samba . dcerpc . mgmt . abstract_syntax ( )
ctx = self . prepare_presentation ( abstract , ndr32 )
2018-07-30 09:19:21 +03:00
req = self . generate_orphaned ( call_id = 3 )
2016-09-12 00:25:49 +03:00
self . send_pdu ( req )
rep = self . recv_pdu ( timeout = 0.01 )
self . assertIsNone ( rep )
self . assertIsConnected ( )
# And now try a request
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 1 ,
2016-09-12 00:25:49 +03:00
context_id = ctx . context_id ,
opnum = 0 ,
2018-05-01 14:24:47 +03:00
stub = b " " )
2016-09-12 00:25:49 +03:00
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_RESPONSE , req . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , req . u . context_id & 0xff )
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertGreaterEqual ( len ( rep . u . stub_and_verifier ) , rep . u . alloc_hint )
def test_orphaned_request_after_first_last ( self ) :
ndr32 = base . transfer_syntax_ndr ( )
abstract = samba . dcerpc . mgmt . abstract_syntax ( )
ctx = self . prepare_presentation ( abstract , ndr32 )
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 1 ,
2016-09-12 00:25:49 +03:00
pfc_flags = dcerpc . DCERPC_PFC_FLAG_FIRST ,
context_id = ctx . context_id ,
opnum = 0 ,
2018-05-01 14:24:47 +03:00
stub = b " " )
2016-09-12 00:25:49 +03:00
self . send_pdu ( req )
rep = self . recv_pdu ( timeout = 0.1 )
self . assertIsNone ( rep )
self . assertIsConnected ( )
2018-07-30 09:19:21 +03:00
req = self . generate_orphaned ( call_id = 1 )
2016-09-12 00:25:49 +03:00
self . send_pdu ( req )
rep = self . recv_pdu ( timeout = 0.1 )
self . assertIsNone ( rep )
self . assertIsConnected ( )
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 1 ,
2016-09-12 00:25:49 +03:00
pfc_flags = dcerpc . DCERPC_PFC_FLAG_LAST ,
context_id = ctx . context_id ,
opnum = 0 ,
2018-05-01 14:24:47 +03:00
stub = b " " )
2016-09-12 00:25:49 +03:00
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_RESPONSE , req . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , req . u . context_id & 0xff )
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertGreaterEqual ( len ( rep . u . stub_and_verifier ) , rep . u . alloc_hint )
# And now try a request
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 2 ,
2016-09-12 00:25:49 +03:00
context_id = ctx . context_id ,
opnum = 0 ,
2018-05-01 14:24:47 +03:00
stub = b " " )
2016-09-12 00:25:49 +03:00
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_RESPONSE , req . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , req . u . context_id & 0xff )
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertGreaterEqual ( len ( rep . u . stub_and_verifier ) , rep . u . alloc_hint )
def test_orphaned_request_after_first_mpx_last ( self ) :
ndr32 = base . transfer_syntax_ndr ( )
abstract = samba . dcerpc . mgmt . abstract_syntax ( )
pfc_flags = samba . dcerpc . dcerpc . DCERPC_PFC_FLAG_FIRST
pfc_flags | = samba . dcerpc . dcerpc . DCERPC_PFC_FLAG_LAST
pfc_flags | = samba . dcerpc . dcerpc . DCERPC_PFC_FLAG_CONC_MPX
ctx = self . prepare_presentation ( abstract , ndr32 , pfc_flags = pfc_flags )
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 1 ,
2016-09-12 00:25:49 +03:00
pfc_flags = dcerpc . DCERPC_PFC_FLAG_FIRST ,
context_id = ctx . context_id ,
opnum = 0 ,
2018-05-01 14:24:47 +03:00
stub = b " " )
2016-09-12 00:25:49 +03:00
self . send_pdu ( req )
rep = self . recv_pdu ( timeout = 0.1 )
self . assertIsNone ( rep )
self . assertIsConnected ( )
2018-07-30 09:19:21 +03:00
req = self . generate_orphaned ( call_id = 1 )
2016-09-12 00:25:49 +03:00
self . send_pdu ( req )
rep = self . recv_pdu ( timeout = 0.1 )
self . assertIsNone ( rep )
self . assertIsConnected ( )
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 1 ,
2016-09-12 00:25:49 +03:00
pfc_flags = dcerpc . DCERPC_PFC_FLAG_LAST ,
context_id = ctx . context_id ,
opnum = 0 ,
2018-05-01 14:24:47 +03:00
stub = b " " )
2016-09-12 00:25:49 +03:00
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_RESPONSE , req . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , req . u . context_id & 0xff )
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertGreaterEqual ( len ( rep . u . stub_and_verifier ) , rep . u . alloc_hint )
# And now try a request
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 2 ,
2016-09-12 00:25:49 +03:00
context_id = ctx . context_id ,
opnum = 0 ,
2018-05-01 14:24:47 +03:00
stub = b " " )
2016-09-12 00:25:49 +03:00
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_RESPONSE , req . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , req . u . context_id & 0xff )
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertGreaterEqual ( len ( rep . u . stub_and_verifier ) , rep . u . alloc_hint )
def test_orphaned_request_after_first_no_last ( self ) :
ndr32 = base . transfer_syntax_ndr ( )
abstract = samba . dcerpc . mgmt . abstract_syntax ( )
ctx = self . prepare_presentation ( abstract , ndr32 )
2018-07-30 09:19:21 +03:00
req1 = self . generate_request ( call_id = 1 ,
2018-07-30 09:16:12 +03:00
pfc_flags = dcerpc . DCERPC_PFC_FLAG_FIRST ,
context_id = ctx . context_id ,
opnum = 0 ,
2018-05-01 14:24:47 +03:00
stub = b " " )
2016-09-12 00:25:49 +03:00
self . send_pdu ( req1 )
rep = self . recv_pdu ( timeout = 0.1 )
self . assertIsNone ( rep )
self . assertIsConnected ( )
2018-07-30 09:19:21 +03:00
req = self . generate_orphaned ( call_id = 1 )
2016-09-12 00:25:49 +03:00
self . send_pdu ( req )
rep = self . recv_pdu ( timeout = 0.1 )
self . assertIsNone ( rep )
self . assertIsConnected ( )
# And now try a new request
2018-07-30 09:19:21 +03:00
req2 = self . generate_request ( call_id = 2 ,
2018-07-30 09:16:12 +03:00
context_id = ctx . context_id ,
opnum = 0 ,
2018-05-01 14:24:47 +03:00
stub = b " " )
2016-09-12 00:25:49 +03:00
self . send_pdu ( req2 )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_FAULT , req1 . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , req1 . u . context_id )
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertEquals ( rep . u . flags , 0 )
self . assertEquals ( rep . u . status , dcerpc . DCERPC_NCA_S_PROTO_ERROR )
self . assertEquals ( rep . u . reserved , 0 )
self . assertEquals ( len ( rep . u . error_and_verifier ) , 0 )
# wait for a disconnect
rep = self . recv_pdu ( )
self . assertIsNone ( rep )
self . assertNotConnected ( )
def test_orphaned_request_after_first_mpx_no_last ( self ) :
ndr32 = base . transfer_syntax_ndr ( )
abstract = samba . dcerpc . mgmt . abstract_syntax ( )
pfc_flags = samba . dcerpc . dcerpc . DCERPC_PFC_FLAG_FIRST
pfc_flags | = samba . dcerpc . dcerpc . DCERPC_PFC_FLAG_LAST
pfc_flags | = samba . dcerpc . dcerpc . DCERPC_PFC_FLAG_CONC_MPX
ctx = self . prepare_presentation ( abstract , ndr32 ,
pfc_flags = pfc_flags )
2018-07-30 09:19:21 +03:00
req1 = self . generate_request ( call_id = 1 ,
2018-07-30 09:16:12 +03:00
pfc_flags = dcerpc . DCERPC_PFC_FLAG_FIRST ,
context_id = ctx . context_id ,
opnum = 0 ,
2018-05-01 14:24:47 +03:00
stub = b " " )
2016-09-12 00:25:49 +03:00
self . send_pdu ( req1 )
rep = self . recv_pdu ( timeout = 0.1 )
self . assertIsNone ( rep )
self . assertIsConnected ( )
2018-07-30 09:19:21 +03:00
req = self . generate_orphaned ( call_id = 1 )
2016-09-12 00:25:49 +03:00
self . send_pdu ( req )
rep = self . recv_pdu ( timeout = 0.1 )
self . assertIsNone ( rep )
self . assertIsConnected ( )
# And now try a new request
2018-07-30 09:19:21 +03:00
req2 = self . generate_request ( call_id = 2 ,
2018-07-30 09:18:25 +03:00
context_id = ctx . context_id - 1 ,
2018-07-30 09:16:12 +03:00
opnum = 0 ,
2018-05-01 14:24:47 +03:00
stub = b " " )
2016-09-12 00:25:49 +03:00
self . send_pdu ( req2 )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_FAULT , req2 . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , 0 )
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertEquals ( rep . u . flags , 0 )
self . assertEquals ( rep . u . status , dcerpc . DCERPC_NCA_S_PROTO_ERROR )
self . assertEquals ( rep . u . reserved , 0 )
self . assertEquals ( len ( rep . u . error_and_verifier ) , 0 )
# wait for a disconnect
rep = self . recv_pdu ( )
self . assertIsNone ( rep )
self . assertNotConnected ( )
2014-03-27 01:42:19 +04:00
def test_spnego_connect_request ( self ) :
ndr32 = base . transfer_syntax_ndr ( )
tsf1_list = [ ndr32 ]
ctx1 = dcerpc . ctx_list ( )
ctx1 . context_id = 1
ctx1 . num_transfer_syntaxes = len ( tsf1_list )
ctx1 . abstract_syntax = samba . dcerpc . mgmt . abstract_syntax ( )
ctx1 . transfer_syntaxes = tsf1_list
ctx_list = [ ctx1 ]
2016-09-26 08:46:43 +03:00
c = self . get_anon_creds ( )
2014-03-27 01:42:19 +04:00
g = gensec . Security . start_client ( self . settings )
g . set_credentials ( c )
g . want_feature ( gensec . FEATURE_DCE_STYLE )
auth_type = dcerpc . DCERPC_AUTH_TYPE_SPNEGO
auth_level = dcerpc . DCERPC_AUTH_LEVEL_CONNECT
auth_context_id = 2
g . start_mech_by_authtype ( auth_type , auth_level )
2018-05-01 14:24:47 +03:00
from_server = b " "
2014-03-27 01:42:19 +04:00
( finished , to_server ) = g . update ( from_server )
self . assertFalse ( finished )
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
auth_blob = to_server )
req = self . generate_bind ( call_id = 0 ,
ctx_list = ctx_list ,
auth_info = auth_info )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_BIND_ACK , req . call_id )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertNotEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 4 )
self . assertEquals ( rep . u . secondary_address , " %d " % self . tcp_port )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . num_results , 1 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_ACCEPTANCE )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_NOT_SPECIFIED )
2014-03-27 01:42:19 +04:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , ndr32 )
self . assertNotEquals ( len ( rep . u . auth_info ) , 0 )
a = self . parse_auth ( rep . u . auth_info )
from_server = a . credentials
( finished , to_server ) = g . update ( from_server )
self . assertFalse ( finished )
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
auth_blob = to_server )
req = self . generate_alter ( call_id = 0 ,
ctx_list = ctx_list ,
assoc_group_id = rep . u . assoc_group_id ,
auth_info = auth_info )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_ALTER_RESP , req . call_id )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 0 )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . num_results , 1 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_ACCEPTANCE )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_NOT_SPECIFIED )
2014-03-27 01:42:19 +04:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , ndr32 )
self . assertNotEquals ( len ( rep . u . auth_info ) , 0 )
a = self . parse_auth ( rep . u . auth_info )
from_server = a . credentials
( finished , to_server ) = g . update ( from_server )
self . assertTrue ( finished )
# And now try a request without auth_info
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 2 ,
2014-03-27 01:42:19 +04:00
context_id = ctx1 . context_id ,
opnum = 0 ,
2018-05-01 14:24:47 +03:00
stub = b " " )
2014-03-27 01:42:19 +04:00
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_RESPONSE , req . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
2016-09-14 01:27:02 +03:00
self . assertEquals ( rep . u . context_id , req . u . context_id & 0xff )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertGreaterEqual ( len ( rep . u . stub_and_verifier ) , rep . u . alloc_hint )
# Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
2018-05-01 14:24:47 +03:00
auth_blob = b " \x01 " + b " \x00 " * 15 )
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 3 ,
2014-03-27 01:42:19 +04:00
context_id = ctx1 . context_id ,
opnum = 0 ,
2018-05-01 14:24:47 +03:00
stub = b " " ,
2014-03-27 01:42:19 +04:00
auth_info = auth_info )
self . send_pdu ( req )
rep = self . recv_pdu ( )
# We don't get an auth_info back
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_RESPONSE , req . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
2016-09-14 01:27:02 +03:00
self . assertEquals ( rep . u . context_id , req . u . context_id & 0xff )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertGreaterEqual ( len ( rep . u . stub_and_verifier ) , rep . u . alloc_hint )
# Now a request with auth_info DCERPC_AUTH_LEVEL_INTEGRITY
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = dcerpc . DCERPC_AUTH_LEVEL_INTEGRITY ,
auth_context_id = auth_context_id ,
2018-05-01 14:24:47 +03:00
auth_blob = b " \x01 " + b " \x00 " * 15 )
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 4 ,
2014-03-27 01:42:19 +04:00
context_id = ctx1 . context_id ,
opnum = 0 ,
2018-05-01 14:24:47 +03:00
stub = b " " ,
2014-03-27 01:42:19 +04:00
auth_info = auth_info )
self . send_pdu ( req )
rep = self . recv_pdu ( )
# We get a fault back
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_FAULT , req . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , req . u . context_id )
self . assertEquals ( rep . u . cancel_count , 0 )
2015-10-09 07:51:16 +03:00
self . assertEquals ( rep . u . flags , 0 )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . status , dcerpc . DCERPC_FAULT_ACCESS_DENIED )
2015-10-09 07:51:16 +03:00
self . assertEquals ( rep . u . reserved , 0 )
self . assertEquals ( len ( rep . u . error_and_verifier ) , 0 )
2014-03-27 01:42:19 +04:00
# wait for a disconnect
rep = self . recv_pdu ( )
self . assertIsNone ( rep )
self . assertNotConnected ( )
def test_spnego_integrity_request ( self ) :
ndr32 = base . transfer_syntax_ndr ( )
tsf1_list = [ ndr32 ]
ctx1 = dcerpc . ctx_list ( )
ctx1 . context_id = 1
ctx1 . num_transfer_syntaxes = len ( tsf1_list )
ctx1 . abstract_syntax = samba . dcerpc . mgmt . abstract_syntax ( )
ctx1 . transfer_syntaxes = tsf1_list
ctx_list = [ ctx1 ]
2016-09-26 08:46:43 +03:00
c = self . get_anon_creds ( )
2014-03-27 01:42:19 +04:00
g = gensec . Security . start_client ( self . settings )
g . set_credentials ( c )
g . want_feature ( gensec . FEATURE_DCE_STYLE )
auth_type = dcerpc . DCERPC_AUTH_TYPE_SPNEGO
auth_level = dcerpc . DCERPC_AUTH_LEVEL_INTEGRITY
auth_context_id = 2
g . start_mech_by_authtype ( auth_type , auth_level )
2018-05-01 14:24:47 +03:00
from_server = b " "
2014-03-27 01:42:19 +04:00
( finished , to_server ) = g . update ( from_server )
self . assertFalse ( finished )
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
auth_blob = to_server )
req = self . generate_bind ( call_id = 0 ,
ctx_list = ctx_list ,
auth_info = auth_info )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_BIND_ACK , req . call_id )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertNotEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 4 )
self . assertEquals ( rep . u . secondary_address , " %d " % self . tcp_port )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . num_results , 1 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_ACCEPTANCE )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_NOT_SPECIFIED )
2014-03-27 01:42:19 +04:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , ndr32 )
self . assertNotEquals ( len ( rep . u . auth_info ) , 0 )
a = self . parse_auth ( rep . u . auth_info )
from_server = a . credentials
( finished , to_server ) = g . update ( from_server )
self . assertFalse ( finished )
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
auth_blob = to_server )
req = self . generate_alter ( call_id = 0 ,
ctx_list = ctx_list ,
assoc_group_id = rep . u . assoc_group_id ,
auth_info = auth_info )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_ALTER_RESP , req . call_id )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 0 )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . num_results , 1 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_ACCEPTANCE )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_NOT_SPECIFIED )
2014-03-27 01:42:19 +04:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , ndr32 )
self . assertNotEquals ( len ( rep . u . auth_info ) , 0 )
a = self . parse_auth ( rep . u . auth_info )
from_server = a . credentials
( finished , to_server ) = g . update ( from_server )
self . assertTrue ( finished )
# Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = dcerpc . DCERPC_AUTH_LEVEL_CONNECT ,
auth_context_id = auth_context_id ,
2018-05-01 14:24:47 +03:00
auth_blob = b " \x01 " + b " \x00 " * 15 )
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 3 ,
2014-03-27 01:42:19 +04:00
context_id = ctx1 . context_id ,
opnum = 0 ,
2018-05-01 14:24:47 +03:00
stub = b " " ,
2014-03-27 01:42:19 +04:00
auth_info = auth_info )
self . send_pdu ( req )
rep = self . recv_pdu ( )
# We get a fault back
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_FAULT , req . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , req . u . context_id )
self . assertEquals ( rep . u . cancel_count , 0 )
2015-10-09 07:51:16 +03:00
self . assertEquals ( rep . u . flags , 0 )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . status , dcerpc . DCERPC_FAULT_ACCESS_DENIED )
2015-10-09 07:51:16 +03:00
self . assertEquals ( rep . u . reserved , 0 )
self . assertEquals ( len ( rep . u . error_and_verifier ) , 0 )
2014-03-27 01:42:19 +04:00
# wait for a disconnect
rep = self . recv_pdu ( )
self . assertIsNone ( rep )
self . assertNotConnected ( )
def test_spnego_unfinished_request ( self ) :
ndr32 = base . transfer_syntax_ndr ( )
tsf1_list = [ ndr32 ]
ctx1 = dcerpc . ctx_list ( )
ctx1 . context_id = 1
ctx1 . num_transfer_syntaxes = len ( tsf1_list )
ctx1 . abstract_syntax = samba . dcerpc . mgmt . abstract_syntax ( )
ctx1 . transfer_syntaxes = tsf1_list
ctx_list = [ ctx1 ]
2016-09-26 08:46:43 +03:00
c = self . get_anon_creds ( )
2014-03-27 01:42:19 +04:00
g = gensec . Security . start_client ( self . settings )
g . set_credentials ( c )
g . want_feature ( gensec . FEATURE_DCE_STYLE )
auth_type = dcerpc . DCERPC_AUTH_TYPE_SPNEGO
auth_level = dcerpc . DCERPC_AUTH_LEVEL_CONNECT
auth_context_id = 2
g . start_mech_by_authtype ( auth_type , auth_level )
2018-05-01 14:24:47 +03:00
from_server = b " "
2014-03-27 01:42:19 +04:00
( finished , to_server ) = g . update ( from_server )
self . assertFalse ( finished )
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
auth_blob = to_server )
req = self . generate_bind ( call_id = 0 ,
ctx_list = ctx_list ,
auth_info = auth_info )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_BIND_ACK , req . call_id )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertNotEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
assoc_group_id = rep . u . assoc_group_id
self . assertEquals ( rep . u . secondary_address_size , 4 )
self . assertEquals ( rep . u . secondary_address , " %d " % self . tcp_port )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . num_results , 1 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_ACCEPTANCE )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_NOT_SPECIFIED )
2014-03-27 01:42:19 +04:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , ndr32 )
self . assertNotEquals ( len ( rep . u . auth_info ) , 0 )
a = self . parse_auth ( rep . u . auth_info )
from_server = a . credentials
( finished , to_server ) = g . update ( from_server )
self . assertFalse ( finished )
# Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
2018-05-01 14:24:47 +03:00
auth_blob = b " \x01 " + b " \x00 " * 15 )
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 1 ,
2014-03-27 01:42:19 +04:00
context_id = ctx1 . context_id ,
opnum = 0 ,
2018-05-01 14:24:47 +03:00
stub = b " " ,
2014-03-27 01:42:19 +04:00
auth_info = auth_info )
self . send_pdu ( req )
rep = self . recv_pdu ( )
# We get a fault
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_FAULT , req . call_id ,
pfc_flags = req . pfc_flags |
dcerpc . DCERPC_PFC_FLAG_DID_NOT_EXECUTE ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , 0 )
self . assertEquals ( rep . u . cancel_count , 0 )
2015-10-09 07:51:16 +03:00
self . assertEquals ( rep . u . flags , 0 )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . status , dcerpc . DCERPC_NCA_S_PROTO_ERROR )
2015-10-09 07:51:16 +03:00
self . assertEquals ( rep . u . reserved , 0 )
self . assertEquals ( len ( rep . u . error_and_verifier ) , 0 )
2014-03-27 01:42:19 +04:00
# wait for a disconnect
rep = self . recv_pdu ( )
self . assertIsNone ( rep )
self . assertNotConnected ( )
def test_spnego_auth3 ( self ) :
ndr32 = base . transfer_syntax_ndr ( )
tsf1_list = [ ndr32 ]
ctx1 = dcerpc . ctx_list ( )
ctx1 . context_id = 1
ctx1 . num_transfer_syntaxes = len ( tsf1_list )
ctx1 . abstract_syntax = samba . dcerpc . mgmt . abstract_syntax ( )
ctx1 . transfer_syntaxes = tsf1_list
ctx_list = [ ctx1 ]
2016-09-26 08:46:43 +03:00
c = self . get_anon_creds ( )
2014-03-27 01:42:19 +04:00
g = gensec . Security . start_client ( self . settings )
g . set_credentials ( c )
g . want_feature ( gensec . FEATURE_DCE_STYLE )
auth_type = dcerpc . DCERPC_AUTH_TYPE_SPNEGO
auth_level = dcerpc . DCERPC_AUTH_LEVEL_CONNECT
auth_context_id = 2
g . start_mech_by_authtype ( auth_type , auth_level )
2018-05-01 14:24:47 +03:00
from_server = b " "
2014-03-27 01:42:19 +04:00
( finished , to_server ) = g . update ( from_server )
self . assertFalse ( finished )
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
auth_blob = to_server )
req = self . generate_bind ( call_id = 0 ,
ctx_list = ctx_list ,
auth_info = auth_info )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_BIND_ACK , req . call_id )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertNotEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 4 )
self . assertEquals ( rep . u . secondary_address , " %d " % self . tcp_port )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . num_results , 1 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_ACCEPTANCE )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_NOT_SPECIFIED )
2014-03-27 01:42:19 +04:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , ndr32 )
self . assertNotEquals ( len ( rep . u . auth_info ) , 0 )
a = self . parse_auth ( rep . u . auth_info )
from_server = a . credentials
( finished , to_server ) = g . update ( from_server )
self . assertFalse ( finished )
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
auth_blob = to_server )
req = self . generate_auth3 ( call_id = 0 ,
auth_info = auth_info )
self . send_pdu ( req )
2018-11-21 13:49:40 +03:00
rep = self . recv_pdu ( timeout = 0.01 )
2014-03-27 01:42:19 +04:00
self . assertIsNone ( rep )
self . assertIsConnected ( )
# And now try a request without auth_info
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 2 ,
2014-03-27 01:42:19 +04:00
context_id = ctx1 . context_id ,
opnum = 0 ,
2018-05-01 14:24:47 +03:00
stub = b " " )
2014-03-27 01:42:19 +04:00
self . send_pdu ( req )
rep = self . recv_pdu ( )
# We get a fault back
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_FAULT , req . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , req . u . context_id )
self . assertEquals ( rep . u . cancel_count , 0 )
2015-10-09 07:51:16 +03:00
self . assertEquals ( rep . u . flags , 0 )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . status , dcerpc . DCERPC_FAULT_ACCESS_DENIED )
2015-10-09 07:51:16 +03:00
self . assertEquals ( rep . u . reserved , 0 )
self . assertEquals ( len ( rep . u . error_and_verifier ) , 0 )
2014-03-27 01:42:19 +04:00
# wait for a disconnect
rep = self . recv_pdu ( )
self . assertIsNone ( rep )
self . assertNotConnected ( )
def test_spnego_connect_reauth_alter ( self ) :
ndr32 = base . transfer_syntax_ndr ( )
ndr64 = base . transfer_syntax_ndr64 ( )
tsf1_list = [ ndr32 ]
ctx1 = dcerpc . ctx_list ( )
ctx1 . context_id = 1
ctx1 . num_transfer_syntaxes = len ( tsf1_list )
ctx1 . abstract_syntax = samba . dcerpc . mgmt . abstract_syntax ( )
ctx1 . transfer_syntaxes = tsf1_list
ctx_list = [ ctx1 ]
2016-09-26 08:46:43 +03:00
c = self . get_anon_creds ( )
2014-03-27 01:42:19 +04:00
g = gensec . Security . start_client ( self . settings )
g . set_credentials ( c )
g . want_feature ( gensec . FEATURE_DCE_STYLE )
auth_type = dcerpc . DCERPC_AUTH_TYPE_SPNEGO
auth_level = dcerpc . DCERPC_AUTH_LEVEL_CONNECT
auth_context_id = 2
g . start_mech_by_authtype ( auth_type , auth_level )
2018-05-01 14:24:47 +03:00
from_server = b " "
2014-03-27 01:42:19 +04:00
( finished , to_server ) = g . update ( from_server )
self . assertFalse ( finished )
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
auth_blob = to_server )
req = self . generate_bind ( call_id = 0 ,
ctx_list = ctx_list ,
auth_info = auth_info )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_BIND_ACK , req . call_id )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertNotEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 4 )
self . assertEquals ( rep . u . secondary_address , " %d " % self . tcp_port )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . num_results , 1 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_ACCEPTANCE )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_NOT_SPECIFIED )
2014-03-27 01:42:19 +04:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , ndr32 )
self . assertNotEquals ( len ( rep . u . auth_info ) , 0 )
a = self . parse_auth ( rep . u . auth_info )
from_server = a . credentials
( finished , to_server ) = g . update ( from_server )
self . assertFalse ( finished )
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
auth_blob = to_server )
req = self . generate_alter ( call_id = 0 ,
ctx_list = [ ctx1 ] ,
assoc_group_id = rep . u . assoc_group_id ,
auth_info = auth_info )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_ALTER_RESP , req . call_id )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 0 )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . num_results , 1 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_ACCEPTANCE )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_NOT_SPECIFIED )
2014-03-27 01:42:19 +04:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , ndr32 )
self . assertNotEquals ( len ( rep . u . auth_info ) , 0 )
a = self . parse_auth ( rep . u . auth_info )
from_server = a . credentials
( finished , to_server ) = g . update ( from_server )
self . assertTrue ( finished )
# And now try a request without auth_info
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 2 ,
2014-03-27 01:42:19 +04:00
context_id = ctx1 . context_id ,
opnum = 0 ,
2018-05-01 14:24:47 +03:00
stub = b " " )
2014-03-27 01:42:19 +04:00
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_RESPONSE , req . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
2016-09-14 01:27:02 +03:00
self . assertEquals ( rep . u . context_id , req . u . context_id & 0xff )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertGreaterEqual ( len ( rep . u . stub_and_verifier ) , rep . u . alloc_hint )
# Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
2018-05-01 14:24:47 +03:00
auth_blob = b " \x01 " + b " \x00 " * 15 )
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 3 ,
2014-03-27 01:42:19 +04:00
context_id = ctx1 . context_id ,
opnum = 0 ,
2018-05-01 14:24:47 +03:00
stub = b " " ,
2014-03-27 01:42:19 +04:00
auth_info = auth_info )
self . send_pdu ( req )
rep = self . recv_pdu ( )
# We don't get an auth_info back
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_RESPONSE , req . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , req . u . context_id )
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertGreaterEqual ( len ( rep . u . stub_and_verifier ) , rep . u . alloc_hint )
# Now a reauth
g = gensec . Security . start_client ( self . settings )
g . set_credentials ( c )
g . want_feature ( gensec . FEATURE_DCE_STYLE )
auth_type = dcerpc . DCERPC_AUTH_TYPE_SPNEGO
auth_level = dcerpc . DCERPC_AUTH_LEVEL_CONNECT
auth_context_id = 2
g . start_mech_by_authtype ( auth_type , auth_level )
2018-05-01 14:24:47 +03:00
from_server = b " "
2014-03-27 01:42:19 +04:00
( finished , to_server ) = g . update ( from_server )
self . assertFalse ( finished )
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
auth_blob = to_server )
req = self . generate_alter ( call_id = 0 ,
ctx_list = ctx_list ,
auth_info = auth_info )
self . send_pdu ( req )
rep = self . recv_pdu ( )
# We get a fault
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_FAULT , req . call_id ,
pfc_flags = req . pfc_flags |
dcerpc . DCERPC_PFC_FLAG_DID_NOT_EXECUTE ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , 0 )
self . assertEquals ( rep . u . cancel_count , 0 )
2015-10-09 07:51:16 +03:00
self . assertEquals ( rep . u . flags , 0 )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . status , dcerpc . DCERPC_FAULT_ACCESS_DENIED )
2015-10-09 07:51:16 +03:00
self . assertEquals ( rep . u . reserved , 0 )
self . assertEquals ( len ( rep . u . error_and_verifier ) , 0 )
2014-03-27 01:42:19 +04:00
# wait for a disconnect
rep = self . recv_pdu ( )
self . assertIsNone ( rep )
self . assertNotConnected ( )
def test_spnego_connect_reauth_auth3 ( self ) :
ndr32 = base . transfer_syntax_ndr ( )
ndr64 = base . transfer_syntax_ndr64 ( )
tsf1_list = [ ndr32 ]
ctx1 = dcerpc . ctx_list ( )
ctx1 . context_id = 1
ctx1 . num_transfer_syntaxes = len ( tsf1_list )
ctx1 . abstract_syntax = samba . dcerpc . mgmt . abstract_syntax ( )
ctx1 . transfer_syntaxes = tsf1_list
ctx_list = [ ctx1 ]
2016-09-26 08:46:43 +03:00
c = self . get_anon_creds ( )
2014-03-27 01:42:19 +04:00
g = gensec . Security . start_client ( self . settings )
g . set_credentials ( c )
g . want_feature ( gensec . FEATURE_DCE_STYLE )
auth_type = dcerpc . DCERPC_AUTH_TYPE_SPNEGO
auth_level = dcerpc . DCERPC_AUTH_LEVEL_CONNECT
auth_context_id = 2
g . start_mech_by_authtype ( auth_type , auth_level )
2018-05-01 14:24:47 +03:00
from_server = b " "
2014-03-27 01:42:19 +04:00
( finished , to_server ) = g . update ( from_server )
self . assertFalse ( finished )
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
auth_blob = to_server )
req = self . generate_bind ( call_id = 0 ,
ctx_list = ctx_list ,
auth_info = auth_info )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_BIND_ACK , req . call_id )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertNotEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 4 )
self . assertEquals ( rep . u . secondary_address , " %d " % self . tcp_port )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . num_results , 1 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_ACCEPTANCE )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_NOT_SPECIFIED )
2014-03-27 01:42:19 +04:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , ndr32 )
self . assertNotEquals ( len ( rep . u . auth_info ) , 0 )
a = self . parse_auth ( rep . u . auth_info )
from_server = a . credentials
( finished , to_server ) = g . update ( from_server )
self . assertFalse ( finished )
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
auth_blob = to_server )
req = self . generate_alter ( call_id = 0 ,
ctx_list = [ ctx1 ] ,
assoc_group_id = rep . u . assoc_group_id ,
auth_info = auth_info )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_ALTER_RESP , req . call_id )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 0 )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . num_results , 1 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_ACCEPTANCE )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_NOT_SPECIFIED )
2014-03-27 01:42:19 +04:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , ndr32 )
self . assertNotEquals ( len ( rep . u . auth_info ) , 0 )
a = self . parse_auth ( rep . u . auth_info )
from_server = a . credentials
( finished , to_server ) = g . update ( from_server )
self . assertTrue ( finished )
# And now try a request without auth_info
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 2 ,
2014-03-27 01:42:19 +04:00
context_id = ctx1 . context_id ,
opnum = 0 ,
2018-05-01 14:24:47 +03:00
stub = b " " )
2014-03-27 01:42:19 +04:00
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_RESPONSE , req . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , req . u . context_id )
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertGreaterEqual ( len ( rep . u . stub_and_verifier ) , rep . u . alloc_hint )
# Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
2018-05-01 14:24:47 +03:00
auth_blob = b " \x01 " + b " \x00 " * 15 )
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 3 ,
2014-03-27 01:42:19 +04:00
context_id = ctx1 . context_id ,
opnum = 0 ,
2018-05-01 14:24:47 +03:00
stub = b " " ,
2014-03-27 01:42:19 +04:00
auth_info = auth_info )
self . send_pdu ( req )
rep = self . recv_pdu ( )
# We don't get an auth_info back
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_RESPONSE , req . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , req . u . context_id )
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertGreaterEqual ( len ( rep . u . stub_and_verifier ) , rep . u . alloc_hint )
# Now a reauth
g = gensec . Security . start_client ( self . settings )
g . set_credentials ( c )
g . want_feature ( gensec . FEATURE_DCE_STYLE )
auth_type = dcerpc . DCERPC_AUTH_TYPE_SPNEGO
auth_level = dcerpc . DCERPC_AUTH_LEVEL_CONNECT
auth_context_id = 2
g . start_mech_by_authtype ( auth_type , auth_level )
2018-05-01 14:24:47 +03:00
from_server = b " "
2014-03-27 01:42:19 +04:00
( finished , to_server ) = g . update ( from_server )
self . assertFalse ( finished )
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
auth_blob = to_server )
req = self . generate_auth3 ( call_id = 0 ,
auth_info = auth_info )
self . send_pdu ( req )
rep = self . recv_pdu ( )
# We get a fault
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_FAULT , req . call_id ,
pfc_flags = req . pfc_flags |
dcerpc . DCERPC_PFC_FLAG_DID_NOT_EXECUTE ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , 0 )
self . assertEquals ( rep . u . cancel_count , 0 )
2015-10-09 07:51:16 +03:00
self . assertEquals ( rep . u . flags , 0 )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . status , dcerpc . DCERPC_NCA_S_PROTO_ERROR )
2015-10-09 07:51:16 +03:00
self . assertEquals ( rep . u . reserved , 0 )
self . assertEquals ( len ( rep . u . error_and_verifier ) , 0 )
2014-03-27 01:42:19 +04:00
# wait for a disconnect
rep = self . recv_pdu ( )
self . assertIsNone ( rep )
self . assertNotConnected ( )
def test_spnego_change_auth_level ( self ) :
ndr32 = base . transfer_syntax_ndr ( )
tsf1_list = [ ndr32 ]
ctx1 = dcerpc . ctx_list ( )
ctx1 . context_id = 1
ctx1 . num_transfer_syntaxes = len ( tsf1_list )
ctx1 . abstract_syntax = samba . dcerpc . mgmt . abstract_syntax ( )
ctx1 . transfer_syntaxes = tsf1_list
2016-09-26 08:46:43 +03:00
c = self . get_anon_creds ( )
2014-03-27 01:42:19 +04:00
g = gensec . Security . start_client ( self . settings )
g . set_credentials ( c )
g . want_feature ( gensec . FEATURE_DCE_STYLE )
auth_type = dcerpc . DCERPC_AUTH_TYPE_SPNEGO
auth_level = dcerpc . DCERPC_AUTH_LEVEL_INTEGRITY
auth_context_id = 2
g . start_mech_by_authtype ( auth_type , auth_level )
2018-05-01 14:24:47 +03:00
from_server = b " "
2014-03-27 01:42:19 +04:00
( finished , to_server ) = g . update ( from_server )
self . assertFalse ( finished )
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
auth_blob = to_server )
req = self . generate_bind ( call_id = 0 ,
ctx_list = [ ctx1 ] ,
auth_info = auth_info )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_BIND_ACK , req . call_id )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertNotEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 4 )
self . assertEquals ( rep . u . secondary_address , " %d " % self . tcp_port )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . num_results , 1 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_ACCEPTANCE )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_NOT_SPECIFIED )
2014-03-27 01:42:19 +04:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , ndr32 )
self . assertNotEquals ( len ( rep . u . auth_info ) , 0 )
a = self . parse_auth ( rep . u . auth_info )
from_server = a . credentials
( finished , to_server ) = g . update ( from_server )
self . assertFalse ( finished )
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = dcerpc . DCERPC_AUTH_LEVEL_PRIVACY ,
auth_context_id = auth_context_id ,
auth_blob = to_server )
req = self . generate_alter ( call_id = 0 ,
ctx_list = [ ctx1 ] ,
assoc_group_id = rep . u . assoc_group_id ,
auth_info = auth_info )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_FAULT , req . call_id ,
pfc_flags = req . pfc_flags |
dcerpc . DCERPC_PFC_FLAG_DID_NOT_EXECUTE ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , 0 )
self . assertEquals ( rep . u . cancel_count , 0 )
2015-10-09 07:51:16 +03:00
self . assertEquals ( rep . u . flags , 0 )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . status , dcerpc . DCERPC_FAULT_ACCESS_DENIED )
2015-10-09 07:51:16 +03:00
self . assertEquals ( rep . u . reserved , 0 )
self . assertEquals ( len ( rep . u . error_and_verifier ) , 0 )
2014-03-27 01:42:19 +04:00
# wait for a disconnect
rep = self . recv_pdu ( )
self . assertIsNone ( rep )
self . assertNotConnected ( )
def test_spnego_change_abstract ( self ) :
ndr32 = base . transfer_syntax_ndr ( )
tsf1_list = [ ndr32 ]
ctx1 = dcerpc . ctx_list ( )
ctx1 . context_id = 1
ctx1 . num_transfer_syntaxes = len ( tsf1_list )
ctx1 . abstract_syntax = samba . dcerpc . mgmt . abstract_syntax ( )
ctx1 . transfer_syntaxes = tsf1_list
ctx1b = dcerpc . ctx_list ( )
ctx1b . context_id = 1
ctx1b . num_transfer_syntaxes = len ( tsf1_list )
ctx1b . abstract_syntax = samba . dcerpc . epmapper . abstract_syntax ( )
ctx1b . transfer_syntaxes = tsf1_list
2016-09-26 08:46:43 +03:00
c = self . get_anon_creds ( )
2014-03-27 01:42:19 +04:00
g = gensec . Security . start_client ( self . settings )
g . set_credentials ( c )
g . want_feature ( gensec . FEATURE_DCE_STYLE )
auth_type = dcerpc . DCERPC_AUTH_TYPE_SPNEGO
auth_level = dcerpc . DCERPC_AUTH_LEVEL_INTEGRITY
auth_context_id = 2
g . start_mech_by_authtype ( auth_type , auth_level )
2018-05-01 14:24:47 +03:00
from_server = b " "
2014-03-27 01:42:19 +04:00
( finished , to_server ) = g . update ( from_server )
self . assertFalse ( finished )
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
auth_blob = to_server )
req = self . generate_bind ( call_id = 0 ,
ctx_list = [ ctx1 ] ,
auth_info = auth_info )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_BIND_ACK , req . call_id )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertNotEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 4 )
self . assertEquals ( rep . u . secondary_address , " %d " % self . tcp_port )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . num_results , 1 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_ACCEPTANCE )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_NOT_SPECIFIED )
2014-03-27 01:42:19 +04:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , ndr32 )
self . assertNotEquals ( len ( rep . u . auth_info ) , 0 )
a = self . parse_auth ( rep . u . auth_info )
from_server = a . credentials
( finished , to_server ) = g . update ( from_server )
self . assertFalse ( finished )
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = dcerpc . DCERPC_AUTH_LEVEL_PRIVACY ,
auth_context_id = auth_context_id ,
auth_blob = to_server )
req = self . generate_alter ( call_id = 0 ,
ctx_list = [ ctx1b ] ,
assoc_group_id = rep . u . assoc_group_id ,
auth_info = auth_info )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_FAULT , req . call_id ,
pfc_flags = req . pfc_flags |
dcerpc . DCERPC_PFC_FLAG_DID_NOT_EXECUTE ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , 0 )
self . assertEquals ( rep . u . cancel_count , 0 )
2015-10-09 07:51:16 +03:00
self . assertEquals ( rep . u . flags , 0 )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . status , dcerpc . DCERPC_NCA_S_PROTO_ERROR )
2015-10-09 07:51:16 +03:00
self . assertEquals ( rep . u . reserved , 0 )
self . assertEquals ( len ( rep . u . error_and_verifier ) , 0 )
2014-03-27 01:42:19 +04:00
# wait for a disconnect
rep = self . recv_pdu ( )
self . assertIsNone ( rep )
self . assertNotConnected ( )
def test_spnego_change_transfer ( self ) :
ndr32 = base . transfer_syntax_ndr ( )
ndr64 = base . transfer_syntax_ndr64 ( )
tsf1_list = [ ndr32 ]
ctx1 = dcerpc . ctx_list ( )
ctx1 . context_id = 1
ctx1 . num_transfer_syntaxes = len ( tsf1_list )
ctx1 . abstract_syntax = samba . dcerpc . mgmt . abstract_syntax ( )
ctx1 . transfer_syntaxes = tsf1_list
2018-07-30 09:19:05 +03:00
tsf1b_list = [ ndr32 , ndr64 ]
2014-03-27 01:42:19 +04:00
ctx1b = dcerpc . ctx_list ( )
ctx1b . context_id = 1
ctx1b . num_transfer_syntaxes = len ( tsf1b_list )
ctx1b . abstract_syntax = samba . dcerpc . mgmt . abstract_syntax ( )
ctx1b . transfer_syntaxes = tsf1b_list
2016-09-26 08:46:43 +03:00
c = self . get_anon_creds ( )
2014-03-27 01:42:19 +04:00
g = gensec . Security . start_client ( self . settings )
g . set_credentials ( c )
g . want_feature ( gensec . FEATURE_DCE_STYLE )
auth_type = dcerpc . DCERPC_AUTH_TYPE_SPNEGO
auth_level = dcerpc . DCERPC_AUTH_LEVEL_INTEGRITY
auth_context_id = 2
g . start_mech_by_authtype ( auth_type , auth_level )
2018-05-01 14:24:47 +03:00
from_server = b " "
2014-03-27 01:42:19 +04:00
( finished , to_server ) = g . update ( from_server )
self . assertFalse ( finished )
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
auth_blob = to_server )
req = self . generate_bind ( call_id = 0 ,
ctx_list = [ ctx1 ] ,
auth_info = auth_info )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_BIND_ACK , req . call_id )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertNotEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 4 )
self . assertEquals ( rep . u . secondary_address , " %d " % self . tcp_port )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . num_results , 1 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_ACCEPTANCE )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_NOT_SPECIFIED )
2014-03-27 01:42:19 +04:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , ndr32 )
self . assertNotEquals ( len ( rep . u . auth_info ) , 0 )
a = self . parse_auth ( rep . u . auth_info )
from_server = a . credentials
( finished , to_server ) = g . update ( from_server )
self . assertFalse ( finished )
# We change ctx_list and auth_level
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = dcerpc . DCERPC_AUTH_LEVEL_PRIVACY ,
auth_context_id = auth_context_id ,
auth_blob = to_server )
req = self . generate_alter ( call_id = 0 ,
ctx_list = [ ctx1b ] ,
assoc_group_id = rep . u . assoc_group_id ,
auth_info = auth_info )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_FAULT , req . call_id ,
pfc_flags = req . pfc_flags |
dcerpc . DCERPC_PFC_FLAG_DID_NOT_EXECUTE ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , 0 )
self . assertEquals ( rep . u . cancel_count , 0 )
2015-10-09 07:51:16 +03:00
self . assertEquals ( rep . u . flags , 0 )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . status , dcerpc . DCERPC_NCA_S_PROTO_ERROR )
2015-10-09 07:51:16 +03:00
self . assertEquals ( rep . u . reserved , 0 )
self . assertEquals ( len ( rep . u . error_and_verifier ) , 0 )
2014-03-27 01:42:19 +04:00
# wait for a disconnect
rep = self . recv_pdu ( )
self . assertIsNone ( rep )
self . assertNotConnected ( )
def test_spnego_change_auth_type1 ( self ) :
ndr32 = base . transfer_syntax_ndr ( )
ndr64 = base . transfer_syntax_ndr64 ( )
tsf1_list = [ ndr32 ]
ctx1 = dcerpc . ctx_list ( )
ctx1 . context_id = 1
ctx1 . num_transfer_syntaxes = len ( tsf1_list )
ctx1 . abstract_syntax = samba . dcerpc . mgmt . abstract_syntax ( )
ctx1 . transfer_syntaxes = tsf1_list
2016-09-26 08:46:43 +03:00
c = self . get_anon_creds ( )
2014-03-27 01:42:19 +04:00
g = gensec . Security . start_client ( self . settings )
g . set_credentials ( c )
g . want_feature ( gensec . FEATURE_DCE_STYLE )
auth_type = dcerpc . DCERPC_AUTH_TYPE_SPNEGO
auth_level = dcerpc . DCERPC_AUTH_LEVEL_INTEGRITY
auth_context_id = 2
g . start_mech_by_authtype ( auth_type , auth_level )
2018-05-01 14:24:47 +03:00
from_server = b " "
2014-03-27 01:42:19 +04:00
( finished , to_server ) = g . update ( from_server )
self . assertFalse ( finished )
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
auth_blob = to_server )
req = self . generate_bind ( call_id = 0 ,
ctx_list = [ ctx1 ] ,
auth_info = auth_info )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_BIND_ACK , req . call_id )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertNotEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 4 )
self . assertEquals ( rep . u . secondary_address , " %d " % self . tcp_port )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . num_results , 1 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_ACCEPTANCE )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_NOT_SPECIFIED )
2014-03-27 01:42:19 +04:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , ndr32 )
self . assertNotEquals ( len ( rep . u . auth_info ) , 0 )
a = self . parse_auth ( rep . u . auth_info )
from_server = a . credentials
( finished , to_server ) = g . update ( from_server )
self . assertFalse ( finished )
# We change ctx_list and auth_level
auth_info = self . generate_auth ( auth_type = dcerpc . DCERPC_AUTH_TYPE_KRB5 ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
auth_blob = to_server )
req = self . generate_alter ( call_id = 0 ,
ctx_list = [ ctx1 ] ,
assoc_group_id = rep . u . assoc_group_id ,
auth_info = auth_info )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_FAULT , req . call_id ,
pfc_flags = req . pfc_flags |
dcerpc . DCERPC_PFC_FLAG_DID_NOT_EXECUTE ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , 0 )
self . assertEquals ( rep . u . cancel_count , 0 )
2015-10-09 07:51:16 +03:00
self . assertEquals ( rep . u . flags , 0 )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . status , dcerpc . DCERPC_FAULT_SEC_PKG_ERROR )
2015-10-09 07:51:16 +03:00
self . assertEquals ( rep . u . reserved , 0 )
self . assertEquals ( len ( rep . u . error_and_verifier ) , 0 )
2014-03-27 01:42:19 +04:00
# wait for a disconnect
rep = self . recv_pdu ( )
self . assertIsNone ( rep )
self . assertNotConnected ( )
def test_spnego_change_auth_type2 ( self ) :
ndr32 = base . transfer_syntax_ndr ( )
ndr64 = base . transfer_syntax_ndr64 ( )
tsf1_list = [ ndr32 ]
ctx1 = dcerpc . ctx_list ( )
ctx1 . context_id = 1
ctx1 . num_transfer_syntaxes = len ( tsf1_list )
ctx1 . abstract_syntax = samba . dcerpc . mgmt . abstract_syntax ( )
ctx1 . transfer_syntaxes = tsf1_list
2018-07-30 09:19:05 +03:00
tsf1b_list = [ ndr32 , ndr64 ]
2014-03-27 01:42:19 +04:00
ctx1b = dcerpc . ctx_list ( )
ctx1b . context_id = 1
ctx1b . num_transfer_syntaxes = len ( tsf1b_list )
ctx1b . abstract_syntax = samba . dcerpc . mgmt . abstract_syntax ( )
ctx1b . transfer_syntaxes = tsf1b_list
2016-09-26 08:46:43 +03:00
c = self . get_anon_creds ( )
2014-03-27 01:42:19 +04:00
g = gensec . Security . start_client ( self . settings )
g . set_credentials ( c )
g . want_feature ( gensec . FEATURE_DCE_STYLE )
auth_type = dcerpc . DCERPC_AUTH_TYPE_SPNEGO
auth_level = dcerpc . DCERPC_AUTH_LEVEL_INTEGRITY
auth_context_id = 2
g . start_mech_by_authtype ( auth_type , auth_level )
2018-05-01 14:24:47 +03:00
from_server = b " "
2014-03-27 01:42:19 +04:00
( finished , to_server ) = g . update ( from_server )
self . assertFalse ( finished )
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
auth_blob = to_server )
req = self . generate_bind ( call_id = 0 ,
ctx_list = [ ctx1 ] ,
auth_info = auth_info )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_BIND_ACK , req . call_id )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertNotEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 4 )
self . assertEquals ( rep . u . secondary_address , " %d " % self . tcp_port )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . num_results , 1 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_ACCEPTANCE )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_NOT_SPECIFIED )
2014-03-27 01:42:19 +04:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , ndr32 )
self . assertNotEquals ( len ( rep . u . auth_info ) , 0 )
a = self . parse_auth ( rep . u . auth_info )
from_server = a . credentials
( finished , to_server ) = g . update ( from_server )
self . assertFalse ( finished )
# We change ctx_list and auth_level
auth_info = self . generate_auth ( auth_type = dcerpc . DCERPC_AUTH_TYPE_KRB5 ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
auth_blob = to_server )
req = self . generate_alter ( call_id = 0 ,
ctx_list = [ ctx1b ] ,
assoc_group_id = rep . u . assoc_group_id ,
auth_info = auth_info )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_FAULT , req . call_id ,
pfc_flags = req . pfc_flags |
dcerpc . DCERPC_PFC_FLAG_DID_NOT_EXECUTE ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , 0 )
self . assertEquals ( rep . u . cancel_count , 0 )
2015-10-09 07:51:16 +03:00
self . assertEquals ( rep . u . flags , 0 )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . status , dcerpc . DCERPC_NCA_S_PROTO_ERROR )
2015-10-09 07:51:16 +03:00
self . assertEquals ( rep . u . reserved , 0 )
self . assertEquals ( len ( rep . u . error_and_verifier ) , 0 )
2014-03-27 01:42:19 +04:00
# wait for a disconnect
rep = self . recv_pdu ( )
self . assertIsNone ( rep )
self . assertNotConnected ( )
def test_spnego_change_auth_type3 ( self ) :
ndr32 = base . transfer_syntax_ndr ( )
ndr64 = base . transfer_syntax_ndr64 ( )
tsf1_list = [ ndr32 ]
ctx1 = dcerpc . ctx_list ( )
ctx1 . context_id = 1
ctx1 . num_transfer_syntaxes = len ( tsf1_list )
ctx1 . abstract_syntax = samba . dcerpc . mgmt . abstract_syntax ( )
ctx1 . transfer_syntaxes = tsf1_list
2018-07-30 09:19:05 +03:00
tsf1b_list = [ ndr32 , ndr64 ]
2014-03-27 01:42:19 +04:00
ctx1b = dcerpc . ctx_list ( )
ctx1b . context_id = 1
ctx1b . num_transfer_syntaxes = len ( tsf1b_list )
ctx1b . abstract_syntax = samba . dcerpc . mgmt . abstract_syntax ( )
ctx1b . transfer_syntaxes = tsf1b_list
2016-09-26 08:46:43 +03:00
c = self . get_anon_creds ( )
2014-03-27 01:42:19 +04:00
g = gensec . Security . start_client ( self . settings )
g . set_credentials ( c )
g . want_feature ( gensec . FEATURE_DCE_STYLE )
auth_type = dcerpc . DCERPC_AUTH_TYPE_SPNEGO
auth_level = dcerpc . DCERPC_AUTH_LEVEL_INTEGRITY
auth_context_id = 2
g . start_mech_by_authtype ( auth_type , auth_level )
2018-05-01 14:24:47 +03:00
from_server = b " "
2014-03-27 01:42:19 +04:00
( finished , to_server ) = g . update ( from_server )
self . assertFalse ( finished )
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
auth_blob = to_server )
req = self . generate_bind ( call_id = 0 ,
ctx_list = [ ctx1 ] ,
auth_info = auth_info )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_BIND_ACK , req . call_id )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertNotEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 4 )
self . assertEquals ( rep . u . secondary_address , " %d " % self . tcp_port )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . num_results , 1 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_ACCEPTANCE )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_NOT_SPECIFIED )
2014-03-27 01:42:19 +04:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , ndr32 )
self . assertNotEquals ( len ( rep . u . auth_info ) , 0 )
a = self . parse_auth ( rep . u . auth_info )
from_server = a . credentials
( finished , to_server ) = g . update ( from_server )
self . assertFalse ( finished )
# We change ctx_list and auth_level
auth_info = self . generate_auth ( auth_type = dcerpc . DCERPC_AUTH_TYPE_NONE ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
auth_blob = to_server )
req = self . generate_alter ( call_id = 0 ,
ctx_list = [ ctx1b ] ,
assoc_group_id = rep . u . assoc_group_id ,
auth_info = auth_info )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_FAULT , req . call_id ,
pfc_flags = req . pfc_flags |
dcerpc . DCERPC_PFC_FLAG_DID_NOT_EXECUTE ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , 0 )
self . assertEquals ( rep . u . cancel_count , 0 )
2015-10-09 07:51:16 +03:00
self . assertEquals ( rep . u . flags , 0 )
2014-03-27 01:42:19 +04:00
self . assertEquals ( rep . u . status , dcerpc . DCERPC_FAULT_ACCESS_DENIED )
2015-10-09 07:51:16 +03:00
self . assertEquals ( rep . u . reserved , 0 )
self . assertEquals ( len ( rep . u . error_and_verifier ) , 0 )
2014-03-27 01:42:19 +04:00
# wait for a disconnect
rep = self . recv_pdu ( )
self . assertIsNone ( rep )
self . assertNotConnected ( )
2016-06-23 13:06:40 +03:00
def test_spnego_auth_pad_ok ( self ) :
ndr32 = base . transfer_syntax_ndr ( )
tsf1_list = [ ndr32 ]
ctx1 = dcerpc . ctx_list ( )
ctx1 . context_id = 1
ctx1 . num_transfer_syntaxes = len ( tsf1_list )
ctx1 . abstract_syntax = samba . dcerpc . mgmt . abstract_syntax ( )
ctx1 . transfer_syntaxes = tsf1_list
ctx_list = [ ctx1 ]
2016-09-26 08:46:43 +03:00
c = self . get_anon_creds ( )
2016-06-23 13:06:40 +03:00
g = gensec . Security . start_client ( self . settings )
g . set_credentials ( c )
g . want_feature ( gensec . FEATURE_DCE_STYLE )
auth_type = dcerpc . DCERPC_AUTH_TYPE_SPNEGO
auth_level = dcerpc . DCERPC_AUTH_LEVEL_CONNECT
auth_context_id = 2
g . start_mech_by_authtype ( auth_type , auth_level )
2018-05-01 14:24:47 +03:00
from_server = b " "
2016-06-23 13:06:40 +03:00
( finished , to_server ) = g . update ( from_server )
self . assertFalse ( finished )
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
auth_blob = to_server )
req = self . generate_bind ( call_id = 0 ,
ctx_list = ctx_list ,
auth_info = auth_info )
req_pdu = samba . ndr . ndr_pack ( req )
auth_pad_ok = len ( req_pdu )
auth_pad_ok - = dcerpc . DCERPC_REQUEST_LENGTH
auth_pad_ok - = dcerpc . DCERPC_AUTH_TRAILER_LENGTH
auth_pad_ok - = len ( to_server )
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
auth_pad_length = auth_pad_ok ,
auth_blob = to_server )
req = self . generate_bind ( call_id = 0 ,
ctx_list = ctx_list ,
auth_info = auth_info )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_BIND_ACK , req . call_id )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertNotEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 4 )
self . assertEquals ( rep . u . secondary_address , " %d " % self . tcp_port )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2016-06-23 13:06:40 +03:00
self . assertEquals ( rep . u . num_results , 1 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_ACCEPTANCE )
2016-06-23 13:06:40 +03:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_NOT_SPECIFIED )
2016-06-23 13:06:40 +03:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , ndr32 )
self . assertNotEquals ( len ( rep . u . auth_info ) , 0 )
a = self . parse_auth ( rep . u . auth_info )
from_server = a . credentials
( finished , to_server ) = g . update ( from_server )
self . assertFalse ( finished )
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
auth_blob = to_server )
req = self . generate_alter ( call_id = 0 ,
ctx_list = ctx_list ,
assoc_group_id = rep . u . assoc_group_id ,
auth_info = auth_info )
req_pdu = samba . ndr . ndr_pack ( req )
auth_pad_ok = len ( req_pdu )
auth_pad_ok - = dcerpc . DCERPC_REQUEST_LENGTH
auth_pad_ok - = dcerpc . DCERPC_AUTH_TRAILER_LENGTH
auth_pad_ok - = len ( to_server )
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
auth_pad_length = auth_pad_ok ,
auth_blob = to_server )
req = self . generate_alter ( call_id = 0 ,
ctx_list = ctx_list ,
assoc_group_id = rep . u . assoc_group_id ,
auth_info = auth_info )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_ALTER_RESP , req . call_id )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 0 )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2016-06-23 13:06:40 +03:00
self . assertEquals ( rep . u . num_results , 1 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_ACCEPTANCE )
2016-06-23 13:06:40 +03:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_NOT_SPECIFIED )
2016-06-23 13:06:40 +03:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , ndr32 )
self . assertNotEquals ( len ( rep . u . auth_info ) , 0 )
a = self . parse_auth ( rep . u . auth_info )
from_server = a . credentials
( finished , to_server ) = g . update ( from_server )
self . assertTrue ( finished )
# And now try a request without auth_info
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 2 ,
2016-06-23 13:06:40 +03:00
context_id = ctx1 . context_id ,
opnum = 0 ,
2018-05-01 14:24:47 +03:00
stub = b " " )
2016-06-23 13:06:40 +03:00
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_RESPONSE , req . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , req . u . context_id )
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertGreaterEqual ( len ( rep . u . stub_and_verifier ) , rep . u . alloc_hint )
# Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
2018-05-01 14:24:47 +03:00
auth_blob = b " \x01 " + b " \x00 " * 15 )
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 3 ,
2016-06-23 13:06:40 +03:00
context_id = ctx1 . context_id ,
opnum = 0 ,
2018-05-01 14:24:47 +03:00
stub = b " " ,
2016-06-23 13:06:40 +03:00
auth_info = auth_info )
self . send_pdu ( req )
rep = self . recv_pdu ( )
# We don't get an auth_info back
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_RESPONSE , req . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , req . u . context_id )
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertGreaterEqual ( len ( rep . u . stub_and_verifier ) , rep . u . alloc_hint )
self . _disconnect ( " disconnect " )
self . assertNotConnected ( )
def test_spnego_auth_pad_fail_bind ( self ) :
ndr32 = base . transfer_syntax_ndr ( )
tsf1_list = [ ndr32 ]
ctx1 = dcerpc . ctx_list ( )
ctx1 . context_id = 1
ctx1 . num_transfer_syntaxes = len ( tsf1_list )
ctx1 . abstract_syntax = samba . dcerpc . mgmt . abstract_syntax ( )
ctx1 . transfer_syntaxes = tsf1_list
ctx_list = [ ctx1 ]
2016-09-26 08:46:43 +03:00
c = self . get_anon_creds ( )
2016-06-23 13:06:40 +03:00
g = gensec . Security . start_client ( self . settings )
g . set_credentials ( c )
g . want_feature ( gensec . FEATURE_DCE_STYLE )
auth_type = dcerpc . DCERPC_AUTH_TYPE_SPNEGO
auth_level = dcerpc . DCERPC_AUTH_LEVEL_CONNECT
auth_context_id = 2
g . start_mech_by_authtype ( auth_type , auth_level )
2018-05-01 14:24:47 +03:00
from_server = b " "
2016-06-23 13:06:40 +03:00
( finished , to_server ) = g . update ( from_server )
self . assertFalse ( finished )
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
auth_blob = to_server )
req = self . generate_bind ( call_id = 0 ,
ctx_list = ctx_list ,
auth_info = auth_info )
req_pdu = samba . ndr . ndr_pack ( req )
auth_pad_ok = len ( req_pdu )
auth_pad_ok - = dcerpc . DCERPC_REQUEST_LENGTH
auth_pad_ok - = dcerpc . DCERPC_AUTH_TRAILER_LENGTH
auth_pad_ok - = len ( to_server )
auth_pad_bad = auth_pad_ok + 1
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
auth_pad_length = auth_pad_bad ,
auth_blob = to_server )
req = self . generate_bind ( call_id = 0 ,
ctx_list = ctx_list ,
auth_info = auth_info )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_BIND_NAK , req . call_id ,
auth_length = 0 )
self . assertEquals ( rep . u . reject_reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED )
2016-06-23 13:06:40 +03:00
self . assertEquals ( rep . u . num_versions , 1 )
self . assertEquals ( rep . u . versions [ 0 ] . rpc_vers , req . rpc_vers )
self . assertEquals ( rep . u . versions [ 0 ] . rpc_vers_minor , req . rpc_vers_minor )
self . assertEquals ( len ( rep . u . _pad ) , 3 )
2018-05-01 14:24:47 +03:00
self . assertEquals ( rep . u . _pad , b ' \0 ' * 3 )
2016-06-23 13:06:40 +03:00
# wait for a disconnect
rep = self . recv_pdu ( )
self . assertIsNone ( rep )
self . assertNotConnected ( )
def test_spnego_auth_pad_fail_alter ( self ) :
ndr32 = base . transfer_syntax_ndr ( )
tsf1_list = [ ndr32 ]
ctx1 = dcerpc . ctx_list ( )
ctx1 . context_id = 1
ctx1 . num_transfer_syntaxes = len ( tsf1_list )
ctx1 . abstract_syntax = samba . dcerpc . mgmt . abstract_syntax ( )
ctx1 . transfer_syntaxes = tsf1_list
ctx_list = [ ctx1 ]
2016-09-26 08:46:43 +03:00
c = self . get_anon_creds ( )
2016-06-23 13:06:40 +03:00
g = gensec . Security . start_client ( self . settings )
g . set_credentials ( c )
g . want_feature ( gensec . FEATURE_DCE_STYLE )
auth_type = dcerpc . DCERPC_AUTH_TYPE_SPNEGO
auth_level = dcerpc . DCERPC_AUTH_LEVEL_CONNECT
auth_context_id = 2
g . start_mech_by_authtype ( auth_type , auth_level )
2018-05-01 14:24:47 +03:00
from_server = b " "
2016-06-23 13:06:40 +03:00
( finished , to_server ) = g . update ( from_server )
self . assertFalse ( finished )
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
auth_blob = to_server )
req = self . generate_bind ( call_id = 0 ,
ctx_list = ctx_list ,
auth_info = auth_info )
req_pdu = samba . ndr . ndr_pack ( req )
auth_pad_ok = len ( req_pdu )
auth_pad_ok - = dcerpc . DCERPC_REQUEST_LENGTH
auth_pad_ok - = dcerpc . DCERPC_AUTH_TRAILER_LENGTH
auth_pad_ok - = len ( to_server )
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
auth_pad_length = auth_pad_ok ,
auth_blob = to_server )
req = self . generate_bind ( call_id = 0 ,
ctx_list = ctx_list ,
auth_info = auth_info )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_BIND_ACK , req . call_id )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertNotEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 4 )
self . assertEquals ( rep . u . secondary_address , " %d " % self . tcp_port )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2016-06-23 13:06:40 +03:00
self . assertEquals ( rep . u . num_results , 1 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_ACCEPTANCE )
2016-06-23 13:06:40 +03:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_NOT_SPECIFIED )
2016-06-23 13:06:40 +03:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , ndr32 )
self . assertNotEquals ( len ( rep . u . auth_info ) , 0 )
a = self . parse_auth ( rep . u . auth_info )
from_server = a . credentials
( finished , to_server ) = g . update ( from_server )
self . assertFalse ( finished )
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
auth_blob = to_server )
req = self . generate_alter ( call_id = 0 ,
ctx_list = ctx_list ,
assoc_group_id = rep . u . assoc_group_id ,
auth_info = auth_info )
req_pdu = samba . ndr . ndr_pack ( req )
auth_pad_ok = len ( req_pdu )
auth_pad_ok - = dcerpc . DCERPC_REQUEST_LENGTH
auth_pad_ok - = dcerpc . DCERPC_AUTH_TRAILER_LENGTH
auth_pad_ok - = len ( to_server )
auth_pad_bad = auth_pad_ok + 1
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
auth_pad_length = auth_pad_bad ,
auth_blob = to_server )
req = self . generate_alter ( call_id = 0 ,
ctx_list = ctx_list ,
assoc_group_id = rep . u . assoc_group_id ,
auth_info = auth_info )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_FAULT , req . call_id ,
pfc_flags = req . pfc_flags |
dcerpc . DCERPC_PFC_FLAG_DID_NOT_EXECUTE ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , 0 )
self . assertEquals ( rep . u . cancel_count , 0 )
2015-10-09 07:51:16 +03:00
self . assertEquals ( rep . u . flags , 0 )
2016-06-23 13:06:40 +03:00
self . assertEquals ( rep . u . status , dcerpc . DCERPC_NCA_S_PROTO_ERROR )
2015-10-09 07:51:16 +03:00
self . assertEquals ( rep . u . reserved , 0 )
self . assertEquals ( len ( rep . u . error_and_verifier ) , 0 )
2016-06-23 13:06:40 +03:00
# wait for a disconnect
rep = self . recv_pdu ( )
self . assertIsNone ( rep )
self . assertNotConnected ( )
def test_ntlmssp_auth_pad_ok ( self ) :
ndr32 = base . transfer_syntax_ndr ( )
tsf1_list = [ ndr32 ]
ctx1 = dcerpc . ctx_list ( )
ctx1 . context_id = 1
ctx1 . num_transfer_syntaxes = len ( tsf1_list )
ctx1 . abstract_syntax = samba . dcerpc . mgmt . abstract_syntax ( )
ctx1 . transfer_syntaxes = tsf1_list
ctx_list = [ ctx1 ]
2016-09-26 08:46:43 +03:00
c = self . get_anon_creds ( )
2016-06-23 13:06:40 +03:00
g = gensec . Security . start_client ( self . settings )
g . set_credentials ( c )
g . want_feature ( gensec . FEATURE_DCE_STYLE )
auth_type = dcerpc . DCERPC_AUTH_TYPE_NTLMSSP
auth_level = dcerpc . DCERPC_AUTH_LEVEL_CONNECT
auth_context_id = 2
g . start_mech_by_authtype ( auth_type , auth_level )
2018-05-01 14:24:47 +03:00
from_server = b " "
2016-06-23 13:06:40 +03:00
( finished , to_server ) = g . update ( from_server )
self . assertFalse ( finished )
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
auth_blob = to_server )
req = self . generate_bind ( call_id = 0 ,
ctx_list = ctx_list ,
auth_info = auth_info )
req_pdu = samba . ndr . ndr_pack ( req )
auth_pad_ok = len ( req_pdu )
auth_pad_ok - = dcerpc . DCERPC_REQUEST_LENGTH
auth_pad_ok - = dcerpc . DCERPC_AUTH_TRAILER_LENGTH
auth_pad_ok - = len ( to_server )
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
auth_pad_length = auth_pad_ok ,
auth_blob = to_server )
req = self . generate_bind ( call_id = 0 ,
ctx_list = ctx_list ,
auth_info = auth_info )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_BIND_ACK , req . call_id )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertNotEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 4 )
self . assertEquals ( rep . u . secondary_address , " %d " % self . tcp_port )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2016-06-23 13:06:40 +03:00
self . assertEquals ( rep . u . num_results , 1 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_ACCEPTANCE )
2016-06-23 13:06:40 +03:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_NOT_SPECIFIED )
2016-06-23 13:06:40 +03:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , ndr32 )
self . assertNotEquals ( len ( rep . u . auth_info ) , 0 )
a = self . parse_auth ( rep . u . auth_info )
from_server = a . credentials
( finished , to_server ) = g . update ( from_server )
self . assertTrue ( finished )
auth_pad_ok = 0
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
auth_pad_length = auth_pad_ok ,
auth_blob = to_server )
req = self . generate_auth3 ( call_id = 0 ,
auth_info = auth_info )
self . send_pdu ( req )
2018-11-21 13:49:40 +03:00
rep = self . recv_pdu ( timeout = 0.01 )
self . assertIsNone ( rep )
2016-06-23 13:06:40 +03:00
self . assertIsConnected ( )
# And now try a request without auth_info
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 2 ,
2016-06-23 13:06:40 +03:00
context_id = ctx1 . context_id ,
opnum = 0 ,
2018-05-01 14:24:47 +03:00
stub = b " " )
2016-06-23 13:06:40 +03:00
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_RESPONSE , req . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , req . u . context_id )
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertGreaterEqual ( len ( rep . u . stub_and_verifier ) , rep . u . alloc_hint )
# Now a request with auth_info DCERPC_AUTH_LEVEL_CONNECT
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
2018-05-01 14:24:47 +03:00
auth_blob = b " \x01 " + b " \x00 " * 15 )
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 3 ,
2016-06-23 13:06:40 +03:00
context_id = ctx1 . context_id ,
opnum = 0 ,
2018-05-01 14:24:47 +03:00
stub = b " " ,
2016-06-23 13:06:40 +03:00
auth_info = auth_info )
self . send_pdu ( req )
rep = self . recv_pdu ( )
# We don't get an auth_info back
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_RESPONSE , req . call_id ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , req . u . context_id )
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertGreaterEqual ( len ( rep . u . stub_and_verifier ) , rep . u . alloc_hint )
self . _disconnect ( " disconnect " )
self . assertNotConnected ( )
def test_ntlmssp_auth_pad_fail_auth3 ( self ) :
ndr32 = base . transfer_syntax_ndr ( )
tsf1_list = [ ndr32 ]
ctx1 = dcerpc . ctx_list ( )
ctx1 . context_id = 1
ctx1 . num_transfer_syntaxes = len ( tsf1_list )
ctx1 . abstract_syntax = samba . dcerpc . mgmt . abstract_syntax ( )
ctx1 . transfer_syntaxes = tsf1_list
ctx_list = [ ctx1 ]
2016-09-26 08:46:43 +03:00
c = self . get_anon_creds ( )
2016-06-23 13:06:40 +03:00
g = gensec . Security . start_client ( self . settings )
g . set_credentials ( c )
g . want_feature ( gensec . FEATURE_DCE_STYLE )
auth_type = dcerpc . DCERPC_AUTH_TYPE_NTLMSSP
auth_level = dcerpc . DCERPC_AUTH_LEVEL_CONNECT
auth_context_id = 2
g . start_mech_by_authtype ( auth_type , auth_level )
2018-05-01 14:24:47 +03:00
from_server = b " "
2016-06-23 13:06:40 +03:00
( finished , to_server ) = g . update ( from_server )
self . assertFalse ( finished )
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
auth_blob = to_server )
req = self . generate_bind ( call_id = 0 ,
ctx_list = ctx_list ,
auth_info = auth_info )
req_pdu = samba . ndr . ndr_pack ( req )
auth_pad_ok = len ( req_pdu )
auth_pad_ok - = dcerpc . DCERPC_REQUEST_LENGTH
auth_pad_ok - = dcerpc . DCERPC_AUTH_TRAILER_LENGTH
auth_pad_ok - = len ( to_server )
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
auth_pad_length = auth_pad_ok ,
auth_blob = to_server )
req = self . generate_bind ( call_id = 0 ,
ctx_list = ctx_list ,
auth_info = auth_info )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_BIND_ACK , req . call_id )
self . assertEquals ( rep . u . max_xmit_frag , req . u . max_xmit_frag )
self . assertEquals ( rep . u . max_recv_frag , req . u . max_recv_frag )
self . assertNotEquals ( rep . u . assoc_group_id , req . u . assoc_group_id )
self . assertEquals ( rep . u . secondary_address_size , 4 )
self . assertEquals ( rep . u . secondary_address , " %d " % self . tcp_port )
2018-12-11 21:56:58 +03:00
self . assertPadding ( rep . u . _pad1 , 2 )
2016-06-23 13:06:40 +03:00
self . assertEquals ( rep . u . num_results , 1 )
self . assertEquals ( rep . u . ctx_list [ 0 ] . result ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_RESULT_ACCEPTANCE )
2016-06-23 13:06:40 +03:00
self . assertEquals ( rep . u . ctx_list [ 0 ] . reason ,
2018-07-30 09:16:12 +03:00
dcerpc . DCERPC_BIND_ACK_REASON_NOT_SPECIFIED )
2016-06-23 13:06:40 +03:00
self . assertNDRSyntaxEquals ( rep . u . ctx_list [ 0 ] . syntax , ndr32 )
self . assertNotEquals ( len ( rep . u . auth_info ) , 0 )
a = self . parse_auth ( rep . u . auth_info )
from_server = a . credentials
( finished , to_server ) = g . update ( from_server )
self . assertTrue ( finished )
auth_pad_bad = 1
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
auth_pad_length = auth_pad_bad ,
auth_blob = to_server )
req = self . generate_auth3 ( call_id = 0 ,
auth_info = auth_info )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_FAULT , req . call_id ,
pfc_flags = req . pfc_flags |
dcerpc . DCERPC_PFC_FLAG_DID_NOT_EXECUTE ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , 0 )
self . assertEquals ( rep . u . cancel_count , 0 )
2015-10-09 07:51:16 +03:00
self . assertEquals ( rep . u . flags , 0 )
2016-06-23 13:06:40 +03:00
self . assertEquals ( rep . u . status , dcerpc . DCERPC_NCA_S_FAULT_REMOTE_NO_MEMORY )
2015-10-09 07:51:16 +03:00
self . assertEquals ( rep . u . reserved , 0 )
self . assertEquals ( len ( rep . u . error_and_verifier ) , 0 )
2016-06-23 13:06:40 +03:00
# wait for a disconnect
rep = self . recv_pdu ( )
self . assertIsNone ( rep )
self . assertNotConnected ( )
2018-11-20 17:43:24 +03:00
def _test_auth_bind_auth_level ( self , auth_type , auth_level , auth_context_id , ctx ,
g_auth_level = dcerpc . DCERPC_AUTH_LEVEL_INTEGRITY ,
2018-11-20 19:37:38 +03:00
hdr_signing = False ,
2018-11-20 17:43:24 +03:00
alter_fault = None ) :
2016-09-26 08:46:43 +03:00
creds = self . get_user_creds ( )
auth_context = self . get_auth_context_creds ( creds = creds ,
2018-11-20 17:43:24 +03:00
auth_type = auth_type ,
2016-09-26 08:46:43 +03:00
auth_level = auth_level ,
auth_context_id = auth_context_id ,
2018-11-20 19:37:38 +03:00
g_auth_level = g_auth_level ,
hdr_signing = hdr_signing )
2016-09-26 08:46:43 +03:00
if auth_context is None :
2016-08-31 14:15:01 +03:00
return None
2016-09-26 08:46:43 +03:00
ack = self . do_generic_bind ( ctx = ctx ,
auth_context = auth_context ,
alter_fault = alter_fault )
if ack is None :
return None
2018-11-20 17:38:06 +03:00
return auth_context
2016-08-31 14:15:01 +03:00
def _test_spnego_level_bind_nak ( self , auth_level ,
2018-07-30 09:16:12 +03:00
reason = dcerpc . DCERPC_BIND_NAK_REASON_INVALID_CHECKSUM ) :
2016-09-26 08:46:43 +03:00
c = self . get_user_creds ( )
2016-08-31 14:15:01 +03:00
return self . _test_auth_type_level_bind_nak ( auth_type = dcerpc . DCERPC_AUTH_TYPE_SPNEGO ,
auth_level = auth_level , creds = c , reason = reason )
def _test_spnego_level_bind ( self , auth_level ,
g_auth_level = dcerpc . DCERPC_AUTH_LEVEL_INTEGRITY ,
alter_fault = None ,
request_fault = None ,
response_fault_flags = 0 ) :
ndr32 = base . transfer_syntax_ndr ( )
tsf1_list = [ ndr32 ]
ctx1 = dcerpc . ctx_list ( )
2016-09-14 01:27:02 +03:00
ctx1 . context_id = 0x1001
2016-08-31 14:15:01 +03:00
ctx1 . num_transfer_syntaxes = len ( tsf1_list )
ctx1 . abstract_syntax = samba . dcerpc . mgmt . abstract_syntax ( )
ctx1 . transfer_syntaxes = tsf1_list
auth_type = dcerpc . DCERPC_AUTH_TYPE_SPNEGO
auth_context_id = 2
2018-11-20 17:43:24 +03:00
auth_context = self . _test_auth_bind_auth_level ( auth_type = auth_type ,
auth_level = auth_level ,
2016-08-31 14:15:01 +03:00
auth_context_id = auth_context_id ,
ctx = ctx1 ,
g_auth_level = g_auth_level ,
alter_fault = alter_fault )
if request_fault is None :
return
2018-11-20 17:38:06 +03:00
self . assertIsNotNone ( auth_context )
g = auth_context [ " gensec " ]
2016-08-31 14:15:01 +03:00
self . assertIsNotNone ( g )
2018-05-01 14:24:47 +03:00
stub_bin = b ' \x00 ' * 17
2016-08-31 14:15:01 +03:00
mod_len = len ( stub_bin ) % dcerpc . DCERPC_AUTH_PAD_ALIGNMENT
auth_pad_length = 0
if mod_len > 0 :
auth_pad_length = dcerpc . DCERPC_AUTH_PAD_ALIGNMENT - mod_len
2018-05-01 14:24:47 +03:00
stub_bin + = b ' \x00 ' * auth_pad_length
2016-08-31 14:15:01 +03:00
if g_auth_level > = dcerpc . DCERPC_AUTH_LEVEL_INTEGRITY :
sig_size = g . sig_size ( len ( stub_bin ) )
else :
sig_size = 16
2018-05-01 14:24:47 +03:00
zero_sig = b " \x00 " * sig_size
2016-08-31 14:15:01 +03:00
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_pad_length = auth_pad_length ,
auth_context_id = auth_context_id ,
auth_blob = zero_sig )
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 4 ,
2016-08-31 14:15:01 +03:00
context_id = ctx1 . context_id ,
opnum = 0xffff ,
stub = stub_bin ,
auth_info = auth_info )
if g_auth_level > = dcerpc . DCERPC_AUTH_LEVEL_INTEGRITY :
req_blob = samba . ndr . ndr_pack ( req )
ofs_stub = dcerpc . DCERPC_REQUEST_LENGTH
ofs_sig = len ( req_blob ) - req . auth_length
ofs_trailer = ofs_sig - dcerpc . DCERPC_AUTH_TRAILER_LENGTH
req_data = req_blob [ ofs_stub : ofs_trailer ]
req_whole = req_blob [ 0 : ofs_sig ]
sig = g . sign_packet ( req_data , req_whole )
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_pad_length = auth_pad_length ,
auth_context_id = auth_context_id ,
auth_blob = sig )
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 4 ,
2016-08-31 14:15:01 +03:00
context_id = ctx1 . context_id ,
opnum = 0xffff ,
stub = stub_bin ,
auth_info = auth_info )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_FAULT , req . call_id ,
pfc_flags = req . pfc_flags | response_fault_flags ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , ctx1 . context_id )
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertEquals ( rep . u . flags , 0 )
self . assertEquals ( rep . u . status , request_fault )
self . assertEquals ( rep . u . reserved , 0 )
self . assertEquals ( len ( rep . u . error_and_verifier ) , 0 )
if response_fault_flags & dcerpc . DCERPC_PFC_FLAG_DID_NOT_EXECUTE :
return
# wait for a disconnect
rep = self . recv_pdu ( )
self . assertIsNone ( rep )
self . assertNotConnected ( )
def test_spnego_none_bind ( self ) :
return self . _test_spnego_level_bind_nak ( dcerpc . DCERPC_AUTH_LEVEL_NONE ,
2018-07-30 09:16:12 +03:00
reason = dcerpc . DCERPC_BIND_NAK_REASON_NOT_SPECIFIED )
2016-08-31 14:15:01 +03:00
def test_spnego_call_bind ( self ) :
return self . _test_spnego_level_bind_nak ( dcerpc . DCERPC_AUTH_LEVEL_CALL ,
2018-07-30 09:16:12 +03:00
reason = dcerpc . DCERPC_BIND_NAK_REASON_INVALID_CHECKSUM )
2016-08-31 14:15:01 +03:00
def test_spnego_0_bind ( self ) :
return self . _test_spnego_level_bind_nak ( 0 ,
2018-07-30 09:16:12 +03:00
reason = dcerpc . DCERPC_BIND_NAK_REASON_NOT_SPECIFIED )
2016-08-31 14:15:01 +03:00
def test_spnego_7_bind ( self ) :
return self . _test_spnego_level_bind_nak ( 7 ,
2018-07-30 09:16:12 +03:00
reason = dcerpc . DCERPC_BIND_NAK_REASON_NOT_SPECIFIED )
2016-08-31 14:15:01 +03:00
def test_spnego_255_bind ( self ) :
return self . _test_spnego_level_bind_nak ( 255 ,
2018-07-30 09:16:12 +03:00
reason = dcerpc . DCERPC_BIND_NAK_REASON_NOT_SPECIFIED )
2016-08-31 14:15:01 +03:00
def test_spnego_connect_bind_none ( self ) :
return self . _test_spnego_level_bind ( auth_level = dcerpc . DCERPC_AUTH_LEVEL_CONNECT ,
2018-07-30 09:16:12 +03:00
g_auth_level = dcerpc . DCERPC_AUTH_LEVEL_CONNECT )
2016-08-31 14:15:01 +03:00
def test_spnego_connect_bind_sign ( self ) :
return self . _test_spnego_level_bind ( auth_level = dcerpc . DCERPC_AUTH_LEVEL_CONNECT ,
2018-07-30 09:16:12 +03:00
g_auth_level = dcerpc . DCERPC_AUTH_LEVEL_INTEGRITY )
2016-08-31 14:15:01 +03:00
def test_spnego_connect_bind_seal ( self ) :
return self . _test_spnego_level_bind ( auth_level = dcerpc . DCERPC_AUTH_LEVEL_CONNECT ,
2018-07-30 09:16:12 +03:00
g_auth_level = dcerpc . DCERPC_AUTH_LEVEL_PRIVACY )
2016-08-31 14:15:01 +03:00
def test_spnego_packet_bind_none ( self ) :
# DCERPC_AUTH_LEVEL_PACKET is handled as alias of
# DCERPC_AUTH_LEVEL_INTEGRITY
return self . _test_spnego_level_bind ( auth_level = dcerpc . DCERPC_AUTH_LEVEL_PACKET ,
2018-07-30 09:16:12 +03:00
g_auth_level = dcerpc . DCERPC_AUTH_LEVEL_CONNECT ,
request_fault = dcerpc . DCERPC_FAULT_SEC_PKG_ERROR )
2016-08-31 14:15:01 +03:00
def test_spnego_packet_bind_sign ( self ) :
# DCERPC_AUTH_LEVEL_PACKET is handled as alias of
# DCERPC_AUTH_LEVEL_INTEGRITY
return self . _test_spnego_level_bind ( auth_level = dcerpc . DCERPC_AUTH_LEVEL_PACKET ,
2018-07-30 09:16:12 +03:00
g_auth_level = dcerpc . DCERPC_AUTH_LEVEL_INTEGRITY ,
request_fault = dcerpc . DCERPC_NCA_S_OP_RNG_ERROR ,
response_fault_flags = dcerpc . DCERPC_PFC_FLAG_DID_NOT_EXECUTE )
2016-08-31 14:15:01 +03:00
2018-12-14 01:57:35 +03:00
def test_spnego_packet_bind_seal ( self ) :
2016-08-31 14:15:01 +03:00
# DCERPC_AUTH_LEVEL_PACKET is handled as alias of
# DCERPC_AUTH_LEVEL_INTEGRITY
return self . _test_spnego_level_bind ( auth_level = dcerpc . DCERPC_AUTH_LEVEL_PACKET ,
2018-07-30 09:16:12 +03:00
g_auth_level = dcerpc . DCERPC_AUTH_LEVEL_PRIVACY ,
request_fault = dcerpc . DCERPC_NCA_S_OP_RNG_ERROR ,
response_fault_flags = dcerpc . DCERPC_PFC_FLAG_DID_NOT_EXECUTE )
2016-08-31 14:15:01 +03:00
def test_spnego_integrity_bind_none ( self ) :
return self . _test_spnego_level_bind ( auth_level = dcerpc . DCERPC_AUTH_LEVEL_INTEGRITY ,
2018-07-30 09:16:12 +03:00
g_auth_level = dcerpc . DCERPC_AUTH_LEVEL_CONNECT ,
request_fault = dcerpc . DCERPC_FAULT_SEC_PKG_ERROR )
2016-08-31 14:15:01 +03:00
def test_spnego_integrity_bind_sign ( self ) :
return self . _test_spnego_level_bind ( auth_level = dcerpc . DCERPC_AUTH_LEVEL_INTEGRITY ,
2018-07-30 09:16:12 +03:00
g_auth_level = dcerpc . DCERPC_AUTH_LEVEL_INTEGRITY ,
request_fault = dcerpc . DCERPC_NCA_S_OP_RNG_ERROR ,
response_fault_flags = dcerpc . DCERPC_PFC_FLAG_DID_NOT_EXECUTE )
2016-08-31 14:15:01 +03:00
def test_spnego_integrity_bind_seal ( self ) :
return self . _test_spnego_level_bind ( auth_level = dcerpc . DCERPC_AUTH_LEVEL_INTEGRITY ,
2018-07-30 09:16:12 +03:00
g_auth_level = dcerpc . DCERPC_AUTH_LEVEL_PRIVACY ,
request_fault = dcerpc . DCERPC_NCA_S_OP_RNG_ERROR ,
response_fault_flags = dcerpc . DCERPC_PFC_FLAG_DID_NOT_EXECUTE )
2016-08-31 14:15:01 +03:00
def test_spnego_privacy_bind_none ( self ) :
# This fails...
return self . _test_spnego_level_bind ( auth_level = dcerpc . DCERPC_AUTH_LEVEL_PRIVACY ,
2018-07-30 09:16:12 +03:00
g_auth_level = dcerpc . DCERPC_AUTH_LEVEL_CONNECT ,
alter_fault = dcerpc . DCERPC_FAULT_SEC_PKG_ERROR )
2016-08-31 14:15:01 +03:00
def test_spnego_privacy_bind_sign ( self ) :
# This fails...
return self . _test_spnego_level_bind ( auth_level = dcerpc . DCERPC_AUTH_LEVEL_PRIVACY ,
2018-07-30 09:16:12 +03:00
g_auth_level = dcerpc . DCERPC_AUTH_LEVEL_INTEGRITY ,
alter_fault = dcerpc . DCERPC_FAULT_SEC_PKG_ERROR )
2016-08-31 14:15:01 +03:00
def test_spnego_privacy_bind_seal ( self ) :
return self . _test_spnego_level_bind ( auth_level = dcerpc . DCERPC_AUTH_LEVEL_PRIVACY ,
2018-07-30 09:16:12 +03:00
g_auth_level = dcerpc . DCERPC_AUTH_LEVEL_PRIVACY )
2016-08-31 14:15:01 +03:00
2018-11-20 17:43:24 +03:00
def _test_auth_signing_auth_level_request ( self , auth_type , auth_level , hdr_sign = False ) :
2016-08-31 14:15:01 +03:00
ndr32 = base . transfer_syntax_ndr ( )
tsf1_list = [ ndr32 ]
ctx1 = dcerpc . ctx_list ( )
2016-09-14 01:27:02 +03:00
ctx1 . context_id = 0x1001
2016-08-31 14:15:01 +03:00
ctx1 . num_transfer_syntaxes = len ( tsf1_list )
ctx1 . abstract_syntax = samba . dcerpc . mgmt . abstract_syntax ( )
ctx1 . transfer_syntaxes = tsf1_list
ctx_list = [ ctx1 ]
auth_context_id = 2
2018-11-20 17:43:24 +03:00
auth_context = self . _test_auth_bind_auth_level ( auth_type = auth_type ,
auth_level = auth_level ,
2016-08-31 14:15:01 +03:00
auth_context_id = auth_context_id ,
2018-11-20 19:37:38 +03:00
hdr_signing = hdr_sign ,
2016-08-31 14:15:01 +03:00
ctx = ctx1 )
2018-11-20 17:38:06 +03:00
self . assertIsNotNone ( auth_context )
g = auth_context [ " gensec " ]
self . assertIsNotNone ( g )
2016-08-31 14:15:01 +03:00
2018-05-01 14:24:47 +03:00
stub_bin = b ' \x00 ' * 0
2016-08-31 14:15:01 +03:00
mod_len = len ( stub_bin ) % dcerpc . DCERPC_AUTH_PAD_ALIGNMENT
auth_pad_length = 0
if mod_len > 0 :
auth_pad_length = dcerpc . DCERPC_AUTH_PAD_ALIGNMENT - mod_len
2018-05-01 14:24:47 +03:00
stub_bin + = b ' \x00 ' * auth_pad_length
2016-08-31 14:15:01 +03:00
sig_size = g . sig_size ( len ( stub_bin ) )
2018-05-01 14:24:47 +03:00
zero_sig = b " \x00 " * sig_size
2016-08-31 14:15:01 +03:00
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_pad_length = auth_pad_length ,
auth_context_id = auth_context_id ,
auth_blob = zero_sig )
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 3 ,
2016-08-31 14:15:01 +03:00
context_id = ctx1 . context_id ,
opnum = 0 ,
stub = stub_bin ,
auth_info = auth_info )
req_blob = samba . ndr . ndr_pack ( req )
ofs_stub = dcerpc . DCERPC_REQUEST_LENGTH
ofs_sig = len ( req_blob ) - req . auth_length
ofs_trailer = ofs_sig - dcerpc . DCERPC_AUTH_TRAILER_LENGTH
req_data = req_blob [ ofs_stub : ofs_trailer ]
req_whole = req_blob [ 0 : ofs_sig ]
sig = g . sign_packet ( req_data , req_whole )
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_pad_length = auth_pad_length ,
auth_context_id = auth_context_id ,
auth_blob = sig )
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 3 ,
2016-08-31 14:15:01 +03:00
context_id = ctx1 . context_id ,
opnum = 0 ,
stub = stub_bin ,
auth_info = auth_info )
self . send_pdu ( req )
( rep , rep_blob ) = self . recv_pdu_raw ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_RESPONSE , req . call_id ,
auth_length = sig_size )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
2016-09-14 01:27:02 +03:00
self . assertEquals ( rep . u . context_id , req . u . context_id & 0xff )
2016-08-31 14:15:01 +03:00
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertGreaterEqual ( len ( rep . u . stub_and_verifier ) , rep . u . alloc_hint )
self . assertEquals ( rep . auth_length , sig_size )
ofs_stub = dcerpc . DCERPC_REQUEST_LENGTH
ofs_sig = rep . frag_length - rep . auth_length
ofs_trailer = ofs_sig - dcerpc . DCERPC_AUTH_TRAILER_LENGTH
rep_data = rep_blob [ ofs_stub : ofs_trailer ]
rep_whole = rep_blob [ 0 : ofs_sig ]
rep_sig = rep_blob [ ofs_sig : ]
rep_auth_info_blob = rep_blob [ ofs_trailer : ]
rep_auth_info = self . parse_auth ( rep_auth_info_blob )
self . assertEquals ( rep_auth_info . auth_type , auth_type )
self . assertEquals ( rep_auth_info . auth_level , auth_level )
# mgmt_inq_if_ids() returns no fixed size results
#self.assertEquals(rep_auth_info.auth_pad_length, 0)
self . assertEquals ( rep_auth_info . auth_reserved , 0 )
self . assertEquals ( rep_auth_info . auth_context_id , auth_context_id )
self . assertEquals ( rep_auth_info . credentials , rep_sig )
g . check_packet ( rep_data , rep_whole , rep_sig )
2018-05-01 14:24:47 +03:00
stub_bin = b ' \x00 ' * 17
2016-08-31 14:15:01 +03:00
mod_len = len ( stub_bin ) % dcerpc . DCERPC_AUTH_PAD_ALIGNMENT
auth_pad_length = 0
if mod_len > 0 :
auth_pad_length = dcerpc . DCERPC_AUTH_PAD_ALIGNMENT - mod_len
2018-05-01 14:24:47 +03:00
stub_bin + = b ' \x00 ' * auth_pad_length
2016-08-31 14:15:01 +03:00
sig_size = g . sig_size ( len ( stub_bin ) )
2018-05-01 14:24:47 +03:00
zero_sig = b " \x00 " * sig_size
2016-08-31 14:15:01 +03:00
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_pad_length = auth_pad_length ,
auth_context_id = auth_context_id ,
auth_blob = zero_sig )
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 4 ,
2016-08-31 14:15:01 +03:00
context_id = ctx1 . context_id ,
opnum = 0xffff ,
stub = stub_bin ,
auth_info = auth_info )
req_blob = samba . ndr . ndr_pack ( req )
ofs_stub = dcerpc . DCERPC_REQUEST_LENGTH
ofs_sig = len ( req_blob ) - req . auth_length
ofs_trailer = ofs_sig - dcerpc . DCERPC_AUTH_TRAILER_LENGTH
req_data = req_blob [ ofs_stub : ofs_trailer ]
req_whole = req_blob [ 0 : ofs_sig ]
sig = g . sign_packet ( req_data , req_whole )
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_pad_length = auth_pad_length ,
auth_context_id = auth_context_id ,
auth_blob = sig )
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 4 ,
2016-08-31 14:15:01 +03:00
context_id = ctx1 . context_id ,
opnum = 0xffff ,
stub = stub_bin ,
auth_info = auth_info )
self . send_pdu ( req )
rep = self . recv_pdu ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_FAULT , req . call_id ,
pfc_flags = req . pfc_flags |
dcerpc . DCERPC_PFC_FLAG_DID_NOT_EXECUTE ,
auth_length = 0 )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
self . assertEquals ( rep . u . context_id , ctx1 . context_id )
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertEquals ( rep . u . flags , 0 )
self . assertEquals ( rep . u . status , dcerpc . DCERPC_NCA_S_OP_RNG_ERROR )
self . assertEquals ( rep . u . reserved , 0 )
self . assertEquals ( len ( rep . u . error_and_verifier ) , 0 )
2018-05-01 14:24:47 +03:00
stub_bin = b ' \x00 ' * 8
2016-08-31 14:15:01 +03:00
mod_len = len ( stub_bin ) % dcerpc . DCERPC_AUTH_PAD_ALIGNMENT
auth_pad_length = 0
if mod_len > 0 :
auth_pad_length = dcerpc . DCERPC_AUTH_PAD_ALIGNMENT - mod_len
2018-05-01 14:24:47 +03:00
stub_bin + = b ' \x00 ' * auth_pad_length
2016-08-31 14:15:01 +03:00
sig_size = g . sig_size ( len ( stub_bin ) )
2018-05-01 14:24:47 +03:00
zero_sig = b " \x00 " * sig_size
2016-08-31 14:15:01 +03:00
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_pad_length = auth_pad_length ,
auth_context_id = auth_context_id ,
auth_blob = zero_sig )
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 5 ,
2016-08-31 14:15:01 +03:00
context_id = ctx1 . context_id ,
opnum = 1 ,
stub = stub_bin ,
auth_info = auth_info )
req_blob = samba . ndr . ndr_pack ( req )
ofs_stub = dcerpc . DCERPC_REQUEST_LENGTH
ofs_sig = len ( req_blob ) - req . auth_length
ofs_trailer = ofs_sig - dcerpc . DCERPC_AUTH_TRAILER_LENGTH
req_data = req_blob [ ofs_stub : ofs_trailer ]
req_whole = req_blob [ 0 : ofs_sig ]
sig = g . sign_packet ( req_data , req_whole )
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_pad_length = auth_pad_length ,
auth_context_id = auth_context_id ,
auth_blob = sig )
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 5 ,
2016-08-31 14:15:01 +03:00
context_id = ctx1 . context_id ,
opnum = 1 ,
stub = stub_bin ,
auth_info = auth_info )
self . send_pdu ( req )
( rep , rep_blob ) = self . recv_pdu_raw ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_RESPONSE , req . call_id ,
auth_length = sig_size )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
2016-09-14 01:27:02 +03:00
self . assertEquals ( rep . u . context_id , req . u . context_id & 0xff )
2016-08-31 14:15:01 +03:00
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertGreaterEqual ( len ( rep . u . stub_and_verifier ) , rep . u . alloc_hint )
self . assertEquals ( rep . auth_length , sig_size )
ofs_stub = dcerpc . DCERPC_REQUEST_LENGTH
ofs_sig = rep . frag_length - rep . auth_length
ofs_trailer = ofs_sig - dcerpc . DCERPC_AUTH_TRAILER_LENGTH
rep_data = rep_blob [ ofs_stub : ofs_trailer ]
rep_whole = rep_blob [ 0 : ofs_sig ]
rep_sig = rep_blob [ ofs_sig : ]
rep_auth_info_blob = rep_blob [ ofs_trailer : ]
rep_auth_info = self . parse_auth ( rep_auth_info_blob )
self . assertEquals ( rep_auth_info . auth_type , auth_type )
self . assertEquals ( rep_auth_info . auth_level , auth_level )
self . assertEquals ( rep_auth_info . auth_pad_length , 4 )
self . assertEquals ( rep_auth_info . auth_reserved , 0 )
self . assertEquals ( rep_auth_info . auth_context_id , auth_context_id )
self . assertEquals ( rep_auth_info . credentials , rep_sig )
g . check_packet ( rep_data , rep_whole , rep_sig )
2018-05-01 14:24:47 +03:00
stub_bin = b ' \x00 ' * 8
2016-08-31 14:15:01 +03:00
mod_len = len ( stub_bin ) % dcerpc . DCERPC_AUTH_PAD_ALIGNMENT
auth_pad_length = 0
if mod_len > 0 :
auth_pad_length = dcerpc . DCERPC_AUTH_PAD_ALIGNMENT - mod_len
2018-05-01 14:24:47 +03:00
stub_bin + = b ' \x00 ' * auth_pad_length
2016-08-31 14:15:01 +03:00
sig_size = g . sig_size ( len ( stub_bin ) )
2018-05-01 14:24:47 +03:00
zero_sig = b " \x00 " * sig_size
2016-08-31 14:15:01 +03:00
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_pad_length = auth_pad_length ,
auth_context_id = auth_context_id ,
auth_blob = zero_sig )
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 6 ,
2016-08-31 14:15:01 +03:00
context_id = ctx1 . context_id ,
opnum = 3 ,
stub = stub_bin ,
auth_info = auth_info )
req_blob = samba . ndr . ndr_pack ( req )
ofs_stub = dcerpc . DCERPC_REQUEST_LENGTH
ofs_sig = len ( req_blob ) - req . auth_length
ofs_trailer = ofs_sig - dcerpc . DCERPC_AUTH_TRAILER_LENGTH
req_data = req_blob [ ofs_stub : ofs_trailer ]
req_whole = req_blob [ 0 : ofs_sig ]
sig = g . sign_packet ( req_data , req_whole )
auth_info = self . generate_auth ( auth_type = auth_type ,
auth_level = auth_level ,
auth_pad_length = auth_pad_length ,
auth_context_id = auth_context_id ,
auth_blob = sig )
2018-07-30 09:19:21 +03:00
req = self . generate_request ( call_id = 6 ,
2016-08-31 14:15:01 +03:00
context_id = ctx1 . context_id ,
opnum = 3 ,
stub = stub_bin ,
auth_info = auth_info )
self . send_pdu ( req )
( rep , rep_blob ) = self . recv_pdu_raw ( )
self . verify_pdu ( rep , dcerpc . DCERPC_PKT_RESPONSE , req . call_id ,
auth_length = sig_size )
self . assertNotEquals ( rep . u . alloc_hint , 0 )
2016-09-14 01:27:02 +03:00
self . assertEquals ( rep . u . context_id , req . u . context_id & 0xff )
2016-08-31 14:15:01 +03:00
self . assertEquals ( rep . u . cancel_count , 0 )
self . assertGreaterEqual ( len ( rep . u . stub_and_verifier ) , rep . u . alloc_hint )
self . assertEquals ( rep . auth_length , sig_size )
ofs_stub = dcerpc . DCERPC_REQUEST_LENGTH
ofs_sig = rep . frag_length - rep . auth_length
ofs_trailer = ofs_sig - dcerpc . DCERPC_AUTH_TRAILER_LENGTH
rep_data = rep_blob [ ofs_stub : ofs_trailer ]
rep_whole = rep_blob [ 0 : ofs_sig ]
rep_sig = rep_blob [ ofs_sig : ]
rep_auth_info_blob = rep_blob [ ofs_trailer : ]
rep_auth_info = self . parse_auth ( rep_auth_info_blob )
self . assertEquals ( rep_auth_info . auth_type , auth_type )
self . assertEquals ( rep_auth_info . auth_level , auth_level )
self . assertEquals ( rep_auth_info . auth_pad_length , 12 )
self . assertEquals ( rep_auth_info . auth_reserved , 0 )
self . assertEquals ( rep_auth_info . auth_context_id , auth_context_id )
self . assertEquals ( rep_auth_info . credentials , rep_sig )
g . check_packet ( rep_data , rep_whole , rep_sig )
def test_spnego_signing_packet ( self ) :
# DCERPC_AUTH_LEVEL_PACKET is handled as alias of
# DCERPC_AUTH_LEVEL_INTEGRITY
2018-11-20 17:43:24 +03:00
return self . _test_auth_signing_auth_level_request ( dcerpc . DCERPC_AUTH_TYPE_SPNEGO ,
dcerpc . DCERPC_AUTH_LEVEL_PACKET )
2016-08-31 14:15:01 +03:00
2018-11-20 19:37:38 +03:00
def test_spnego_hdr_signing_packet ( self ) :
# DCERPC_AUTH_LEVEL_PACKET is handled as alias of
# DCERPC_AUTH_LEVEL_INTEGRITY
return self . _test_auth_signing_auth_level_request ( dcerpc . DCERPC_AUTH_TYPE_SPNEGO ,
dcerpc . DCERPC_AUTH_LEVEL_PACKET ,
hdr_sign = True )
2016-08-31 14:15:01 +03:00
def test_spnego_signing_integrity ( self ) :
2018-11-20 17:43:24 +03:00
return self . _test_auth_signing_auth_level_request ( dcerpc . DCERPC_AUTH_TYPE_SPNEGO ,
dcerpc . DCERPC_AUTH_LEVEL_INTEGRITY )
2016-08-31 14:15:01 +03:00
2018-11-20 19:37:38 +03:00
def test_spnego_hdr_signing_integrity ( self ) :
return self . _test_auth_signing_auth_level_request ( dcerpc . DCERPC_AUTH_TYPE_SPNEGO ,
dcerpc . DCERPC_AUTH_LEVEL_INTEGRITY ,
hdr_sign = True )
2018-11-20 19:37:38 +03:00
def test_ntlm_signing_packet ( self ) :
# DCERPC_AUTH_LEVEL_PACKET is handled as alias of
# DCERPC_AUTH_LEVEL_INTEGRITY
return self . _test_auth_signing_auth_level_request ( dcerpc . DCERPC_AUTH_TYPE_NTLMSSP ,
dcerpc . DCERPC_AUTH_LEVEL_PACKET )
def test_ntlm_hdr_signing_packet ( self ) :
# DCERPC_AUTH_LEVEL_PACKET is handled as alias of
# DCERPC_AUTH_LEVEL_INTEGRITY
return self . _test_auth_signing_auth_level_request ( dcerpc . DCERPC_AUTH_TYPE_NTLMSSP ,
dcerpc . DCERPC_AUTH_LEVEL_PACKET ,
hdr_sign = True )
def test_ntlm_signing_integrity ( self ) :
return self . _test_auth_signing_auth_level_request ( dcerpc . DCERPC_AUTH_TYPE_NTLMSSP ,
dcerpc . DCERPC_AUTH_LEVEL_INTEGRITY )
def test_ntlm_hdr_signing_integrity ( self ) :
return self . _test_auth_signing_auth_level_request ( dcerpc . DCERPC_AUTH_TYPE_NTLMSSP ,
dcerpc . DCERPC_AUTH_LEVEL_INTEGRITY ,
hdr_sign = True )
def test_krb5_signing_packet ( self ) :
# DCERPC_AUTH_LEVEL_PACKET is handled as alias of
# DCERPC_AUTH_LEVEL_INTEGRITY
return self . _test_auth_signing_auth_level_request ( dcerpc . DCERPC_AUTH_TYPE_KRB5 ,
dcerpc . DCERPC_AUTH_LEVEL_PACKET )
def test_krb5_hdr_signing_packet ( self ) :
# DCERPC_AUTH_LEVEL_PACKET is handled as alias of
# DCERPC_AUTH_LEVEL_INTEGRITY
return self . _test_auth_signing_auth_level_request ( dcerpc . DCERPC_AUTH_TYPE_KRB5 ,
dcerpc . DCERPC_AUTH_LEVEL_PACKET ,
hdr_sign = True )
def test_krb5_signing_integrity ( self ) :
return self . _test_auth_signing_auth_level_request ( dcerpc . DCERPC_AUTH_TYPE_KRB5 ,
dcerpc . DCERPC_AUTH_LEVEL_INTEGRITY )
def test_krb5_hdr_signing_integrity ( self ) :
return self . _test_auth_signing_auth_level_request ( dcerpc . DCERPC_AUTH_TYPE_KRB5 ,
dcerpc . DCERPC_AUTH_LEVEL_INTEGRITY ,
hdr_sign = True )
2016-09-27 09:52:14 +03:00
def test_assoc_group_fail1 ( self ) :
abstract = samba . dcerpc . mgmt . abstract_syntax ( )
transfer = base . transfer_syntax_ndr ( )
tsf1_list = [ transfer ]
ctx = samba . dcerpc . dcerpc . ctx_list ( )
ctx . context_id = 1
ctx . num_transfer_syntaxes = len ( tsf1_list )
ctx . abstract_syntax = abstract
ctx . transfer_syntaxes = tsf1_list
ack = self . do_generic_bind ( ctx = ctx , assoc_group_id = 1 ,
nak_reason = dcerpc . DCERPC_BIND_NAK_REASON_NOT_SPECIFIED )
return
def test_assoc_group_fail2 ( self ) :
abstract = samba . dcerpc . mgmt . abstract_syntax ( )
transfer = base . transfer_syntax_ndr ( )
tsf1_list = [ transfer ]
ctx = samba . dcerpc . dcerpc . ctx_list ( )
ctx . context_id = 1
ctx . num_transfer_syntaxes = len ( tsf1_list )
ctx . abstract_syntax = abstract
ctx . transfer_syntaxes = tsf1_list
ack = self . do_generic_bind ( ctx = ctx )
self . _disconnect ( " test_assoc_group_fail2 " )
2018-06-21 07:31:03 +03:00
self . assertNotConnected ( )
time . sleep ( 0.5 )
2016-09-27 09:52:14 +03:00
self . connect ( )
2018-07-30 09:19:05 +03:00
ack2 = self . do_generic_bind ( ctx = ctx , assoc_group_id = ack . u . assoc_group_id ,
2016-09-27 09:52:14 +03:00
nak_reason = dcerpc . DCERPC_BIND_NAK_REASON_NOT_SPECIFIED )
return
def test_assoc_group_diff1 ( self ) :
abstract = samba . dcerpc . mgmt . abstract_syntax ( )
transfer = base . transfer_syntax_ndr ( )
( ctx1 , ack1 ) = self . prepare_presentation ( abstract , transfer ,
context_id = 1 , return_ack = True )
conn2 = self . second_connection ( )
( ctx2 , ack2 ) = conn2 . prepare_presentation ( abstract , transfer ,
context_id = 2 , return_ack = True )
self . assertNotEqual ( ack2 . u . assoc_group_id , ack1 . u . assoc_group_id )
2018-12-11 21:42:09 +03:00
conn2 . _disconnect ( " End of Test " )
2016-09-27 09:52:14 +03:00
return
def test_assoc_group_ok1 ( self ) :
abstract = samba . dcerpc . mgmt . abstract_syntax ( )
transfer = base . transfer_syntax_ndr ( )
( ctx1 , ack1 ) = self . prepare_presentation ( abstract , transfer ,
context_id = 1 , return_ack = True )
conn2 = self . second_connection ( )
( ctx2 , ack2 ) = conn2 . prepare_presentation ( abstract , transfer ,
assoc_group_id = ack1 . u . assoc_group_id ,
context_id = 2 , return_ack = True )
inq_if_ids = samba . dcerpc . mgmt . inq_if_ids ( )
2018-07-30 09:19:21 +03:00
self . do_single_request ( call_id = 1 , ctx = ctx1 , io = inq_if_ids )
conn2 . do_single_request ( call_id = 1 , ctx = ctx2 , io = inq_if_ids )
2016-09-27 09:52:14 +03:00
2018-07-30 09:19:21 +03:00
conn2 . do_single_request ( call_id = 1 , ctx = ctx1 , io = inq_if_ids ,
2018-08-22 08:18:43 +03:00
fault_pfc_flags = (
samba . dcerpc . dcerpc . DCERPC_PFC_FLAG_FIRST |
samba . dcerpc . dcerpc . DCERPC_PFC_FLAG_LAST |
samba . dcerpc . dcerpc . DCERPC_PFC_FLAG_DID_NOT_EXECUTE ) ,
2016-09-27 09:52:14 +03:00
fault_status = dcerpc . DCERPC_NCA_S_UNKNOWN_IF ,
fault_context_id = 0 )
2018-07-30 09:19:21 +03:00
self . do_single_request ( call_id = 1 , ctx = ctx1 , io = inq_if_ids )
conn2 . do_single_request ( call_id = 1 , ctx = ctx2 , io = inq_if_ids )
2018-12-11 21:42:09 +03:00
conn2 . _disconnect ( " End of Test " )
2016-09-27 09:52:14 +03:00
return
2018-11-21 13:49:40 +03:00
def _test_krb5_hdr_sign_delayed1 ( self , do_upgrade ) :
auth_type = dcerpc . DCERPC_AUTH_TYPE_KRB5
auth_level = dcerpc . DCERPC_AUTH_LEVEL_INTEGRITY
auth_context_id = 1
creds = self . get_user_creds ( )
abstract = samba . dcerpc . mgmt . abstract_syntax ( )
transfer = base . transfer_syntax_ndr ( )
tsf1_list = [ transfer ]
ctx = samba . dcerpc . dcerpc . ctx_list ( )
ctx . context_id = 1
ctx . num_transfer_syntaxes = len ( tsf1_list )
ctx . abstract_syntax = abstract
ctx . transfer_syntaxes = tsf1_list
auth_context = self . get_auth_context_creds ( creds = creds ,
auth_type = auth_type ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
hdr_signing = False )
ack = self . do_generic_bind ( call_id = 1 ,
ctx = ctx ,
auth_context = auth_context )
inq_if_ids = samba . dcerpc . mgmt . inq_if_ids ( )
self . do_single_request ( call_id = 2 , ctx = ctx , io = inq_if_ids ,
auth_context = auth_context )
#
# This is just an alter context without authentication
# But it can turn on header signing for the whole connection
#
ack2 = self . do_generic_bind ( call_id = 3 , ctx = ctx ,
pfc_flags = dcerpc . DCERPC_PFC_FLAG_FIRST |
dcerpc . DCERPC_PFC_FLAG_LAST |
dcerpc . DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN ,
assoc_group_id = ack . u . assoc_group_id ,
start_with_alter = True )
self . assertFalse ( auth_context [ ' hdr_signing ' ] )
if do_upgrade :
auth_context [ ' hdr_signing ' ] = True
auth_context [ " gensec " ] . want_feature ( gensec . FEATURE_SIGN_PKT_HEADER )
fault_status = None
else :
fault_status = dcerpc . DCERPC_FAULT_SEC_PKG_ERROR
self . do_single_request ( call_id = 4 , ctx = ctx , io = inq_if_ids ,
auth_context = auth_context ,
fault_status = fault_status )
if fault_status is not None :
# wait for a disconnect
rep = self . recv_pdu ( )
self . assertIsNone ( rep )
self . assertNotConnected ( )
return
self . do_single_request ( call_id = 5 , ctx = ctx , io = inq_if_ids ,
auth_context = auth_context )
return
def test_krb5_hdr_sign_delayed1_ok1 ( self ) :
return self . _test_krb5_hdr_sign_delayed1 ( do_upgrade = True )
def test_krb5_hdr_sign_delayed1_fail1 ( self ) :
return self . _test_krb5_hdr_sign_delayed1 ( do_upgrade = False )
def _test_krb5_hdr_sign_delayed2 ( self , do_upgrade ) :
auth_type = dcerpc . DCERPC_AUTH_TYPE_KRB5
auth_level = dcerpc . DCERPC_AUTH_LEVEL_INTEGRITY
auth_context_id = 1
creds = self . get_user_creds ( )
abstract = samba . dcerpc . mgmt . abstract_syntax ( )
transfer = base . transfer_syntax_ndr ( )
tsf1_list = [ transfer ]
ctx = samba . dcerpc . dcerpc . ctx_list ( )
ctx . context_id = 1
ctx . num_transfer_syntaxes = len ( tsf1_list )
ctx . abstract_syntax = abstract
ctx . transfer_syntaxes = tsf1_list
auth_context = self . get_auth_context_creds ( creds = creds ,
auth_type = auth_type ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
hdr_signing = False )
#
# SUPPORT_HEADER_SIGN on alter context activates header signing
#
ack = self . do_generic_bind ( call_id = 1 ,
ctx = ctx ,
auth_context = auth_context ,
pfc_flags_2nd = dcerpc . DCERPC_PFC_FLAG_FIRST |
dcerpc . DCERPC_PFC_FLAG_LAST |
dcerpc . DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN )
self . assertFalse ( auth_context [ ' hdr_signing ' ] )
if do_upgrade :
auth_context [ ' hdr_signing ' ] = True
auth_context [ " gensec " ] . want_feature ( gensec . FEATURE_SIGN_PKT_HEADER )
fault_status = None
else :
fault_status = dcerpc . DCERPC_FAULT_SEC_PKG_ERROR
inq_if_ids = samba . dcerpc . mgmt . inq_if_ids ( )
self . do_single_request ( call_id = 4 , ctx = ctx , io = inq_if_ids ,
auth_context = auth_context ,
fault_status = fault_status )
if fault_status is not None :
# wait for a disconnect
rep = self . recv_pdu ( )
self . assertIsNone ( rep )
self . assertNotConnected ( )
return
self . do_single_request ( call_id = 5 , ctx = ctx , io = inq_if_ids ,
auth_context = auth_context )
return
def test_krb5_hdr_sign_delayed2_ok1 ( self ) :
return self . _test_krb5_hdr_sign_delayed2 ( do_upgrade = True )
def test_krb5_hdr_sign_delayed2_fail1 ( self ) :
return self . _test_krb5_hdr_sign_delayed2 ( do_upgrade = False )
def test_krb5_hdr_sign_delayed3_fail1 ( self ) :
auth_type = dcerpc . DCERPC_AUTH_TYPE_KRB5
auth_level = dcerpc . DCERPC_AUTH_LEVEL_INTEGRITY
auth_context_id = 1
creds = self . get_user_creds ( )
abstract = samba . dcerpc . mgmt . abstract_syntax ( )
transfer = base . transfer_syntax_ndr ( )
tsf1_list = [ transfer ]
ctx = samba . dcerpc . dcerpc . ctx_list ( )
ctx . context_id = 1
ctx . num_transfer_syntaxes = len ( tsf1_list )
ctx . abstract_syntax = abstract
ctx . transfer_syntaxes = tsf1_list
auth_context = self . get_auth_context_creds ( creds = creds ,
auth_type = auth_type ,
auth_level = auth_level ,
auth_context_id = auth_context_id ,
hdr_signing = False )
#
# SUPPORT_HEADER_SIGN on auth3 doesn't activate header signing
#
ack = self . do_generic_bind ( call_id = 1 ,
ctx = ctx ,
auth_context = auth_context ,
pfc_flags_2nd = dcerpc . DCERPC_PFC_FLAG_FIRST |
dcerpc . DCERPC_PFC_FLAG_LAST |
dcerpc . DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN ,
use_auth3 = True )
inq_if_ids = samba . dcerpc . mgmt . inq_if_ids ( )
self . do_single_request ( call_id = 2 , ctx = ctx , io = inq_if_ids ,
auth_context = auth_context )
self . assertFalse ( auth_context [ ' hdr_signing ' ] )
auth_context [ ' hdr_signing ' ] = True
auth_context [ " gensec " ] . want_feature ( gensec . FEATURE_SIGN_PKT_HEADER )
fault_status = dcerpc . DCERPC_FAULT_SEC_PKG_ERROR
self . do_single_request ( call_id = 4 , ctx = ctx , io = inq_if_ids ,
auth_context = auth_context ,
fault_status = fault_status )
# wait for a disconnect
rep = self . recv_pdu ( )
self . assertIsNone ( rep )
self . assertNotConnected ( )
return
2018-07-30 09:21:29 +03:00
2014-03-27 01:42:19 +04:00
if __name__ == " __main__ " :
global_ndr_print = True
global_hexdump = True
import unittest
unittest . main ( )
