bool torture_sec_leak(struct torture_context *tctx, struct smbcli_state *cli)
{
time_t t1 = time_mono(NULL);
int timelimit = torture_setting_int(tctx, "timelimit", 20);
while (time_mono(NULL) < t1+timelimit) {
if (!try_failed_login(tctx, cli)) {
return false;
}
talloc_report(NULL, stdout);
}
return true;
}
/*
* Check a server for being alive and well.
* returns 0 if the server is in shape. Returns 1 on error
*
* Also useable outside libsmbclient to enable external cache
* to do some checks too.
*/
int
SMBC_check_server(SMBCCTX * context,
SMBCSRV * server)
{
time_t now;
if (!cli_state_is_connected(server->cli)) {
return 1;
}
now = time_mono(NULL);
if (server->last_echo_time == (time_t)0 ||
now > server->last_echo_time +
(server->cli->timeout/1000)) {
unsigned char data[16] = {0};
NTSTATUS status = cli_echo(server->cli,
1,
data_blob_const(data, sizeof(data)));
if (!NT_STATUS_IS_OK(status)) {
return 1;
}
server->last_echo_time = now;
}
return 0;
}
/* continue a old style search */
static NTSTATUS pvfs_search_next_old(struct ntvfs_module_context *ntvfs,
struct ntvfs_request *req, union smb_search_next *io,
void *search_private,
bool (*callback)(void *, const union smb_search_data *))
{
struct pvfs_state *pvfs = talloc_get_type(ntvfs->private_data,
struct pvfs_state);
void *p;
struct pvfs_search_state *search;
struct pvfs_dir *dir;
unsigned int reply_count, max_count;
uint16_t handle;
NTSTATUS status;
handle = io->search_next.in.id.handle | (io->search_next.in.id.reserved<<8);
max_count = io->search_next.in.max_count;
p = idr_find(pvfs->search.idtree, handle);
if (p == NULL) {
/* we didn't find the search handle */
return NT_STATUS_INVALID_HANDLE;
}
search = talloc_get_type(p, struct pvfs_search_state);
dir = search->dir;
status = pvfs_list_seek_ofs(dir, io->search_next.in.id.server_cookie,
&search->current_index);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
search->last_used = time_mono(NULL);
status = pvfs_search_fill(pvfs, req, max_count, search, io->generic.data_level,
&reply_count, search_private, callback);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
io->search_next.out.count = reply_count;
/* not matching any entries means end of search */
if (reply_count == 0) {
talloc_free(search);
}
return NT_STATUS_OK;
}
/*
we've run out of search handles - cleanup those that the client forgot
to close
*/
static void pvfs_search_cleanup(struct pvfs_state *pvfs)
{
int i;
time_t t = time_mono(NULL);
for (i=0;i<MAX_OLD_SEARCHES;i++) {
struct pvfs_search_state *search;
void *p = idr_find(pvfs->search.idtree, i);
if (p == NULL) return;
search = talloc_get_type(p, struct pvfs_search_state);
if (pvfs_list_eos(search->dir, search->current_index) &&
search->last_used != 0 &&
t > search->last_used + 30) {
/* its almost certainly been forgotten
about */
talloc_free(search);
}
}
}
static bool print_queue_housekeeping(const struct timeval *now, void *pvt)
{
struct messaging_context *msg_ctx =
talloc_get_type_abort(pvt, struct messaging_context);
time_t printcap_cache_time = (time_t)lp_printcap_cache_time();
time_t t = time_mono(NULL);
DEBUG(5, ("print queue housekeeping\n"));
/* if periodic printcap rescan is enabled,
* see if it's time to reload */
if ((printcap_cache_time != 0) &&
(t >= (last_printer_reload_time + printcap_cache_time))) {
DEBUG( 3,( "Printcap cache time expired.\n"));
pcap_cache_reload(messaging_event_context(msg_ctx),
msg_ctx,
&reload_pcap_change_notify);
last_printer_reload_time = t;
}
return true;
}
NTSTATUS printer_list_mark_reload(void)
{
struct db_context *db;
TDB_DATA data;
uint32_t time_h, time_l;
time_t now = time_mono(NULL);
NTSTATUS status;
int len;
db = get_printer_list_db();
if (db == NULL) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
time_l = ((uint64_t)now) & 0xFFFFFFFFL;
time_h = ((uint64_t)now) >> 32;
len = tdb_pack(NULL, 0, PL_TSTAMP_FORMAT, time_h, time_l);
data.dptr = talloc_array(talloc_tos(), uint8_t, len);
if (!data.dptr) {
DEBUG(0, ("Failed to allocate tdb data buffer!\n"));
status = NT_STATUS_NO_MEMORY;
goto done;
}
data.dsize = len;
len = tdb_pack(data.dptr, data.dsize,
PL_TSTAMP_FORMAT, time_h, time_l);
status = dbwrap_store_bystring(db, PL_TIMESTAMP_KEY,
data, TDB_REPLACE);
done:
TALLOC_FREE(data.dptr);
return status;
}
/*
list files in a directory matching a wildcard pattern - old SMBsearch interface
*/
static NTSTATUS pvfs_search_first_old(struct ntvfs_module_context *ntvfs,
struct ntvfs_request *req, union smb_search_first *io,
void *search_private,
bool (*callback)(void *, const union smb_search_data *))
{
struct pvfs_dir *dir;
struct pvfs_state *pvfs = talloc_get_type(ntvfs->private_data,
struct pvfs_state);
struct pvfs_search_state *search;
unsigned int reply_count;
uint16_t search_attrib;
const char *pattern;
NTSTATUS status;
struct pvfs_filename *name;
int id;
search_attrib = io->search_first.in.search_attrib;
pattern = io->search_first.in.pattern;
/* resolve the cifs name to a posix name */
status = pvfs_resolve_name(pvfs, req, pattern, PVFS_RESOLVE_WILDCARD, &name);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
if (!name->has_wildcard && !name->exists) {
return STATUS_NO_MORE_FILES;
}
status = pvfs_access_check_parent(pvfs, req, name, SEC_DIR_TRAVERSE | SEC_DIR_LIST);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
/* we initially make search a child of the request, then if we
need to keep it long term we steal it for the private
structure */
search = talloc(req, struct pvfs_search_state);
if (!search) {
return NT_STATUS_NO_MEMORY;
}
/* do the actual directory listing */
status = pvfs_list_start(pvfs, name, search, &dir);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
/* we need to give a handle back to the client so it
can continue a search */
id = idr_get_new(pvfs->search.idtree, search, MAX_OLD_SEARCHES);
if (id == -1) {
pvfs_search_cleanup(pvfs);
id = idr_get_new(pvfs->search.idtree, search, MAX_OLD_SEARCHES);
}
if (id == -1) {
return NT_STATUS_INSUFFICIENT_RESOURCES;
}
search->pvfs = pvfs;
search->handle = id;
search->dir = dir;
search->current_index = 0;
search->search_attrib = search_attrib & 0xFF;
search->must_attrib = (search_attrib>>8) & 0xFF;
search->last_used = time_mono(NULL);
search->te = NULL;
DLIST_ADD(pvfs->search.list, search);
talloc_set_destructor(search, pvfs_search_destructor);
status = pvfs_search_fill(pvfs, req, io->search_first.in.max_count, search, io->generic.data_level,
&reply_count, search_private, callback);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
io->search_first.out.count = reply_count;
/* not matching any entries is an error */
if (reply_count == 0) {
return STATUS_NO_MORE_FILES;
}
talloc_steal(pvfs, search);
return NT_STATUS_OK;
}
/*
a wrapper around ldap_search_s that retries depending on the error code
this is supposed to catch dropped connections and auto-reconnect
*/
static ADS_STATUS ads_do_search_retry_internal(ADS_STRUCT *ads, const char *bind_path, int scope,
const char *expr,
const char **attrs, void *args,
LDAPMessage **res)
{
ADS_STATUS status = ADS_SUCCESS;
int count = 3;
char *bp;
*res = NULL;
if (!ads->ldap.ld &&
time_mono(NULL) - ads->ldap.last_attempt < ADS_RECONNECT_TIME) {
return ADS_ERROR(LDAP_SERVER_DOWN);
}
bp = SMB_STRDUP(bind_path);
if (!bp) {
return ADS_ERROR(LDAP_NO_MEMORY);
}
*res = NULL;
/* when binding anonymously, we cannot use the paged search LDAP
* control - Guenther */
if (ads->auth.flags & ADS_AUTH_ANON_BIND) {
status = ads_do_search(ads, bp, scope, expr, attrs, res);
} else {
status = ads_do_search_all_args(ads, bp, scope, expr, attrs, args, res);
}
if (ADS_ERR_OK(status)) {
DEBUG(5,("Search for %s in <%s> gave %d replies\n",
expr, bp, ads_count_replies(ads, *res)));
SAFE_FREE(bp);
return status;
}
while (--count) {
if (NT_STATUS_EQUAL(ads_ntstatus(status), NT_STATUS_IO_TIMEOUT) && ads->config.ldap_page_size >= 250) {
int new_page_size = (ads->config.ldap_page_size / 2);
DEBUG(1, ("Reducing LDAP page size from %d to %d due to IO_TIMEOUT\n",
ads->config.ldap_page_size, new_page_size));
ads->config.ldap_page_size = new_page_size;
}
if (*res)
ads_msgfree(ads, *res);
*res = NULL;
DEBUG(3,("Reopening ads connection to realm '%s' after error %s\n",
ads->config.realm, ads_errstr(status)));
ads_disconnect(ads);
status = ads_connect(ads);
if (!ADS_ERR_OK(status)) {
DEBUG(1,("ads_search_retry: failed to reconnect (%s)\n",
ads_errstr(status)));
ads_destroy(&ads);
SAFE_FREE(bp);
return status;
}
*res = NULL;
/* when binding anonymously, we cannot use the paged search LDAP
* control - Guenther */
if (ads->auth.flags & ADS_AUTH_ANON_BIND) {
status = ads_do_search(ads, bp, scope, expr, attrs, res);
} else {
status = ads_do_search_all_args(ads, bp, scope, expr, attrs, args, res);
}
if (ADS_ERR_OK(status)) {
DEBUG(5,("Search for filter: %s, base: %s gave %d replies\n",
expr, bp, ads_count_replies(ads, *res)));
SAFE_FREE(bp);
return status;
}
}
SAFE_FREE(bp);
if (!ADS_ERR_OK(status)) {
DEBUG(1,("ads reopen failed after error %s\n",
ads_errstr(status)));
}
return status;
}
static bool test_fsrvp_sc_create(struct torture_context *tctx,
struct dcerpc_pipe *p,
const char *share,
enum test_fsrvp_inject inject,
struct fssagent_share_mapping_1 **sc_map)
{
struct fss_IsPathSupported r_pathsupport_get;
struct fss_GetSupportedVersion r_version_get;
struct fss_SetContext r_context_set;
struct fss_StartShadowCopySet r_scset_start;
struct fss_AddToShadowCopySet r_scset_add1;
struct fss_AddToShadowCopySet r_scset_add2;
struct fss_PrepareShadowCopySet r_scset_prep;
struct fss_CommitShadowCopySet r_scset_commit;
struct fss_ExposeShadowCopySet r_scset_expose;
struct fss_GetShareMapping r_sharemap_get;
struct dcerpc_binding_handle *b = p->binding_handle;
NTSTATUS status;
time_t start_time;
TALLOC_CTX *tmp_ctx = talloc_new(tctx);
struct fssagent_share_mapping_1 *map = NULL;
int sleep_time;
/*
* PrepareShadowCopySet & CommitShadowCopySet often exceed the default
* 60 second dcerpc request timeout against Windows Server "8" Beta.
*/
dcerpc_binding_handle_set_timeout(b, 240);
ZERO_STRUCT(r_pathsupport_get);
r_pathsupport_get.in.ShareName = share;
status = dcerpc_fss_IsPathSupported_r(b, tmp_ctx, &r_pathsupport_get);
torture_assert_ntstatus_ok(tctx, status,
"IsPathSupported failed");
torture_assert_int_equal(tctx, r_pathsupport_get.out.result, 0,
"failed IsPathSupported response");
torture_assert(tctx, r_pathsupport_get.out.SupportedByThisProvider,
"path not supported");
ZERO_STRUCT(r_version_get);
status = dcerpc_fss_GetSupportedVersion_r(b, tmp_ctx, &r_version_get);
torture_assert_ntstatus_ok(tctx, status,
"GetSupportedVersion failed");
torture_assert_int_equal(tctx, r_version_get.out.result, 0,
"failed GetSupportedVersion response");
ZERO_STRUCT(r_context_set);
r_context_set.in.Context = FSRVP_CTX_BACKUP;
status = dcerpc_fss_SetContext_r(b, tmp_ctx, &r_context_set);
torture_assert_ntstatus_ok(tctx, status, "SetContext failed");
torture_assert_int_equal(tctx, r_context_set.out.result, 0,
"failed SetContext response");
if (inject == TEST_FSRVP_TOUT_SET_CTX) {
sleep_time = lpcfg_parm_int(tctx->lp_ctx, NULL, "fss",
"sequence timeout", 180);
torture_comment(tctx, "sleeping for %d\n", sleep_time);
smb_msleep((sleep_time * 1000) + 500);
}
ZERO_STRUCT(r_scset_start);
r_scset_start.in.ClientShadowCopySetId = GUID_random();
status = dcerpc_fss_StartShadowCopySet_r(b, tmp_ctx, &r_scset_start);
torture_assert_ntstatus_ok(tctx, status,
"StartShadowCopySet failed");
if (inject == TEST_FSRVP_TOUT_SET_CTX) {
/* expect error due to message sequence timeout after set_ctx */
torture_assert_int_equal(tctx, r_scset_start.out.result,
FSRVP_E_BAD_STATE,
"StartShadowCopySet timeout response");
goto done;
}
torture_assert_int_equal(tctx, r_scset_start.out.result, 0,
"failed StartShadowCopySet response");
torture_comment(tctx, "%s: shadow-copy set created\n",
GUID_string(tmp_ctx, r_scset_start.out.pShadowCopySetId));
if (inject == TEST_FSRVP_TOUT_START_SET) {
sleep_time = lpcfg_parm_int(tctx->lp_ctx, NULL, "fss",
"sequence timeout", 180);
torture_comment(tctx, "sleeping for %d\n", sleep_time);
smb_msleep((sleep_time * 1000) + 500);
}
ZERO_STRUCT(r_scset_add1);
r_scset_add1.in.ClientShadowCopyId = GUID_random();
r_scset_add1.in.ShadowCopySetId = *r_scset_start.out.pShadowCopySetId;
r_scset_add1.in.ShareName = share;
status = dcerpc_fss_AddToShadowCopySet_r(b, tmp_ctx, &r_scset_add1);
torture_assert_ntstatus_ok(tctx, status,
"AddToShadowCopySet failed");
if (inject == TEST_FSRVP_TOUT_START_SET) {
torture_assert_int_equal(tctx, r_scset_add1.out.result,
HRES_ERROR_V(HRES_E_INVALIDARG),
"AddToShadowCopySet timeout response");
goto done;
}
torture_assert_int_equal(tctx, r_scset_add1.out.result, 0,
"failed AddToShadowCopySet response");
torture_comment(tctx, "%s(%s): %s added to shadow-copy set\n",
GUID_string(tmp_ctx, r_scset_start.out.pShadowCopySetId),
GUID_string(tmp_ctx, r_scset_add1.out.pShadowCopyId),
r_scset_add1.in.ShareName);
/* attempts to add the same share twice should fail */
ZERO_STRUCT(r_scset_add2);
r_scset_add2.in.ClientShadowCopyId = GUID_random();
r_scset_add2.in.ShadowCopySetId = *r_scset_start.out.pShadowCopySetId;
r_scset_add2.in.ShareName = share;
status = dcerpc_fss_AddToShadowCopySet_r(b, tmp_ctx, &r_scset_add2);
torture_assert_ntstatus_ok(tctx, status,
"AddToShadowCopySet failed");
torture_assert_int_equal(tctx, r_scset_add2.out.result,
FSRVP_E_OBJECT_ALREADY_EXISTS,
"failed AddToShadowCopySet response");
if (inject == TEST_FSRVP_TOUT_ADD_TO_SET) {
sleep_time = lpcfg_parm_int(tctx->lp_ctx, NULL, "fss",
"sequence timeout", 1800);
torture_comment(tctx, "sleeping for %d\n", sleep_time);
smb_msleep((sleep_time * 1000) + 500);
}
start_time = time_mono(NULL);
ZERO_STRUCT(r_scset_prep);
r_scset_prep.in.ShadowCopySetId = *r_scset_start.out.pShadowCopySetId;
// r_scset_prep.in.TimeOutInMilliseconds = (1800 * 1000); /* win8 */
r_scset_prep.in.TimeOutInMilliseconds = (240 * 1000);
status = dcerpc_fss_PrepareShadowCopySet_r(b, tmp_ctx, &r_scset_prep);
torture_assert_ntstatus_ok(tctx, status,
"PrepareShadowCopySet failed");
if (inject == TEST_FSRVP_TOUT_ADD_TO_SET) {
torture_assert_int_equal(tctx, r_scset_prep.out.result,
HRES_ERROR_V(HRES_E_INVALIDARG),
"PrepareShadowCopySet tout response");
goto done;
}
torture_assert_int_equal(tctx, r_scset_prep.out.result, 0,
"failed PrepareShadowCopySet response");
torture_comment(tctx, "%s: prepare completed in %llu secs\n",
GUID_string(tmp_ctx, r_scset_start.out.pShadowCopySetId),
(unsigned long long)(time_mono(NULL) - start_time));
if (inject == TEST_FSRVP_TOUT_PREPARE) {
sleep_time = lpcfg_parm_int(tctx->lp_ctx, NULL, "fss",
"sequence timeout", 1800);
torture_comment(tctx, "sleeping for %d\n", sleep_time);
smb_msleep((sleep_time * 1000) + 500);
}
start_time = time_mono(NULL);
ZERO_STRUCT(r_scset_commit);
r_scset_commit.in.ShadowCopySetId = *r_scset_start.out.pShadowCopySetId;
r_scset_commit.in.TimeOutInMilliseconds = (180 * 1000); /* win8 */
status = dcerpc_fss_CommitShadowCopySet_r(b, tmp_ctx, &r_scset_commit);
torture_assert_ntstatus_ok(tctx, status,
"CommitShadowCopySet failed");
if (inject == TEST_FSRVP_TOUT_PREPARE) {
torture_assert_int_equal(tctx, r_scset_commit.out.result,
HRES_ERROR_V(HRES_E_INVALIDARG),
"CommitShadowCopySet tout response");
goto done;
}
torture_assert_int_equal(tctx, r_scset_commit.out.result, 0,
"failed CommitShadowCopySet response");
torture_comment(tctx, "%s: commit completed in %llu secs\n",
GUID_string(tmp_ctx, r_scset_start.out.pShadowCopySetId),
(unsigned long long)(time_mono(NULL) - start_time));
if (inject == TEST_FSRVP_TOUT_COMMIT) {
sleep_time = lpcfg_parm_int(tctx->lp_ctx, NULL, "fss",
"sequence timeout", 180);
torture_comment(tctx, "sleeping for %d\n", sleep_time);
smb_msleep((sleep_time * 1000) + 500);
} else if (inject == TEST_FSRVP_STOP_B4_EXPOSE) {
/* return partial snapshot information */
map = talloc_zero(tctx, struct fssagent_share_mapping_1);
map->ShadowCopySetId = *r_scset_start.out.pShadowCopySetId;
map->ShadowCopyId = *r_scset_add1.out.pShadowCopyId;
goto done;
}
(unsigned long long)(time_mono(NULL) - start_time));
if (inject == TEST_FSRVP_TOUT_COMMIT) {
sleep_time = lpcfg_parm_int(tctx->lp_ctx, NULL, "fss",
"sequence timeout", 180);
torture_comment(tctx, "sleeping for %d\n", sleep_time);
smb_msleep((sleep_time * 1000) + 500);
} else if (inject == TEST_FSRVP_STOP_B4_EXPOSE) {
/* return partial snapshot information */
map = talloc_zero(tctx, struct fssagent_share_mapping_1);
map->ShadowCopySetId = *r_scset_start.out.pShadowCopySetId;
map->ShadowCopyId = *r_scset_add1.out.pShadowCopyId;
goto done;
}
start_time = time_mono(NULL);
ZERO_STRUCT(r_scset_expose);
r_scset_expose.in.ShadowCopySetId = *r_scset_start.out.pShadowCopySetId;
r_scset_expose.in.TimeOutInMilliseconds = (120 * 1000); /* win8 */
status = dcerpc_fss_ExposeShadowCopySet_r(b, tmp_ctx, &r_scset_expose);
torture_assert_ntstatus_ok(tctx, status,
"ExposeShadowCopySet failed");
if (inject == TEST_FSRVP_TOUT_COMMIT) {
torture_assert_int_equal(tctx, r_scset_expose.out.result,
HRES_ERROR_V(HRES_E_INVALIDARG),
"ExposeShadowCopySet tout response");
goto done;
}
torture_assert_int_equal(tctx, r_scset_expose.out.result, 0,
"failed ExposeShadowCopySet response");
torture_comment(tctx, "%s: expose completed in %llu secs\n",
