search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
modified: nfig1.py
[GalaxyCodeBases.git] / etc / Windows / py-kms / dcerpc.py
blobf1e2a3e273235f9b91d1a5fbc86e9572aa894f69
1 # Copyright (c) 2003-2012 CORE Security Technologies
2 #
3 # This software is provided under under a slightly modified version
4 # of the Apache Software License. See the accompanying LICENSE file
5 # for more information.
6 #
7 # $Id: dcerpc.py 917 2013-11-10 20:47:57Z bethus $
8 #
9 # Partial C706.pdf + [MS-RPCE] implementation
10 #
11 # ToDo:
12 # [ ] Take out all the security provider stuff out of here (e.g. RPC_C_AUTHN_WINNT)
13 # and put it elsewhere. This will make the coder cleaner and easier to add
14 # more SSP (e.g. NETLOGON)
15 #
16
17 from structure import Structure,pack,unpack
18
19 # MS/RPC Constants
20 MSRPC_REQUEST = 0x00
21 MSRPC_PING = 0x01
22 MSRPC_RESPONSE = 0x02
23 MSRPC_FAULT = 0x03
24 MSRPC_WORKING = 0x04
25 MSRPC_NOCALL = 0x05
26 MSRPC_REJECT = 0x06
27 MSRPC_ACK = 0x07
28 MSRPC_CL_CANCEL = 0x08
29 MSRPC_FACK = 0x09
30 MSRPC_CANCELACK = 0x0A
31 MSRPC_BIND = 0x0B
32 MSRPC_BINDACK = 0x0C
33 MSRPC_BINDNAK = 0x0D
34 MSRPC_ALTERCTX = 0x0E
35 MSRPC_ALTERCTX_R= 0x0F
36 MSRPC_AUTH3 = 0x10
37 MSRPC_SHUTDOWN = 0x11
38 MSRPC_CO_CANCEL = 0x12
39 MSRPC_ORPHANED = 0x13
40
41 # MS/RPC Packet Flags
42 MSRPC_FIRSTFRAG = 0x01
43 MSRPC_LASTFRAG = 0x02
44
45 # For PDU types bind, bind_ack, alter_context, and
46 # alter_context_resp, this flag MUST be interpreted as PFC_SUPPORT_HEADER_SIGN
47 MSRPC_SUPPORT_SIGN = 0x04
48
49 #For the
50 #remaining PDU types, this flag MUST be interpreted as PFC_PENDING_CANCEL.
51 MSRPC_PENDING_CANCEL= 0x04
52
53 MSRPC_NOTAFRAG = 0x04
54 MSRPC_RECRESPOND = 0x08
55 MSRPC_NOMULTIPLEX = 0x10
56 MSRPC_NOTFORIDEMP = 0x20
57 MSRPC_NOTFORBCAST = 0x40
58 MSRPC_NOUUID = 0x80
59
60 # Auth Types - Security Providers
61 RPC_C_AUTHN_NONE = 0x00
62 RPC_C_AUTHN_GSS_NEGOTIATE = 0x09
63 RPC_C_AUTHN_WINNT = 0x0A
64 RPC_C_AUTHN_GSS_SCHANNEL = 0x0E
65 RPC_C_AUTHN_GSS_KERBEROS = 0x10
66 RPC_C_AUTHN_NETLOGON = 0x44
67 RPC_C_AUTHN_DEFAULT = 0xFF
68
69 # Auth Levels
70 RPC_C_AUTHN_LEVEL_NONE = 1
71 RPC_C_AUTHN_LEVEL_CONNECT = 2
72 RPC_C_AUTHN_LEVEL_CALL = 3
73 RPC_C_AUTHN_LEVEL_PKT = 4
74 RPC_C_AUTHN_LEVEL_PKT_INTEGRITY = 5
75 RPC_C_AUTHN_LEVEL_PKT_PRIVACY = 6
76
77 #Reasons for rejection of a context element, included in bind_ack result reason
78 rpc_provider_reason = {
79 0 : 'reason_not_specified',
80 1 : 'abstract_syntax_not_supported',
81 2 : 'proposed_transfer_syntaxes_not_supported',
82 3 : 'local_limit_exceeded',
83 4 : 'protocol_version_not_specified',
84 8 : 'authentication_type_not_recognized',
85 9 : 'invalid_checksum'
86 }
87
88 MSRPC_CONT_RESULT_ACCEPT = 0
89 MSRPC_CONT_RESULT_USER_REJECT = 1
90 MSRPC_CONT_RESULT_PROV_REJECT = 2
91
92 #Results of a presentation context negotiation
93 rpc_cont_def_result = {
94 0 : 'acceptance',
95 1 : 'user_rejection',
96 2 : 'provider_rejection'
97 }
98
99 #status codes, references:
100 #http://msdn.microsoft.com/library/default.asp?url=/library/en-us/rpc/rpc/rpc_return_values.asp
101 #http://msdn.microsoft.com/library/default.asp?url=/library/en-us/randz/protocol/common_return_values.asp
102 #winerror.h
103 #http://www.opengroup.org/onlinepubs/9629399/apdxn.htm
104
105 rpc_status_codes = {
106 0x00000005L : 'rpc_s_access_denied',
107 0x00000008L : 'Authentication type not recognized',
108 0x000006D8L : 'rpc_fault_cant_perform',
109 0x000006C6L : 'rpc_x_invalid_bound', # the arrays bound are invalid
110 0x000006E4L : 'rpc_s_cannot_support: The requested operation is not supported.', # some operation is not supported
111 0x000006F7L : 'rpc_x_bad_stub_data', # the stub data is invalid, doesn't match with the IDL definition
112 0x1C010001L : 'nca_s_comm_failure', # unable to get response from server:
113 0x1C010002L : 'nca_s_op_rng_error', # bad operation number in call
114 0x1C010003L : 'nca_s_unk_if', # unknown interface
115 0x1C010006L : 'nca_s_wrong_boot_time', # client passed server wrong server boot time
116 0x1C010009L : 'nca_s_you_crashed', # a restarted server called back a client
117 0x1C01000BL : 'nca_s_proto_error', # someone messed up the protocol
118 0x1C010013L : 'nca_s_out_args_too_big ', # output args too big
119 0x1C010014L : 'nca_s_server_too_busy', # server is too busy to handle call
120 0x1C010015L : 'nca_s_fault_string_too_long', # string argument longer than declared max len
121 0x1C010017L : 'nca_s_unsupported_type ', # no implementation of generic operation for object
122 0x1C000001L : 'nca_s_fault_int_div_by_zero',
123 0x1C000002L : 'nca_s_fault_addr_error ',
124 0x1C000003L : 'nca_s_fault_fp_div_zero',
125 0x1C000004L : 'nca_s_fault_fp_underflow',
126 0x1C000005L : 'nca_s_fault_fp_overflow',
127 0x1C000006L : 'nca_s_fault_invalid_tag',
128 0x1C000007L : 'nca_s_fault_invalid_bound ',
129 0x1C000008L : 'nca_s_rpc_version_mismatch',
130 0x1C000009L : 'nca_s_unspec_reject ',
131 0x1C00000AL : 'nca_s_bad_actid',
132 0x1C00000BL : 'nca_s_who_are_you_failed',
133 0x1C00000CL : 'nca_s_manager_not_entered ',
134 0x1C00000DL : 'nca_s_fault_cancel',
135 0x1C00000EL : 'nca_s_fault_ill_inst',
136 0x1C00000FL : 'nca_s_fault_fp_error',
137 0x1C000010L : 'nca_s_fault_int_overflow',
138 0x1C000012L : 'nca_s_fault_unspec',
139 0x1C000013L : 'nca_s_fault_remote_comm_failure ',
140 0x1C000014L : 'nca_s_fault_pipe_empty ',
141 0x1C000015L : 'nca_s_fault_pipe_closed',
142 0x1C000016L : 'nca_s_fault_pipe_order ',
143 0x1C000017L : 'nca_s_fault_pipe_discipline',
144 0x1C000018L : 'nca_s_fault_pipe_comm_error',
145 0x1C000019L : 'nca_s_fault_pipe_memory',
146 0x1C00001AL : 'nca_s_fault_context_mismatch ',
147 0x1C00001BL : 'nca_s_fault_remote_no_memory ',
148 0x1C00001CL : 'nca_s_invalid_pres_context_id',
149 0x1C00001DL : 'nca_s_unsupported_authn_level',
150 0x1C00001FL : 'nca_s_invalid_checksum ',
151 0x1C000020L : 'nca_s_invalid_crc',
152 0x1C000021L : 'nca_s_fault_user_defined',
153 0x1C000022L : 'nca_s_fault_tx_open_failed',
154 0x1C000023L : 'nca_s_fault_codeset_conv_error',
155 0x1C000024L : 'nca_s_fault_object_not_found ',
156 0x1C000025L : 'nca_s_fault_no_client_stub'
157 }
158
159 class Exception(Exception):
160 pass
161
162 # Context Item
163 class CtxItem(Structure):
164 structure = (
165 ('ContextID','<H=0'),
166 ('TransItems','B=0'),
167 ('Pad','B=0'),
168 ('AbstractSyntax','20s=""'),
169 ('TransferSyntax','20s=""'),
170 )
171
172 class CtxItemResult(Structure):
173 structure = (
174 ('Result','<H=0'),
175 ('Reason','<H=0'),
176 ('TransferSyntax','20s=""'),
177 )
178
179 class SEC_TRAILER(Structure):
180 commonHdr = (
181 ('auth_type', 'B=10'),
182 ('auth_level','B=0'),
183 ('auth_pad_len','B=0'),
184 ('auth_rsvrd','B=0'),
185 ('auth_ctx_id','<L=747920'),
186 )
187
188 class MSRPCHeader(Structure):
189 _SIZE = 16
190 commonHdr = (
191 ('ver_major','B=5'), # 0
192 ('ver_minor','B=0'), # 1
193 ('type','B=0'), # 2
194 ('flags','B=0'), # 3
195 ('representation','<L=0x10'), # 4
196 ('frag_len','<H=self._SIZE+len(pduData)+len(pad)+len(sec_trailer)+len(auth_data)'), # 8
197 ('auth_len','<H=len(auth_data)'), # 10
198 ('call_id','<L=1'), # 12 <-- Common up to here (including this)
199 )
200
201 structure = (
202 ('dataLen','_-pduData','self["frag_len"]-self["auth_len"]-self._SIZE-(8 if self["auth_len"] > 0 else 0)'),
203 ('pduData',':'),
204 ('_pad', '_-pad','(4 - ((self._SIZE + len(self["pduData"])) & 3) & 3)'),
205 ('pad', ':'),
206 ('_sec_trailer', '_-sec_trailer', '8 if self["auth_len"] > 0 else 0'),
207 ('sec_trailer',':'),
208 ('auth_dataLen','_-auth_data','self["auth_len"]'),
209 ('auth_data',':'),
210 )
211
212 def __init__(self, data = None, alignment = 0):
213 Structure.__init__(self,data, alignment)
214 if data is None:
215 self['ver_major'] = 5
216 self['ver_minor'] = 0
217 self['flags'] = MSRPC_FIRSTFRAG | MSRPC_LASTFRAG
218 self['type'] = MSRPC_REQUEST
219 self.__frag_len_set = 0
220 self['auth_len'] = 0
221 self['pduData'] = ''
222 self['auth_data'] = ''
223 self['sec_trailer'] = ''
224 self['pad'] = ''
225
226 def get_header_size(self):
227 return self._SIZE
228
229 def get_packet(self):
230 if self['auth_data'] != '':
231 self['auth_len'] = len(self['auth_data'])
232 # The sec_trailer structure MUST be 4-byte aligned with respect to
233 # the beginning of the PDU. Padding octets MUST be used to align the
234 # sec_trailer structure if its natural beginning is not already 4-byte aligned
235 ##self['pad'] = '\xAA' * (4 - ((self._SIZE + len(self['pduData'])) & 3) & 3)
236
237 return self.getData()
238
239 class MSRPCRequestHeader(MSRPCHeader):
240 _SIZE = 24
241 commonHdr = MSRPCHeader.commonHdr + (
242 ('alloc_hint','<L=0'), # 16
243 ('ctx_id','<H=0'), # 20
244 ('op_num','<H=0'), # 22
245 )
246
247 def __init__(self, data = None, alignment = 0):
248 MSRPCHeader.__init__(self, data, alignment)
249 if data is None:
250 self['type'] = MSRPC_REQUEST
251 self['ctx_id'] = 0
252
253 class MSRPCRespHeader(MSRPCHeader):
254 _SIZE = 24
255 commonHdr = MSRPCHeader.commonHdr + (
256 ('alloc_hint','<L=0'), # 16
257 ('ctx_id','<H=0'), # 20
258 ('cancel_count','<B=0'), # 22
259 ('padding','<B=0'), # 23
260 )
261
262 def __init__(self, aBuffer = None, alignment = 0):
263 MSRPCHeader.__init__(self, aBuffer, alignment)
264 if aBuffer is None:
265 self['type'] = MSRPC_RESPONSE
266 self['ctx_id'] = 0
267
268 class MSRPCBind(Structure):
269 _CTX_ITEM_LEN = len(CtxItem())
270 structure = (
271 ('max_tfrag','<H=4280'),
272 ('max_rfrag','<H=4280'),
273 ('assoc_group','<L=0'),
274 ('ctx_num','B=0'),
275 ('Reserved','B=0'),
276 ('Reserved2','<H=0'),
277 ('_ctx_items', '_-ctx_items', 'self["ctx_num"]*self._CTX_ITEM_LEN'),
278 ('ctx_items',':'),
279 )
280
281 def __init__(self, data = None, alignment = 0):
282 Structure.__init__(self, data, alignment)
283 if data is None:
284 self['max_tfrag'] = 4280
285 self['max_rfrag'] = 4280
286 self['assoc_group'] = 0
287 self['ctx_num'] = 1
288 self['ctx_items'] = ''
289 self.__ctx_items = []
290
291 def addCtxItem(self, item):
292 self.__ctx_items.append(item)
293
294 def getData(self):
295 self['ctx_num'] = len(self.__ctx_items)
296 for i in self.__ctx_items:
297 self['ctx_items'] += i.getData()
298 return Structure.getData(self)
299
300 class MSRPCBindAck(Structure):
301 _SIZE = 26 # Up to SecondaryAddr
302 _CTX_ITEM_LEN = len(CtxItemResult())
303 commonHdr = (
304 ('ver_major','B=5'), # 0
305 ('ver_minor','B=0'), # 1
306 ('type','B=0'), # 2
307 ('flags','B=0'), # 3
308 ('representation','<L=0x10'), # 4
309 ('frag_len','<H=0'), # 8
310 ('auth_len','<H=0'), # 10
311 ('call_id','<L=1'), # 12 <-- Common up to here (including this)
312 )
313 structure = (
314 ('max_tfrag','<H=0'),
315 ('max_rfrag','<H=0'),
316 ('assoc_group','<L=0'),
317 ('SecondaryAddrLen','<H&SecondaryAddr'),
318 ('SecondaryAddr','z'), # Optional if SecondaryAddrLen == 0
319 ('PadLen','_-Pad','(4-((self["SecondaryAddrLen"]+self._SIZE) % 4))%4'),
320 ('Pad',':'),
321 ('ctx_num','B=0'),
322 ('Reserved','B=0'),
323 ('Reserved2','<H=0'),
324 ('_ctx_items','_-ctx_items','self["ctx_num"]*self._CTX_ITEM_LEN'),
325 ('ctx_items',':'),
326 ('_sec_trailer', '_-sec_trailer', '8 if self["auth_len"] > 0 else 0'),
327 ('sec_trailer',':'),
328 ('auth_dataLen','_-auth_data','self["auth_len"]'),
329 ('auth_data',':'),
330 )
331 def __init__(self, data = None, alignment = 0):
332 self.__ctx_items = []
333 Structure.__init__(self,data,alignment)
334 if data is None:
335 self['Pad'] = ''
336 self['ctx_items'] = ''
337 self['sec_trailer'] = ''
338 self['auth_data'] = ''
339
340 def getCtxItems(self):
341 return self.__ctx_items
342
343 def getCtxItem(self,index):
344 return self.__ctx_items[index-1]
345
346 def fromString(self, data):
347 Structure.fromString(self,data)
348 # Parse the ctx_items
349 data = self['ctx_items']
350 for i in range(self['ctx_num']):
351 item = CtxItemResult(data)
352 self.__ctx_items.append(item)
353 data = data[len(item):]
354
355 class MSRPCBindNak(Structure):
356 structure = (
357 ('RejectedReason','<H=0'),
358 ('SupportedVersions',':'),
359 )
360 def __init__(self, data = None, alignment = 0):
361 Structure.__init__(self,data,alignment)
362 if data is None:
363 self['SupportedVersions'] = ''
A place to share codes with mates