static bool test_server_role_dc_domain_logons_and_not_master(struct torture_context *tctx)
{
struct loadparm_context *lp_ctx = loadparm_init(tctx);
torture_assert(tctx, lpcfg_set_option(lp_ctx, "domain logons=true"), "lpcfg_set_option failed");
torture_assert(tctx, lpcfg_set_option(lp_ctx, "domain master=false"), "lpcfg_set_option failed");
torture_assert_int_equal(tctx, lpcfg_server_role(lp_ctx), ROLE_DOMAIN_BDC, "ROLE should be BDC");
torture_assert_int_equal(tctx, lpcfg_security(lp_ctx), SEC_USER, "security should be user");
return true;
}
static bool test_server_role_member_specified3(struct torture_context *tctx)
{
struct loadparm_context *lp_ctx = loadparm_init(tctx);
torture_assert(tctx, lpcfg_set_option(lp_ctx, "server role=member"), "lpcfg_set_option failed");
torture_assert(tctx, lpcfg_set_option(lp_ctx, "security=ads"), "lpcfg_set_option failed");
torture_assert_int_equal(tctx, lpcfg_server_role(lp_ctx), ROLE_DOMAIN_MEMBER, "ROLE should be member");
torture_assert_int_equal(tctx, lpcfg_security(lp_ctx), SEC_ADS, "security should be ads");
return true;
}
static bool test_set_option(struct torture_context *tctx)
{
struct loadparm_context *lp_ctx = loadparm_init(tctx);
torture_assert(tctx, lpcfg_set_option(lp_ctx, "workgroup=werkgroep"), "lpcfg_set_option failed");
torture_assert_str_equal(tctx, "WERKGROEP", lpcfg_workgroup(lp_ctx), "workgroup");
return true;
}
static bool test_set_option_parametric(struct torture_context *tctx)
{
struct loadparm_context *lp_ctx = loadparm_init(tctx);
torture_assert(tctx, lpcfg_set_option(lp_ctx, "some:thing=blaat"), "lpcfg_set_option failed");
torture_assert_str_equal(tctx, lpcfg_parm_string(lp_ctx, NULL, "some", "thing"), "blaat",
"invalid parametric option");
return true;
}
static bool test_server_role_security_server(struct torture_context *tctx)
{
struct loadparm_context *lp_ctx = loadparm_init(tctx);
torture_assert(tctx, lpcfg_set_option(lp_ctx, "security=server"), "lpcfg_set_option failed");
torture_assert_int_equal(tctx, lpcfg_server_role(lp_ctx), ROLE_STANDALONE, "ROLE should be STANDALONE");
torture_assert_int_equal(tctx, lpcfg_security(lp_ctx), SEC_SERVER, "security should be server");
return true;
}
static bool test_server_role_security_domain(struct torture_context *tctx)
{
struct loadparm_context *lp_ctx = loadparm_init(tctx);
torture_assert(tctx, lpcfg_set_option(lp_ctx, "security=domain"), "lpcfg_set_option failed");
torture_assert_int_equal(tctx, lpcfg_server_role(lp_ctx), ROLE_DOMAIN_MEMBER, "ROLE should be MEMBER");
torture_assert_int_equal(tctx, lpcfg_security(lp_ctx), SEC_DOMAIN, "security should be domain");
return true;
}
static bool test_server_role_standalone_specified(struct torture_context *tctx)
{
struct loadparm_context *lp_ctx = loadparm_init(tctx);
torture_assert(tctx, lpcfg_set_option(lp_ctx, "server role=standalone"), "lpcfg_set_option failed");
torture_assert_int_equal(tctx, lpcfg_server_role(lp_ctx), ROLE_STANDALONE, "ROLE should be standalone");
torture_assert_int_equal(tctx, lpcfg_security(lp_ctx), SEC_USER, "security should be USER");
return true;
}
static bool test_server_role_dc_specified(struct torture_context *tctx)
{
struct loadparm_context *lp_ctx = loadparm_init(tctx);
torture_assert(tctx, lpcfg_set_option(lp_ctx, "server role=domain controller"), "lpcfg_set_option failed");
torture_assert_int_equal(tctx, lpcfg_server_role(lp_ctx), ROLE_DOMAIN_CONTROLLER, "ROLE should be DC");
torture_assert_int_equal(tctx, lpcfg_security(lp_ctx), SEC_USER, "security should be USER");
return true;
}
static bool test_lp_parm_bool(struct torture_context *tctx)
{
struct loadparm_context *lp_ctx = loadparm_init(tctx);
torture_assert(tctx, lpcfg_set_option(lp_ctx, "some:thing=true"), "lpcfg_set_option failed");
torture_assert(tctx, lpcfg_parm_bool(lp_ctx, NULL, "some", "thing", false) == true,
"invalid parametric option");
torture_assert(tctx, lpcfg_parm_bool(lp_ctx, NULL, "some", "bla", true) == true,
"invalid parametric option");
return true;
}
static bool test_lp_parm_double(struct torture_context *tctx)
{
struct loadparm_context *lp_ctx = loadparm_init(tctx);
torture_assert(tctx, lpcfg_set_option(lp_ctx, "some:thing=3.4"), "lpcfg_set_option failed");
torture_assert(tctx, lpcfg_parm_double(lp_ctx, NULL, "some", "thing", 2.0) == 3.4,
"invalid parametric option");
torture_assert(tctx, lpcfg_parm_double(lp_ctx, NULL, "some", "bla", 2.0) == 2.0,
"invalid parametric option");
return true;
}
static bool test_lp_parm_bytes(struct torture_context *tctx)
{
struct loadparm_context *lp_ctx = loadparm_init(tctx);
torture_assert(tctx, lpcfg_set_option(lp_ctx, "some:thing=16K"), "lpcfg_set_option failed");
torture_assert_int_equal(tctx, lpcfg_parm_bytes(lp_ctx, NULL, "some", "thing", 20), 16 * 1024,
"invalid parametric option");
torture_assert_int_equal(tctx, lpcfg_parm_bytes(lp_ctx, NULL, "some", "bla", 42), 42,
"invalid parametric option");
return true;
}
static bool test_session_expire1(struct torture_context *tctx)
{
NTSTATUS status;
bool ret = false;
struct smbcli_options options;
const char *host = torture_setting_string(tctx, "host", NULL);
const char *share = torture_setting_string(tctx, "share", NULL);
struct cli_credentials *credentials = cmdline_credentials;
struct smb2_tree *tree = NULL;
enum credentials_use_kerberos use_kerberos;
char fname[256];
struct smb2_handle _h1;
struct smb2_handle *h1 = NULL;
struct smb2_create io1;
union smb_fileinfo qfinfo;
size_t i;
use_kerberos = cli_credentials_get_kerberos_state(credentials);
if (use_kerberos != CRED_MUST_USE_KERBEROS) {
torture_warning(tctx, "smb2.session.expire1 requires -k yes!");
torture_skip(tctx, "smb2.session.expire1 requires -k yes!");
}
torture_assert_int_equal(tctx, use_kerberos, CRED_MUST_USE_KERBEROS,
"please use -k yes");
lpcfg_set_option(tctx->lp_ctx, "gensec_gssapi:requested_life_time=4");
lpcfg_smbcli_options(tctx->lp_ctx, &options);
status = smb2_connect(tctx,
host,
lpcfg_smb_ports(tctx->lp_ctx),
share,
lpcfg_resolve_context(tctx->lp_ctx),
credentials,
&tree,
tctx->ev,
&options,
lpcfg_socket_options(tctx->lp_ctx),
lpcfg_gensec_settings(tctx, tctx->lp_ctx)
);
torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
"smb2_connect failed");
/* Add some random component to the file name. */
snprintf(fname, 256, "session_expire1_%s.dat",
generate_random_str(tctx, 8));
smb2_util_unlink(tree, fname);
smb2_oplock_create_share(&io1, fname,
smb2_util_share_access(""),
smb2_util_oplock_level("b"));
io1.in.create_options |= NTCREATEX_OPTIONS_DELETE_ON_CLOSE;
status = smb2_create(tree, tctx, &io1);
CHECK_STATUS(status, NT_STATUS_OK);
_h1 = io1.out.file.handle;
h1 = &_h1;
CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
CHECK_VAL(io1.out.oplock_level, smb2_util_oplock_level("b"));
/* get the security descriptor */
ZERO_STRUCT(qfinfo);
qfinfo.access_information.level = RAW_FILEINFO_ACCESS_INFORMATION;
qfinfo.access_information.in.file.handle = _h1;
for (i=0; i < 2; i++) {
torture_comment(tctx, "query info => OK\n");
ZERO_STRUCT(qfinfo.access_information.out);
status = smb2_getinfo_file(tree, tctx, &qfinfo);
CHECK_STATUS(status, NT_STATUS_OK);
torture_comment(tctx, "sleep 5 seconds\n");
smb_msleep(5*1000);
torture_comment(tctx, "query info => EXPIRED\n");
ZERO_STRUCT(qfinfo.access_information.out);
status = smb2_getinfo_file(tree, tctx, &qfinfo);
CHECK_STATUS(status, NT_STATUS_NETWORK_SESSION_EXPIRED);
/*
* the krb5 library may not handle expired creds
* well, lets start with an empty ccache.
*/
cli_credentials_invalidate_ccache(credentials, CRED_SPECIFIED);
torture_comment(tctx, "reauth => OK\n");
status = smb2_session_setup_spnego(tree->session,
credentials,
0 /* previous_session_id */);
CHECK_STATUS(status, NT_STATUS_OK);
}
ZERO_STRUCT(qfinfo.access_information.out);
status = smb2_getinfo_file(tree, tctx, &qfinfo);
CHECK_STATUS(status, NT_STATUS_OK);
ret = true;
done:
if (h1 != NULL) {
smb2_util_close(tree, *h1);
}
talloc_free(tree);
lpcfg_set_option(tctx->lp_ctx, "gensec_gssapi:requested_life_time=0");
return ret;
}
static void popt_samba_callback(poptContext con,
enum poptCallbackReason reason,
const struct poptOption *opt,
const char *arg, const void *data)
{
const char *pname;
if (reason == POPT_CALLBACK_REASON_POST) {
if (lpcfg_configfile(cmdline_lp_ctx) == NULL) {
lpcfg_load_default(cmdline_lp_ctx);
}
/* Hook any 'every Samba program must do this, after
* the smb.conf is setup' functions here */
return;
}
/* Find out basename of current program */
pname = strrchr_m(poptGetInvocationName(con),'/');
if (!pname)
pname = poptGetInvocationName(con);
else
pname++;
if (reason == POPT_CALLBACK_REASON_PRE) {
/* Hook for 'almost the first thing to do in a samba program' here */
/* setup for panics */
fault_setup();
/* and logging */
setup_logging(pname, DEBUG_DEFAULT_STDOUT);
talloc_set_log_fn(popt_s4_talloc_log_fn);
talloc_set_abort_fn(smb_panic);
cmdline_lp_ctx = loadparm_init_global(false);
return;
}
switch(opt->val) {
case OPT_LEAK_REPORT:
talloc_enable_leak_report();
break;
case OPT_LEAK_REPORT_FULL:
talloc_enable_leak_report_full();
break;
case OPT_OPTION:
if (!lpcfg_set_option(cmdline_lp_ctx, arg)) {
fprintf(stderr, "Error setting option '%s'\n", arg);
exit(1);
}
break;
case 'd':
lpcfg_set_cmdline(cmdline_lp_ctx, "log level", arg);
break;
case OPT_DEBUG_STDERR:
setup_logging(pname, DEBUG_STDERR);
break;
case 's':
if (arg) {
lpcfg_load(cmdline_lp_ctx, arg);
}
break;
case 'l':
if (arg) {
char *new_logfile = talloc_asprintf(NULL, "%s/log.%s", arg, pname);
lpcfg_set_cmdline(cmdline_lp_ctx, "log file", new_logfile);
talloc_free(new_logfile);
}
break;
}
}
static void popt_common_callback(poptContext con,
enum poptCallbackReason reason,
const struct poptOption *opt,
const char *arg, const void *data)
{
if (reason == POPT_CALLBACK_REASON_PRE) {
set_logfile(con, get_dyn_LOGFILEBASE());
talloc_set_log_fn(popt_s3_talloc_log_fn);
talloc_set_abort_fn(smb_panic);
return;
}
if (reason == POPT_CALLBACK_REASON_POST) {
if (PrintSambaVersionString) {
printf( "Version %s\n", samba_version_string());
exit(0);
}
if (is_default_dyn_CONFIGFILE()) {
if(getenv("SMB_CONF_PATH")) {
set_dyn_CONFIGFILE(getenv("SMB_CONF_PATH"));
}
}
/* Further 'every Samba program must do this' hooks here. */
return;
}
switch(opt->val) {
case OPT_OPTION:
{
struct loadparm_context *lp_ctx;
lp_ctx = loadparm_init_s3(talloc_tos(), loadparm_s3_helpers());
if (lp_ctx == NULL) {
fprintf(stderr, "loadparm_init_s3() failed!\n");
exit(1);
}
if (!lpcfg_set_option(lp_ctx, arg)) {
fprintf(stderr, "Error setting option '%s'\n", arg);
exit(1);
}
TALLOC_FREE(lp_ctx);
break;
}
case 'd':
if (arg) {
lp_set_cmdline("log level", arg);
}
break;
case 'V':
PrintSambaVersionString = True;
break;
case 'O':
if (arg) {
lp_set_cmdline("socket options", arg);
}
break;
case 's':
if (arg) {
set_dyn_CONFIGFILE(arg);
}
break;
case 'n':
if (arg) {
lp_set_cmdline("netbios name", arg);
}
break;
case 'l':
if (arg) {
set_logfile(con, arg);
override_logfile = True;
set_dyn_LOGFILEBASE(arg);
}
break;
case 'i':
if (arg) {
lp_set_cmdline("netbios scope", arg);
}
break;
case 'W':
if (arg) {
lp_set_cmdline("workgroup", arg);
}
break;
}
}
static bool test_session_expire1(struct torture_context *tctx)
{
NTSTATUS status;
bool ret = false;
struct smbcli_options options;
struct smbcli_session_options session_options;
const char *host = torture_setting_string(tctx, "host", NULL);
const char *share = torture_setting_string(tctx, "share", NULL);
struct cli_credentials *credentials = cmdline_credentials;
struct smbcli_state *cli = NULL;
enum credentials_use_kerberos use_kerberos;
char fname[256];
union smb_fileinfo qfinfo;
uint16_t vuid;
uint16_t fnum = 0;
struct smb_composite_sesssetup io_sesssetup;
size_t i;
use_kerberos = cli_credentials_get_kerberos_state(credentials);
if (use_kerberos != CRED_MUST_USE_KERBEROS) {
torture_warning(tctx, "smb2.session.expire1 requires -k yes!");
torture_skip(tctx, "smb2.session.expire1 requires -k yes!");
}
torture_assert_int_equal(tctx, use_kerberos, CRED_MUST_USE_KERBEROS,
"please use -k yes");
lpcfg_set_option(tctx->lp_ctx, "gensec_gssapi:requested_life_time=4");
lpcfg_smbcli_options(tctx->lp_ctx, &options);
lpcfg_smbcli_session_options(tctx->lp_ctx, &session_options);
status = smbcli_full_connection(tctx, &cli,
host,
lpcfg_smb_ports(tctx->lp_ctx),
share, NULL,
lpcfg_socket_options(tctx->lp_ctx),
credentials,
lpcfg_resolve_context(tctx->lp_ctx),
tctx->ev, &options, &session_options,
lpcfg_gensec_settings(tctx, tctx->lp_ctx));
torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
"smbcli_full_connection failed");
vuid = cli->session->vuid;
/* Add some random component to the file name. */
snprintf(fname, 256, "session_expire1_%s.dat",
generate_random_str(tctx, 8));
smbcli_unlink(cli->tree, fname);
fnum = smbcli_nt_create_full(cli->tree, fname, 0,
SEC_RIGHTS_FILE_ALL,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_NONE,
NTCREATEX_DISP_OPEN_IF,
NTCREATEX_OPTIONS_DELETE_ON_CLOSE,
0);
torture_assert_ntstatus_ok_goto(tctx, smbcli_nt_error(cli->tree), ret,
done, "create file");
torture_assert_goto(tctx, fnum > 0, ret, done, "create file");
/* get the access information */
ZERO_STRUCT(qfinfo);
qfinfo.access_information.level = RAW_FILEINFO_ACCESS_INFORMATION;
qfinfo.access_information.in.file.fnum = fnum;
for (i=0; i < 2; i++) {
torture_comment(tctx, "query info => OK\n");
ZERO_STRUCT(qfinfo.access_information.out);
status = smb_raw_fileinfo(cli->tree, tctx, &qfinfo);
torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
"raw_fileinfo failed");
torture_comment(tctx, "sleep 5 seconds\n");
smb_msleep(5*1000);
}
/*
* the krb5 library may not handle expired creds
* well, lets start with an empty ccache.
*/
cli_credentials_invalidate_ccache(credentials, CRED_SPECIFIED);
/*
* now with CAP_DYNAMIC_REAUTH
*
* This should trigger NT_STATUS_NETWORK_SESSION_EXPIRED
*/
ZERO_STRUCT(io_sesssetup);
io_sesssetup.in.sesskey = cli->transport->negotiate.sesskey;
io_sesssetup.in.capabilities = cli->transport->negotiate.capabilities;
io_sesssetup.in.capabilities |= CAP_DYNAMIC_REAUTH;
io_sesssetup.in.credentials = credentials;
io_sesssetup.in.workgroup = lpcfg_workgroup(tctx->lp_ctx);
io_sesssetup.in.gensec_settings = lpcfg_gensec_settings(tctx,
tctx->lp_ctx);
torture_comment(tctx, "reauth with CAP_DYNAMIC_REAUTH => OK\n");
ZERO_STRUCT(io_sesssetup.out);
status = smb_composite_sesssetup(cli->session, &io_sesssetup);
torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
"reauth failed");
torture_assert_int_equal_goto(tctx, io_sesssetup.out.vuid, vuid,
ret, done, "reauth");
for (i=0; i < 2; i++) {
torture_comment(tctx, "query info => OK\n");
ZERO_STRUCT(qfinfo.access_information.out);
status = smb_raw_fileinfo(cli->tree, tctx, &qfinfo);
torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
"raw_fileinfo failed");
torture_comment(tctx, "sleep 5 seconds\n");
smb_msleep(5*1000);
torture_comment(tctx, "query info => EXPIRED\n");
ZERO_STRUCT(qfinfo.access_information.out);
status = smb_raw_fileinfo(cli->tree, tctx, &qfinfo);
torture_assert_ntstatus_equal_goto(tctx, status,
NT_STATUS_NETWORK_SESSION_EXPIRED,
ret, done, "raw_fileinfo expired");
/*
* the krb5 library may not handle expired creds
* well, lets start with an empty ccache.
*/
cli_credentials_invalidate_ccache(credentials, CRED_SPECIFIED);
torture_comment(tctx, "reauth with CAP_DYNAMIC_REAUTH => OK\n");
ZERO_STRUCT(io_sesssetup.out);
status = smb_composite_sesssetup(cli->session, &io_sesssetup);
torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
"reauth failed");
torture_assert_int_equal_goto(tctx, io_sesssetup.out.vuid, vuid,
ret, done, "reauth");
}
torture_comment(tctx, "query info => OK\n");
ZERO_STRUCT(qfinfo.access_information.out);
status = smb_raw_fileinfo(cli->tree, tctx, &qfinfo);
torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
"raw_fileinfo failed");
/*
* the krb5 library may not handle expired creds
* well, lets start with an empty ccache.
*/
cli_credentials_invalidate_ccache(credentials, CRED_SPECIFIED);
/*
* now without CAP_DYNAMIC_REAUTH
*
* This should not trigger NT_STATUS_NETWORK_SESSION_EXPIRED
*/
torture_comment(tctx, "reauth without CAP_DYNAMIC_REAUTH => OK\n");
io_sesssetup.in.capabilities &= ~CAP_DYNAMIC_REAUTH;
ZERO_STRUCT(io_sesssetup.out);
status = smb_composite_sesssetup(cli->session, &io_sesssetup);
torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
"reauth failed");
torture_assert_int_equal_goto(tctx, io_sesssetup.out.vuid, vuid,
ret, done, "reauth");
for (i=0; i < 2; i++) {
torture_comment(tctx, "query info => OK\n");
ZERO_STRUCT(qfinfo.access_information.out);
status = smb_raw_fileinfo(cli->tree, tctx, &qfinfo);
torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
"raw_fileinfo failed");
torture_comment(tctx, "sleep 5 seconds\n");
smb_msleep(5*1000);
}
torture_comment(tctx, "query info => OK\n");
ZERO_STRUCT(qfinfo.access_information.out);
status = smb_raw_fileinfo(cli->tree, tctx, &qfinfo);
torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
"raw_fileinfo failed");
ret = true;
done:
if (fnum > 0) {
smbcli_close(cli->tree, fnum);
}
talloc_free(cli);
lpcfg_set_option(tctx->lp_ctx, "gensec_gssapi:requested_life_time=0");
return ret;
}
static bool test_set_option_invalid(struct torture_context *tctx)
{
struct loadparm_context *lp_ctx = loadparm_init(tctx);
torture_assert(tctx, !lpcfg_set_option(lp_ctx, "workgroup"), "lpcfg_set_option succeeded");
return true;
}
