/* wrapper around smb_raw_tcon() */ NTSTATUS smbcli_tconX(struct smbcli_state *cli, const char *sharename, const char *devtype, const char *password) { union smb_tcon tcon; TALLOC_CTX *mem_ctx; NTSTATUS status; cli->tree = smbcli_tree_init(cli->session, cli, true); if (!cli->tree) return NT_STATUS_UNSUCCESSFUL; mem_ctx = talloc_init("tcon"); if (!mem_ctx) { return NT_STATUS_NO_MEMORY; } /* setup a tree connect */ tcon.generic.level = RAW_TCON_TCONX; tcon.tconx.in.flags = TCONX_FLAG_EXTENDED_RESPONSE; tcon.tconx.in.flags |= TCONX_FLAG_EXTENDED_SIGNATURES; if (cli->transport->negotiate.sec_mode & NEGOTIATE_SECURITY_USER_LEVEL) { tcon.tconx.in.password = data_blob(NULL, 0); } else if (cli->transport->negotiate.sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) { tcon.tconx.in.password = data_blob_talloc(mem_ctx, NULL, 24); if (cli->transport->negotiate.secblob.length < 8) { return NT_STATUS_INVALID_PARAMETER; } SMBencrypt(password, cli->transport->negotiate.secblob.data, tcon.tconx.in.password.data); } else { tcon.tconx.in.password = data_blob_talloc(mem_ctx, password, strlen(password)+1); } tcon.tconx.in.path = sharename; tcon.tconx.in.device = devtype; status = smb_raw_tcon(cli->tree, mem_ctx, &tcon); cli->tree->tid = tcon.tconx.out.tid; if (tcon.tconx.out.options & SMB_EXTENDED_SIGNATURES) { smb1cli_session_protect_session_key(cli->tree->session->smbXcli); } talloc_free(mem_ctx); return status; }
NTSTATUS torture_second_tcon(TALLOC_CTX *mem_ctx, struct smbcli_session *session, const char *sharename, struct smbcli_tree **res) { union smb_tcon tcon; struct smbcli_tree *result; TALLOC_CTX *tmp_ctx; NTSTATUS status; if ((tmp_ctx = talloc_new(mem_ctx)) == NULL) { return NT_STATUS_NO_MEMORY; } result = smbcli_tree_init(session, tmp_ctx, False); if (result == NULL) { talloc_free(tmp_ctx); return NT_STATUS_NO_MEMORY; } tcon.generic.level = RAW_TCON_TCONX; tcon.tconx.in.flags = 0; /* Ignore share mode security here */ tcon.tconx.in.password = data_blob(NULL, 0); tcon.tconx.in.path = sharename; tcon.tconx.in.device = "?????"; status = smb_raw_tcon(result, tmp_ctx, &tcon); if (!NT_STATUS_IS_OK(status)) { talloc_free(tmp_ctx); return status; } result->tid = tcon.tconx.out.tid; *res = talloc_steal(mem_ctx, result); talloc_free(tmp_ctx); return NT_STATUS_OK; }
/* test pid ops with 2 tcons */ static BOOL test_pid_2tcon(struct smbcli_state *cli, TALLOC_CTX *mem_ctx) { NTSTATUS status; BOOL ret = True; const char *share, *host; struct smbcli_tree *tree; union smb_tcon tcon; union smb_open io; union smb_write wr; union smb_close cl; int fnum1, fnum2; const char *fname1 = BASEDIR "\\test1.txt"; const char *fname2 = BASEDIR "\\test2.txt"; uint8_t c = 1; uint16_t tid1, tid2; printf("TESTING PID HANDLING WITH 2 TCONS\n"); if (!torture_setup_dir(cli, BASEDIR)) { return False; } share = lp_parm_string(-1, "torture", "share"); host = lp_parm_string(-1, "torture", "host"); printf("create a second tree context on the same session\n"); tree = smbcli_tree_init(cli->session, mem_ctx, False); tcon.generic.level = RAW_TCON_TCONX; tcon.tconx.in.flags = 0; tcon.tconx.in.password = data_blob(NULL, 0); tcon.tconx.in.path = talloc_asprintf(mem_ctx, "\\\\%s\\%s", host, share); tcon.tconx.in.device = "A:"; status = smb_raw_tcon(tree, mem_ctx, &tcon); CHECK_STATUS(status, NT_STATUS_OK); tree->tid = tcon.tconx.out.tid; tid1 = cli->tree->tid; tid2 = tree->tid; printf("tid1=%d tid2=%d\n", tid1, tid2); printf("create a file using the tid1\n"); cli->tree->tid = tid1; io.generic.level = RAW_OPEN_NTCREATEX; io.ntcreatex.in.root_fid = 0; io.ntcreatex.in.flags = 0; io.ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; io.ntcreatex.in.create_options = 0; io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL; io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE; io.ntcreatex.in.alloc_size = 0; io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE; io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS; io.ntcreatex.in.security_flags = 0; io.ntcreatex.in.fname = fname1; status = smb_raw_open(cli->tree, mem_ctx, &io); CHECK_STATUS(status, NT_STATUS_OK); fnum1 = io.ntcreatex.out.file.fnum; printf("write using the tid1\n"); wr.generic.level = RAW_WRITE_WRITEX; wr.writex.in.file.fnum = fnum1; wr.writex.in.offset = 0; wr.writex.in.wmode = 0; wr.writex.in.remaining = 0; wr.writex.in.count = 1; wr.writex.in.data = &c; status = smb_raw_write(cli->tree, &wr); CHECK_STATUS(status, NT_STATUS_OK); CHECK_VALUE(wr.writex.out.nwritten, 1); printf("create a file using the tid2\n"); cli->tree->tid = tid2; io.generic.level = RAW_OPEN_NTCREATEX; io.ntcreatex.in.root_fid = 0; io.ntcreatex.in.flags = 0; io.ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; io.ntcreatex.in.create_options = 0; io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL; io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE; io.ntcreatex.in.alloc_size = 0; io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE; io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS; io.ntcreatex.in.security_flags = 0; io.ntcreatex.in.fname = fname2; status = smb_raw_open(cli->tree, mem_ctx, &io); CHECK_STATUS(status, NT_STATUS_OK); fnum2 = io.ntcreatex.out.file.fnum; printf("write using the tid2\n"); wr.generic.level = RAW_WRITE_WRITEX; wr.writex.in.file.fnum = fnum2; wr.writex.in.offset = 0; wr.writex.in.wmode = 0; wr.writex.in.remaining = 0; wr.writex.in.count = 1; wr.writex.in.data = &c; status = smb_raw_write(cli->tree, &wr); CHECK_STATUS(status, NT_STATUS_OK); CHECK_VALUE(wr.writex.out.nwritten, 1); printf("exit the pid\n"); status = smb_raw_exit(cli->session); CHECK_STATUS(status, NT_STATUS_OK); printf("the fnum1 on tid1 should not be accessible\n"); cli->tree->tid = tid1; wr.writex.in.file.fnum = fnum1; status = smb_raw_write(cli->tree, &wr); CHECK_STATUS(status, NT_STATUS_INVALID_HANDLE); printf("the fnum1 on tid1 should have been auto-closed\n"); cl.close.level = RAW_CLOSE_CLOSE; cl.close.in.file.fnum = fnum1; cl.close.in.write_time = 0; status = smb_raw_close(cli->tree, &cl); CHECK_STATUS(status, NT_STATUS_INVALID_HANDLE); printf("the fnum2 on tid2 should not be accessible\n"); cli->tree->tid = tid2; wr.writex.in.file.fnum = fnum2; status = smb_raw_write(cli->tree, &wr); CHECK_STATUS(status, NT_STATUS_INVALID_HANDLE); printf("the fnum2 on tid2 should have been auto-closed\n"); cl.close.level = RAW_CLOSE_CLOSE; cl.close.in.file.fnum = fnum2; cl.close.in.write_time = 0; status = smb_raw_close(cli->tree, &cl); CHECK_STATUS(status, NT_STATUS_INVALID_HANDLE); done: return ret; }
/* test tree with ulogoff this demonstrates that a tcon isn't autoclosed by a ulogoff the tcon can be reused using any other valid session later */ static BOOL test_tree_ulogoff(struct smbcli_state *cli, TALLOC_CTX *mem_ctx) { NTSTATUS status; BOOL ret = True; const char *share, *host; struct smbcli_session *session1; struct smbcli_session *session2; struct smb_composite_sesssetup setup; struct smbcli_tree *tree; union smb_tcon tcon; union smb_open io; union smb_write wr; int fnum1, fnum2; const char *fname1 = BASEDIR "\\test1.txt"; const char *fname2 = BASEDIR "\\test2.txt"; uint8_t c = 1; printf("TESTING TREE with ulogoff\n"); if (!torture_setup_dir(cli, BASEDIR)) { return False; } share = lp_parm_string(-1, "torture", "share"); host = lp_parm_string(-1, "torture", "host"); printf("create the first new sessions\n"); session1 = smbcli_session_init(cli->transport, mem_ctx, False); setup.in.sesskey = cli->transport->negotiate.sesskey; setup.in.capabilities = cli->transport->negotiate.capabilities; setup.in.workgroup = lp_workgroup(); setup.in.credentials = cmdline_credentials; status = smb_composite_sesssetup(session1, &setup); CHECK_STATUS(status, NT_STATUS_OK); session1->vuid = setup.out.vuid; printf("vuid1=%d\n", session1->vuid); printf("create a tree context on the with vuid1\n"); tree = smbcli_tree_init(session1, mem_ctx, False); tcon.generic.level = RAW_TCON_TCONX; tcon.tconx.in.flags = 0; tcon.tconx.in.password = data_blob(NULL, 0); tcon.tconx.in.path = talloc_asprintf(mem_ctx, "\\\\%s\\%s", host, share); tcon.tconx.in.device = "A:"; status = smb_raw_tcon(tree, mem_ctx, &tcon); CHECK_STATUS(status, NT_STATUS_OK); tree->tid = tcon.tconx.out.tid; printf("tid=%d\n", tree->tid); printf("create a file using vuid1\n"); io.generic.level = RAW_OPEN_NTCREATEX; io.ntcreatex.in.root_fid = 0; io.ntcreatex.in.flags = 0; io.ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; io.ntcreatex.in.create_options = 0; io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL; io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE; io.ntcreatex.in.alloc_size = 0; io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE; io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS; io.ntcreatex.in.security_flags = 0; io.ntcreatex.in.fname = fname1; status = smb_raw_open(tree, mem_ctx, &io); CHECK_STATUS(status, NT_STATUS_OK); fnum1 = io.ntcreatex.out.file.fnum; printf("write using vuid1\n"); wr.generic.level = RAW_WRITE_WRITEX; wr.writex.in.file.fnum = fnum1; wr.writex.in.offset = 0; wr.writex.in.wmode = 0; wr.writex.in.remaining = 0; wr.writex.in.count = 1; wr.writex.in.data = &c; status = smb_raw_write(tree, &wr); CHECK_STATUS(status, NT_STATUS_OK); CHECK_VALUE(wr.writex.out.nwritten, 1); printf("ulogoff the vuid1\n"); status = smb_raw_ulogoff(session1); CHECK_STATUS(status, NT_STATUS_OK); printf("create the second new sessions\n"); session2 = smbcli_session_init(cli->transport, mem_ctx, False); setup.in.sesskey = cli->transport->negotiate.sesskey; setup.in.capabilities = cli->transport->negotiate.capabilities; setup.in.workgroup = lp_workgroup(); setup.in.credentials = cmdline_credentials; status = smb_composite_sesssetup(session2, &setup); CHECK_STATUS(status, NT_STATUS_OK); session2->vuid = setup.out.vuid; printf("vuid2=%d\n", session2->vuid); printf("use the existing tree with vuid2\n"); tree->session = session2; printf("create a file using vuid2\n"); io.generic.level = RAW_OPEN_NTCREATEX; io.ntcreatex.in.root_fid = 0; io.ntcreatex.in.flags = 0; io.ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; io.ntcreatex.in.create_options = 0; io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL; io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE; io.ntcreatex.in.alloc_size = 0; io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE; io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS; io.ntcreatex.in.security_flags = 0; io.ntcreatex.in.fname = fname2; status = smb_raw_open(tree, mem_ctx, &io); CHECK_STATUS(status, NT_STATUS_OK); fnum2 = io.ntcreatex.out.file.fnum; printf("write using vuid2\n"); wr.generic.level = RAW_WRITE_WRITEX; wr.writex.in.file.fnum = fnum2; wr.writex.in.offset = 0; wr.writex.in.wmode = 0; wr.writex.in.remaining = 0; wr.writex.in.count = 1; wr.writex.in.data = &c; status = smb_raw_write(tree, &wr); CHECK_STATUS(status, NT_STATUS_OK); CHECK_VALUE(wr.writex.out.nwritten, 1); printf("ulogoff the vuid2\n"); status = smb_raw_ulogoff(session2); CHECK_STATUS(status, NT_STATUS_OK); /* this also demonstrates that SMBtdis doesn't need a valid vuid */ printf("disconnect the existing tree connection\n"); status = smb_tree_disconnect(tree); CHECK_STATUS(status, NT_STATUS_OK); printf("disconnect the existing tree connection\n"); status = smb_tree_disconnect(tree); CHECK_STATUS(status, NT_STATUS_DOS(ERRSRV,ERRinvnid)); /* close down the new tree */ talloc_free(tree); done: return ret; }
/* test tree ops */ static bool test_tree(struct smbcli_state *cli, struct torture_context *tctx) { NTSTATUS status; bool ret = true; const char *share, *host; struct smbcli_tree *tree; union smb_tcon tcon; union smb_open io; union smb_write wr; union smb_close cl; int fnum; const char *fname = BASEDIR "\\test.txt"; uint8_t c = 1; printf("TESTING TREE HANDLING\n"); if (!torture_setup_dir(cli, BASEDIR)) { return false; } share = torture_setting_string(tctx, "share", NULL); host = torture_setting_string(tctx, "host", NULL); printf("create a second tree context on the same session\n"); tree = smbcli_tree_init(cli->session, tctx, false); tcon.generic.level = RAW_TCON_TCONX; tcon.tconx.in.flags = 0; tcon.tconx.in.password = data_blob(NULL, 0); tcon.tconx.in.path = talloc_asprintf(tctx, "\\\\%s\\%s", host, share); tcon.tconx.in.device = "A:"; status = smb_raw_tcon(tree, tctx, &tcon); CHECK_STATUS(status, NT_STATUS_OK); tree->tid = tcon.tconx.out.tid; printf("tid1=%d tid2=%d\n", cli->tree->tid, tree->tid); printf("try a tconx with a bad device type\n"); tcon.tconx.in.device = "FOO"; status = smb_raw_tcon(tree, tctx, &tcon); CHECK_STATUS(status, NT_STATUS_BAD_DEVICE_TYPE); printf("create a file using the new tid\n"); io.generic.level = RAW_OPEN_NTCREATEX; io.ntcreatex.in.root_fid.fnum = 0; io.ntcreatex.in.flags = 0; io.ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; io.ntcreatex.in.create_options = 0; io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL; io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE; io.ntcreatex.in.alloc_size = 0; io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE; io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS; io.ntcreatex.in.security_flags = 0; io.ntcreatex.in.fname = fname; status = smb_raw_open(tree, tctx, &io); CHECK_STATUS(status, NT_STATUS_OK); fnum = io.ntcreatex.out.file.fnum; printf("write using the old tid\n"); wr.generic.level = RAW_WRITE_WRITEX; wr.writex.in.file.fnum = fnum; wr.writex.in.offset = 0; wr.writex.in.wmode = 0; wr.writex.in.remaining = 0; wr.writex.in.count = 1; wr.writex.in.data = &c; status = smb_raw_write(cli->tree, &wr); CHECK_STATUS(status, NT_STATUS_INVALID_HANDLE); printf("write with the new tid\n"); status = smb_raw_write(tree, &wr); CHECK_STATUS(status, NT_STATUS_OK); CHECK_VALUE(wr.writex.out.nwritten, 1); printf("disconnect the new tid\n"); status = smb_tree_disconnect(tree); CHECK_STATUS(status, NT_STATUS_OK); printf("the new tid should not now be accessible\n"); status = smb_raw_write(tree, &wr); CHECK_STATUS(status, NT_STATUS_INVALID_HANDLE); printf("the fnum should have been auto-closed\n"); cl.close.level = RAW_CLOSE_CLOSE; cl.close.in.file.fnum = fnum; cl.close.in.write_time = 0; status = smb_raw_close(cli->tree, &cl); CHECK_STATUS(status, NT_STATUS_INVALID_HANDLE); /* close down the new tree */ talloc_free(tree); done: return ret; }