/**
* The challenge from the target server, when operating in security=server
**/
static NTSTATUS server_get_challenge(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx, uint8_t chal[8])
{
struct smb_composite_connect io;
struct smbcli_options smb_options;
const char **host_list;
NTSTATUS status;
/* Make a connection to the target server, found by 'password server' in smb.conf */
lp_smbcli_options(ctx->auth_ctx->lp_ctx, &smb_options);
/* Make a negprot, WITHOUT SPNEGO, so we get a challenge nice an easy */
io.in.options.use_spnego = false;
/* Hope we don't get * (the default), as this won't work... */
host_list = lp_passwordserver(ctx->auth_ctx->lp_ctx);
if (!host_list) {
return NT_STATUS_INTERNAL_ERROR;
}
io.in.dest_host = host_list[0];
if (strequal(io.in.dest_host, "*")) {
return NT_STATUS_INTERNAL_ERROR;
}
io.in.dest_ports = lp_smb_ports(ctx->auth_ctx->lp_ctx);
io.in.socket_options = lp_socket_options(ctx->auth_ctx->lp_ctx);
io.in.gensec_settings = lp_gensec_settings(mem_ctx, ctx->auth_ctx->lp_ctx);
io.in.called_name = strupper_talloc(mem_ctx, io.in.dest_host);
/* We don't want to get as far as the session setup */
io.in.credentials = cli_credentials_init_anon(mem_ctx);
cli_credentials_set_workstation(io.in.credentials,
lp_netbios_name(ctx->auth_ctx->lp_ctx),
CRED_SPECIFIED);
io.in.service = NULL;
io.in.workgroup = ""; /* only used with SPNEGO, disabled above */
io.in.options = smb_options;
io.in.iconv_convenience = lp_iconv_convenience(ctx->auth_ctx->lp_ctx);
lp_smbcli_session_options(ctx->auth_ctx->lp_ctx, &io.in.session_options);
status = smb_composite_connect(&io, mem_ctx, lp_resolve_context(ctx->auth_ctx->lp_ctx),
ctx->auth_ctx->event_ctx);
NT_STATUS_NOT_OK_RETURN(status);
if (io.out.tree->session->transport->negotiate.secblob.length != 8) {
return NT_STATUS_INTERNAL_ERROR;
}
memcpy(chal, io.out.tree->session->transport->negotiate.secblob.data, 8);
ctx->private_data = talloc_steal(ctx, io.out.tree->session);
return NT_STATUS_OK;
}
NTSTATUS svc_UploadService(const char *hostname,
struct cli_credentials * credentials, int flags)
{
struct smb_composite_savefile *io;
struct smbcli_state *cli;
NTSTATUS status;
struct smbcli_options options;
struct smbcli_session_options session_options;
lp_smbcli_options(cmdline_lp_ctx, &options);
lp_smbcli_session_options(cmdline_lp_ctx, &session_options);
status =
smbcli_full_connection(NULL, &cli, hostname, lp_smb_ports(cmdline_lp_ctx), "ADMIN$", NULL,
lp_socket_options(cmdline_lp_ctx), credentials, lp_resolve_context(cmdline_lp_ctx), ev_ctx, &options, &session_options, lp_iconv_convenience(cmdline_lp_ctx), lp_gensec_settings(NULL, cmdline_lp_ctx));
NT_ERR(status, 1, "Failed to open ADMIN$ share");
if (flags & SVC_FORCE_UPLOAD) {
smbcli_unlink(cli->tree, "winexesvc.exe");
} else {
int fd = smbcli_open(cli->tree, "winexesvc.exe", O_RDONLY, DENY_NONE);
if (fd >= 0) {
smbcli_close(cli->tree, fd);
return status;
}
}
io = talloc_zero(cli->tree, struct smb_composite_savefile);
io->in.fname = "winexesvc.exe";
if (flags & SVC_OSCHOOSE) {
status = smbcli_chkpath(cli->tree, "SysWoW64");
}
if ((flags & SVC_OSCHOOSE && NT_STATUS_IS_OK(status)) || (flags & SVC_OS64BIT)) {
DEBUG(1, ("svc_UploadService: Installing 64bit winexesvc.exe\n"));
io->in.data = winexesvc64_exe;
io->in.size = winexesvc64_exe_len;
} else {
DEBUG(1, ("svc_UploadService: Installing 32bit winexesvc.exe\n"));
io->in.data = winexesvc32_exe;
io->in.size = winexesvc32_exe_len;
}
status = smb_composite_savefile(cli->tree, io);
NT_ERR(status, 1, "Failed to save ADMIN$/%s", io->in.fname);
talloc_free(io);
smbcli_tdis(cli);
return status;
}
/* test UDP/138 netlogon requests */
static bool nbt_test_netlogon(struct torture_context *tctx)
{
struct dgram_mailslot_handler *dgmslot;
struct nbt_dgram_socket *dgmsock = nbt_dgram_socket_init(tctx, tctx->ev,
lp_iconv_convenience(tctx->lp_ctx));
struct socket_address *dest;
const char *myaddress;
struct nbt_netlogon_packet logon;
struct nbt_netlogon_response *response;
struct nbt_name myname;
NTSTATUS status;
struct timeval tv = timeval_current();
struct socket_address *socket_address;
const char *address;
struct nbt_name name;
struct interface *ifaces;
name.name = lp_workgroup(tctx->lp_ctx);
name.type = NBT_NAME_LOGON;
name.scope = NULL;
/* do an initial name resolution to find its IP */
torture_assert_ntstatus_ok(tctx,
resolve_name(lp_resolve_context(tctx->lp_ctx), &name, tctx, &address, tctx->ev),
talloc_asprintf(tctx, "Failed to resolve %s", name.name));
load_interfaces(tctx, lp_interfaces(tctx->lp_ctx), &ifaces);
myaddress = talloc_strdup(dgmsock, iface_best_ip(ifaces, address));
socket_address = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name,
myaddress, lp_dgram_port(tctx->lp_ctx));
torture_assert(tctx, socket_address != NULL, "Error getting address");
/* try receiving replies on port 138 first, which will only
work if we are root and smbd/nmbd are not running - fall
back to listening on any port, which means replies from
most windows versions won't be seen */
status = socket_listen(dgmsock->sock, socket_address, 0, 0);
if (!NT_STATUS_IS_OK(status)) {
talloc_free(socket_address);
socket_address = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name,
myaddress, 0);
torture_assert(tctx, socket_address != NULL, "Error getting address");
socket_listen(dgmsock->sock, socket_address, 0, 0);
}
/* setup a temporary mailslot listener for replies */
dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC,
netlogon_handler, NULL);
ZERO_STRUCT(logon);
logon.command = LOGON_PRIMARY_QUERY;
logon.req.pdc.computer_name = TEST_NAME;
logon.req.pdc.mailslot_name = dgmslot->mailslot_name;
logon.req.pdc.unicode_name = TEST_NAME;
logon.req.pdc.nt_version = 1;
logon.req.pdc.lmnt_token = 0xFFFF;
logon.req.pdc.lm20_token = 0xFFFF;
make_nbt_name_client(&myname, TEST_NAME);
dest = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name,
address, lp_dgram_port(tctx->lp_ctx));
torture_assert(tctx, dest != NULL, "Error getting address");
status = dgram_mailslot_netlogon_send(dgmsock, &name, dest,
NBT_MAILSLOT_NETLOGON,
&myname, &logon);
torture_assert_ntstatus_ok(tctx, status, "Failed to send netlogon request");
while (timeval_elapsed(&tv) < 5 && !dgmslot->private_data) {
event_loop_once(dgmsock->event_ctx);
}
response = talloc_get_type(dgmslot->private_data, struct nbt_netlogon_response);
torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet");
torture_assert(tctx, response->response_type == NETLOGON_GET_PDC, "Got incorrect type of netlogon response");
torture_assert(tctx, response->data.get_pdc.command == NETLOGON_RESPONSE_FROM_PDC, "Got incorrect netlogon response command");
return true;
}
/* test UDP/138 netlogon requests */
static bool nbt_test_netlogon2(struct torture_context *tctx)
{
struct dgram_mailslot_handler *dgmslot;
struct nbt_dgram_socket *dgmsock = nbt_dgram_socket_init(tctx, tctx->ev,
lp_iconv_convenience(tctx->lp_ctx));
struct socket_address *dest;
const char *myaddress;
struct nbt_netlogon_packet logon;
struct nbt_netlogon_response *response;
struct nbt_name myname;
NTSTATUS status;
struct timeval tv = timeval_current();
struct socket_address *socket_address;
const char *address;
struct nbt_name name;
struct interface *ifaces;
struct test_join *join_ctx;
struct cli_credentials *machine_credentials;
const struct dom_sid *dom_sid;
name.name = lp_workgroup(tctx->lp_ctx);
name.type = NBT_NAME_LOGON;
name.scope = NULL;
/* do an initial name resolution to find its IP */
torture_assert_ntstatus_ok(tctx,
resolve_name(lp_resolve_context(tctx->lp_ctx), &name, tctx, &address, tctx->ev),
talloc_asprintf(tctx, "Failed to resolve %s", name.name));
load_interfaces(tctx, lp_interfaces(tctx->lp_ctx), &ifaces);
myaddress = talloc_strdup(dgmsock, iface_best_ip(ifaces, address));
socket_address = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name,
myaddress, lp_dgram_port(tctx->lp_ctx));
torture_assert(tctx, socket_address != NULL, "Error getting address");
/* try receiving replies on port 138 first, which will only
work if we are root and smbd/nmbd are not running - fall
back to listening on any port, which means replies from
some windows versions won't be seen */
status = socket_listen(dgmsock->sock, socket_address, 0, 0);
if (!NT_STATUS_IS_OK(status)) {
talloc_free(socket_address);
socket_address = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name,
myaddress, 0);
torture_assert(tctx, socket_address != NULL, "Error getting address");
socket_listen(dgmsock->sock, socket_address, 0, 0);
}
/* setup a temporary mailslot listener for replies */
dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC,
netlogon_handler, NULL);
ZERO_STRUCT(logon);
logon.command = LOGON_SAM_LOGON_REQUEST;
logon.req.logon.request_count = 0;
logon.req.logon.computer_name = TEST_NAME;
logon.req.logon.user_name = "";
logon.req.logon.mailslot_name = dgmslot->mailslot_name;
logon.req.logon.nt_version = NETLOGON_NT_VERSION_5EX_WITH_IP|NETLOGON_NT_VERSION_5|NETLOGON_NT_VERSION_1;
logon.req.logon.lmnt_token = 0xFFFF;
logon.req.logon.lm20_token = 0xFFFF;
make_nbt_name_client(&myname, TEST_NAME);
dest = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name,
address, lp_dgram_port(tctx->lp_ctx));
torture_assert(tctx, dest != NULL, "Error getting address");
status = dgram_mailslot_netlogon_send(dgmsock, &name, dest,
NBT_MAILSLOT_NETLOGON,
&myname, &logon);
torture_assert_ntstatus_ok(tctx, status, "Failed to send netlogon request");
while (timeval_elapsed(&tv) < 5 && dgmslot->private_data == NULL) {
event_loop_once(dgmsock->event_ctx);
}
response = talloc_get_type(dgmslot->private_data, struct nbt_netlogon_response);
torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet");
torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response");
map_netlogon_samlogon_response(&response->data.samlogon);
torture_assert_int_equal(tctx, response->data.samlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX, "Got incorrect netlogon response command");
torture_assert_int_equal(tctx, response->data.samlogon.data.nt5_ex.nt_version, NETLOGON_NT_VERSION_5EX_WITH_IP|NETLOGON_NT_VERSION_5EX|NETLOGON_NT_VERSION_1, "Got incorrect netlogon response command");
/* setup (another) temporary mailslot listener for replies */
dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC,
netlogon_handler, NULL);
ZERO_STRUCT(logon);
logon.command = LOGON_SAM_LOGON_REQUEST;
logon.req.logon.request_count = 0;
logon.req.logon.computer_name = TEST_NAME;
logon.req.logon.user_name = TEST_NAME"$";
logon.req.logon.mailslot_name = dgmslot->mailslot_name;
logon.req.logon.nt_version = 1;
logon.req.logon.lmnt_token = 0xFFFF;
logon.req.logon.lm20_token = 0xFFFF;
make_nbt_name_client(&myname, TEST_NAME);
dest = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name,
address, lp_dgram_port(tctx->lp_ctx));
torture_assert(tctx, dest != NULL, "Error getting address");
status = dgram_mailslot_netlogon_send(dgmsock, &name, dest,
NBT_MAILSLOT_NETLOGON,
&myname, &logon);
torture_assert_ntstatus_ok(tctx, status, "Failed to send netlogon request");
while (timeval_elapsed(&tv) < 5 && dgmslot->private_data == NULL) {
event_loop_once(dgmsock->event_ctx);
}
response = talloc_get_type(dgmslot->private_data, struct nbt_netlogon_response);
torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet");
torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response");
map_netlogon_samlogon_response(&response->data.samlogon);
torture_assert_int_equal(tctx, response->data.samlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN, "Got incorrect netlogon response command");
torture_assert_str_equal(tctx, response->data.samlogon.data.nt5_ex.user_name, TEST_NAME"$", "Got incorrect user in netlogon response");
join_ctx = torture_join_domain(tctx, TEST_NAME,
ACB_WSTRUST, &machine_credentials);
torture_assert(tctx, join_ctx != NULL,
talloc_asprintf(tctx, "Failed to join domain %s as %s\n",
lp_workgroup(tctx->lp_ctx), TEST_NAME));
dom_sid = torture_join_sid(join_ctx);
/* setup (another) temporary mailslot listener for replies */
dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC,
netlogon_handler, NULL);
ZERO_STRUCT(logon);
logon.command = LOGON_SAM_LOGON_REQUEST;
logon.req.logon.request_count = 0;
logon.req.logon.computer_name = TEST_NAME;
logon.req.logon.user_name = TEST_NAME"$";
logon.req.logon.mailslot_name = dgmslot->mailslot_name;
logon.req.logon.sid = *dom_sid;
logon.req.logon.nt_version = 1;
logon.req.logon.lmnt_token = 0xFFFF;
logon.req.logon.lm20_token = 0xFFFF;
make_nbt_name_client(&myname, TEST_NAME);
dest = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name,
address, lp_dgram_port(tctx->lp_ctx));
torture_assert(tctx, dest != NULL, "Error getting address");
status = dgram_mailslot_netlogon_send(dgmsock, &name, dest,
NBT_MAILSLOT_NETLOGON,
&myname, &logon);
torture_assert_ntstatus_ok(tctx, status, "Failed to send netlogon request");
while (timeval_elapsed(&tv) < 5 && dgmslot->private_data == NULL) {
event_loop_once(dgmsock->event_ctx);
}
response = talloc_get_type(dgmslot->private_data, struct nbt_netlogon_response);
torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet");
torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response");
map_netlogon_samlogon_response(&response->data.samlogon);
torture_assert_int_equal(tctx, response->data.samlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN, "Got incorrect netlogon response command");
/* setup (another) temporary mailslot listener for replies */
dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC,
netlogon_handler, NULL);
torture_assert(tctx, dgmslot != NULL, "Error getting a Mailslot for GetDC reply");
ZERO_STRUCT(logon);
logon.command = LOGON_SAM_LOGON_REQUEST;
logon.req.logon.request_count = 0;
logon.req.logon.computer_name = TEST_NAME;
logon.req.logon.user_name = TEST_NAME"$";
logon.req.logon.mailslot_name = dgmslot->mailslot_name;
logon.req.logon.sid = *dom_sid;
logon.req.logon.acct_control = ACB_WSTRUST;
logon.req.logon.nt_version = 1;
logon.req.logon.lmnt_token = 0xFFFF;
logon.req.logon.lm20_token = 0xFFFF;
make_nbt_name_client(&myname, TEST_NAME);
dest = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name,
address, lp_dgram_port(tctx->lp_ctx));
torture_assert(tctx, dest != NULL, "Error getting address");
status = dgram_mailslot_netlogon_send(dgmsock, &name, dest,
NBT_MAILSLOT_NETLOGON,
&myname, &logon);
torture_assert_ntstatus_ok(tctx, status, "Failed to send netlogon request");
while (timeval_elapsed(&tv) < 5 && dgmslot->private_data == NULL) {
event_loop_once(dgmsock->event_ctx);
}
response = talloc_get_type(dgmslot->private_data, struct nbt_netlogon_response);
torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet");
torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response");
map_netlogon_samlogon_response(&response->data.samlogon);
torture_assert_int_equal(tctx, response->data.samlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE, "Got incorrect netlogon response command");
dgmslot->private_data = NULL;
ZERO_STRUCT(logon);
logon.command = LOGON_SAM_LOGON_REQUEST;
logon.req.logon.request_count = 0;
logon.req.logon.computer_name = TEST_NAME;
logon.req.logon.user_name = TEST_NAME"$";
logon.req.logon.mailslot_name = dgmslot->mailslot_name;
logon.req.logon.sid = *dom_sid;
logon.req.logon.acct_control = ACB_NORMAL;
logon.req.logon.nt_version = 1;
logon.req.logon.lmnt_token = 0xFFFF;
logon.req.logon.lm20_token = 0xFFFF;
make_nbt_name_client(&myname, TEST_NAME);
dest = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name,
address, lp_dgram_port(tctx->lp_ctx));
torture_assert(tctx, dest != NULL, "Error getting address");
status = dgram_mailslot_netlogon_send(dgmsock, &name, dest,
NBT_MAILSLOT_NETLOGON,
&myname, &logon);
torture_assert_ntstatus_ok(tctx, status, "Failed to send netlogon request");
while (timeval_elapsed(&tv) < 5 && dgmslot->private_data == NULL) {
event_loop_once(dgmsock->event_ctx);
}
response = talloc_get_type(dgmslot->private_data, struct nbt_netlogon_response);
torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet");
torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response");
map_netlogon_samlogon_response(&response->data.samlogon);
torture_assert_int_equal(tctx, response->data.samlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN, "Got incorrect netlogon response command");
torture_leave_domain(tctx, join_ctx);
return true;
}
/*
* find out Site specific stuff:
* 1. Lookup the Site name.
* 2. Add entry CN=<netbios name>,CN=Servers,CN=<site name>,CN=Sites,CN=Configuration,<domain dn>.
* TODO: 3.) use DsAddEntry() to create CN=NTDS Settings,CN=<netbios name>,CN=Servers,CN=<site name>,...
*/
NTSTATUS libnet_JoinSite(struct libnet_context *ctx,
struct ldb_context *remote_ldb,
struct libnet_JoinDomain *libnet_r)
{
NTSTATUS status;
TALLOC_CTX *tmp_ctx;
struct libnet_JoinSite *r;
struct ldb_dn *server_dn;
struct ldb_message *msg;
int rtn;
const char *server_dn_str;
const char *config_dn_str;
struct nbt_name name;
const char *dest_addr = NULL;
tmp_ctx = talloc_named(libnet_r, 0, "libnet_JoinSite temp context");
if (!tmp_ctx) {
libnet_r->out.error_string = NULL;
return NT_STATUS_NO_MEMORY;
}
r = talloc(tmp_ctx, struct libnet_JoinSite);
if (!r) {
libnet_r->out.error_string = NULL;
talloc_free(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
make_nbt_name_client(&name, libnet_r->out.samr_binding->host);
status = resolve_name(lp_resolve_context(ctx->lp_ctx), &name, r, &dest_addr, ctx->event_ctx);
if (!NT_STATUS_IS_OK(status)) {
libnet_r->out.error_string = NULL;
talloc_free(tmp_ctx);
return status;
}
/* Resolve the site name and AD DN's. */
r->in.dest_address = dest_addr;
r->in.netbios_name = libnet_r->in.netbios_name;
r->in.domain_dn_str = libnet_r->out.domain_dn_str;
r->in.cldap_port = lp_cldap_port(ctx->lp_ctx);
status = libnet_FindSite(tmp_ctx, ctx, r);
if (!NT_STATUS_IS_OK(status)) {
libnet_r->out.error_string =
talloc_steal(libnet_r, r->out.error_string);
talloc_free(tmp_ctx);
return status;
}
config_dn_str = r->out.config_dn_str;
server_dn_str = r->out.server_dn_str;
/*
Add entry CN=<netbios name>,CN=Servers,CN=<site name>,CN=Sites,CN=Configuration,<domain dn>.
*/
msg = ldb_msg_new(tmp_ctx);
if (!msg) {
libnet_r->out.error_string = NULL;
talloc_free(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
rtn = ldb_msg_add_string(msg, "objectClass", "server");
if (rtn != 0) {
libnet_r->out.error_string = NULL;
talloc_free(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
rtn = ldb_msg_add_string(msg, "systemFlags", "50000000");
if (rtn != 0) {
libnet_r->out.error_string = NULL;
talloc_free(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
rtn = ldb_msg_add_string(msg, "serverReference", libnet_r->out.account_dn_str);
if (rtn != 0) {
libnet_r->out.error_string = NULL;
talloc_free(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
server_dn = ldb_dn_new(tmp_ctx, remote_ldb, server_dn_str);
if ( ! ldb_dn_validate(server_dn)) {
libnet_r->out.error_string = talloc_asprintf(libnet_r,
"Invalid server dn: %s",
server_dn_str);
talloc_free(tmp_ctx);
return NT_STATUS_UNSUCCESSFUL;
}
msg->dn = server_dn;
rtn = ldb_add(remote_ldb, msg);
if (rtn == LDB_ERR_ENTRY_ALREADY_EXISTS) {
int i;
/* make a 'modify' msg, and only for serverReference */
msg = ldb_msg_new(tmp_ctx);
if (!msg) {
libnet_r->out.error_string = NULL;
talloc_free(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
msg->dn = server_dn;
rtn = ldb_msg_add_string(msg, "serverReference",libnet_r->out.account_dn_str);
if (rtn != 0) {
libnet_r->out.error_string = NULL;
talloc_free(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
/* mark all the message elements (should be just one)
as LDB_FLAG_MOD_REPLACE */
for (i=0; i<msg->num_elements; i++) {
msg->elements[i].flags = LDB_FLAG_MOD_REPLACE;
}
rtn = ldb_modify(remote_ldb, msg);
if (rtn != 0) {
libnet_r->out.error_string
= talloc_asprintf(libnet_r,
"Failed to modify server entry %s: %s: %d",
server_dn_str,
ldb_errstring(remote_ldb), rtn);
talloc_free(tmp_ctx);
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
} else if (rtn != 0) {
libnet_r->out.error_string
= talloc_asprintf(libnet_r,
"Failed to add server entry %s: %s: %d",
server_dn_str, ldb_errstring(remote_ldb),
rtn);
talloc_free(tmp_ctx);
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
DEBUG(0, ("We still need to perform a DsAddEntry() so that we can create the CN=NTDS Settings container.\n"));
/* Store the server DN in libnet_r */
libnet_r->out.server_dn_str = server_dn_str;
talloc_steal(libnet_r, server_dn_str);
talloc_free(tmp_ctx);
return NT_STATUS_OK;
}
/*****************************************************
return a connection to a server
*******************************************************/
static struct smbcli_state *connect_one(struct tevent_context *ev,
struct loadparm_context *lp_ctx,
TALLOC_CTX *mem_ctx,
char *share, int snum, int conn)
{
struct smbcli_state *c;
char *server, *myname;
NTSTATUS status;
int retries = 10;
struct smbcli_options options;
struct smbcli_session_options session_options;
lp_smbcli_options(lp_ctx, &options);
lp_smbcli_session_options(lp_ctx, &session_options);
printf("connect_one(%s, %d, %d)\n", share, snum, conn);
server = talloc_strdup(mem_ctx, share+2);
share = strchr_m(server,'\\');
if (!share) return NULL;
*share = 0;
share++;
if (snum == 0) {
char **unc_list = NULL;
int num_unc_names;
const char *p;
p = lp_parm_string(lp_ctx, NULL, "torture", "unclist");
if (p) {
char *h, *s;
unc_list = file_lines_load(p, &num_unc_names, 0, NULL);
if (!unc_list || num_unc_names <= 0) {
printf("Failed to load unc names list from '%s'\n", p);
exit(1);
}
if (!smbcli_parse_unc(unc_list[conn % num_unc_names],
NULL, &h, &s)) {
printf("Failed to parse UNC name %s\n",
unc_list[conn % num_unc_names]);
exit(1);
}
server = talloc_strdup(mem_ctx, h);
share = talloc_strdup(mem_ctx, s);
}
}
myname = talloc_asprintf(mem_ctx, "lock-%u-%u", getpid(), snum);
cli_credentials_set_workstation(servers[snum], myname, CRED_SPECIFIED);
do {
printf("\\\\%s\\%s\n", server, share);
status = smbcli_full_connection(NULL, &c,
server,
lp_smb_ports(lp_ctx),
share, NULL,
lp_socket_options(lp_ctx),
servers[snum],
lp_resolve_context(lp_ctx),
ev, &options, &session_options,
lp_iconv_convenience(lp_ctx),
lp_gensec_settings(mem_ctx, lp_ctx));
if (!NT_STATUS_IS_OK(status)) {
sleep(2);
}
} while (!NT_STATUS_IS_OK(status) && retries--);
if (!NT_STATUS_IS_OK(status)) {
return NULL;
}
return c;
}
static int copy_files(struct tevent_context *ev, struct loadparm_context *lp_ctx)
{
uint8_t * iobuf; /* IO buffer. */
uint64_t iomax; /* Size of the IO buffer. */
uint64_t data_size; /* Amount of data in the IO buffer. */
uint64_t ibs;
uint64_t obs;
uint64_t count;
struct dd_iohandle * ifile;
struct dd_iohandle * ofile;
struct smbcli_options options;
struct smbcli_session_options session_options;
ibs = check_arg_numeric("ibs");
obs = check_arg_numeric("obs");
count = check_arg_numeric("count");
lp_smbcli_options(lp_ctx, &options);
lp_smbcli_session_options(lp_ctx, &session_options);
/* Allocate IO buffer. We need more than the max IO size because we
* could accumulate a remainder if ibs and obs don't match.
*/
iomax = 2 * MAX(ibs, obs);
if ((iobuf = malloc_array_p(uint8_t, iomax)) == NULL) {
fprintf(stderr,
"%s: failed to allocate IO buffer of %llu bytes\n",
PROGNAME, (unsigned long long)iomax);
return(EOM_EXIT_CODE);
}
options.max_xmit = MAX(ibs, obs);
DEBUG(4, ("IO buffer size is %llu, max xmit is %d\n",
(unsigned long long)iomax, options.max_xmit));
if (!(ifile = open_file(lp_resolve_context(lp_ctx), ev, "if",
lp_smb_ports(lp_ctx), &options,
lp_socket_options(lp_ctx),
&session_options, lp_iconv_convenience(lp_ctx),
lp_gensec_settings(lp_ctx, lp_ctx)))) {
return(FILESYS_EXIT_CODE);
}
if (!(ofile = open_file(lp_resolve_context(lp_ctx), ev, "of",
lp_smb_ports(lp_ctx), &options,
lp_socket_options(lp_ctx),
&session_options,
lp_iconv_convenience(lp_ctx),
lp_gensec_settings(lp_ctx, lp_ctx)))) {
return(FILESYS_EXIT_CODE);
}
/* Seek the files to their respective starting points. */
ifile->io_seek(ifile, check_arg_numeric("skip") * ibs);
ofile->io_seek(ofile, check_arg_numeric("seek") * obs);
DEBUG(4, ("max xmit was negotiated to be %d\n", options.max_xmit));
for (data_size = 0;;) {
/* Handle signals. We are somewhat compatible with GNU dd.
* SIGINT makes us stop, but still print transfer statistics.
* SIGUSR1 makes us print transfer statistics but we continue
* copying.
*/
if (dd_sigint) {
break;
}
if (dd_sigusr1) {
print_transfer_stats();
dd_sigusr1 = 0;
}
if (ifile->io_flags & DD_END_OF_FILE) {
DEBUG(4, ("flushing %llu bytes at EOF\n",
(unsigned long long)data_size));
while (data_size > 0) {
if (!dd_flush_block(ofile, iobuf,
&data_size, obs)) {
return(IOERROR_EXIT_CODE);
}
}
goto done;
}
/* Try and read enough blocks of ibs bytes to be able write
* out one of obs bytes.
*/
if (!dd_fill_block(ifile, iobuf, &data_size, obs, ibs)) {
return(IOERROR_EXIT_CODE);
}
if (data_size == 0) {
/* Done. */
SMB_ASSERT(ifile->io_flags & DD_END_OF_FILE);
}
/* Stop reading when we hit the block count. */
if (dd_stats.in.bytes >= (ibs * count)) {
ifile->io_flags |= DD_END_OF_FILE;
}
/* If we wanted to be a legitimate dd, we would do character
* conversions and other shenanigans here.
*/
/* Flush what we read in units of obs bytes. We want to have
* at least obs bytes in the IO buffer but might not if the
* file is too small.
*/
if (data_size &&
!dd_flush_block(ofile, iobuf, &data_size, obs)) {
return(IOERROR_EXIT_CODE);
}
}
done:
print_transfer_stats();
return(0);
}
static int fork_tcon_client(struct torture_context *tctx,
int *tcon_count, unsigned tcon_timelimit,
const char *host, const char *share)
{
pid_t child;
struct smbcli_state *cli;
struct timeval end;
struct timeval now;
struct smbcli_options options;
struct smbcli_session_options session_options;
lp_smbcli_options(tctx->lp_ctx, &options);
lp_smbcli_session_options(tctx->lp_ctx, &session_options);
child = fork();
if (child == -1) {
printf("failed to fork child: %s\n,", strerror(errno));
return -1;
} else if (child != 0) {
/* Parent, just return. */
return 0;
}
/* Child. Just make as many connections as possible within the
* time limit. Don't bother synchronising the child start times
* because it's probably not work the effort, and a bit of startup
* jitter is probably a more realistic test.
*/
end = timeval_current();
now = timeval_current();
end.tv_sec += tcon_timelimit;
*tcon_count = 0;
while (timeval_compare(&now, &end) == -1) {
NTSTATUS status;
status = smbcli_full_connection(NULL, &cli,
host, lp_smb_ports(tctx->lp_ctx), share,
NULL, lp_socket_options(tctx->lp_ctx), cmdline_credentials,
lp_resolve_context(tctx->lp_ctx),
tctx->ev, &options, &session_options,
lp_iconv_convenience(tctx->lp_ctx),
lp_gensec_settings(tctx, tctx->lp_ctx));
if (!NT_STATUS_IS_OK(status)) {
printf("failed to connect to //%s/%s: %s\n",
host, share, nt_errstr(status));
goto done;
}
smbcli_tdis(cli);
talloc_free(cli);
*tcon_count = *tcon_count + 1;
now = timeval_current();
}
done:
exit(0);
}
NTSTATUS svc_uninstall(const char *hostname,
struct cli_credentials * credentials)
{
NTSTATUS status;
struct dcerpc_pipe *svc_pipe;
struct policy_handle scm_handle;
struct policy_handle svc_handle;
struct SERVICE_STATUS svc_status;
struct smbcli_options options;
struct smbcli_session_options session_options;
lp_smbcli_options(cmdline_lp_ctx, &options);
lp_smbcli_session_options(cmdline_lp_ctx, &session_options);
status = svc_pipe_connect(&svc_pipe, hostname, credentials);
NT_ERR(status, 1, "Cannot connect to svcctl pipe");
status = svc_OpenSCManager(svc_pipe, hostname, &scm_handle);
NT_ERR(status, 1, "OpenSCManager failed");
status =
svc_OpenService(svc_pipe, &scm_handle, "winexesvc",
&svc_handle);
NT_ERR(status, 1, "OpenService failed");
DEBUG(1, ("OpenService - %s\n", nt_errstr(status)));
if (NT_STATUS_IS_OK(status)) {
status =
svc_ControlService(svc_pipe, &svc_handle,
SERVICE_CONTROL_STOP, &svc_status);
{
struct SERVICE_STATUS s;
do {
msleep(100);
status = svc_QueryServiceStatus(svc_pipe, &svc_handle, &s);
NT_ERR(status, 1, "QueryServiceStatus failed");
} while (s.state == SVCCTL_STOP_PENDING);
if (s.state != SVCCTL_STOPPED) {
DEBUG(0, ("Service cannot stop, status=0x%08X\n", s.state));
return NT_STATUS_UNSUCCESSFUL;
}
}
DEBUG(1, ("StopService - %s\n", nt_errstr(status)));
status = svc_DeleteService(svc_pipe, &svc_handle);
DEBUG(1, ("DeleteService - %s\n", nt_errstr(status)));
status = svc_CloseServiceHandle(svc_pipe, &svc_handle);
DEBUG(1, ("CloseServiceHandle - %s\n", nt_errstr(status)));
}
svc_CloseServiceHandle(svc_pipe, &scm_handle);
DEBUG(1, ("CloseSCMHandle - %s\n", nt_errstr(status)));
struct smbcli_state *cli;
status =
smbcli_full_connection(NULL, &cli, hostname, lp_smb_ports(cmdline_lp_ctx), "ADMIN$", NULL,
lp_socket_options(cmdline_lp_ctx), credentials, lp_resolve_context(cmdline_lp_ctx), ev_ctx, &options, &session_options, lp_iconv_convenience(cmdline_lp_ctx), lp_gensec_settings(NULL, cmdline_lp_ctx));
NT_ERR(status, 1, "Failed to open ADMIN$ share");
/* Give winexesvc some time to exit */
msleep(300);
status = smbcli_unlink(cli->tree, "winexesvc.exe");
DEBUG(1, ("Delete winexesvc.exe - %s\n", nt_errstr(status)));
status = smbcli_tdis(cli);
DEBUG(1, ("Closing ADMIN$ - %s\n", nt_errstr(status)));
return status;
}
/* test a query FS info by asking for share's GUID */
static bool test_fsinfo(struct smbcli_state *cli, struct torture_context *tctx)
{
char *guid = NULL;
NTSTATUS status;
struct smb_composite_fsinfo io1;
struct composite_context **c;
int i;
extern int torture_numops;
struct tevent_context *event_ctx;
int *count = talloc_zero(tctx, int);
bool ret = true;
io1.in.dest_host = torture_setting_string(tctx, "host", NULL);
io1.in.dest_ports = lp_smb_ports(tctx->lp_ctx);
io1.in.socket_options = lp_socket_options(tctx->lp_ctx);
io1.in.called_name = torture_setting_string(tctx, "host", NULL);
io1.in.service = torture_setting_string(tctx, "share", NULL);
io1.in.service_type = "A:";
io1.in.credentials = cmdline_credentials;
io1.in.workgroup = lp_workgroup(tctx->lp_ctx);
io1.in.level = RAW_QFS_OBJECTID_INFORMATION;
io1.in.iconv_convenience = lp_iconv_convenience(tctx->lp_ctx);
io1.in.gensec_settings = lp_gensec_settings(tctx, tctx->lp_ctx);
printf("testing parallel queryfsinfo [Object ID] with %d ops\n", torture_numops);
event_ctx = tctx->ev;
c = talloc_array(tctx, struct composite_context *, torture_numops);
for (i=0; i<torture_numops; i++) {
c[i] = smb_composite_fsinfo_send(cli->tree, &io1, lp_resolve_context(tctx->lp_ctx));
c[i]->async.fn = loadfile_complete;
c[i]->async.private_data = count;
}
printf("waiting for completion\n");
while (*count < torture_numops) {
event_loop_once(event_ctx);
if (torture_setting_bool(tctx, "progress", true)) {
printf("(%s) count=%d\r", __location__, *count);
fflush(stdout);
}
}
printf("count=%d\n", *count);
for (i=0;i<torture_numops;i++) {
status = smb_composite_fsinfo_recv(c[i], tctx);
if (!NT_STATUS_IS_OK(status)) {
printf("(%s) fsinfo[%d] failed - %s\n", __location__, i, nt_errstr(status));
ret = false;
continue;
}
if (io1.out.fsinfo->generic.level != RAW_QFS_OBJECTID_INFORMATION) {
printf("(%s) wrong level in returned info - %d "
"should be %d\n", __location__,
io1.out.fsinfo->generic.level, RAW_QFS_OBJECTID_INFORMATION);
ret = false;
continue;
}
guid=GUID_string(tctx, &io1.out.fsinfo->objectid_information.out.guid);
printf("[%d] GUID: %s\n", i, guid);
}
return ret;
}
/*
test a simple savefile/loadfile combination
*/
static bool test_fetchfile(struct smbcli_state *cli, struct torture_context *tctx)
{
const char *fname = BASEDIR "\\test.txt";
NTSTATUS status;
struct smb_composite_savefile io1;
struct smb_composite_fetchfile io2;
struct composite_context **c;
uint8_t *data;
int i;
size_t len = random() % 10000;
extern int torture_numops;
struct tevent_context *event_ctx;
int *count = talloc_zero(tctx, int);
bool ret = true;
data = talloc_array(tctx, uint8_t, len);
generate_random_buffer(data, len);
io1.in.fname = fname;
io1.in.data = data;
io1.in.size = len;
printf("testing savefile\n");
status = smb_composite_savefile(cli->tree, &io1);
if (!NT_STATUS_IS_OK(status)) {
printf("(%s) savefile failed: %s\n",__location__, nt_errstr(status));
return false;
}
io2.in.dest_host = torture_setting_string(tctx, "host", NULL);
io2.in.ports = lp_smb_ports(tctx->lp_ctx);
io2.in.called_name = torture_setting_string(tctx, "host", NULL);
io2.in.service = torture_setting_string(tctx, "share", NULL);
io2.in.service_type = "A:";
io2.in.credentials = cmdline_credentials;
io2.in.workgroup = lp_workgroup(tctx->lp_ctx);
io2.in.filename = fname;
io2.in.resolve_ctx = lp_resolve_context(tctx->lp_ctx);
io2.in.iconv_convenience = lp_iconv_convenience(tctx->lp_ctx);
io2.in.gensec_settings = lp_gensec_settings(tctx, tctx->lp_ctx);
lp_smbcli_options(tctx->lp_ctx, &io2.in.options);
lp_smbcli_session_options(tctx->lp_ctx, &io2.in.session_options);
printf("testing parallel fetchfile with %d ops\n", torture_numops);
event_ctx = cli->transport->socket->event.ctx;
c = talloc_array(tctx, struct composite_context *, torture_numops);
for (i=0; i<torture_numops; i++) {
c[i] = smb_composite_fetchfile_send(&io2, event_ctx);
c[i]->async.fn = loadfile_complete;
c[i]->async.private_data = count;
}
printf("waiting for completion\n");
while (*count != torture_numops) {
event_loop_once(event_ctx);
if (torture_setting_bool(tctx, "progress", true)) {
printf("(%s) count=%d\r", __location__, *count);
fflush(stdout);
}
}
printf("count=%d\n", *count);
for (i=0;i<torture_numops;i++) {
status = smb_composite_fetchfile_recv(c[i], tctx);
if (!NT_STATUS_IS_OK(status)) {
printf("(%s) loadfile[%d] failed - %s\n", __location__, i,
nt_errstr(status));
ret = false;
continue;
}
if (io2.out.size != len) {
printf("(%s) wrong length in returned data - %d "
"should be %d\n", __location__,
io2.out.size, (int)len);
ret = false;
continue;
}
if (memcmp(io2.out.data, data, len) != 0) {
printf("(%s) wrong data in loadfile!\n", __location__);
ret = false;
continue;
}
}
return ret;
}