static bool print_printjob(struct torture_context *tctx,
struct smbcli_tree *tree)
{
int fnum;
DATA_BLOB data;
ssize_t size_written;
const char *str;
torture_comment(tctx, "creating printjob %s\n", TORTURE_PRINT_FILE);
fnum = smbcli_open(tree, TORTURE_PRINT_FILE, O_RDWR|O_CREAT|O_TRUNC, DENY_NONE);
if (fnum == -1) {
torture_fail(tctx, "failed to open file");
}
str = talloc_asprintf(tctx, "TortureTestPage: %d\nData\n",0);
data = data_blob_string_const(str);
size_written = smbcli_write(tree, fnum, 0, data.data, 0, data.length);
if (size_written != data.length) {
torture_fail(tctx, "failed to write file");
}
torture_assert_ntstatus_ok(tctx,
smbcli_close(tree, fnum),
"failed to close file");
return true;
}
static isc_result_t dlz_bind9_writeable_zone_hook(dns_view_t *view,
const char *zone_name)
{
struct torture_context *tctx = talloc_get_type((void *)view, struct torture_context);
struct ldb_context *samdb = samdb_connect_url(tctx, NULL, tctx->lp_ctx,
system_session(tctx->lp_ctx),
0, lpcfg_private_path(tctx, tctx->lp_ctx, "dns/sam.ldb"));
struct ldb_message *msg;
int ret;
const char *attrs[] = {
NULL
};
if (!samdb) {
torture_fail(tctx, "Failed to connect to samdb");
return ISC_R_FAILURE;
}
ret = dsdb_search_one(samdb, tctx, &msg, NULL,
LDB_SCOPE_SUBTREE, attrs, DSDB_SEARCH_SEARCH_ALL_PARTITIONS,
"(&(objectClass=dnsZone)(name=%s))", zone_name);
if (ret != LDB_SUCCESS) {
torture_fail(tctx, talloc_asprintf(tctx, "Failed to search for %s: %s", zone_name, ldb_errstring(samdb)));
return ISC_R_FAILURE;
}
talloc_free(msg);
return ISC_R_SUCCESS;
}
static bool get_downleveltrust(struct torture_context *tctx, struct dcerpc_binding_handle *b,
struct policy_handle *handle,
struct dom_sid **sid)
{
struct lsa_EnumTrustDom r;
uint32_t resume_handle = 0;
struct lsa_DomainList domains;
int i;
r.in.handle = handle;
r.in.resume_handle = &resume_handle;
r.in.max_size = 1000;
r.out.domains = &domains;
r.out.resume_handle = &resume_handle;
torture_assert_ntstatus_ok(tctx, dcerpc_lsa_EnumTrustDom_r(b, tctx, &r),
"EnumTrustDom failed");
if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NO_MORE_ENTRIES))
torture_fail(tctx, "no trusts");
if (domains.count == 0) {
torture_fail(tctx, "no trusts");
}
for (i=0; i<domains.count; i++) {
struct lsa_QueryTrustedDomainInfoBySid q;
union lsa_TrustedDomainInfo *info = NULL;
if (domains.domains[i].sid == NULL)
continue;
q.in.handle = handle;
q.in.dom_sid = domains.domains[i].sid;
q.in.level = 6;
q.out.info = &info;
torture_assert_ntstatus_ok(tctx, dcerpc_lsa_QueryTrustedDomainInfoBySid_r(b, tctx, &q),
"QueryTrustedDomainInfoBySid failed");
if (!NT_STATUS_IS_OK(q.out.result)) continue;
if ((info->info_ex.trust_direction & 2) &&
(info->info_ex.trust_type == 1)) {
*sid = domains.domains[i].sid;
return true;
}
}
torture_fail(tctx, "I need a AD DC with an outgoing trust to NT4");
}
static struct smbcli_state *connect_to_server(struct torture_context *tctx)
{
NTSTATUS status;
struct smbcli_state *cli;
const char *host = torture_setting_string(tctx, "host", NULL);
const char *share = torture_setting_string(tctx, "share", NULL);
struct smbcli_options options;
struct smbcli_session_options session_options;
lpcfg_smbcli_options(tctx->lp_ctx, &options);
lpcfg_smbcli_session_options(tctx->lp_ctx, &session_options);
status = smbcli_full_connection(tctx, &cli, host,
lpcfg_smb_ports(tctx->lp_ctx),
share, NULL, lpcfg_socket_options(tctx->lp_ctx),
cmdline_credentials,
lpcfg_resolve_context(tctx->lp_ctx),
tctx->ev, &options, &session_options,
lpcfg_gensec_settings(tctx, tctx->lp_ctx));
if (!NT_STATUS_IS_OK(status)) {
torture_comment(tctx, "failed to connect to //%s/%s: %s\n",
host, share, nt_errstr(status));
torture_fail(tctx, "Failed to connect to server");
return NULL;
}
return cli;
}
static BOOL test_EnumPrinterKey(struct torture_context *tctx,
LPSTR servername,
HANDLE handle,
LPCSTR key)
{
LPSTR buffer = NULL;
DWORD needed = 0;
DWORD err = 0;
char tmp[1024];
torture_comment(tctx, "Testing EnumPrinterKey(%s)", key);
err = EnumPrinterKey(handle, key, NULL, 0, &needed);
if (err == ERROR_MORE_DATA) {
buffer = (LPTSTR)malloc(needed);
torture_assert(tctx, buffer, "malloc failed");
err = EnumPrinterKey(handle, key, buffer, needed, &needed);
}
if (err) {
sprintf(tmp, "EnumPrinterKey(%s) failed on [%s] (buffer size = %d), error: %s\n",
key, servername, needed, errstr(err));
torture_fail(tctx, tmp);
}
if (tctx->print) {
print_printer_keys(buffer);
}
free(buffer);
return TRUE;
}
/*
test a echodata call over the internal messaging system
*/
static bool test_echodata(struct torture_context *tctx,
const void *tcase_data,
const void *test_data)
{
struct echo_EchoData r;
NTSTATUS status;
const struct irpc_test_data *data = (const struct irpc_test_data *)tcase_data;
TALLOC_CTX *mem_ctx = tctx;
struct dcerpc_binding_handle *irpc_handle;
irpc_handle = irpc_binding_handle(mem_ctx, data->msg_ctx1,
cluster_id(0, MSG_ID2),
&ndr_table_rpcecho);
torture_assert(tctx, irpc_handle, "no memory");
/* make the call */
r.in.in_data = (unsigned char *)talloc_strdup(mem_ctx, "0123456789");
r.in.len = strlen((char *)r.in.in_data);
status = dcerpc_echo_EchoData_r(irpc_handle, mem_ctx, &r);
torture_assert_ntstatus_ok(tctx, status, "EchoData failed");
/* check the answer */
if (memcmp(r.out.out_data, r.in.in_data, r.in.len) != 0) {
NDR_PRINT_OUT_DEBUG(echo_EchoData, &r);
torture_fail(tctx, "EchoData wrong answer");
}
torture_comment(tctx, "Echo '%*.*s' -> '%*.*s'\n",
r.in.len, r.in.len,
r.in.in_data,
r.in.len, r.in.len,
r.out.out_data);
return true;
}
static bool torture_rpc_setup_machine_bdc(struct torture_context *tctx,
void **data)
{
NTSTATUS status;
struct dcerpc_binding *binding;
struct torture_rpc_tcase *tcase = talloc_get_type(tctx->active_tcase,
struct torture_rpc_tcase);
struct torture_rpc_tcase_data *tcase_data;
status = torture_rpc_binding(tctx, &binding);
if (NT_STATUS_IS_ERR(status))
return false;
*data = tcase_data = talloc_zero(tctx, struct torture_rpc_tcase_data);
tcase_data->credentials = popt_get_cmdline_credentials();
tcase_data->join_ctx = torture_join_domain(tctx, tcase->machine_name,
ACB_SVRTRUST,
&tcase_data->credentials);
if (tcase_data->join_ctx == NULL)
torture_fail(tctx, "Failed to join as BDC");
status = dcerpc_pipe_connect_b(tctx,
&(tcase_data->pipe),
binding,
tcase->table,
tcase_data->credentials, tctx->ev, tctx->lp_ctx);
torture_assert_ntstatus_ok(tctx, status, "Error connecting to server");
return NT_STATUS_IS_OK(status);
}
static bool wrap_simple_1smb2_test(struct torture_context *torture_ctx,
struct torture_tcase *tcase,
struct torture_test *test)
{
bool (*fn) (struct torture_context *, struct smb2_tree *);
bool ret;
struct smb2_tree *tree1;
TALLOC_CTX *mem_ctx = talloc_new(torture_ctx);
if (!torture_smb2_connection(torture_ctx, &tree1)) {
torture_fail(torture_ctx,
"Establishing SMB2 connection failed\n");
return false;
}
/*
* This is a trick:
* The test might close the connection. If we steal the tree context
* before that and free the parent instead of tree directly, we avoid
* a double free error.
*/
talloc_steal(mem_ctx, tree1);
fn = test->fn;
ret = fn(torture_ctx, tree1);
talloc_free(mem_ctx);
return ret;
}
static bool test_check_string_terminator(struct torture_context *tctx)
{
struct ndr_pull *ndr;
DATA_BLOB blob;
TALLOC_CTX *mem_ctx = tctx;
/* Simple test */
blob = strhex_to_data_blob(tctx, "0000");
ndr = ndr_pull_init_blob(&blob, mem_ctx);
torture_assert_ndr_success(tctx, ndr_check_string_terminator(ndr, 1, 2),
"simple check_string_terminator test failed");
torture_assert(tctx, ndr->offset == 0,
"check_string_terminator did not reset offset");
if (NDR_ERR_CODE_IS_SUCCESS(ndr_check_string_terminator(ndr, 1, 3))) {
torture_fail(tctx, "check_string_terminator checked beyond string boundaries");
}
torture_assert(tctx, ndr->offset == 0,
"check_string_terminator did not reset offset");
talloc_free(ndr);
blob = strhex_to_data_blob(tctx, "11220000");
ndr = ndr_pull_init_blob(&blob, mem_ctx);
torture_assert_ndr_success(tctx,
ndr_check_string_terminator(ndr, 4, 1),
"check_string_terminator failed to recognize terminator");
torture_assert_ndr_success(tctx,
ndr_check_string_terminator(ndr, 3, 1),
"check_string_terminator failed to recognize terminator");
if (NDR_ERR_CODE_IS_SUCCESS(ndr_check_string_terminator(ndr, 2, 1))) {
torture_fail(tctx, "check_string_terminator erroneously reported terminator");
}
torture_assert(tctx, ndr->offset == 0,
"check_string_terminator did not reset offset");
return true;
}
static BOOL test_ClosePrinter(struct torture_context *tctx,
HANDLE handle)
{
torture_comment(tctx, "Testing ClosePrinter");
if (!ClosePrinter(handle)) {
char tmp[1024];
sprintf(tmp, "failed to close printer, error was: %s\n",
errstr(GetLastError()));
torture_fail(tctx, tmp);
}
return TRUE;
}
static bool wrap_simple_2smb2_test(struct torture_context *torture_ctx,
struct torture_tcase *tcase,
struct torture_test *test)
{
bool (*fn) (struct torture_context *, struct smb2_tree *, struct smb2_tree *);
bool ret = false;
struct smb2_tree *tree1;
struct smb2_tree *tree2;
TALLOC_CTX *mem_ctx = talloc_new(torture_ctx);
if (!torture_smb2_connection(torture_ctx, &tree1)) {
torture_fail(torture_ctx,
"Establishing SMB2 connection failed\n");
goto done;
}
talloc_steal(mem_ctx, tree1);
if (!torture_smb2_connection(torture_ctx, &tree2)) {
torture_fail(torture_ctx,
"Establishing SMB2 connection failed\n");
goto done;
}
talloc_steal(mem_ctx, tree2);
fn = test->fn;
ret = fn(torture_ctx, tree1, tree2);
done:
/* the test may already have closed some of the connections */
talloc_free(mem_ctx);
return ret;
}
static BOOL test_GetPrinterDataEx(struct torture_context *tctx,
LPSTR servername,
LPSTR keyname,
LPSTR valuename,
HANDLE handle,
DWORD *type_p,
LPBYTE *buffer_p,
DWORD *size_p)
{
LPBYTE buffer = NULL;
DWORD needed = 0;
DWORD type;
DWORD err = 0;
char tmp[1024];
torture_comment(tctx, "Testing GetPrinterDataEx(%s - %s)", keyname, valuename);
err = GetPrinterDataEx(handle, keyname, valuename, &type, NULL, 0, &needed);
if (err == ERROR_MORE_DATA) {
buffer = (LPBYTE)malloc(needed);
torture_assert(tctx, buffer, "malloc failed");
err = GetPrinterDataEx(handle, keyname, valuename, &type, buffer, needed, &needed);
}
if (err) {
sprintf(tmp, "GetPrinterDataEx(%s) failed on [%s] (buffer size = %d), error: %s\n",
valuename, servername, needed, errstr(err));
torture_fail(tctx, tmp);
}
if (tctx->print) {
print_printer_data(keyname, valuename, needed, buffer, type);
}
if (type_p) {
*type_p = type;
}
if (size_p) {
*size_p = needed;
}
if (buffer_p) {
*buffer_p = buffer;
} else {
free(buffer);
}
return TRUE;
}
static BOOL test_GetPrinterDriver(struct torture_context *tctx,
LPSTR printername,
LPSTR architecture,
HANDLE handle)
{
DWORD levels[] = { 1, 2, 3, 4, 5, 6, 8 };
DWORD success[] = { 1, 1, 1, 1, 1, 1, 1 };
DWORD i;
LPBYTE buffer = NULL;
for (i=0; i < ARRAY_SIZE(levels); i++) {
DWORD needed = 0;
DWORD err = 0;
char tmp[1024];
torture_comment(tctx, "Testing GetPrinterDriver level %d", levels[i]);
GetPrinterDriver(handle, architecture, levels[i], NULL, 0, &needed);
err = GetLastError();
if (err == ERROR_INSUFFICIENT_BUFFER) {
err = 0;
buffer = malloc(needed);
torture_assert(tctx, buffer, "malloc failed");
if (!GetPrinterDriver(handle, architecture, levels[i], buffer, needed, &needed)) {
err = GetLastError();
}
}
if (err) {
sprintf(tmp, "GetPrinterDriver failed level %d on [%s] (buffer size = %d), error: %s\n",
levels[i], printername, needed, errstr(err));
if (success[i]) {
torture_fail(tctx, tmp);
} else {
torture_warning(tctx, tmp);
}
}
if (tctx->print) {
print_driver_info_bylevel(levels[i], buffer, 1);
}
free(buffer);
buffer = NULL;
}
return TRUE;
}
static BOOL test_EnumPrinters(struct torture_context *tctx,
LPSTR servername)
{
DWORD levels[] = { 1, 2, 5 };
DWORD success[] = { 1, 1, 1 };
DWORD i;
DWORD flags = PRINTER_ENUM_NAME;
LPBYTE buffer = NULL;
for (i=0; i < ARRAY_SIZE(levels); i++) {
DWORD needed = 0;
DWORD returned = 0;
DWORD err = 0;
char tmp[1024];
torture_comment(tctx, "Testing EnumPrinters level %d", levels[i]);
EnumPrinters(flags, servername, levels[i], NULL, 0, &needed, &returned);
err = GetLastError();
if (err == ERROR_INSUFFICIENT_BUFFER) {
err = 0;
buffer = malloc(needed);
torture_assert(tctx, buffer, "malloc failed");
if (!EnumPrinters(flags, servername, levels[i], buffer, needed, &needed, &returned)) {
err = GetLastError();
}
}
if (err) {
sprintf(tmp, "EnumPrinters failed level %d on [%s] (buffer size = %d), error: %s\n",
levels[i], servername, needed, errstr(err));
if (success[i]) {
torture_fail(tctx, tmp);
} else {
torture_warning(tctx, tmp);
}
}
if (tctx->print) {
print_printer_info_bylevel(levels[i], buffer, returned);
}
free(buffer);
buffer = NULL;
}
return TRUE;
}
static BOOL test_OpenPrinter(struct torture_context *tctx,
LPSTR printername,
LPPRINTER_DEFAULTS defaults,
LPHANDLE handle)
{
torture_comment(tctx, "Testing OpenPrinter(%s)", printername);
if (!OpenPrinter(printername, handle, defaults)) {
char tmp[1024];
sprintf(tmp, "failed to open printer %s, error was: 0x%08x\n",
printername, GetLastError());
torture_fail(tctx, tmp);
}
return TRUE;
}
static BOOL test_EnumPrinterDataEx(struct torture_context *tctx,
LPSTR servername,
LPSTR keyname,
HANDLE handle,
LPBYTE *buffer_p,
DWORD *returned_p)
{
LPBYTE buffer = NULL;
DWORD needed = 0;
DWORD returned = 0;
DWORD err = 0;
char tmp[1024];
torture_comment(tctx, "Testing EnumPrinterDataEx(%s)", keyname);
err = EnumPrinterDataEx(handle, keyname, NULL, 0, &needed, &returned);
if (err == ERROR_MORE_DATA) {
buffer = malloc(needed);
torture_assert(tctx, buffer, "malloc failed");
err = EnumPrinterDataEx(handle, keyname, buffer, needed, &needed, &returned);
}
if (err) {
sprintf(tmp, "EnumPrinterDataEx(%s) failed on [%s] (buffer size = %d), error: %s\n",
keyname, servername, needed, errstr(err));
torture_fail(tctx, tmp);
}
if (tctx->print) {
DWORD i;
LPPRINTER_ENUM_VALUES v = (LPPRINTER_ENUM_VALUES)buffer;
for (i=0; i < returned; i++) {
print_printer_enum_values(&v[i]);
}
}
if (returned_p) {
*returned_p = returned;
}
if (buffer_p) {
*buffer_p = buffer;
} else {
free(buffer);
}
return TRUE;
}
static BOOL test_EnumJobs(struct torture_context *tctx,
LPSTR printername,
HANDLE handle)
{
DWORD levels[] = { 1, 2, 3, 4 };
DWORD success[] = { 1, 1, 1, 1 };
DWORD i;
LPBYTE buffer = NULL;
for (i=0; i < ARRAY_SIZE(levels); i++) {
DWORD needed = 0;
DWORD returned = 0;
DWORD err = 0;
char tmp[1024];
torture_comment(tctx, "Testing EnumJobs level %d", levels[i]);
EnumJobs(handle, 0, 100, levels[i], NULL, 0, &needed, &returned);
err = GetLastError();
if (err == ERROR_INSUFFICIENT_BUFFER) {
err = 0;
buffer = malloc(needed);
torture_assert(tctx, buffer, "malloc failed");
if (!EnumJobs(handle, 0, 100, levels[i], buffer, needed, &needed, &returned)) {
err = GetLastError();
}
}
if (err) {
sprintf(tmp, "EnumJobs failed level %d on [%s] (buffer size = %d), error: %s\n",
levels[i], printername, needed, errstr(err));
if (success[i]) {
torture_fail(tctx, tmp);
} else {
torture_warning(tctx, tmp);
}
}
free(buffer);
buffer = NULL;
}
return TRUE;
}
static BOOL test_EachPrinter(struct torture_context *tctx,
LPSTR servername,
LPSTR architecture,
LPPRINTER_DEFAULTS defaults)
{
DWORD needed = 0;
DWORD returned = 0;
DWORD err = 0;
char tmp[1024];
DWORD i;
DWORD flags = PRINTER_ENUM_NAME;
PPRINTER_INFO_1 buffer = NULL;
BOOL ret = TRUE;
torture_comment(tctx, "Testing EnumPrinters level %d", 1);
EnumPrinters(flags, servername, 1, NULL, 0, &needed, &returned);
err = GetLastError();
if (err == ERROR_INSUFFICIENT_BUFFER) {
err = 0;
buffer = (PPRINTER_INFO_1)malloc(needed);
torture_assert(tctx, buffer, "malloc failed");
if (!EnumPrinters(flags, servername, 1, (LPBYTE)buffer, needed, &needed, &returned)) {
err = GetLastError();
}
}
if (err) {
sprintf(tmp, "EnumPrinters failed level %d on [%s] (buffer size = %d), error: %s\n",
1, servername, needed, errstr(err));
torture_fail(tctx, tmp);
}
for (i=0; i < returned; i++) {
ret &= test_OnePrinter(tctx, buffer[i].pName, architecture, defaults);
}
free(buffer);
return ret;
}
static bool test_opendir(struct torture_context *tctx,
SMBCCTX *ctx,
const char *fname,
bool expect_success)
{
int handle, ret;
torture_comment(tctx, "Testing smbc_opendir(%s)\n", fname);
handle = smbc_opendir(fname);
if (!expect_success) {
return true;
}
if (handle < 0) {
torture_fail(tctx, talloc_asprintf(tctx, "failed to obain file handle for '%s'", fname));
}
ret = smbc_closedir(handle);
torture_assert_int_equal(tctx, ret, 0,
talloc_asprintf(tctx, "failed to close file handle for '%s'", fname));
return true;
}
bool torture_samba3_hide(struct torture_context *torture)
{
struct smbcli_state *cli;
const char *fname = "test.txt";
int fnum;
NTSTATUS status;
struct smbcli_tree *hideunread;
struct smbcli_tree *hideunwrite;
if (!torture_open_connection_share(
torture, &cli, torture, torture_setting_string(torture, "host", NULL),
torture_setting_string(torture, "share", NULL), torture->ev)) {
torture_fail(torture, "torture_open_connection_share failed\n");
}
status = torture_second_tcon(torture, cli->session, "hideunread",
&hideunread);
torture_assert_ntstatus_ok(torture, status, "second_tcon(hideunread) failed\n");
status = torture_second_tcon(torture, cli->session, "hideunwrite",
&hideunwrite);
torture_assert_ntstatus_ok(torture, status, "second_tcon(hideunwrite) failed\n");
status = smbcli_unlink(cli->tree, fname);
if (NT_STATUS_EQUAL(status, NT_STATUS_CANNOT_DELETE)) {
smbcli_setatr(cli->tree, fname, 0, -1);
smbcli_unlink(cli->tree, fname);
}
fnum = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE);
if (fnum == -1) {
torture_fail(torture,
talloc_asprintf(torture, "Failed to create %s - %s\n", fname, smbcli_errstr(cli->tree)));
}
smbcli_close(cli->tree, fnum);
if (!smbcli_file_exists(cli->tree, fname)) {
torture_fail(torture, talloc_asprintf(torture, "%s does not exist\n", fname));
}
/* R/W file should be visible everywhere */
status = smbcli_chmod(cli->tree, fname, UNIX_R_USR|UNIX_W_USR);
torture_assert_ntstatus_ok(torture, status, "smbcli_chmod failed\n");
if (!is_writeable(torture, cli->tree, fname)) {
torture_fail(torture, "File not writable\n");
}
if (!is_readable(cli->tree, fname)) {
torture_fail(torture, "File not readable\n");
}
if (!is_visible(cli->tree, fname)) {
torture_fail(torture, "r/w file not visible via normal share\n");
}
if (!is_visible(hideunread, fname)) {
torture_fail(torture, "r/w file not visible via hide unreadable\n");
}
if (!is_visible(hideunwrite, fname)) {
torture_fail(torture, "r/w file not visible via hide unwriteable\n");
}
/* R/O file should not be visible via hide unwriteable files */
status = smbcli_chmod(cli->tree, fname, UNIX_R_USR);
torture_assert_ntstatus_ok(torture, status, "smbcli_chmod failed\n");
if (is_writeable(torture, cli->tree, fname)) {
torture_fail(torture, "r/o is writable\n");
}
if (!is_readable(cli->tree, fname)) {
torture_fail(torture, "r/o not readable\n");
}
if (!is_visible(cli->tree, fname)) {
torture_fail(torture, "r/o file not visible via normal share\n");
}
if (!is_visible(hideunread, fname)) {
torture_fail(torture, "r/o file not visible via hide unreadable\n");
}
if (is_visible(hideunwrite, fname)) {
torture_fail(torture, "r/o file visible via hide unwriteable\n");
}
/* inaccessible file should be only visible on normal share */
status = smbcli_chmod(cli->tree, fname, 0);
torture_assert_ntstatus_ok(torture, status, "smbcli_chmod failed\n");
if (is_writeable(torture, cli->tree, fname)) {
torture_fail(torture, "inaccessible file is writable\n");
}
if (is_readable(cli->tree, fname)) {
torture_fail(torture, "inaccessible file is readable\n");
}
if (!is_visible(cli->tree, fname)) {
torture_fail(torture, "inaccessible file not visible via normal share\n");
}
if (is_visible(hideunread, fname)) {
torture_fail(torture, "inaccessible file visible via hide unreadable\n");
}
if (is_visible(hideunwrite, fname)) {
torture_fail(torture, "inaccessible file visible via hide unwriteable\n");
}
smbcli_chmod(cli->tree, fname, UNIX_R_USR|UNIX_W_USR);
smbcli_unlink(cli->tree, fname);
return true;
}
static bool test_DsCrackNamesMatrix(struct torture_context *tctx,
struct DsPrivate *priv, const char *dn,
const char *user_principal_name, const char *service_principal_name)
{
NTSTATUS status;
const char *err_msg;
struct drsuapi_DsCrackNames r;
union drsuapi_DsNameRequest req;
uint32_t level_out;
union drsuapi_DsNameCtr ctr;
struct dcerpc_pipe *p = priv->drs_pipe;
TALLOC_CTX *mem_ctx = priv;
enum drsuapi_DsNameFormat formats[] = {
DRSUAPI_DS_NAME_FORMAT_UNKNOWN,
DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT,
DRSUAPI_DS_NAME_FORMAT_DISPLAY,
DRSUAPI_DS_NAME_FORMAT_GUID,
DRSUAPI_DS_NAME_FORMAT_CANONICAL,
DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN
};
struct drsuapi_DsNameString names[ARRAY_SIZE(formats)];
int i, j;
const char *n_matrix[ARRAY_SIZE(formats)][ARRAY_SIZE(formats)];
const char *n_from[ARRAY_SIZE(formats)];
ZERO_STRUCT(r);
r.in.bind_handle = &priv->bind_handle;
r.in.level = 1;
r.in.req = &req;
r.in.req->req1.codepage = 1252; /* german */
r.in.req->req1.language = 0x00000407; /* german */
r.in.req->req1.count = 1;
r.in.req->req1.names = names;
r.in.req->req1.format_flags = DRSUAPI_DS_NAME_FLAG_NO_FLAGS;
r.out.level_out = &level_out;
r.out.ctr = &ctr;
n_matrix[0][0] = dn;
for (i = 0; i < ARRAY_SIZE(formats); i++) {
r.in.req->req1.format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
r.in.req->req1.format_desired = formats[i];
names[0].str = dn;
status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
const char *errstr = nt_errstr(status);
err_msg = talloc_asprintf(mem_ctx,
"testing DsCrackNames (matrix prep) with name '%s' from format: %d desired format:%d failed - %s",
names[0].str, r.in.req->req1.format_offered, r.in.req->req1.format_desired, errstr);
torture_fail(tctx, err_msg);
} else if (!W_ERROR_IS_OK(r.out.result)) {
err_msg = talloc_asprintf(mem_ctx,
"testing DsCrackNames (matrix prep) with name '%s' from format: %d desired format:%d failed - %s",
names[0].str, r.in.req->req1.format_offered, r.in.req->req1.format_desired, win_errstr(r.out.result));
torture_fail(tctx, err_msg);
}
switch (formats[i]) {
case DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL:
if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE) {
err_msg = talloc_asprintf(mem_ctx,
"Unexpected error (%d): This name lookup should fail",
r.out.ctr->ctr1->array[0].status);
torture_fail(tctx, err_msg);
}
torture_comment(tctx, __location__ ": (expected) error\n");
break;
case DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL:
if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_NO_MAPPING) {
err_msg = talloc_asprintf(mem_ctx,
"Unexpected error (%d): This name lookup should fail",
r.out.ctr->ctr1->array[0].status);
torture_fail(tctx, err_msg);
}
torture_comment(tctx, __location__ ": (expected) error\n");
break;
case DRSUAPI_DS_NAME_FORMAT_UNKNOWN: /* should fail as we ask server to convert to Unknown format */
case DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN:
case DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY:
if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR) {
err_msg = talloc_asprintf(mem_ctx,
"Unexpected error (%d): This name lookup should fail",
r.out.ctr->ctr1->array[0].status);
torture_fail(tctx, err_msg);
}
torture_comment(tctx, __location__ ": (expected) error\n");
break;
default:
if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
err_msg = talloc_asprintf(mem_ctx,
"DsCrackNames error: %d",
r.out.ctr->ctr1->array[0].status);
torture_fail(tctx, err_msg);
}
break;
}
switch (formats[i]) {
case DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL:
n_from[i] = user_principal_name;
break;
case DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL:
n_from[i] = service_principal_name;
break;
case DRSUAPI_DS_NAME_FORMAT_UNKNOWN:
case DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY:
case DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN:
n_from[i] = NULL;
break;
default:
n_from[i] = r.out.ctr->ctr1->array[0].result_name;
printf("%s\n", n_from[i]);
break;
}
}
for (i = 0; i < ARRAY_SIZE(formats); i++) {
for (j = 0; j < ARRAY_SIZE(formats); j++) {
r.in.req->req1.format_offered = formats[i];
r.in.req->req1.format_desired = formats[j];
if (!n_from[i]) {
n_matrix[i][j] = NULL;
continue;
}
names[0].str = n_from[i];
status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
const char *errstr = nt_errstr(status);
err_msg = talloc_asprintf(mem_ctx,
"testing DsCrackNames (matrix) with name '%s' from format: %d desired format:%d failed - %s",
names[0].str, r.in.req->req1.format_offered, r.in.req->req1.format_desired, errstr);
torture_fail(tctx, err_msg);
} else if (!W_ERROR_IS_OK(r.out.result)) {
err_msg = talloc_asprintf(mem_ctx,
"testing DsCrackNames (matrix) with name '%s' from format: %d desired format:%d failed - %s",
names[0].str, r.in.req->req1.format_offered, r.in.req->req1.format_desired,
win_errstr(r.out.result));
torture_fail(tctx, err_msg);
}
if (r.out.ctr->ctr1->array[0].status == DRSUAPI_DS_NAME_STATUS_OK) {
n_matrix[i][j] = r.out.ctr->ctr1->array[0].result_name;
} else {
n_matrix[i][j] = NULL;
}
}
}
for (i = 0; i < ARRAY_SIZE(formats); i++) {
for (j = 0; j < ARRAY_SIZE(formats); j++) {
if (n_matrix[i][j] == n_from[j]) {
/* We don't have a from name for these yet (and we can't map to them to find it out) */
} else if (n_matrix[i][j] == NULL && n_from[i] == NULL) {
/* we can't map to these two */
} else if (n_matrix[i][j] == NULL && formats[j] == DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL) {
} else if (n_matrix[i][j] == NULL && formats[j] == DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL) {
} else if (n_matrix[i][j] == NULL && n_from[j] != NULL) {
err_msg = talloc_asprintf(mem_ctx,
"dcerpc_drsuapi_DsCrackNames mismatch - from %d to %d: %s should be %s",
formats[i], formats[j], n_matrix[i][j], n_from[j]);
torture_fail(tctx, err_msg);
} else if (n_matrix[i][j] != NULL && n_from[j] == NULL) {
err_msg = talloc_asprintf(mem_ctx,
"dcerpc_drsuapi_DsCrackNames mismatch - from %d to %d: %s should be %s",
formats[i], formats[j], n_matrix[i][j], n_from[j]);
torture_fail(tctx, err_msg);
} else if (strcmp(n_matrix[i][j], n_from[j]) != 0) {
err_msg = talloc_asprintf(mem_ctx,
"dcerpc_drsuapi_DsCrackNames mismatch - from %d to %d: %s should be %s",
formats[i], formats[j], n_matrix[i][j], n_from[j]);
torture_fail(tctx, err_msg);
}
}
}
return true;
}
bool test_DsCrackNames(struct torture_context *tctx,
struct DsPrivate *priv)
{
NTSTATUS status;
const char *err_msg;
struct drsuapi_DsCrackNames r;
union drsuapi_DsNameRequest req;
uint32_t level_out;
union drsuapi_DsNameCtr ctr;
struct drsuapi_DsNameString names[1];
const char *dns_domain;
const char *nt4_domain;
const char *FQDN_1779_name;
struct ldb_context *ldb;
struct ldb_dn *FQDN_1779_dn;
struct ldb_dn *realm_dn;
const char *realm_dn_str;
const char *realm_canonical;
const char *realm_canonical_ex;
const char *user_principal_name;
char *user_principal_name_short;
const char *service_principal_name;
const char *canonical_name;
const char *canonical_ex_name;
const char *dom_sid;
const char *test_dc = torture_join_netbios_name(priv->join);
struct dcerpc_pipe *p = priv->drs_pipe;
TALLOC_CTX *mem_ctx = priv;
ZERO_STRUCT(r);
r.in.bind_handle = &priv->bind_handle;
r.in.level = 1;
r.in.req = &req;
r.in.req->req1.codepage = 1252; /* german */
r.in.req->req1.language = 0x00000407; /* german */
r.in.req->req1.count = 1;
r.in.req->req1.names = names;
r.in.req->req1.format_flags = DRSUAPI_DS_NAME_FLAG_NO_FLAGS;
r.in.req->req1.format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY;
r.in.req->req1.format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
r.out.level_out = &level_out;
r.out.ctr = &ctr;
dom_sid = dom_sid_string(mem_ctx, torture_join_sid(priv->join));
names[0].str = dom_sid;
torture_comment(tctx, "Testing DsCrackNames with name '%s' desired format:%d\n",
names[0].str, r.in.req->req1.format_desired);
status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
const char *errstr = nt_errstr(status);
err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr);
torture_fail(tctx, err_msg);
} else if (!W_ERROR_IS_OK(r.out.result)) {
err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result));
torture_fail(tctx, err_msg);
} else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed on name - %d",
r.out.ctr->ctr1->array[0].status);
torture_fail(tctx, err_msg);
}
dns_domain = r.out.ctr->ctr1->array[0].dns_domain_name;
nt4_domain = r.out.ctr->ctr1->array[0].result_name;
r.in.req->req1.format_desired = DRSUAPI_DS_NAME_FORMAT_GUID;
torture_comment(tctx, "Testing DsCrackNames with name '%s' desired format:%d\n",
names[0].str, r.in.req->req1.format_desired);
status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
const char *errstr = nt_errstr(status);
err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr);
torture_fail(tctx, err_msg);
} else if (!W_ERROR_IS_OK(r.out.result)) {
err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result));
torture_fail(tctx, err_msg);
} else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed on name - %d",
r.out.ctr->ctr1->array[0].status);
torture_fail(tctx, err_msg);
}
priv->domain_dns_name = r.out.ctr->ctr1->array[0].dns_domain_name;
priv->domain_guid_str = r.out.ctr->ctr1->array[0].result_name;
GUID_from_string(priv->domain_guid_str, &priv->domain_guid);
r.in.req->req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
torture_comment(tctx, "Testing DsCrackNames with name '%s' desired format:%d\n",
names[0].str, r.in.req->req1.format_desired);
status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
const char *errstr = nt_errstr(status);
err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr);
torture_fail(tctx, err_msg);
} else if (!W_ERROR_IS_OK(r.out.result)) {
err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result));
torture_fail(tctx, err_msg);
} else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed on name - %d",
r.out.ctr->ctr1->array[0].status);
torture_fail(tctx, err_msg);
}
ldb = ldb_init(mem_ctx, tctx->ev);
realm_dn_str = r.out.ctr->ctr1->array[0].result_name;
realm_dn = ldb_dn_new(mem_ctx, ldb, realm_dn_str);
realm_canonical = ldb_dn_canonical_string(mem_ctx, realm_dn);
if (strcmp(realm_canonical,
talloc_asprintf(mem_ctx, "%s/", dns_domain))!= 0) {
err_msg = talloc_asprintf(mem_ctx, "local Round trip on canonical name failed: %s != %s!",
realm_canonical,
talloc_asprintf(mem_ctx, "%s/", dns_domain));
torture_fail(tctx, err_msg);
};
realm_canonical_ex = ldb_dn_canonical_ex_string(mem_ctx, realm_dn);
if (strcmp(realm_canonical_ex,
talloc_asprintf(mem_ctx, "%s\n", dns_domain))!= 0) {
err_msg = talloc_asprintf(mem_ctx, "local Round trip on canonical ex name failed: %s != %s!",
realm_canonical,
talloc_asprintf(mem_ctx, "%s\n", dns_domain));
torture_fail(tctx, err_msg);
};
r.in.req->req1.format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
r.in.req->req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
names[0].str = nt4_domain;
torture_comment(tctx, "Testing DsCrackNames with name '%s' desired format:%d\n",
names[0].str, r.in.req->req1.format_desired);
status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
const char *errstr = nt_errstr(status);
err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr);
torture_fail(tctx, err_msg);
} else if (!W_ERROR_IS_OK(r.out.result)) {
err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result));
torture_fail(tctx, err_msg);
} else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed on name - %d",
r.out.ctr->ctr1->array[0].status);
torture_fail(tctx, err_msg);
}
priv->domain_obj_dn = r.out.ctr->ctr1->array[0].result_name;
r.in.req->req1.format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
r.in.req->req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
names[0].str = talloc_asprintf(mem_ctx, "%s%s$", nt4_domain, test_dc);
torture_comment(tctx, "Testing DsCrackNames with name '%s' desired format:%d\n",
names[0].str, r.in.req->req1.format_desired);
status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
const char *errstr = nt_errstr(status);
err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr);
torture_fail(tctx, err_msg);
} else if (!W_ERROR_IS_OK(r.out.result)) {
err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result));
torture_fail(tctx, err_msg);
} else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed on name - %d",
r.out.ctr->ctr1->array[0].status);
torture_fail(tctx, err_msg);
}
FQDN_1779_name = r.out.ctr->ctr1->array[0].result_name;
r.in.req->req1.format_offered = DRSUAPI_DS_NAME_FORMAT_GUID;
r.in.req->req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
names[0].str = priv->domain_guid_str;
torture_comment(tctx, "Testing DsCrackNames with name '%s' desired format:%d\n",
names[0].str, r.in.req->req1.format_desired);
status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
const char *errstr = nt_errstr(status);
err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr);
torture_fail(tctx, err_msg);
} else if (!W_ERROR_IS_OK(r.out.result)) {
err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result));
torture_fail(tctx, err_msg);
} else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed on name - %d",
r.out.ctr->ctr1->array[0].status);
torture_fail(tctx, err_msg);
}
if (strcmp(priv->domain_dns_name, r.out.ctr->ctr1->array[0].dns_domain_name) != 0) {
err_msg = talloc_asprintf(mem_ctx,
"DsCrackNames failed to return same DNS name - expected %s got %s",
priv->domain_dns_name, r.out.ctr->ctr1->array[0].dns_domain_name);
torture_fail(tctx, err_msg);
}
FQDN_1779_dn = ldb_dn_new(mem_ctx, ldb, FQDN_1779_name);
canonical_name = ldb_dn_canonical_string(mem_ctx, FQDN_1779_dn);
canonical_ex_name = ldb_dn_canonical_ex_string(mem_ctx, FQDN_1779_dn);
user_principal_name = talloc_asprintf(mem_ctx, "%s$@%s", test_dc, dns_domain);
/* form up a user@DOMAIN */
user_principal_name_short = talloc_asprintf(mem_ctx, "%s$@%s", test_dc, nt4_domain);
/* variable nt4_domain includs a trailing \ */
user_principal_name_short[strlen(user_principal_name_short) - 1] = '\0';
service_principal_name = talloc_asprintf(mem_ctx, "HOST/%s", test_dc);
{
struct {
enum drsuapi_DsNameFormat format_offered;
enum drsuapi_DsNameFormat format_desired;
const char *comment;
const char *str;
const char *expected_str;
const char *expected_dns;
enum drsuapi_DsNameStatus status;
enum drsuapi_DsNameStatus alternate_status;
enum drsuapi_DsNameFlags flags;
bool skip;
} crack[] = {
{
.format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
.str = user_principal_name,
.expected_str = FQDN_1779_name,
.status = DRSUAPI_DS_NAME_STATUS_OK
},
{
.format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
.str = user_principal_name_short,
.expected_str = FQDN_1779_name,
.status = DRSUAPI_DS_NAME_STATUS_OK
},
{
.format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
/*
test ldb speed
*/
static bool test_ldb_speed(struct torture_context *torture, const void *_data)
{
struct timeval tv;
struct ldb_context *ldb;
int timelimit = torture_setting_int(torture, "timelimit", 10);
int i, count;
TALLOC_CTX *tmp_ctx = talloc_new(torture);
struct ldb_ldif *ldif;
const char *init_ldif = "dn: @INDEXLIST\n" \
"@IDXATTR: UID\n";
float ldb_speed;
unlink("./test.ldb");
torture_comment(torture, "Testing ldb speed for sidmap\n");
ldb = ldb_wrap_connect(tmp_ctx, torture->ev, torture->lp_ctx, "tdb://test.ldb",
NULL, NULL, LDB_FLG_NOSYNC, NULL);
if (!ldb) {
unlink("./test.ldb");
talloc_free(tmp_ctx);
torture_fail(torture, "Failed to open test.ldb");
}
/* add an index */
ldif = ldb_ldif_read_string(ldb, &init_ldif);
if (ldif == NULL) goto failed;
if (ldb_add(ldb, ldif->msg) != LDB_SUCCESS) goto failed;
talloc_free(ldif);
torture_comment(torture, "Adding %d SID records\n", torture_entries);
for (i=0;i<torture_entries;i++) {
if (!ldb_add_record(ldb, i)) {
torture_result(torture, TORTURE_FAIL, "Failed to add SID %d\n", i);
goto failed;
}
}
if (talloc_total_blocks(torture) > 100) {
torture_result(torture, TORTURE_FAIL, "memory leak in ldb add\n");
goto failed;
}
torture_comment(torture, "Testing for %d seconds\n", timelimit);
tv = timeval_current();
for (count=0;timeval_elapsed(&tv) < timelimit;count++) {
struct ldb_dn *dn;
struct ldb_result *res;
i = random() % torture_entries;
dn = ldb_dn_new_fmt(tmp_ctx, ldb, "SID=S-1-5-21-53173311-3623041448-2049097239-%u", i);
if (ldb_search(ldb, tmp_ctx, &res, dn, LDB_SCOPE_BASE, NULL, NULL) != LDB_SUCCESS || res->count != 1) {
torture_fail(torture, talloc_asprintf(torture, "Failed to find SID %d", i));
}
talloc_free(res);
talloc_free(dn);
if (ldb_search(ldb, tmp_ctx, &res, NULL, LDB_SCOPE_SUBTREE, NULL, "(UID=%u)", i) != LDB_SUCCESS || res->count != 1) {
torture_fail(torture, talloc_asprintf(torture, "Failed to find UID %d", i));
}
talloc_free(res);
}
if (talloc_total_blocks(torture) > 100) {
unlink("./test.ldb");
talloc_free(tmp_ctx);
torture_fail(torture, "memory leak in ldb search");
}
ldb_speed = count/timeval_elapsed(&tv);
torture_comment(torture, "ldb speed %.2f ops/sec\n", ldb_speed);
torture_comment(torture, "ldb/tdb speed ratio is %.2f%%\n", (100*ldb_speed/tdb_speed));
unlink("./test.ldb");
talloc_free(tmp_ctx);
return true;
failed:
unlink("./test.ldb");
talloc_free(tmp_ctx);
return false;
}
static bool torture_local_idtree_simple(struct torture_context *tctx)
{
struct idr_context *idr;
int i, ret;
int *ids;
int *present;
extern int torture_numops;
int n = torture_numops;
TALLOC_CTX *mem_ctx = tctx;
idr = idr_init(mem_ctx);
ids = talloc_zero_array(mem_ctx, int, n);
present = talloc_zero_array(mem_ctx, int, n);
for (i=0;i<n;i++) {
ids[i] = -1;
}
for (i=0;i<n;i++) {
int ii = random() % n;
void *p = idr_find(idr, ids[ii]);
if (present[ii]) {
if (p != &ids[ii]) {
torture_fail(tctx, talloc_asprintf(tctx,
"wrong ptr at %d - %p should be %p",
ii, p, &ids[ii]));
}
if (random() % 7 == 0) {
if (idr_remove(idr, ids[ii]) != 0) {
torture_fail(tctx, talloc_asprintf(tctx,
"remove failed at %d (id=%d)",
i, ids[ii]));
}
present[ii] = 0;
ids[ii] = -1;
}
} else {
if (p != NULL) {
torture_fail(tctx,
talloc_asprintf(tctx,
"non-present at %d gave %p (would be %d)",
ii, p,
(int)((((char *)p) - (char *)(&ids[0])) / sizeof(int))));
}
if (random() % 5) {
ids[ii] = idr_get_new(idr, &ids[ii], n);
if (ids[ii] < 0) {
torture_fail(tctx, talloc_asprintf(tctx,
"alloc failure at %d (ret=%d)",
ii, ids[ii]));
} else {
present[ii] = 1;
}
}
}
}
torture_comment(tctx, "done %d random ops\n", i);
for (i=0;i<n;i++) {
if (present[i]) {
if (idr_remove(idr, ids[i]) != 0) {
torture_fail(tctx, talloc_asprintf(tctx,
"delete failed on cleanup at %d (id=%d)",
i, ids[i]));
}
}
}
/* now test some limits */
for (i=0;i<25000;i++) {
ret = idr_get_new_above(idr, &ids[0], random() % 25000, 0x10000-3);
torture_assert(tctx, ret != -1, "idr_get_new_above failed");
}
ret = idr_get_new_above(idr, &ids[0], 0x10000-2, 0x10000);
torture_assert_int_equal(tctx, ret, 0x10000-2, "idr_get_new_above failed");
ret = idr_get_new_above(idr, &ids[0], 0x10000-1, 0x10000);
torture_assert_int_equal(tctx, ret, 0x10000-1, "idr_get_new_above failed");
ret = idr_get_new_above(idr, &ids[0], 0x10000, 0x10000);
torture_assert_int_equal(tctx, ret, 0x10000, "idr_get_new_above failed");
ret = idr_get_new_above(idr, &ids[0], 0x10000+1, 0x10000);
torture_assert_int_equal(tctx, ret, -1, "idr_get_new_above succeeded above limit");
ret = idr_get_new_above(idr, &ids[0], 0x10000+2, 0x10000);
torture_assert_int_equal(tctx, ret, -1, "idr_get_new_above succeeded above limit");
torture_comment(tctx, "cleaned up\n");
return true;
}
/* Check with a known 'well formed' PAC, from my test server */
static bool torture_pac_saved_check(struct torture_context *tctx)
{
NTSTATUS nt_status;
enum ndr_err_code ndr_err;
DATA_BLOB tmp_blob, validate_blob;
struct PAC_DATA *pac_data, pac_data2;
struct PAC_LOGON_INFO *logon_info;
union netr_Validation validation;
const char *pac_file, *pac_kdc_key, *pac_member_key;
struct auth_serversupplied_info *server_info_out;
krb5_keyblock server_keyblock;
krb5_keyblock krbtgt_keyblock, *krbtgt_keyblock_p;
struct samr_Password *krbtgt_bytes, *krbsrv_bytes;
krb5_error_code ret;
struct smb_krb5_context *smb_krb5_context;
const char *principal_string;
char *broken_principal_string;
krb5_principal client_principal;
const char *authtime_string;
time_t authtime;
TALLOC_CTX *mem_ctx = tctx;
torture_assert(tctx, 0 == smb_krb5_init_context(mem_ctx, NULL,
tctx->lp_ctx,
&smb_krb5_context),
"smb_krb5_init_context");
pac_kdc_key = torture_setting_string(tctx, "pac_kdc_key",
"B286757148AF7FD252C53603A150B7E7");
pac_member_key = torture_setting_string(tctx, "pac_member_key",
"D217FAEAE5E6B5F95CCC94077AB8A5FC");
torture_comment(tctx, "Using pac_kdc_key '%s'\n", pac_kdc_key);
torture_comment(tctx, "Using pac_member_key '%s'\n", pac_member_key);
/* The krbtgt key in use when the above PAC was generated.
* This is an arcfour-hmac-md5 key, extracted with our 'net
* samdump' tool. */
if (*pac_kdc_key == 0) {
krbtgt_bytes = NULL;
} else {
krbtgt_bytes = smbpasswd_gethexpwd(mem_ctx, pac_kdc_key);
if (!krbtgt_bytes) {
torture_fail(tctx, "(saved test) Could not interpret krbtgt key");
}
}
krbsrv_bytes = smbpasswd_gethexpwd(mem_ctx, pac_member_key);
if (!krbsrv_bytes) {
torture_fail(tctx, "(saved test) Could not interpret krbsrv key");
}
ret = krb5_keyblock_init(smb_krb5_context->krb5_context,
ENCTYPE_ARCFOUR_HMAC,
krbsrv_bytes->hash, sizeof(krbsrv_bytes->hash),
&server_keyblock);
torture_assert(tctx, !ret,
talloc_asprintf(tctx,
"(saved test) Server Keyblock encoding failed: %s",
smb_get_krb5_error_message(smb_krb5_context->krb5_context,
ret, mem_ctx)));
if (krbtgt_bytes) {
ret = krb5_keyblock_init(smb_krb5_context->krb5_context,
ENCTYPE_ARCFOUR_HMAC,
krbtgt_bytes->hash, sizeof(krbtgt_bytes->hash),
&krbtgt_keyblock);
if (ret) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
torture_fail(tctx,
talloc_asprintf(tctx,
"(saved test) Server Keyblock encoding failed: %s",
smb_get_krb5_error_message(smb_krb5_context->krb5_context,
ret, mem_ctx)));
}
krbtgt_keyblock_p = &krbtgt_keyblock;
} else {
krbtgt_keyblock_p = NULL;
}
pac_file = torture_setting_string(tctx, "pac_file", NULL);
if (pac_file) {
tmp_blob.data = (uint8_t *)file_load(pac_file, &tmp_blob.length, 0, mem_ctx);
torture_comment(tctx, "(saved test) Loaded pac of size %ld from %s\n", (long)tmp_blob.length, pac_file);
} else {
tmp_blob = data_blob_talloc(mem_ctx, saved_pac, sizeof(saved_pac));
}
dump_data(10,tmp_blob.data,tmp_blob.length);
principal_string = torture_setting_string(tctx, "pac_client_principal",
"[email protected]");
authtime_string = torture_setting_string(tctx, "pac_authtime", "1120440609");
authtime = strtoull(authtime_string, NULL, 0);
ret = krb5_parse_name(smb_krb5_context->krb5_context, principal_string,
&client_principal);
if (ret) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
krbtgt_keyblock_p);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
torture_fail(tctx,
talloc_asprintf(tctx,
"(saved test) parsing of client principal [%s] failed: %s",
principal_string,
smb_get_krb5_error_message(smb_krb5_context->krb5_context, ret, mem_ctx)));
}
/* Decode and verify the signaure on the PAC */
nt_status = kerberos_decode_pac(mem_ctx,
lp_iconv_convenience(tctx->lp_ctx),
&pac_data,
tmp_blob,
smb_krb5_context->krb5_context,
krbtgt_keyblock_p,
&server_keyblock,
client_principal, authtime, NULL);
if (!NT_STATUS_IS_OK(nt_status)) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
krbtgt_keyblock_p);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
krb5_free_principal(smb_krb5_context->krb5_context, client_principal);
torture_fail(tctx, talloc_asprintf(tctx,
"(saved test) PAC decoding failed: %s",
nt_errstr(nt_status)));
}
/* Now check we can read it back (using Heimdal's pac parsing) */
nt_status = kerberos_pac_blob_to_server_info(mem_ctx,
lp_iconv_convenience(tctx->lp_ctx),
tmp_blob,
smb_krb5_context->krb5_context,
&server_info_out);
if (!NT_STATUS_IS_OK(nt_status)) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
krbtgt_keyblock_p);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
krb5_free_principal(smb_krb5_context->krb5_context, client_principal);
torture_fail(tctx, talloc_asprintf(tctx,
"(saved test) Heimdal PAC decoding failed: %s",
nt_errstr(nt_status)));
}
if (!pac_file &&
!dom_sid_equal(dom_sid_parse_talloc(mem_ctx,
"S-1-5-21-3048156945-3961193616-3706469200-1005"),
server_info_out->account_sid)) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
krbtgt_keyblock_p);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
krb5_free_principal(smb_krb5_context->krb5_context, client_principal);
torture_fail(tctx,
talloc_asprintf(tctx,
"(saved test) Heimdal PAC Decode resulted in *different* domain SID: %s != %s",
"S-1-5-21-3048156945-3961193616-3706469200-1005",
dom_sid_string(mem_ctx, server_info_out->account_sid)));
}
talloc_free(server_info_out);
/* Parse the PAC again, for the logon info this time (using Samba4's parsing) */
nt_status = kerberos_pac_logon_info(mem_ctx,
lp_iconv_convenience(tctx->lp_ctx),
&logon_info,
tmp_blob,
smb_krb5_context->krb5_context,
krbtgt_keyblock_p,
&server_keyblock,
client_principal, authtime, NULL);
if (!NT_STATUS_IS_OK(nt_status)) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
krbtgt_keyblock_p);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
krb5_free_principal(smb_krb5_context->krb5_context, client_principal);
torture_fail(tctx,
talloc_asprintf(tctx,
"(saved test) PAC decoding (for logon info) failed: %s",
nt_errstr(nt_status)));
}
validation.sam3 = &logon_info->info3;
nt_status = make_server_info_netlogon_validation(mem_ctx,
"",
3, &validation,
&server_info_out);
if (!NT_STATUS_IS_OK(nt_status)) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
krbtgt_keyblock_p);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
krb5_free_principal(smb_krb5_context->krb5_context, client_principal);
torture_fail(tctx,
talloc_asprintf(tctx,
"(saved test) PAC decoding (make server info) failed: %s",
nt_errstr(nt_status)));
}
if (!pac_file &&
!dom_sid_equal(dom_sid_parse_talloc(mem_ctx,
"S-1-5-21-3048156945-3961193616-3706469200-1005"),
server_info_out->account_sid)) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
krbtgt_keyblock_p);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
krb5_free_principal(smb_krb5_context->krb5_context, client_principal);
torture_fail(tctx,
talloc_asprintf(tctx,
"(saved test) PAC Decode resulted in *different* domain SID: %s != %s",
"S-1-5-21-3048156945-3961193616-3706469200-1005",
dom_sid_string(mem_ctx, server_info_out->account_sid)));
}
if (krbtgt_bytes == NULL) {
torture_comment(tctx, "skipping PAC encoding tests as non kdc key\n");
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
krb5_free_principal(smb_krb5_context->krb5_context, client_principal);
return true;
}
ret = kerberos_encode_pac(mem_ctx,
lp_iconv_convenience(tctx->lp_ctx),
pac_data,
smb_krb5_context->krb5_context,
krbtgt_keyblock_p,
&server_keyblock,
&validate_blob);
if (ret != 0) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
krbtgt_keyblock_p);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
krb5_free_principal(smb_krb5_context->krb5_context, client_principal);
torture_fail(tctx, "(saved test) PAC push failed");
}
dump_data(10, validate_blob.data, validate_blob.length);
/* compare both the length and the data bytes after a
* pull/push cycle. This ensures we use the exact same
* pointer, padding etc algorithms as win2k3.
*/
if (tmp_blob.length != validate_blob.length) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
krbtgt_keyblock_p);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
krb5_free_principal(smb_krb5_context->krb5_context, client_principal);
torture_fail(tctx,
talloc_asprintf(tctx,
"(saved test) PAC push failed: original buffer length[%u] != created buffer length[%u]",
(unsigned)tmp_blob.length, (unsigned)validate_blob.length));
}
if (memcmp(tmp_blob.data, validate_blob.data, tmp_blob.length) != 0) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
krbtgt_keyblock_p);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
krb5_free_principal(smb_krb5_context->krb5_context, client_principal);
DEBUG(0, ("tmp_data:\n"));
dump_data(0, tmp_blob.data, tmp_blob.length);
DEBUG(0, ("validate_blob:\n"));
dump_data(0, validate_blob.data, validate_blob.length);
torture_fail(tctx, talloc_asprintf(tctx, "(saved test) PAC push failed: length[%u] matches, but data does not", (unsigned)tmp_blob.length));
}
ret = kerberos_create_pac(mem_ctx,
lp_iconv_convenience(tctx->lp_ctx),
server_info_out,
smb_krb5_context->krb5_context,
krbtgt_keyblock_p,
&server_keyblock,
client_principal, authtime,
&validate_blob);
if (ret != 0) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
krbtgt_keyblock_p);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
krb5_free_principal(smb_krb5_context->krb5_context, client_principal);
torture_fail(tctx, "(saved test) regnerated PAC create failed");
}
dump_data(10,validate_blob.data,validate_blob.length);
/* compare both the length and the data bytes after a
* pull/push cycle. This ensures we use the exact same
* pointer, padding etc algorithms as win2k3.
*/
if (tmp_blob.length != validate_blob.length) {
ndr_err = ndr_pull_struct_blob(&validate_blob, mem_ctx,
lp_iconv_convenience(tctx->lp_ctx), &pac_data2,
(ndr_pull_flags_fn_t)ndr_pull_PAC_DATA);
nt_status = ndr_map_error2ntstatus(ndr_err);
torture_assert_ntstatus_ok(tctx, nt_status, "can't parse the PAC");
NDR_PRINT_DEBUG(PAC_DATA, pac_data);
NDR_PRINT_DEBUG(PAC_DATA, &pac_data2);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
krbtgt_keyblock_p);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
krb5_free_principal(smb_krb5_context->krb5_context, client_principal);
torture_fail(tctx, talloc_asprintf(tctx,
"(saved test) PAC regenerate failed: original buffer length[%u] != created buffer length[%u]",
(unsigned)tmp_blob.length, (unsigned)validate_blob.length));
}
if (memcmp(tmp_blob.data, validate_blob.data, tmp_blob.length) != 0) {
ndr_err = ndr_pull_struct_blob(&validate_blob, mem_ctx,
lp_iconv_convenience(tctx->lp_ctx), &pac_data2,
(ndr_pull_flags_fn_t)ndr_pull_PAC_DATA);
nt_status = ndr_map_error2ntstatus(ndr_err);
torture_assert_ntstatus_ok(tctx, nt_status, "can't parse the PAC");
NDR_PRINT_DEBUG(PAC_DATA, pac_data);
NDR_PRINT_DEBUG(PAC_DATA, &pac_data2);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
krbtgt_keyblock_p);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
krb5_free_principal(smb_krb5_context->krb5_context, client_principal);
DEBUG(0, ("tmp_data:\n"));
dump_data(0, tmp_blob.data, tmp_blob.length);
DEBUG(0, ("validate_blob:\n"));
dump_data(0, validate_blob.data, validate_blob.length);
torture_fail(tctx, talloc_asprintf(tctx,
"(saved test) PAC regenerate failed: length[%u] matches, but data does not", (unsigned)tmp_blob.length));
}
/* Break the auth time, to ensure we check this vital detail (not setting this caused all the pain in the first place... */
nt_status = kerberos_decode_pac(mem_ctx,
lp_iconv_convenience(tctx->lp_ctx),
&pac_data,
tmp_blob,
smb_krb5_context->krb5_context,
krbtgt_keyblock_p,
&server_keyblock,
client_principal,
authtime + 1, NULL);
if (NT_STATUS_IS_OK(nt_status)) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
krbtgt_keyblock_p);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
krb5_free_principal(smb_krb5_context->krb5_context, client_principal);
torture_fail(tctx, "(saved test) PAC decoding DID NOT fail on broken auth time (time + 1)");
}
/* Break the client principal */
krb5_free_principal(smb_krb5_context->krb5_context, client_principal);
broken_principal_string = talloc_strdup(mem_ctx, principal_string);
broken_principal_string[0]++;
ret = krb5_parse_name(smb_krb5_context->krb5_context,
broken_principal_string, &client_principal);
if (ret) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
krbtgt_keyblock_p);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
torture_fail(tctx, talloc_asprintf(tctx,
"(saved test) parsing of broken client principal failed: %s",
smb_get_krb5_error_message(smb_krb5_context->krb5_context, ret, mem_ctx)));
}
nt_status = kerberos_decode_pac(mem_ctx,
lp_iconv_convenience(tctx->lp_ctx),
&pac_data,
tmp_blob,
smb_krb5_context->krb5_context,
krbtgt_keyblock_p,
&server_keyblock,
client_principal,
authtime, NULL);
if (NT_STATUS_IS_OK(nt_status)) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
krbtgt_keyblock_p);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
torture_fail(tctx, "(saved test) PAC decoding DID NOT fail on modified principal");
}
/* Finally... Bugger up the signature, and check we fail the checksum */
tmp_blob.data[tmp_blob.length - 2]++;
nt_status = kerberos_decode_pac(mem_ctx,
lp_iconv_convenience(tctx->lp_ctx),
&pac_data,
tmp_blob,
smb_krb5_context->krb5_context,
krbtgt_keyblock_p,
&server_keyblock,
client_principal,
authtime, NULL);
if (NT_STATUS_IS_OK(nt_status)) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
krbtgt_keyblock_p);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
torture_fail(tctx, "(saved test) PAC decoding DID NOT fail on broken checksum");
}
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
krbtgt_keyblock_p);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
return true;
}
static bool torture_pac_self_check(struct torture_context *tctx)
{
NTSTATUS nt_status;
DATA_BLOB tmp_blob;
struct PAC_DATA *pac_data;
struct PAC_LOGON_INFO *logon_info;
union netr_Validation validation;
/* Generate a nice, arbitary keyblock */
uint8_t server_bytes[16];
uint8_t krbtgt_bytes[16];
krb5_keyblock server_keyblock;
krb5_keyblock krbtgt_keyblock;
krb5_error_code ret;
struct smb_krb5_context *smb_krb5_context;
struct auth_serversupplied_info *server_info;
struct auth_serversupplied_info *server_info_out;
krb5_principal client_principal;
time_t logon_time = time(NULL);
TALLOC_CTX *mem_ctx = tctx;
torture_assert(tctx, 0 == smb_krb5_init_context(mem_ctx,
NULL,
tctx->lp_ctx,
&smb_krb5_context),
"smb_krb5_init_context");
generate_random_buffer(server_bytes, 16);
generate_random_buffer(krbtgt_bytes, 16);
ret = krb5_keyblock_init(smb_krb5_context->krb5_context,
ENCTYPE_ARCFOUR_HMAC,
server_bytes, sizeof(server_bytes),
&server_keyblock);
torture_assert(tctx, !ret, talloc_asprintf(tctx,
"(self test) Server Keyblock encoding failed: %s",
smb_get_krb5_error_message(smb_krb5_context->krb5_context,
ret, mem_ctx)));
ret = krb5_keyblock_init(smb_krb5_context->krb5_context,
ENCTYPE_ARCFOUR_HMAC,
krbtgt_bytes, sizeof(krbtgt_bytes),
&krbtgt_keyblock);
if (ret) {
char *err = smb_get_krb5_error_message(smb_krb5_context->krb5_context,
ret, mem_ctx);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
torture_fail(tctx, talloc_asprintf(tctx,
"(self test) KRBTGT Keyblock encoding failed: %s", err));
}
/* We need an input, and this one requires no underlying database */
nt_status = auth_anonymous_server_info(mem_ctx, lp_netbios_name(tctx->lp_ctx), &server_info);
if (!NT_STATUS_IS_OK(nt_status)) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&krbtgt_keyblock);
torture_fail(tctx, "auth_anonymous_server_info");
}
ret = krb5_parse_name_flags(smb_krb5_context->krb5_context,
server_info->account_name,
KRB5_PRINCIPAL_PARSE_NO_REALM,
&client_principal);
if (ret) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&krbtgt_keyblock);
torture_fail(tctx, "krb5_parse_name_flags(norealm)");
}
/* OK, go ahead and make a PAC */
ret = kerberos_create_pac(mem_ctx,
lp_iconv_convenience(tctx->lp_ctx),
server_info,
smb_krb5_context->krb5_context,
&krbtgt_keyblock,
&server_keyblock,
client_principal,
logon_time,
&tmp_blob);
if (ret) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&krbtgt_keyblock);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
krb5_free_principal(smb_krb5_context->krb5_context,
client_principal);
torture_fail(tctx, talloc_asprintf(tctx,
"(self test) PAC encoding failed: %s",
smb_get_krb5_error_message(smb_krb5_context->krb5_context,
ret, mem_ctx)));
}
dump_data(10,tmp_blob.data,tmp_blob.length);
/* Now check that we can read it back (using full decode and validate) */
nt_status = kerberos_decode_pac(mem_ctx,
lp_iconv_convenience(tctx->lp_ctx),
&pac_data,
tmp_blob,
smb_krb5_context->krb5_context,
&krbtgt_keyblock,
&server_keyblock,
client_principal,
logon_time, NULL);
if (!NT_STATUS_IS_OK(nt_status)) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&krbtgt_keyblock);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
krb5_free_principal(smb_krb5_context->krb5_context,
client_principal);
torture_fail(tctx, talloc_asprintf(tctx,
"(self test) PAC decoding failed: %s",
nt_errstr(nt_status)));
}
/* Now check we can read it back (using Heimdal's pac parsing) */
nt_status = kerberos_pac_blob_to_server_info(mem_ctx,
lp_iconv_convenience(tctx->lp_ctx),
tmp_blob,
smb_krb5_context->krb5_context,
&server_info_out);
if (!dom_sid_equal(server_info->account_sid,
server_info_out->account_sid)) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&krbtgt_keyblock);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
krb5_free_principal(smb_krb5_context->krb5_context,
client_principal);
torture_fail(tctx,
talloc_asprintf(tctx,
"(self test) PAC Decode resulted in *different* domain SID: %s != %s",
dom_sid_string(mem_ctx, server_info->account_sid),
dom_sid_string(mem_ctx, server_info_out->account_sid)));
}
talloc_free(server_info_out);
/* Now check that we can read it back (yet again) */
nt_status = kerberos_pac_logon_info(mem_ctx,
lp_iconv_convenience(tctx->lp_ctx),
&logon_info,
tmp_blob,
smb_krb5_context->krb5_context,
&krbtgt_keyblock,
&server_keyblock,
client_principal,
logon_time,
NULL);
if (!NT_STATUS_IS_OK(nt_status)) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&krbtgt_keyblock);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
krb5_free_principal(smb_krb5_context->krb5_context,
client_principal);
torture_fail(tctx,
talloc_asprintf(tctx,
"(self test) PAC decoding (for logon info) failed: %s",
nt_errstr(nt_status)));
}
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&krbtgt_keyblock);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
krb5_free_principal(smb_krb5_context->krb5_context,
client_principal);
/* And make a server info from the samba-parsed PAC */
validation.sam3 = &logon_info->info3;
nt_status = make_server_info_netlogon_validation(mem_ctx,
"",
3, &validation,
&server_info_out);
if (!NT_STATUS_IS_OK(nt_status)) {
torture_fail(tctx,
talloc_asprintf(tctx,
"(self test) PAC decoding (make server info) failed: %s",
nt_errstr(nt_status)));
}
if (!dom_sid_equal(server_info->account_sid,
server_info_out->account_sid)) {
torture_fail(tctx,
talloc_asprintf(tctx,
"(self test) PAC Decode resulted in *different* domain SID: %s != %s",
dom_sid_string(mem_ctx, server_info->account_sid),
dom_sid_string(mem_ctx, server_info_out->account_sid)));
}
return true;
}
/* basic testing of all RAW_FILEINFO_* calls
for each call we test that it succeeds, and where possible test
for consistency between the calls.
*/
static bool torture_raw_qfileinfo_internals(struct torture_context *torture,
TALLOC_CTX *mem_ctx,
struct smbcli_tree *tree,
int fnum, const char *fname,
bool is_ipc)
{
int i;
bool ret = true;
int count;
union smb_fileinfo *s1, *s2;
NTTIME correct_time;
uint64_t correct_size;
uint32_t correct_attrib;
const char *correct_name;
bool skip_streams = false;
/* scan all the fileinfo and pathinfo levels */
for (i=0; levels[i].name; i++) {
if (!levels[i].only_paths) {
levels[i].fnum_finfo.generic.level = levels[i].level;
levels[i].fnum_finfo.generic.in.file.fnum = fnum;
levels[i].fnum_status = smb_raw_fileinfo(tree, mem_ctx,
&levels[i].fnum_finfo);
}
if (!levels[i].only_handles) {
levels[i].fname_finfo.generic.level = levels[i].level;
levels[i].fname_finfo.generic.in.file.path = talloc_strdup(mem_ctx, fname);
levels[i].fname_status = smb_raw_pathinfo(tree, mem_ctx,
&levels[i].fname_finfo);
}
}
/* check for completely broken levels */
for (count=i=0; levels[i].name; i++) {
uint32_t cap = tree->session->transport->negotiate.capabilities;
/* see if this server claims to support this level */
if ((cap & levels[i].capability_mask) != levels[i].capability_mask) {
continue;
}
if (is_ipc) {
if (levels[i].expected_ipc_access_denied && NT_STATUS_EQUAL(NT_STATUS_ACCESS_DENIED, levels[i].fname_status)) {
} else if (!levels[i].only_handles &&
NT_STATUS_EQUAL(levels[i].fname_status,
NT_STATUS_NOT_SUPPORTED)) {
torture_warning(torture, "fname level %s %s",
levels[i].name,
nt_errstr(levels[i].fname_status));
continue;
} else if (!levels[i].only_handles && !NT_STATUS_EQUAL(NT_STATUS_INVALID_DEVICE_REQUEST, levels[i].fname_status)) {
printf("ERROR: fname level %s failed, expected NT_STATUS_INVALID_DEVICE_REQUEST - %s\n",
levels[i].name, nt_errstr(levels[i].fname_status));
count++;
}
if (!levels[i].only_paths &&
(NT_STATUS_EQUAL(levels[i].fnum_status,
NT_STATUS_NOT_SUPPORTED) ||
NT_STATUS_EQUAL(levels[i].fnum_status,
NT_STATUS_NOT_IMPLEMENTED))) {
torture_warning(torture, "fnum level %s %s",
levels[i].name,
nt_errstr(levels[i].fnum_status));
continue;
}
if (!levels[i].only_paths && !NT_STATUS_EQUAL(levels[i].expected_ipc_fnum_status, levels[i].fnum_status)) {
printf("ERROR: fnum level %s failed, expected %s - %s\n",
levels[i].name, nt_errstr(levels[i].expected_ipc_fnum_status),
nt_errstr(levels[i].fnum_status));
count++;
}
} else {
if (!levels[i].only_paths &&
(NT_STATUS_EQUAL(levels[i].fnum_status,
NT_STATUS_NOT_SUPPORTED) ||
NT_STATUS_EQUAL(levels[i].fnum_status,
NT_STATUS_NOT_IMPLEMENTED))) {
torture_warning(torture, "fnum level %s %s",
levels[i].name,
nt_errstr(levels[i].fnum_status));
continue;
}
if (!levels[i].only_handles &&
(NT_STATUS_EQUAL(levels[i].fname_status,
NT_STATUS_NOT_SUPPORTED) ||
NT_STATUS_EQUAL(levels[i].fname_status,
NT_STATUS_NOT_IMPLEMENTED))) {
torture_warning(torture, "fname level %s %s",
levels[i].name,
nt_errstr(levels[i].fname_status));
continue;
}
if (!levels[i].only_paths && !NT_STATUS_IS_OK(levels[i].fnum_status)) {
printf("ERROR: fnum level %s failed - %s\n",
levels[i].name, nt_errstr(levels[i].fnum_status));
count++;
}
if (!levels[i].only_handles && !NT_STATUS_IS_OK(levels[i].fname_status)) {
printf("ERROR: fname level %s failed - %s\n",
levels[i].name, nt_errstr(levels[i].fname_status));
count++;
}
}
}
if (count != 0) {
ret = false;
printf("%d levels failed\n", count);
if (count > 35) {
torture_fail(torture, "too many level failures - giving up");
}
}
/* see if we can do streams */
s1 = fnum_find("STREAM_INFO");
if (!s1 || s1->stream_info.out.num_streams == 0) {
if (!is_ipc) {
printf("STREAM_INFO broken (%d) - skipping streams checks\n",
s1 ? s1->stream_info.out.num_streams : -1);
}
skip_streams = true;
}
/* this code is incredibly repititive but doesn't lend itself to loops, so
we use lots of macros to make it less painful */
/* first off we check the levels that are supposed to be aliases. It will be quite rare for
this code to fail, but we need to check it for completeness */
#define ALIAS_CHECK(sname1, sname2) \
do { \
s1 = fnum_find(sname1); s2 = fnum_find(sname2); \
if (s1 && s2) { INFO_CHECK } \
s1 = fname_find(is_ipc, sname1); s2 = fname_find(is_ipc, sname2); \
if (s1 && s2) { INFO_CHECK } \
s1 = fnum_find(sname1); s2 = fname_find(is_ipc, sname2); \
if (s1 && s2) { INFO_CHECK } \
} while (0)
#define INFO_CHECK \
STRUCT_EQUAL(basic_info, create_time, basic_info, create_time); \
STRUCT_EQUAL(basic_info, access_time, basic_info, access_time); \
STRUCT_EQUAL(basic_info, write_time, basic_info, write_time); \
STRUCT_EQUAL(basic_info, change_time, basic_info, change_time); \
VAL_EQUAL (basic_info, attrib, basic_info, attrib);
ALIAS_CHECK("BASIC_INFO", "BASIC_INFORMATION");
#undef INFO_CHECK
#define INFO_CHECK \
VAL_EQUAL(standard_info, alloc_size, standard_info, alloc_size); \
VAL_EQUAL(standard_info, size, standard_info, size); \
VAL_EQUAL(standard_info, nlink, standard_info, nlink); \
VAL_EQUAL(standard_info, delete_pending, standard_info, delete_pending); \
VAL_EQUAL(standard_info, directory, standard_info, directory);
ALIAS_CHECK("STANDARD_INFO", "STANDARD_INFORMATION");
#undef INFO_CHECK
#define INFO_CHECK \
VAL_EQUAL(ea_info, ea_size, ea_info, ea_size);
ALIAS_CHECK("EA_INFO", "EA_INFORMATION");
#undef INFO_CHECK
#define INFO_CHECK \
STR_EQUAL(name_info, fname, name_info, fname);
ALIAS_CHECK("NAME_INFO", "NAME_INFORMATION");
#undef INFO_CHECK
#define INFO_CHECK \
STRUCT_EQUAL(all_info, create_time, all_info, create_time); \
STRUCT_EQUAL(all_info, access_time, all_info, access_time); \
STRUCT_EQUAL(all_info, write_time, all_info, write_time); \
STRUCT_EQUAL(all_info, change_time, all_info, change_time); \
VAL_EQUAL(all_info, attrib, all_info, attrib); \
VAL_EQUAL(all_info, alloc_size, all_info, alloc_size); \
VAL_EQUAL(all_info, size, all_info, size); \
VAL_EQUAL(all_info, nlink, all_info, nlink); \
VAL_EQUAL(all_info, delete_pending, all_info, delete_pending); \
VAL_EQUAL(all_info, directory, all_info, directory); \
VAL_EQUAL(all_info, ea_size, all_info, ea_size); \
STR_EQUAL(all_info, fname, all_info, fname);
ALIAS_CHECK("ALL_INFO", "ALL_INFORMATION");
#undef INFO_CHECK
#define INFO_CHECK \
VAL_EQUAL(compression_info, compressed_size,compression_info, compressed_size); \
VAL_EQUAL(compression_info, format, compression_info, format); \
VAL_EQUAL(compression_info, unit_shift, compression_info, unit_shift); \
VAL_EQUAL(compression_info, chunk_shift, compression_info, chunk_shift); \
VAL_EQUAL(compression_info, cluster_shift, compression_info, cluster_shift);
ALIAS_CHECK("COMPRESSION_INFO", "COMPRESSION_INFORMATION");
#undef INFO_CHECK
#define INFO_CHECK \
STR_EQUAL(alt_name_info, fname, alt_name_info, fname);
ALIAS_CHECK("ALT_NAME_INFO", "ALT_NAME_INFORMATION");
#define TIME_CHECK_NT(sname, stype, tfield) do { \
s1 = fnum_find(sname); \
if (s1 && memcmp(&s1->stype.out.tfield, &correct_time, sizeof(correct_time)) != 0) { \
printf("(%d) handle %s/%s incorrect - %s should be %s\n", __LINE__, #stype, #tfield, \
nt_time_string(mem_ctx, s1->stype.out.tfield), \
nt_time_string(mem_ctx, correct_time)); \
ret = false; \
} \
s1 = fname_find(is_ipc, sname); \
if (s1 && memcmp(&s1->stype.out.tfield, &correct_time, sizeof(correct_time)) != 0) { \
printf("(%d) path %s/%s incorrect - %s should be %s\n", __LINE__, #stype, #tfield, \
nt_time_string(mem_ctx, s1->stype.out.tfield), \
nt_time_string(mem_ctx, correct_time)); \
ret = false; \
}} while (0)
#define TIME_CHECK_DOS(sname, stype, tfield) do { \
s1 = fnum_find(sname); \
if (s1 && dos_nt_time_cmp(s1->stype.out.tfield, correct_time) != 0) { \
printf("(%d) handle %s/%s incorrect - %s should be %s\n", __LINE__, #stype, #tfield, \
timestring(mem_ctx, s1->stype.out.tfield), \
nt_time_string(mem_ctx, correct_time)); \
ret = false; \
} \
s1 = fname_find(is_ipc, sname); \
if (s1 && dos_nt_time_cmp(s1->stype.out.tfield, correct_time) != 0) { \
printf("(%d) path %s/%s incorrect - %s should be %s\n", __LINE__, #stype, #tfield, \
timestring(mem_ctx, s1->stype.out.tfield), \
nt_time_string(mem_ctx, correct_time)); \
ret = false; \
}} while (0)
#if 0 /* unused */
#define TIME_CHECK_UNX(sname, stype, tfield) do { \
s1 = fnum_find(sname); \
if (s1 && unx_nt_time_cmp(s1->stype.out.tfield, correct_time) != 0) { \
printf("(%d) handle %s/%s incorrect - %s should be %s\n", __LINE__, #stype, #tfield, \
timestring(mem_ctx, s1->stype.out.tfield), \
nt_time_string(mem_ctx, correct_time)); \
ret = false; \
} \
s1 = fname_find(is_ipc, sname); \
if (s1 && unx_nt_time_cmp(s1->stype.out.tfield, correct_time) != 0) { \
printf("(%d) path %s/%s incorrect - %s should be %s\n", __LINE__, #stype, #tfield, \
timestring(mem_ctx, s1->stype.out.tfield), \
nt_time_string(mem_ctx, correct_time)); \
ret = false; \
}} while (0)
#endif
/* now check that all the times that are supposed to be equal are correct */
s1 = fnum_find("BASIC_INFO");
correct_time = s1->basic_info.out.create_time;
torture_comment(torture, "create_time: %s\n", nt_time_string(mem_ctx, correct_time));
TIME_CHECK_NT ("BASIC_INFO", basic_info, create_time);
TIME_CHECK_NT ("BASIC_INFORMATION", basic_info, create_time);
TIME_CHECK_DOS("GETATTRE", getattre, create_time);
TIME_CHECK_DOS("STANDARD", standard, create_time);
TIME_CHECK_DOS("EA_SIZE", ea_size, create_time);
TIME_CHECK_NT ("ALL_INFO", all_info, create_time);
TIME_CHECK_NT ("NETWORK_OPEN_INFORMATION", network_open_information, create_time);
s1 = fnum_find("BASIC_INFO");
correct_time = s1->basic_info.out.access_time;
torture_comment(torture, "access_time: %s\n", nt_time_string(mem_ctx, correct_time));
TIME_CHECK_NT ("BASIC_INFO", basic_info, access_time);
TIME_CHECK_NT ("BASIC_INFORMATION", basic_info, access_time);
TIME_CHECK_DOS("GETATTRE", getattre, access_time);
TIME_CHECK_DOS("STANDARD", standard, access_time);
TIME_CHECK_DOS("EA_SIZE", ea_size, access_time);
TIME_CHECK_NT ("ALL_INFO", all_info, access_time);
TIME_CHECK_NT ("NETWORK_OPEN_INFORMATION", network_open_information, access_time);
s1 = fnum_find("BASIC_INFO");
correct_time = s1->basic_info.out.write_time;
torture_comment(torture, "write_time : %s\n", nt_time_string(mem_ctx, correct_time));
TIME_CHECK_NT ("BASIC_INFO", basic_info, write_time);
TIME_CHECK_NT ("BASIC_INFORMATION", basic_info, write_time);
TIME_CHECK_DOS("GETATTR", getattr, write_time);
TIME_CHECK_DOS("GETATTRE", getattre, write_time);
TIME_CHECK_DOS("STANDARD", standard, write_time);
TIME_CHECK_DOS("EA_SIZE", ea_size, write_time);
TIME_CHECK_NT ("ALL_INFO", all_info, write_time);
TIME_CHECK_NT ("NETWORK_OPEN_INFORMATION", network_open_information, write_time);
s1 = fnum_find("BASIC_INFO");
correct_time = s1->basic_info.out.change_time;
torture_comment(torture, "change_time: %s\n", nt_time_string(mem_ctx, correct_time));
TIME_CHECK_NT ("BASIC_INFO", basic_info, change_time);
TIME_CHECK_NT ("BASIC_INFORMATION", basic_info, change_time);
TIME_CHECK_NT ("ALL_INFO", all_info, change_time);
TIME_CHECK_NT ("NETWORK_OPEN_INFORMATION", network_open_information, change_time);
#define SIZE_CHECK(sname, stype, tfield) do { \
s1 = fnum_find(sname); \
if (s1 && s1->stype.out.tfield != correct_size) { \
printf("(%d) handle %s/%s incorrect - %u should be %u\n", __LINE__, #stype, #tfield, \
(unsigned int)s1->stype.out.tfield, \
(unsigned int)correct_size); \
ret = false; \
} \
s1 = fname_find(is_ipc, sname); \
if (s1 && s1->stype.out.tfield != correct_size) { \
printf("(%d) path %s/%s incorrect - %u should be %u\n", __LINE__, #stype, #tfield, \
(unsigned int)s1->stype.out.tfield, \
(unsigned int)correct_size); \
ret = false; \
}} while (0)
s1 = fnum_find("STANDARD_INFO");
correct_size = s1->standard_info.out.size;
torture_comment(torture, "size: %u\n", (unsigned int)correct_size);
SIZE_CHECK("GETATTR", getattr, size);
SIZE_CHECK("GETATTRE", getattre, size);
SIZE_CHECK("STANDARD", standard, size);
SIZE_CHECK("EA_SIZE", ea_size, size);
SIZE_CHECK("STANDARD_INFO", standard_info, size);
SIZE_CHECK("STANDARD_INFORMATION", standard_info, size);
SIZE_CHECK("ALL_INFO", all_info, size);
SIZE_CHECK("ALL_INFORMATION", all_info, size);
SIZE_CHECK("COMPRESSION_INFO", compression_info, compressed_size);
SIZE_CHECK("COMPRESSION_INFORMATION", compression_info, compressed_size);
SIZE_CHECK("NETWORK_OPEN_INFORMATION", network_open_information, size);
if (!skip_streams) {
SIZE_CHECK("STREAM_INFO", stream_info, streams[0].size);
SIZE_CHECK("STREAM_INFORMATION", stream_info, streams[0].size);
}
s1 = fnum_find("STANDARD_INFO");
correct_size = s1->standard_info.out.alloc_size;
torture_comment(torture, "alloc_size: %u\n", (unsigned int)correct_size);
SIZE_CHECK("GETATTRE", getattre, alloc_size);
SIZE_CHECK("STANDARD", standard, alloc_size);
SIZE_CHECK("EA_SIZE", ea_size, alloc_size);
SIZE_CHECK("STANDARD_INFO", standard_info, alloc_size);
SIZE_CHECK("STANDARD_INFORMATION", standard_info, alloc_size);
SIZE_CHECK("ALL_INFO", all_info, alloc_size);
SIZE_CHECK("ALL_INFORMATION", all_info, alloc_size);
SIZE_CHECK("NETWORK_OPEN_INFORMATION", network_open_information, alloc_size);
if (!skip_streams) {
SIZE_CHECK("STREAM_INFO", stream_info, streams[0].alloc_size);
SIZE_CHECK("STREAM_INFORMATION", stream_info, streams[0].alloc_size);
}
#define ATTRIB_CHECK(sname, stype, tfield) do { \
s1 = fnum_find(sname); \
if (s1 && s1->stype.out.tfield != correct_attrib) { \
printf("(%d) handle %s/%s incorrect - 0x%x should be 0x%x\n", __LINE__, #stype, #tfield, \
(unsigned int)s1->stype.out.tfield, \
(unsigned int)correct_attrib); \
ret = false; \
} \
s1 = fname_find(is_ipc, sname); \
if (s1 && s1->stype.out.tfield != correct_attrib) { \
printf("(%d) path %s/%s incorrect - 0x%x should be 0x%x\n", __LINE__, #stype, #tfield, \
(unsigned int)s1->stype.out.tfield, \
(unsigned int)correct_attrib); \
ret = false; \
}} while (0)
s1 = fnum_find("BASIC_INFO");
correct_attrib = s1->basic_info.out.attrib;
torture_comment(torture, "attrib: 0x%x\n", (unsigned int)correct_attrib);
ATTRIB_CHECK("GETATTR", getattr, attrib);
if (!is_ipc) {
ATTRIB_CHECK("GETATTRE", getattre, attrib);
ATTRIB_CHECK("STANDARD", standard, attrib);
ATTRIB_CHECK("EA_SIZE", ea_size, attrib);
}
ATTRIB_CHECK("BASIC_INFO", basic_info, attrib);
ATTRIB_CHECK("BASIC_INFORMATION", basic_info, attrib);
ATTRIB_CHECK("ALL_INFO", all_info, attrib);
ATTRIB_CHECK("ALL_INFORMATION", all_info, attrib);
ATTRIB_CHECK("NETWORK_OPEN_INFORMATION", network_open_information, attrib);
ATTRIB_CHECK("ATTRIBUTE_TAG_INFORMATION", attribute_tag_information, attrib);
correct_name = fname;
torture_comment(torture, "name: %s\n", correct_name);
#define NAME_CHECK(sname, stype, tfield, flags) do { \
s1 = fnum_find(sname); \
if (s1 && (strcmp_safe(s1->stype.out.tfield.s, correct_name) != 0 || \
wire_bad_flags(&s1->stype.out.tfield, flags, tree->session->transport))) { \
printf("(%d) handle %s/%s incorrect - '%s/%d'\n", __LINE__, #stype, #tfield, \
s1->stype.out.tfield.s, s1->stype.out.tfield.private_length); \
ret = false; \
} \
s1 = fname_find(is_ipc, sname); \
if (s1 && (strcmp_safe(s1->stype.out.tfield.s, correct_name) != 0 || \
wire_bad_flags(&s1->stype.out.tfield, flags, tree->session->transport))) { \
printf("(%d) path %s/%s incorrect - '%s/%d'\n", __LINE__, #stype, #tfield, \
s1->stype.out.tfield.s, s1->stype.out.tfield.private_length); \
ret = false; \
}} while (0)
NAME_CHECK("NAME_INFO", name_info, fname, STR_UNICODE);
NAME_CHECK("NAME_INFORMATION", name_info, fname, STR_UNICODE);
/* the ALL_INFO file name is the full path on the filesystem */
s1 = fnum_find("ALL_INFO");
if (s1 && !s1->all_info.out.fname.s) {
torture_fail(torture, "ALL_INFO didn't give a filename");
}
if (s1 && s1->all_info.out.fname.s) {
char *p = strrchr(s1->all_info.out.fname.s, '\\');
if (!p) {
printf("Not a full path in all_info/fname? - '%s'\n",
s1->all_info.out.fname.s);
ret = false;
} else {
if (strcmp_safe(correct_name, p) != 0) {
printf("incorrect basename in all_info/fname - '%s'\n",
s1->all_info.out.fname.s);
ret = false;
}
}
if (wire_bad_flags(&s1->all_info.out.fname, STR_UNICODE, tree->session->transport)) {
printf("Should not null terminate all_info/fname\n");
ret = false;
}
}
s1 = fnum_find("ALT_NAME_INFO");
if (s1) {
correct_name = s1->alt_name_info.out.fname.s;
}
if (!correct_name) {
torture_comment(torture, "no alternate name information\n");
} else {
torture_comment(torture, "alt_name: %s\n", correct_name);
NAME_CHECK("ALT_NAME_INFO", alt_name_info, fname, STR_UNICODE);
NAME_CHECK("ALT_NAME_INFORMATION", alt_name_info, fname, STR_UNICODE);
/* and make sure we can open by alternate name */
smbcli_close(tree, fnum);
fnum = smbcli_nt_create_full(tree, correct_name, 0,
SEC_RIGHTS_FILE_ALL,
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_DELETE|
NTCREATEX_SHARE_ACCESS_READ|
NTCREATEX_SHARE_ACCESS_WRITE,
NTCREATEX_DISP_OVERWRITE_IF,
0, 0);
if (fnum == -1) {
printf("Unable to open by alt_name - %s\n", smbcli_errstr(tree));
ret = false;
}
if (!skip_streams) {
correct_name = "::$DATA";
torture_comment(torture, "stream_name: %s\n", correct_name);
NAME_CHECK("STREAM_INFO", stream_info, streams[0].stream_name, STR_UNICODE);
NAME_CHECK("STREAM_INFORMATION", stream_info, streams[0].stream_name, STR_UNICODE);
}
}
/* make sure the EAs look right */
s1 = fnum_find("ALL_EAS");
s2 = fnum_find("ALL_INFO");
if (s1) {
for (i=0;i<s1->all_eas.out.num_eas;i++) {
printf(" flags=%d %s=%*.*s\n",
s1->all_eas.out.eas[i].flags,
s1->all_eas.out.eas[i].name.s,
(int)s1->all_eas.out.eas[i].value.length,
(int)s1->all_eas.out.eas[i].value.length,
s1->all_eas.out.eas[i].value.data);
}
}
if (s1 && s2) {
if (s1->all_eas.out.num_eas == 0) {
if (s2->all_info.out.ea_size != 0) {
printf("ERROR: num_eas==0 but fnum all_info.out.ea_size == %d\n",
s2->all_info.out.ea_size);
}
} else {
if (s2->all_info.out.ea_size !=
ea_list_size(s1->all_eas.out.num_eas, s1->all_eas.out.eas)) {
printf("ERROR: ea_list_size=%d != fnum all_info.out.ea_size=%d\n",
(int)ea_list_size(s1->all_eas.out.num_eas, s1->all_eas.out.eas),
(int)s2->all_info.out.ea_size);
}
}
}
s2 = fname_find(is_ipc, "ALL_EAS");
if (s2) {
VAL_EQUAL(all_eas, num_eas, all_eas, num_eas);
for (i=0;i<s1->all_eas.out.num_eas;i++) {
VAL_EQUAL(all_eas, eas[i].flags, all_eas, eas[i].flags);
STR_EQUAL(all_eas, eas[i].name, all_eas, eas[i].name);
VAL_EQUAL(all_eas, eas[i].value.length, all_eas, eas[i].value.length);
}
}
#define VAL_CHECK(sname1, stype1, tfield1, sname2, stype2, tfield2) do { \
s1 = fnum_find(sname1); s2 = fnum_find(sname2); \
if (s1 && s2 && s1->stype1.out.tfield1 != s2->stype2.out.tfield2) { \
printf("(%d) handle %s/%s != %s/%s - 0x%x vs 0x%x\n", __LINE__, \
#stype1, #tfield1, #stype2, #tfield2, \
s1->stype1.out.tfield1, s2->stype2.out.tfield2); \
ret = false; \
} \
s1 = fname_find(is_ipc, sname1); s2 = fname_find(is_ipc, sname2); \
if (s1 && s2 && s1->stype1.out.tfield1 != s2->stype2.out.tfield2) { \
printf("(%d) path %s/%s != %s/%s - 0x%x vs 0x%x\n", __LINE__, \
#stype1, #tfield1, #stype2, #tfield2, \
s1->stype1.out.tfield1, s2->stype2.out.tfield2); \
ret = false; \
} \
s1 = fnum_find(sname1); s2 = fname_find(is_ipc, sname2); \
if (s1 && s2 && s1->stype1.out.tfield1 != s2->stype2.out.tfield2) { \
printf("(%d) handle %s/%s != path %s/%s - 0x%x vs 0x%x\n", __LINE__, \
#stype1, #tfield1, #stype2, #tfield2, \
s1->stype1.out.tfield1, s2->stype2.out.tfield2); \
ret = false; \
} \
s1 = fname_find(is_ipc, sname1); s2 = fnum_find(sname2); \
if (s1 && s2 && s1->stype1.out.tfield1 != s2->stype2.out.tfield2) { \
printf("(%d) path %s/%s != handle %s/%s - 0x%x vs 0x%x\n", __LINE__, \
#stype1, #tfield1, #stype2, #tfield2, \
s1->stype1.out.tfield1, s2->stype2.out.tfield2); \
ret = false; \
}} while (0)
VAL_CHECK("STANDARD_INFO", standard_info, delete_pending,
"ALL_INFO", all_info, delete_pending);
VAL_CHECK("STANDARD_INFO", standard_info, directory,
"ALL_INFO", all_info, directory);
VAL_CHECK("STANDARD_INFO", standard_info, nlink,
"ALL_INFO", all_info, nlink);
s1 = fnum_find("BASIC_INFO");
if (s1 && is_ipc) {
if (s1->basic_info.out.attrib != FILE_ATTRIBUTE_NORMAL) {
printf("(%d) attrib basic_info/nlink incorrect - %d should be %d\n", __LINE__, s1->basic_info.out.attrib, (int)FILE_ATTRIBUTE_NORMAL);
ret = false;
}
}
s1 = fnum_find("STANDARD_INFO");
if (s1 && is_ipc) {
if (s1->standard_info.out.nlink != 1) {
printf("(%d) nlinks standard_info/nlink incorrect - %d should be 1\n", __LINE__, s1->standard_info.out.nlink);
ret = false;
}
if (s1->standard_info.out.delete_pending != 1) {
printf("(%d) nlinks standard_info/delete_pending incorrect - %d should be 1\n", __LINE__, s1->standard_info.out.delete_pending);
ret = false;
}
}
VAL_CHECK("EA_INFO", ea_info, ea_size,
"ALL_INFO", all_info, ea_size);
if (!is_ipc) {
VAL_CHECK("EA_SIZE", ea_size, ea_size,
"ALL_INFO", all_info, ea_size);
}
#define NAME_PATH_CHECK(sname, stype, field) do { \
s1 = fname_find(is_ipc, sname); s2 = fnum_find(sname); \
if (s1 && s2) { \
VAL_EQUAL(stype, field, stype, field); \
} \
} while (0)
s1 = fnum_find("INTERNAL_INFORMATION");
if (s1) {
torture_comment(torture, "file_id=%.0f\n", (double)s1->internal_information.out.file_id);
}
NAME_PATH_CHECK("INTERNAL_INFORMATION", internal_information, file_id);
NAME_PATH_CHECK("POSITION_INFORMATION", position_information, position);
if (s1 && s2) {
printf("fnum pos = %.0f, fname pos = %.0f\n",
(double)s2->position_information.out.position,
(double)s1->position_information.out.position );
}
NAME_PATH_CHECK("MODE_INFORMATION", mode_information, mode);
NAME_PATH_CHECK("ALIGNMENT_INFORMATION", alignment_information, alignment_requirement);
NAME_PATH_CHECK("ATTRIBUTE_TAG_INFORMATION", attribute_tag_information, attrib);
NAME_PATH_CHECK("ATTRIBUTE_TAG_INFORMATION", attribute_tag_information, reparse_tag);
#if 0
/* these are expected to differ */
NAME_PATH_CHECK("ACCESS_INFORMATION", access_information, access_flags);
#endif
#if 0 /* unused */
#define UNKNOWN_CHECK(sname, stype, tfield) do { \
s1 = fnum_find(sname); \
if (s1 && s1->stype.out.tfield != 0) { \
printf("(%d) handle %s/%s unknown != 0 (0x%x)\n", __LINE__, \
#stype, #tfield, \
(unsigned int)s1->stype.out.tfield); \
} \
s1 = fname_find(is_ipc, sname); \
if (s1 && s1->stype.out.tfield != 0) { \
printf("(%d) path %s/%s unknown != 0 (0x%x)\n", __LINE__, \
#stype, #tfield, \
(unsigned int)s1->stype.out.tfield); \
}} while (0)
#endif
/* now get a bit fancier .... */
/* when we set the delete disposition then the link count should drop
to 0 and delete_pending should be 1 */
return ret;
}
static bool test_schannel_anonymous_setPassword(struct torture_context *tctx,
uint32_t dcerpc_flags,
bool use2)
{
NTSTATUS status, result;
const char *binding = torture_setting_string(tctx, "binding", NULL);
struct dcerpc_binding *b;
struct dcerpc_pipe *p = NULL;
struct cli_credentials *credentials;
bool ok = true;
credentials = cli_credentials_init(NULL);
torture_assert(tctx, credentials != NULL, "Bad credentials");
cli_credentials_set_anonymous(credentials);
status = dcerpc_parse_binding(tctx, binding, &b);
torture_assert_ntstatus_ok(tctx, status, "Bad binding string");
status = dcerpc_binding_set_flags(b, dcerpc_flags, DCERPC_AUTH_OPTIONS);
torture_assert_ntstatus_ok(tctx, status, "set flags");
status = dcerpc_pipe_connect_b(tctx,
&p,
b,
&ndr_table_netlogon,
credentials,
tctx->ev,
tctx->lp_ctx);
torture_assert_ntstatus_ok(tctx, status, "Failed to connect without schannel");
if (use2) {
struct netr_ServerPasswordSet2 r = {};
struct netr_Authenticator credential = {};
struct netr_Authenticator return_authenticator = {};
struct netr_CryptPassword new_password = {};
r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
r.in.secure_channel_type = 0;
r.in.computer_name = TEST_MACHINE_NAME;
r.in.credential = &credential;
r.in.new_password = &new_password;
r.out.return_authenticator = &return_authenticator;
status = dcerpc_netr_ServerPasswordSet2_r(p->binding_handle, tctx, &r);
result = r.out.result;
} else {
struct netr_ServerPasswordSet r = {};
struct netr_Authenticator credential = {};
struct netr_Authenticator return_authenticator = {};
struct samr_Password new_password = {};
r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME);
r.in.secure_channel_type = 0;
r.in.computer_name = TEST_MACHINE_NAME;
r.in.credential = &credential;
r.in.new_password = &new_password;
r.out.return_authenticator = &return_authenticator;
status = dcerpc_netr_ServerPasswordSet_r(p->binding_handle, tctx, &r);
result = r.out.result;
}
torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet failed");
if (NT_STATUS_IS_OK(result)) {
torture_fail(tctx, "unexpectedly received NT_STATUS_OK");
}
return ok;
}
static bool torture_rpc_spoolss_access_setup_common(struct torture_context *tctx, struct torture_access_context *t)
{
void *testuser;
const char *testuser_passwd;
struct cli_credentials *test_credentials;
struct dom_sid *test_sid;
struct dcerpc_pipe *p;
const char *printername;
const char *binding = torture_setting_string(tctx, "binding", NULL);
struct dcerpc_pipe *spoolss_pipe;
testuser = torture_create_testuser_max_pwlen(tctx, t->user.username,
torture_setting_string(tctx, "workgroup", NULL),
ACB_NORMAL,
&testuser_passwd,
32);
if (!testuser) {
torture_fail(tctx, "Failed to create test user");
}
test_credentials = cli_credentials_init(tctx);
cli_credentials_set_workstation(test_credentials, "localhost", CRED_SPECIFIED);
cli_credentials_set_domain(test_credentials, lpcfg_workgroup(tctx->lp_ctx),
CRED_SPECIFIED);
cli_credentials_set_username(test_credentials, t->user.username, CRED_SPECIFIED);
cli_credentials_set_password(test_credentials, testuser_passwd, CRED_SPECIFIED);
test_sid = discard_const_p(struct dom_sid,
torture_join_user_sid(testuser));
if (t->user.num_builtin_memberships) {
struct dcerpc_pipe *samr_pipe = torture_join_samr_pipe(testuser);
torture_assert(tctx,
spoolss_access_setup_membership(tctx, samr_pipe,
t->user.num_builtin_memberships,
t->user.builtin_memberships,
test_sid),
"failed to setup membership");
}
if (t->user.num_privs) {
struct dcerpc_pipe *lsa_pipe;
torture_assert_ntstatus_ok(tctx,
torture_rpc_connection(tctx, &lsa_pipe, &ndr_table_lsarpc),
"Error connecting to server");
torture_assert(tctx,
spoolss_access_setup_privs(tctx, lsa_pipe,
t->user.num_privs,
t->user.privs,
test_sid,
&t->user.privs_present),
"failed to setup privs");
talloc_free(lsa_pipe);
}
torture_assert_ntstatus_ok(tctx,
torture_rpc_connection(tctx, &spoolss_pipe, &ndr_table_spoolss),
"Error connecting to server");
torture_assert(tctx,
test_EnumPrinters_findone(tctx, spoolss_pipe, &printername),
"failed to enumerate printers");
if (t->user.sd && printername) {
torture_assert(tctx,
spoolss_access_setup_sd(tctx, spoolss_pipe,
printername,
test_sid,
&t->sd_orig),
"failed to setup sd");
}
talloc_free(spoolss_pipe);
torture_assert_ntstatus_ok(tctx,
dcerpc_pipe_connect(tctx, &p, binding, &ndr_table_spoolss,
test_credentials, tctx->ev, tctx->lp_ctx),
"Error connecting to server");
t->spoolss_pipe = p;
t->printername = printername;
t->user.testuser = testuser;
return true;
}
/*
test tdb speed
*/
static bool test_tdb_speed(struct torture_context *torture, const void *_data)
{
struct timeval tv;
struct tdb_wrap *tdbw;
int timelimit = torture_setting_int(torture, "timelimit", 10);
int i, count;
TALLOC_CTX *tmp_ctx = talloc_new(torture);
unlink("test.tdb");
torture_comment(torture, "Testing tdb speed for sidmap\n");
tdbw = tdb_wrap_open(tmp_ctx, "test.tdb",
10000, 0, O_RDWR|O_CREAT|O_TRUNC, 0600);
if (!tdbw) {
unlink("test.tdb");
talloc_free(tmp_ctx);
torture_fail(torture, "Failed to open test.tdb");
}
torture_comment(torture, "Adding %d SID records\n", torture_entries);
for (i=0;i<torture_entries;i++) {
if (!tdb_add_record(tdbw,
"S-1-5-21-53173311-3623041448-2049097239-%u",
"UID %u", i)) {
torture_result(torture, TORTURE_FAIL, "Failed to add SID %d\n", i);
goto failed;
}
if (!tdb_add_record(tdbw,
"UID %u",
"S-1-5-21-53173311-3623041448-2049097239-%u", i)) {
torture_result(torture, TORTURE_FAIL, "Failed to add UID %d\n", i);
goto failed;
}
}
torture_comment(torture, "Testing for %d seconds\n", timelimit);
tv = timeval_current();
for (count=0;timeval_elapsed(&tv) < timelimit;count++) {
TDB_DATA key, data;
i = random() % torture_entries;
key.dptr = (uint8_t *)talloc_asprintf(tmp_ctx, "S-1-5-21-53173311-3623041448-2049097239-%u", i);
key.dsize = strlen((char *)key.dptr)+1;
data = tdb_fetch(tdbw->tdb, key);
talloc_free(key.dptr);
if (data.dptr == NULL) {
torture_result(torture, TORTURE_FAIL, "Failed to fetch SID %d\n", i);
goto failed;
}
free(data.dptr);
key.dptr = (uint8_t *)talloc_asprintf(tmp_ctx, "UID %u", i);
key.dsize = strlen((char *)key.dptr)+1;
data = tdb_fetch(tdbw->tdb, key);
talloc_free(key.dptr);
if (data.dptr == NULL) {
torture_result(torture, TORTURE_FAIL, "Failed to fetch UID %d\n", i);
goto failed;
}
free(data.dptr);
}
tdb_speed = count/timeval_elapsed(&tv);
torture_comment(torture, "tdb speed %.2f ops/sec\n", tdb_speed);
unlink("test.tdb");
talloc_free(tmp_ctx);
return true;
failed:
unlink("test.tdb");
talloc_free(tmp_ctx);
return false;
}
