bool torture_sec_leak(struct torture_context *tctx, struct smbcli_state *cli) { time_t t1 = time_mono(NULL); int timelimit = torture_setting_int(tctx, "timelimit", 20); while (time_mono(NULL) < t1+timelimit) { if (!try_failed_login(tctx, cli)) { return false; } talloc_report(NULL, stdout); } return true; }
/* * Check a server for being alive and well. * returns 0 if the server is in shape. Returns 1 on error * * Also useable outside libsmbclient to enable external cache * to do some checks too. */ int SMBC_check_server(SMBCCTX * context, SMBCSRV * server) { time_t now; if (!cli_state_is_connected(server->cli)) { return 1; } now = time_mono(NULL); if (server->last_echo_time == (time_t)0 || now > server->last_echo_time + (server->cli->timeout/1000)) { unsigned char data[16] = {0}; NTSTATUS status = cli_echo(server->cli, 1, data_blob_const(data, sizeof(data))); if (!NT_STATUS_IS_OK(status)) { return 1; } server->last_echo_time = now; } return 0; }
/* continue a old style search */ static NTSTATUS pvfs_search_next_old(struct ntvfs_module_context *ntvfs, struct ntvfs_request *req, union smb_search_next *io, void *search_private, bool (*callback)(void *, const union smb_search_data *)) { struct pvfs_state *pvfs = talloc_get_type(ntvfs->private_data, struct pvfs_state); void *p; struct pvfs_search_state *search; struct pvfs_dir *dir; unsigned int reply_count, max_count; uint16_t handle; NTSTATUS status; handle = io->search_next.in.id.handle | (io->search_next.in.id.reserved<<8); max_count = io->search_next.in.max_count; p = idr_find(pvfs->search.idtree, handle); if (p == NULL) { /* we didn't find the search handle */ return NT_STATUS_INVALID_HANDLE; } search = talloc_get_type(p, struct pvfs_search_state); dir = search->dir; status = pvfs_list_seek_ofs(dir, io->search_next.in.id.server_cookie, &search->current_index); if (!NT_STATUS_IS_OK(status)) { return status; } search->last_used = time_mono(NULL); status = pvfs_search_fill(pvfs, req, max_count, search, io->generic.data_level, &reply_count, search_private, callback); if (!NT_STATUS_IS_OK(status)) { return status; } io->search_next.out.count = reply_count; /* not matching any entries means end of search */ if (reply_count == 0) { talloc_free(search); } return NT_STATUS_OK; }
/* we've run out of search handles - cleanup those that the client forgot to close */ static void pvfs_search_cleanup(struct pvfs_state *pvfs) { int i; time_t t = time_mono(NULL); for (i=0;i<MAX_OLD_SEARCHES;i++) { struct pvfs_search_state *search; void *p = idr_find(pvfs->search.idtree, i); if (p == NULL) return; search = talloc_get_type(p, struct pvfs_search_state); if (pvfs_list_eos(search->dir, search->current_index) && search->last_used != 0 && t > search->last_used + 30) { /* its almost certainly been forgotten about */ talloc_free(search); } } }
static bool print_queue_housekeeping(const struct timeval *now, void *pvt) { struct messaging_context *msg_ctx = talloc_get_type_abort(pvt, struct messaging_context); time_t printcap_cache_time = (time_t)lp_printcap_cache_time(); time_t t = time_mono(NULL); DEBUG(5, ("print queue housekeeping\n")); /* if periodic printcap rescan is enabled, * see if it's time to reload */ if ((printcap_cache_time != 0) && (t >= (last_printer_reload_time + printcap_cache_time))) { DEBUG( 3,( "Printcap cache time expired.\n")); pcap_cache_reload(messaging_event_context(msg_ctx), msg_ctx, &reload_pcap_change_notify); last_printer_reload_time = t; } return true; }
NTSTATUS printer_list_mark_reload(void) { struct db_context *db; TDB_DATA data; uint32_t time_h, time_l; time_t now = time_mono(NULL); NTSTATUS status; int len; db = get_printer_list_db(); if (db == NULL) { return NT_STATUS_INTERNAL_DB_CORRUPTION; } time_l = ((uint64_t)now) & 0xFFFFFFFFL; time_h = ((uint64_t)now) >> 32; len = tdb_pack(NULL, 0, PL_TSTAMP_FORMAT, time_h, time_l); data.dptr = talloc_array(talloc_tos(), uint8_t, len); if (!data.dptr) { DEBUG(0, ("Failed to allocate tdb data buffer!\n")); status = NT_STATUS_NO_MEMORY; goto done; } data.dsize = len; len = tdb_pack(data.dptr, data.dsize, PL_TSTAMP_FORMAT, time_h, time_l); status = dbwrap_store_bystring(db, PL_TIMESTAMP_KEY, data, TDB_REPLACE); done: TALLOC_FREE(data.dptr); return status; }
/* list files in a directory matching a wildcard pattern - old SMBsearch interface */ static NTSTATUS pvfs_search_first_old(struct ntvfs_module_context *ntvfs, struct ntvfs_request *req, union smb_search_first *io, void *search_private, bool (*callback)(void *, const union smb_search_data *)) { struct pvfs_dir *dir; struct pvfs_state *pvfs = talloc_get_type(ntvfs->private_data, struct pvfs_state); struct pvfs_search_state *search; unsigned int reply_count; uint16_t search_attrib; const char *pattern; NTSTATUS status; struct pvfs_filename *name; int id; search_attrib = io->search_first.in.search_attrib; pattern = io->search_first.in.pattern; /* resolve the cifs name to a posix name */ status = pvfs_resolve_name(pvfs, req, pattern, PVFS_RESOLVE_WILDCARD, &name); if (!NT_STATUS_IS_OK(status)) { return status; } if (!name->has_wildcard && !name->exists) { return STATUS_NO_MORE_FILES; } status = pvfs_access_check_parent(pvfs, req, name, SEC_DIR_TRAVERSE | SEC_DIR_LIST); if (!NT_STATUS_IS_OK(status)) { return status; } /* we initially make search a child of the request, then if we need to keep it long term we steal it for the private structure */ search = talloc(req, struct pvfs_search_state); if (!search) { return NT_STATUS_NO_MEMORY; } /* do the actual directory listing */ status = pvfs_list_start(pvfs, name, search, &dir); if (!NT_STATUS_IS_OK(status)) { return status; } /* we need to give a handle back to the client so it can continue a search */ id = idr_get_new(pvfs->search.idtree, search, MAX_OLD_SEARCHES); if (id == -1) { pvfs_search_cleanup(pvfs); id = idr_get_new(pvfs->search.idtree, search, MAX_OLD_SEARCHES); } if (id == -1) { return NT_STATUS_INSUFFICIENT_RESOURCES; } search->pvfs = pvfs; search->handle = id; search->dir = dir; search->current_index = 0; search->search_attrib = search_attrib & 0xFF; search->must_attrib = (search_attrib>>8) & 0xFF; search->last_used = time_mono(NULL); search->te = NULL; DLIST_ADD(pvfs->search.list, search); talloc_set_destructor(search, pvfs_search_destructor); status = pvfs_search_fill(pvfs, req, io->search_first.in.max_count, search, io->generic.data_level, &reply_count, search_private, callback); if (!NT_STATUS_IS_OK(status)) { return status; } io->search_first.out.count = reply_count; /* not matching any entries is an error */ if (reply_count == 0) { return STATUS_NO_MORE_FILES; } talloc_steal(pvfs, search); return NT_STATUS_OK; }
/* a wrapper around ldap_search_s that retries depending on the error code this is supposed to catch dropped connections and auto-reconnect */ static ADS_STATUS ads_do_search_retry_internal(ADS_STRUCT *ads, const char *bind_path, int scope, const char *expr, const char **attrs, void *args, LDAPMessage **res) { ADS_STATUS status = ADS_SUCCESS; int count = 3; char *bp; *res = NULL; if (!ads->ldap.ld && time_mono(NULL) - ads->ldap.last_attempt < ADS_RECONNECT_TIME) { return ADS_ERROR(LDAP_SERVER_DOWN); } bp = SMB_STRDUP(bind_path); if (!bp) { return ADS_ERROR(LDAP_NO_MEMORY); } *res = NULL; /* when binding anonymously, we cannot use the paged search LDAP * control - Guenther */ if (ads->auth.flags & ADS_AUTH_ANON_BIND) { status = ads_do_search(ads, bp, scope, expr, attrs, res); } else { status = ads_do_search_all_args(ads, bp, scope, expr, attrs, args, res); } if (ADS_ERR_OK(status)) { DEBUG(5,("Search for %s in <%s> gave %d replies\n", expr, bp, ads_count_replies(ads, *res))); SAFE_FREE(bp); return status; } while (--count) { if (NT_STATUS_EQUAL(ads_ntstatus(status), NT_STATUS_IO_TIMEOUT) && ads->config.ldap_page_size >= 250) { int new_page_size = (ads->config.ldap_page_size / 2); DEBUG(1, ("Reducing LDAP page size from %d to %d due to IO_TIMEOUT\n", ads->config.ldap_page_size, new_page_size)); ads->config.ldap_page_size = new_page_size; } if (*res) ads_msgfree(ads, *res); *res = NULL; DEBUG(3,("Reopening ads connection to realm '%s' after error %s\n", ads->config.realm, ads_errstr(status))); ads_disconnect(ads); status = ads_connect(ads); if (!ADS_ERR_OK(status)) { DEBUG(1,("ads_search_retry: failed to reconnect (%s)\n", ads_errstr(status))); ads_destroy(&ads); SAFE_FREE(bp); return status; } *res = NULL; /* when binding anonymously, we cannot use the paged search LDAP * control - Guenther */ if (ads->auth.flags & ADS_AUTH_ANON_BIND) { status = ads_do_search(ads, bp, scope, expr, attrs, res); } else { status = ads_do_search_all_args(ads, bp, scope, expr, attrs, args, res); } if (ADS_ERR_OK(status)) { DEBUG(5,("Search for filter: %s, base: %s gave %d replies\n", expr, bp, ads_count_replies(ads, *res))); SAFE_FREE(bp); return status; } } SAFE_FREE(bp); if (!ADS_ERR_OK(status)) { DEBUG(1,("ads reopen failed after error %s\n", ads_errstr(status))); } return status; }
static bool test_fsrvp_sc_create(struct torture_context *tctx, struct dcerpc_pipe *p, const char *share, enum test_fsrvp_inject inject, struct fssagent_share_mapping_1 **sc_map) { struct fss_IsPathSupported r_pathsupport_get; struct fss_GetSupportedVersion r_version_get; struct fss_SetContext r_context_set; struct fss_StartShadowCopySet r_scset_start; struct fss_AddToShadowCopySet r_scset_add1; struct fss_AddToShadowCopySet r_scset_add2; struct fss_PrepareShadowCopySet r_scset_prep; struct fss_CommitShadowCopySet r_scset_commit; struct fss_ExposeShadowCopySet r_scset_expose; struct fss_GetShareMapping r_sharemap_get; struct dcerpc_binding_handle *b = p->binding_handle; NTSTATUS status; time_t start_time; TALLOC_CTX *tmp_ctx = talloc_new(tctx); struct fssagent_share_mapping_1 *map = NULL; int sleep_time; /* * PrepareShadowCopySet & CommitShadowCopySet often exceed the default * 60 second dcerpc request timeout against Windows Server "8" Beta. */ dcerpc_binding_handle_set_timeout(b, 240); ZERO_STRUCT(r_pathsupport_get); r_pathsupport_get.in.ShareName = share; status = dcerpc_fss_IsPathSupported_r(b, tmp_ctx, &r_pathsupport_get); torture_assert_ntstatus_ok(tctx, status, "IsPathSupported failed"); torture_assert_int_equal(tctx, r_pathsupport_get.out.result, 0, "failed IsPathSupported response"); torture_assert(tctx, r_pathsupport_get.out.SupportedByThisProvider, "path not supported"); ZERO_STRUCT(r_version_get); status = dcerpc_fss_GetSupportedVersion_r(b, tmp_ctx, &r_version_get); torture_assert_ntstatus_ok(tctx, status, "GetSupportedVersion failed"); torture_assert_int_equal(tctx, r_version_get.out.result, 0, "failed GetSupportedVersion response"); ZERO_STRUCT(r_context_set); r_context_set.in.Context = FSRVP_CTX_BACKUP; status = dcerpc_fss_SetContext_r(b, tmp_ctx, &r_context_set); torture_assert_ntstatus_ok(tctx, status, "SetContext failed"); torture_assert_int_equal(tctx, r_context_set.out.result, 0, "failed SetContext response"); if (inject == TEST_FSRVP_TOUT_SET_CTX) { sleep_time = lpcfg_parm_int(tctx->lp_ctx, NULL, "fss", "sequence timeout", 180); torture_comment(tctx, "sleeping for %d\n", sleep_time); smb_msleep((sleep_time * 1000) + 500); } ZERO_STRUCT(r_scset_start); r_scset_start.in.ClientShadowCopySetId = GUID_random(); status = dcerpc_fss_StartShadowCopySet_r(b, tmp_ctx, &r_scset_start); torture_assert_ntstatus_ok(tctx, status, "StartShadowCopySet failed"); if (inject == TEST_FSRVP_TOUT_SET_CTX) { /* expect error due to message sequence timeout after set_ctx */ torture_assert_int_equal(tctx, r_scset_start.out.result, FSRVP_E_BAD_STATE, "StartShadowCopySet timeout response"); goto done; } torture_assert_int_equal(tctx, r_scset_start.out.result, 0, "failed StartShadowCopySet response"); torture_comment(tctx, "%s: shadow-copy set created\n", GUID_string(tmp_ctx, r_scset_start.out.pShadowCopySetId)); if (inject == TEST_FSRVP_TOUT_START_SET) { sleep_time = lpcfg_parm_int(tctx->lp_ctx, NULL, "fss", "sequence timeout", 180); torture_comment(tctx, "sleeping for %d\n", sleep_time); smb_msleep((sleep_time * 1000) + 500); } ZERO_STRUCT(r_scset_add1); r_scset_add1.in.ClientShadowCopyId = GUID_random(); r_scset_add1.in.ShadowCopySetId = *r_scset_start.out.pShadowCopySetId; r_scset_add1.in.ShareName = share; status = dcerpc_fss_AddToShadowCopySet_r(b, tmp_ctx, &r_scset_add1); torture_assert_ntstatus_ok(tctx, status, "AddToShadowCopySet failed"); if (inject == TEST_FSRVP_TOUT_START_SET) { torture_assert_int_equal(tctx, r_scset_add1.out.result, HRES_ERROR_V(HRES_E_INVALIDARG), "AddToShadowCopySet timeout response"); goto done; } torture_assert_int_equal(tctx, r_scset_add1.out.result, 0, "failed AddToShadowCopySet response"); torture_comment(tctx, "%s(%s): %s added to shadow-copy set\n", GUID_string(tmp_ctx, r_scset_start.out.pShadowCopySetId), GUID_string(tmp_ctx, r_scset_add1.out.pShadowCopyId), r_scset_add1.in.ShareName); /* attempts to add the same share twice should fail */ ZERO_STRUCT(r_scset_add2); r_scset_add2.in.ClientShadowCopyId = GUID_random(); r_scset_add2.in.ShadowCopySetId = *r_scset_start.out.pShadowCopySetId; r_scset_add2.in.ShareName = share; status = dcerpc_fss_AddToShadowCopySet_r(b, tmp_ctx, &r_scset_add2); torture_assert_ntstatus_ok(tctx, status, "AddToShadowCopySet failed"); torture_assert_int_equal(tctx, r_scset_add2.out.result, FSRVP_E_OBJECT_ALREADY_EXISTS, "failed AddToShadowCopySet response"); if (inject == TEST_FSRVP_TOUT_ADD_TO_SET) { sleep_time = lpcfg_parm_int(tctx->lp_ctx, NULL, "fss", "sequence timeout", 1800); torture_comment(tctx, "sleeping for %d\n", sleep_time); smb_msleep((sleep_time * 1000) + 500); } start_time = time_mono(NULL); ZERO_STRUCT(r_scset_prep); r_scset_prep.in.ShadowCopySetId = *r_scset_start.out.pShadowCopySetId; // r_scset_prep.in.TimeOutInMilliseconds = (1800 * 1000); /* win8 */ r_scset_prep.in.TimeOutInMilliseconds = (240 * 1000); status = dcerpc_fss_PrepareShadowCopySet_r(b, tmp_ctx, &r_scset_prep); torture_assert_ntstatus_ok(tctx, status, "PrepareShadowCopySet failed"); if (inject == TEST_FSRVP_TOUT_ADD_TO_SET) { torture_assert_int_equal(tctx, r_scset_prep.out.result, HRES_ERROR_V(HRES_E_INVALIDARG), "PrepareShadowCopySet tout response"); goto done; } torture_assert_int_equal(tctx, r_scset_prep.out.result, 0, "failed PrepareShadowCopySet response"); torture_comment(tctx, "%s: prepare completed in %llu secs\n", GUID_string(tmp_ctx, r_scset_start.out.pShadowCopySetId), (unsigned long long)(time_mono(NULL) - start_time)); if (inject == TEST_FSRVP_TOUT_PREPARE) { sleep_time = lpcfg_parm_int(tctx->lp_ctx, NULL, "fss", "sequence timeout", 1800); torture_comment(tctx, "sleeping for %d\n", sleep_time); smb_msleep((sleep_time * 1000) + 500); } start_time = time_mono(NULL); ZERO_STRUCT(r_scset_commit); r_scset_commit.in.ShadowCopySetId = *r_scset_start.out.pShadowCopySetId; r_scset_commit.in.TimeOutInMilliseconds = (180 * 1000); /* win8 */ status = dcerpc_fss_CommitShadowCopySet_r(b, tmp_ctx, &r_scset_commit); torture_assert_ntstatus_ok(tctx, status, "CommitShadowCopySet failed"); if (inject == TEST_FSRVP_TOUT_PREPARE) { torture_assert_int_equal(tctx, r_scset_commit.out.result, HRES_ERROR_V(HRES_E_INVALIDARG), "CommitShadowCopySet tout response"); goto done; } torture_assert_int_equal(tctx, r_scset_commit.out.result, 0, "failed CommitShadowCopySet response"); torture_comment(tctx, "%s: commit completed in %llu secs\n", GUID_string(tmp_ctx, r_scset_start.out.pShadowCopySetId), (unsigned long long)(time_mono(NULL) - start_time)); if (inject == TEST_FSRVP_TOUT_COMMIT) { sleep_time = lpcfg_parm_int(tctx->lp_ctx, NULL, "fss", "sequence timeout", 180); torture_comment(tctx, "sleeping for %d\n", sleep_time); smb_msleep((sleep_time * 1000) + 500); } else if (inject == TEST_FSRVP_STOP_B4_EXPOSE) { /* return partial snapshot information */ map = talloc_zero(tctx, struct fssagent_share_mapping_1); map->ShadowCopySetId = *r_scset_start.out.pShadowCopySetId; map->ShadowCopyId = *r_scset_add1.out.pShadowCopyId; goto done; }
(unsigned long long)(time_mono(NULL) - start_time)); if (inject == TEST_FSRVP_TOUT_COMMIT) { sleep_time = lpcfg_parm_int(tctx->lp_ctx, NULL, "fss", "sequence timeout", 180); torture_comment(tctx, "sleeping for %d\n", sleep_time); smb_msleep((sleep_time * 1000) + 500); } else if (inject == TEST_FSRVP_STOP_B4_EXPOSE) { /* return partial snapshot information */ map = talloc_zero(tctx, struct fssagent_share_mapping_1); map->ShadowCopySetId = *r_scset_start.out.pShadowCopySetId; map->ShadowCopyId = *r_scset_add1.out.pShadowCopyId; goto done; } start_time = time_mono(NULL); ZERO_STRUCT(r_scset_expose); r_scset_expose.in.ShadowCopySetId = *r_scset_start.out.pShadowCopySetId; r_scset_expose.in.TimeOutInMilliseconds = (120 * 1000); /* win8 */ status = dcerpc_fss_ExposeShadowCopySet_r(b, tmp_ctx, &r_scset_expose); torture_assert_ntstatus_ok(tctx, status, "ExposeShadowCopySet failed"); if (inject == TEST_FSRVP_TOUT_COMMIT) { torture_assert_int_equal(tctx, r_scset_expose.out.result, HRES_ERROR_V(HRES_E_INVALIDARG), "ExposeShadowCopySet tout response"); goto done; } torture_assert_int_equal(tctx, r_scset_expose.out.result, 0, "failed ExposeShadowCopySet response"); torture_comment(tctx, "%s: expose completed in %llu secs\n",