o

�/a/9�@s�dd
lm
Z

ddlmZmZ
ddlmZmZ
ddlmZ
ddl	Z	ddl
mZ
ddlZddl
Z
ddlZddlZGdd�de
�ZGdd	�d	e�ZdS)
�)
�TestCaseInTempDir)�dns�dnsp)�gensec�tests)
�credentialsNcs�eZ
dZ�f
d
d�Zdd�Zdd�Zdd�Zd	d
�Zd dd
�
Zdd�Z	dd�Z
dd�Zdd�Z	d!dd�
Z
	d!dd�
Zd"dd�
Zd dd�
Z�ZS)#�DNSTestc

stt
|���
d|_dS�
N)�superr�setUp�timeout�
�self�
�	__class__��6/usr/lib/python3/dist-packages/samba/tests/dns_base.pyr!s


z
DNSTest.setUpcCsgd
�
}||
S)zReturn a readable error code)�OK�FORMERR�SERVFAIL�NXDOMAIN�NOTIMP�REFUSED�YXDOMAIN�YXRRSET�NXRRSET�NOTAUTH�NOTZONE�0x0B�0x0C�0x0D�0x0E�0x0F�BADSIG�BADKEYr)r�errcode�string_codesrrr�errstr%szDNSTest.errstrc	Cs&|�|
|d
|�
|�
|�
|
�
f�
dS�z$Helper function to check return codezExpected RCODE %s, got %sN)�assertEqualr')r�rcode�expectedrrr�assert_rcode_equals>s


�zDNSTest.assert_rcode_equalsc	Cs2|
jt
j@}|�||d
|�|�
|�|�
f�
dSr()�	operationr�	DNS_RCODEr)r')r�packetr*�	p_errcoderrr�assert_dns_rcode_equalsCs



�zDNSTest.assert_dns_rcode_equalscCs&|
jt
j@}|�||d
||f�
dS)zHelper function to check opcodezExpected OPCODE %s, got %sN)r-r�
DNS_OPCODEr))rr/�opcode�p_opcoderrr�assert_dns_opcode_equalsIs



�z DNSTest.assert_dns_opcode_equalsNcCs4t�
�}|d
urt�dd�|_|
|_g|_g|_|S)z!Helper creating a dns.name_packetNr
i�)r�name_packet�random�randint�idr-�	questions�
additional)rr3�qid�
prrr�make_name_packetOs





zDNSTest.make_name_packetcCst|�
|
_
||
_d
S)z$Helper to finalize a dns.name_packetN)�len�qdcountr:)rr/r:rrr�finish_name_packetYs


zDNSTest.finish_name_packetcCst�
�}|
|_||_||_|S)
z#Helper creating a dns.name_question)r�
name_question�name�
question_type�question_class)rrC�qtype�qclass�
qrrr�make_name_question^s




zDNSTest.make_name_questioncCs*t�
�}t��}t|
�
|_|
|_||_|Sr	)r�
txt_recordr�string_listr?�count�str�txt)r�records�	rdata_txt�s_listrrr�make_txt_recordfs






zDNSTest.make_txt_recordc

Cs|j�
���S)
zHelper to get dns domain)�creds�	get_realm�lowerr
rrr�get_dns_domainnszDNSTest.get_dns_domainFc	Cs�d
}|d
ur	|j}zMt
�|
�
}|rt|�|�
�

t�tjtjd�}|�|�

|�	|df�

|�
|d�
|�dd�}|rBt|�|�
�

t
�t
j|�}||fW|d
u
rV|��
SS|d
u
r`|��
ww)z#send a DNS query and read the replyNr
�5i)r�ndr�ndr_pack�print�hexdump�socket�AF_INET�
SOCK_DGRAM�
settimeout�connect�sendall�recv�
ndr_unpackrr6�close)	rr/�host�dumpr�
s�send_packet�recv_packet�responserrr�dns_transaction_udprs*



















�

�zDNSTest.dns_transaction_udpcCs
d
}|d
ur	|j}zXt
�|
�
}|rt|�|�
�

t�tjtjd�}|�|�

|�	|df�

t
�dt|�
�}||7}|�
|�

|�dd�}|rMt|�|�
�

t
�tj|dd
��}	W|d
u
ra|��
n
|d
u
rk|��
wwt
�|	�
}
|�|
|dd
��
|	|dd
�fS)z?send a DNS query and read the reply, also return the raw packetNr
rWz!Hi

�)rrXrYrZr[r\r]�SOCK_STREAMr_r`�struct�packr?rarbrcrr6rdr))rr/rerfrrgrh�
tcp_packetrirj�	my_packetrrr�dns_transaction_tcp�s4


















��

�


zDNSTest.dns_transaction_tcp�cCs�|�t
j�
}g}|p
|��}|�|t
jt
j�}|�|�

|�||�
g}t
�	�}	d
|
|f|	_
t
j|	_t
j|	_
||	_d|	_|�|�
}
|
|	_|�|	�

t|�
|_||_|S)N�%s.%s�)r>r�DNS_OPCODE_UPDATErVrI�
DNS_QTYPE_SOA�
DNS_QCLASS_IN�appendrA�res_recrC�
DNS_QTYPE_TXT�rr_type�rr_class�ttl�lengthrR�rdatar?�nscount�nsrecs)r�prefix�	txt_array�zoner~r=�updatesrC�
u�
rr�rrr�make_txt_update�s&



















zDNSTest.make_txt_updatec
Cs�d
|
|p|��f}|�
tj�
}g}|�|tjtj�}|�|�

|�||�
|j	||j
d�\}}	|�|tj�
|�
|jd�
|�
|jdjjj|�
dS)Nrt)
re�
r
)rVr>r�DNS_OPCODE_QUERYrIr{rxryrArk�	server_ipr1�DNS_RCODE_OKr)�ancount�answersr�rNrM)
rr�r�r�rCr=r:rHrj�response_packetrrr�check_query_txt�s




�

zDNSTest.check_query_txtr	)FN)Nrs)�__name__�
__module__�__qualname__rr'r,r1r5r>rArIrRrVrkrrr�r��
__classcell__rrrrrs"


�
�
rcsReZ
dZ�f
d
d�Zddd�
Zddd�
Zd	d
�Zdd�Zd
d�Zddd�
Z	�Z
S)�DNSTKeyTestc

s�tt
|���
i|_t��|jd
<|_|j|jd<t�	�|_
|j
�|j�

|j
�t�
d�
�

|j
�t�
d�
�

|j
�tj�

d|��|_dS)N�lp_ctx�target_hostname�USERNAME�PASSWORDztkeytsig.%s)r
r�r�settingsr�env_loadparmr��serverr�CredentialsrS�guess�set_username�env_get_var_value�set_password�set_kerberos_state�MUST_USE_KERBEROSrV�
newrecnamer
rrrr�s









zDNSTKeyTest.setUpNcCs�
|
d
ur|j}
dt
��|��f|_|�tj�
}|�|jtj	tj
�}g}|�|�

|�||�
t�
�}|j|_tj	|_tj
|_d|_d|_t��}d|_tt���
|_tt���
d|_tj|_d|_d|_tj�|j �
|_!|j!�"|
�

|j!�#d�

|j!�$|j%�

|j!�&tj'�

|j!�(d�

d	}d
}|j!�)|�
\}}	|�*|�

dd�t+|	�
D�
}
|
|_,t-|
�
|_.||_/|g
}d
|_0||_1|�2||j3�\}}
|�4|tj5�
|j6dj/}t7|j,�
}	|j!�)|	�
\}}|�8|�

|�9||
�
d
S)z4Do a TKEY transaction and establish a gensec contextNrtr
ru�gss-tsigir�spnegoF�c
S�"g|]
}
t|
t
�r|
nt|
�
�qSr��
isinstance�int�ord��.0�
xrrr�
<listcomp>	
�"z*DNSTKeyTest.tkey_trans.<locals>.<listcomp>r�):rS�uuid�uuid4rV�key_namer>rr�rI�DNS_QTYPE_TKEYrxryrArzrCr|r}r~r�tkey_record�	algorithmr��time�	inception�
expiration�DNS_TKEY_MODE_GSSAPI�mode�error�
other_sizer�Security�start_clientr��
g�set_credentials�set_target_service�set_target_hostnamer��want_feature�FEATURE_SIGN�start_mech_by_name�update�assertFalse�list�key_datar?�key_sizer��arcountr;rrr�r1r�r��bytes�
assertTrue�
verify_packet)rrSr=rHr:r�r��finished�client_to_server�server_to_client�datar;rjr�r�rrr�
tkey_trans�sb



�




























�




zDNSTKeyTest.tkey_transr�c
Cs�|�|
j
d
jtj�
|
j
d
j}t|j�
}t|j	�
d}tt
�|�
�
|d}dd�|D�
}||d�=d
|d<t|�
}	t��}
|j	|
_
tj|
_d
|
_|j|
_|j|
_|j|
_|j|
_d
|
_d
|
_t
�|
�
}||	|}|j�|||�
dS)Nr
rl�
c
Sr�rr�r�rrrr�*
r�z-DNSTKeyTest.verify_packet.<locals>.<listcomp>�)r)r;r|r�DNS_QTYPE_TSIGr�r��macr?r�rXrY�
fake_tsig_recrC�DNS_QCLASS_ANYr}r~�time_prefixr��algorithm_name�fudger�r�r��check_packet)
rrjr��request_mac�tsig_recordr��key_name_len�tsig_record_len�response_packet_list�response_packet_wo_tsig�	fake_tsig�fake_tsig_packetr�rrrr�
s,

















zDNSTKeyTest.verify_packetcCs
t�
|
�
}t��}||_tj|_d
|_d
|_t	t
�
��
|_
d|_d|_d
|_
d
|_t�
|�
}||}|j�||�}dd�t|�
D�
}t��}	d|	_d
|	_|j
|	_
d|	_|
j|	_d
|	_
d
|	_||	_t|�
|	_t��}
||
_tj|
_tj|
_d
|
_d|
_|	|
_|
g
}||
_d|
_|S)z2Sign a packet, calculate a MAC and add TSIG recordr
r��,
c
Sr�rr�r�rrrr�R
r�z+DNSTKeyTest.sign_packet.<locals>.<listcomp>rur�)rXrYrr�rCr�r}r~r�r�r�r�r�r�r�r��sign_packetr�r�r9�original_idr�r?�mac_sizerzr�r|rr�r;r�)rr/r��packet_datar�r�r�r��mac_listr�r�r;rrrr�@
sH































zDNSTKeyTest.sign_packetcCs�d
d�td�
D�
}t
��}d|_d|_tt���
|_d|_|
j|_	d|_
d|_||_t
|�
|_t
��}||_t
j|_t
j|_d|_d|_||_|g
}||
_d|
_d	S)
zOAdd bad signature for a packet by bitflipping
        the final byte in the MACc
Sr�rr�r�rrrr�q
r�z/DNSTKeyTest.bad_sign_packet.<locals>.<listcomp>�badmacr�r
r�rur�N)r�rr�r�r�r�r�r�r9r�r�r�r�r?r�rzrCr�r|r�r}r~rr�r;r�)rr/r�r�r�r�r;rrr�bad_sign_packetm
s*


















zDNSTKeyTest.bad_sign_packetcCsT|�t
j�
}g}|�|
t
jt
j�}|�|�

|�||�
|�||j	�\}}|j
d
@S)N�)r>rr�rIr{rxryrArkr�r-)rrCr=r:rHrjr�rrr�
search_record�
s



�
zDNSTKeyTest.search_recordFc
Cs�tj
}d
}|
rtj}d}|�tj�
}|�|��tjtj
�}g}|�|�

|�	||�
g}t�
�}|j|_tj
|_||_||_d|_|�dg
�
}	|	|_|�|�

t|�
|_||_|S)zCreate a DNS update requestrsr
ruz"This is a test")rrx�DNS_QCLASS_NONEr>rvrIrVrwryrArzr�rCr{r|r}r~rrRr�r?r�r�)
r�deleter}r~r=rHr:r�r�r�rrr�make_update_request�
s4






�















zDNSTKeyTest.make_update_requestr	)
r�)
F)r�r�r�rr�r�r�r�r�r�r�rrrrr��s


?#-r�)�samba.testsr�samba.dcerpcrr�sambarrrrn�	samba.ndrrXr7r\r�r�rr�rrrr�<module>
s








2