static bool_t set_format(int format, int rate, int channels)
{
int param;
AUDDBG("Audio format: %s, sample rate: %dHz, number of channels: %d.\n", oss_format_to_text(format), rate, channels);
/* Enable/disable format conversions made by the OSS software */
param = aud_get_bool("oss4", "cookedmode");
CHECK(ioctl, oss_data->fd, SNDCTL_DSP_COOKEDMODE, ¶m);
AUDDBG("%s format conversions made by the OSS software.\n", param ? "Enabled" : "Disabled");
param = format;
CHECK_NOISY(ioctl, oss_data->fd, SNDCTL_DSP_SETFMT, ¶m);
CHECK_VAL(param == format, ERROR_NOISY, "Selected audio format is not supported by the device.\n");
param = rate;
CHECK_NOISY(ioctl, oss_data->fd, SNDCTL_DSP_SPEED, ¶m);
CHECK_VAL(param >= rate * 9 / 10 && param <= rate * 11 / 10, ERROR_NOISY,
"Selected sample rate is not supported by the device.\n");
param = channels;
CHECK_NOISY(ioctl, oss_data->fd, SNDCTL_DSP_CHANNELS, ¶m);
CHECK_VAL(param == channels, ERROR_NOISY, "Selected number of channels is not supported by the device.\n");
oss_data->format = format;
oss_data->rate = rate;
oss_data->channels = channels;
oss_data->bits_per_sample = oss_format_to_bits(oss_data->format);
return TRUE;
FAILED:
return FALSE;
}
/**
* basic test for doing a durable open
* and do a durable reopen on the same connection
* while the first open is still active (fails)
*/
bool test_durable_v2_open_reopen1(struct torture_context *tctx,
struct smb2_tree *tree)
{
NTSTATUS status;
TALLOC_CTX *mem_ctx = talloc_new(tctx);
char fname[256];
struct smb2_handle _h;
struct smb2_handle *h = NULL;
struct smb2_create io;
struct GUID create_guid = GUID_random();
bool ret = true;
/* Choose a random name in case the state is left a little funky. */
snprintf(fname, 256, "durable_v2_open_reopen1_%s.dat",
generate_random_str(tctx, 8));
smb2_util_unlink(tree, fname);
smb2_oplock_create_share(&io, fname,
smb2_util_share_access(""),
smb2_util_oplock_level("b"));
io.in.durable_open = false;
io.in.durable_open_v2 = true;
io.in.persistent_open = false;
io.in.create_guid = create_guid;
io.in.timeout = UINT32_MAX;
status = smb2_create(tree, mem_ctx, &io);
CHECK_STATUS(status, NT_STATUS_OK);
_h = io.out.file.handle;
h = &_h;
CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("b"));
CHECK_VAL(io.out.durable_open, false);
CHECK_VAL(io.out.durable_open_v2, true);
CHECK_VAL(io.out.persistent_open, false);
CHECK_VAL(io.out.timeout, io.in.timeout);
/* try a durable reconnect while the file is still open */
ZERO_STRUCT(io);
io.in.fname = "";
io.in.durable_handle_v2 = h;
io.in.create_guid = create_guid;
status = smb2_create(tree, mem_ctx, &io);
CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
done:
if (h != NULL) {
smb2_util_close(tree, *h);
}
smb2_util_unlink(tree, fname);
talloc_free(tree);
talloc_free(mem_ctx);
return ret;
}
int get_recommeded_svr_list_cmd(usr_info_t *p, uint8_t *body, uint32_t bodylen)
{
CHECK_VAL(bodylen, 24);
char *sessbody = (char*)body;
p->channel = ntohl(*(uint32_t*)(body + SESS_LEN));
uint32_t role_tm = ntohl(*(uint32_t*)(body + SESS_LEN + 4));
gf_login_out *user_login_info = reinterpret_cast<gf_login_out*>(p->tmpinfo);
user_login_info->vip_flag = 0;
user_login_info->friendcount = 0;
DEBUG_LOG("RECOMMD SVR\t[uid=%d,role_tm=%u]", p->uid, role_tm);
if (p->uid != 0) {
login_session_t sess;
//varify the session
unpkg_auth((uint8_t*)sessbody, 16, &sess);
if ( verify_session(p->uid, &sess) != SUCCESS ) {
clear_usr_info(p);
return CLOSE_CONN;
}
return send_request_to_db(p, DB_LOGIN_GF, &role_tm, sizeof(role_tm));
} else {
return get_recommended_svr_list(p);
}
}
/**
* basic test for doing a session reconnect on one connection
*/
bool test_session_reconnect2(struct torture_context *tctx, struct smb2_tree *tree)
{
NTSTATUS status;
TALLOC_CTX *mem_ctx = talloc_new(tctx);
char fname[256];
struct smb2_handle _h1;
struct smb2_handle *h1 = NULL;
struct smb2_create io1;
uint64_t previous_session_id;
bool ret = true;
struct smb2_session *session2;
union smb_fileinfo qfinfo;
/* Add some random component to the file name. */
snprintf(fname, 256, "session_reconnect_%s.dat",
generate_random_str(tctx, 8));
smb2_util_unlink(tree, fname);
smb2_oplock_create_share(&io1, fname,
smb2_util_share_access(""),
smb2_util_oplock_level("b"));
io1.in.create_options |= NTCREATEX_OPTIONS_DELETE_ON_CLOSE;
status = smb2_create(tree, mem_ctx, &io1);
CHECK_STATUS(status, NT_STATUS_OK);
_h1 = io1.out.file.handle;
h1 = &_h1;
CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
CHECK_VAL(io1.out.oplock_level, smb2_util_oplock_level("b"));
/* disconnect, reconnect and then do durable reopen */
previous_session_id = smb2cli_session_current_id(tree->session->smbXcli);
torture_assert(tctx, torture_smb2_session_setup(tctx, tree->session->transport,
previous_session_id, tctx, &session2),
"session reconnect (on the same connection) failed");
/* try to access the file via the old handle */
ZERO_STRUCT(qfinfo);
qfinfo.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
qfinfo.generic.in.file.handle = _h1;
status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
CHECK_STATUS(status, NT_STATUS_USER_SESSION_DELETED);
h1 = NULL;
done:
if (h1 != NULL) {
smb2_util_close(tree, *h1);
}
talloc_free(tree);
talloc_free(session2);
talloc_free(mem_ctx);
return ret;
}
int get_recommeded_svr_list_callback(usr_info_t* p, uint8_t* body, uint32_t bodylen, int ret)
{
TRACE_LOG("get recommend callback");
CHECK_VAL_GE(bodylen, sizeof(svr_list_t));
svr_list_t* svrlist = reinterpret_cast<svr_list_t*>(body);
CHECK_VAL(bodylen, sizeof(svr_list_t) + sizeof(svr_info_t) * svrlist->online_cnt);
uint32_t max_online_id = svrlist->max_online_id;
return send_recommeded_svr_list(p, svrlist->svrs, svrlist->online_cnt, max_online_id);
}
static bool test_one_durable_v2_open_oplock(struct torture_context *tctx,
struct smb2_tree *tree,
const char *fname,
bool request_persistent,
struct durable_open_vs_oplock test)
{
NTSTATUS status;
TALLOC_CTX *mem_ctx = talloc_new(tctx);
struct smb2_handle _h;
struct smb2_handle *h = NULL;
bool ret = true;
struct smb2_create io;
smb2_util_unlink(tree, fname);
smb2_oplock_create_share(&io, fname,
smb2_util_share_access(test.share_mode),
smb2_util_oplock_level(test.level));
io.in.durable_open = false;
io.in.durable_open_v2 = true;
io.in.persistent_open = request_persistent;
io.in.create_guid = GUID_random();
status = smb2_create(tree, mem_ctx, &io);
CHECK_STATUS(status, NT_STATUS_OK);
_h = io.out.file.handle;
h = &_h;
CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
CHECK_VAL(io.out.durable_open, false);
CHECK_VAL(io.out.durable_open_v2, test.durable);
CHECK_VAL(io.out.persistent_open, test.persistent);
CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level(test.level));
done:
if (h != NULL) {
smb2_util_close(tree, *h);
}
smb2_util_unlink(tree, fname);
talloc_free(mem_ctx);
return ret;
}
int main ()
{
int pass = TEST_PASSED;
int a, b, c;
print ("Basic Math\n");
a = 256;
b = 512;
c = a + b;
CHECK_VAL(c,(256+512));
b *= 10;
CHECK_VAL(b,5120);
a = a >> 2;
CHECK_VAL(a,64);
sim_ctl_port = pass;
return 0;
}
int get_ranged_svr_list_callback(usr_info_t* p, uint8_t* body, uint32_t bodylen, int ret)
{
//varify the respond data
TRACE_LOG("get ranged callback");
CHECK_VAL_GE(bodylen, sizeof(svr_list_t));
svr_list_t* svrlist = reinterpret_cast<svr_list_t*>(body);
//DEBUG_LOG("svrlist [%d %d]", svrlist->domain_id, svrlist->online_cnt);
//chk if the pkg len is valid
CHECK_VAL(bodylen, sizeof(svr_list_t) + svrlist->online_cnt * sizeof(svr_info_t));
return send_ranged_svrlist(p, svrlist->svrs, svrlist->online_cnt);
}
static bool test_one_durable_v2_open_lease(struct torture_context *tctx,
struct smb2_tree *tree,
const char *fname,
bool request_persistent,
struct durable_open_vs_lease test)
{
NTSTATUS status;
TALLOC_CTX *mem_ctx = talloc_new(tctx);
struct smb2_handle _h;
struct smb2_handle *h = NULL;
bool ret = true;
struct smb2_create io;
struct smb2_lease ls;
uint64_t lease;
smb2_util_unlink(tree, fname);
lease = random();
smb2_lease_create_share(&io, &ls, false /* dir */, fname,
smb2_util_share_access(test.share_mode),
lease,
smb2_util_lease_state(test.type));
io.in.durable_open = false;
io.in.durable_open_v2 = true;
io.in.persistent_open = request_persistent;
io.in.create_guid = GUID_random();
status = smb2_create(tree, mem_ctx, &io);
CHECK_STATUS(status, NT_STATUS_OK);
_h = io.out.file.handle;
h = &_h;
CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
CHECK_VAL(io.out.durable_open, false);
CHECK_VAL(io.out.durable_open_v2, test.durable);
CHECK_VAL(io.out.persistent_open, test.persistent);
CHECK_VAL(io.out.oplock_level, SMB2_OPLOCK_LEVEL_LEASE);
CHECK_VAL(io.out.lease_response.lease_key.data[0], lease);
CHECK_VAL(io.out.lease_response.lease_key.data[1], ~lease);
CHECK_VAL(io.out.lease_response.lease_state,
smb2_util_lease_state(test.type));
done:
if (h != NULL) {
smb2_util_close(tree, *h);
}
smb2_util_unlink(tree, fname);
talloc_free(mem_ctx);
return ret;
}
int update_backup_svrlist_callback(uint8_t* body, uint32_t bodylen, int ret)
{
CHECK_VAL_GE(bodylen, sizeof(svr_list_t));
svr_list_t* svrlist = reinterpret_cast<svr_list_t*>(body);
//chk if the pkg len is valid
CHECK_VAL(bodylen, sizeof(svr_list_t) + svrlist->online_cnt * sizeof(svr_info_t));
backup_svrlist_cnt = svrlist->online_cnt;
memcpy(backup_svrlist, svrlist->svrs, svrlist->online_cnt * sizeof(svr_info_t));
//for(uint32_t i= 0; i< svrlist->online_cnt; i++) {
// DEBUG_LOG("BACKUP svr ID [%d]", backup_svrlist[i].id);
// DEBUG_LOG("BACKUP svr usr [%d]", backup_svrlist[i].users);
// DEBUG_LOG("BACKUP svr port[%d]", backup_svrlist[i].port);
//}
return 0;
}
/**
* basic test for doing a session reconnect
*/
bool test_session_reconnect1(struct torture_context *tctx, struct smb2_tree *tree)
{
NTSTATUS status;
TALLOC_CTX *mem_ctx = talloc_new(tctx);
char fname[256];
struct smb2_handle _h1;
struct smb2_handle *h1 = NULL;
struct smb2_handle _h2;
struct smb2_handle *h2 = NULL;
struct smb2_create io1, io2;
uint64_t previous_session_id;
bool ret = true;
struct smb2_tree *tree2;
union smb_fileinfo qfinfo;
/* Add some random component to the file name. */
snprintf(fname, 256, "session_reconnect_%s.dat",
generate_random_str(tctx, 8));
smb2_util_unlink(tree, fname);
smb2_oplock_create_share(&io1, fname,
smb2_util_share_access(""),
smb2_util_oplock_level("b"));
status = smb2_create(tree, mem_ctx, &io1);
CHECK_STATUS(status, NT_STATUS_OK);
_h1 = io1.out.file.handle;
h1 = &_h1;
CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
CHECK_VAL(io1.out.oplock_level, smb2_util_oplock_level("b"));
/* disconnect, reconnect and then do durable reopen */
previous_session_id = smb2cli_session_current_id(tree->session->smbXcli);
if (!torture_smb2_connection_ext(tctx, previous_session_id,
&tree->session->transport->options,
&tree2))
{
torture_warning(tctx, "session reconnect failed\n");
ret = false;
goto done;
}
/* try to access the file via the old handle */
ZERO_STRUCT(qfinfo);
qfinfo.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
qfinfo.generic.in.file.handle = _h1;
status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
CHECK_STATUS(status, NT_STATUS_USER_SESSION_DELETED);
h1 = NULL;
smb2_oplock_create_share(&io2, fname,
smb2_util_share_access(""),
smb2_util_oplock_level("b"));
status = smb2_create(tree2, mem_ctx, &io2);
CHECK_STATUS(status, NT_STATUS_OK);
CHECK_CREATED(&io2, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
CHECK_VAL(io2.out.oplock_level, smb2_util_oplock_level("b"));
_h2 = io2.out.file.handle;
h2 = &_h2;
done:
if (h1 != NULL) {
smb2_util_close(tree, *h1);
}
if (h2 != NULL) {
smb2_util_close(tree2, *h2);
}
smb2_util_unlink(tree2, fname);
talloc_free(tree);
talloc_free(tree2);
talloc_free(mem_ctx);
return ret;
}
/**
* test setting security descriptor after reauth.
*/
bool test_session_reauth4(struct torture_context *tctx, struct smb2_tree *tree)
{
NTSTATUS status;
TALLOC_CTX *mem_ctx = talloc_new(tctx);
char fname[256];
struct smb2_handle _h1;
struct smb2_handle *h1 = NULL;
struct smb2_create io1;
bool ret = true;
union smb_fileinfo qfinfo;
union smb_setfileinfo sfinfo;
struct cli_credentials *anon_creds = NULL;
uint32_t secinfo_flags = SECINFO_OWNER
| SECINFO_GROUP
| SECINFO_DACL
| SECINFO_PROTECTED_DACL
| SECINFO_UNPROTECTED_DACL;
struct security_descriptor *sd1;
struct security_ace ace;
struct dom_sid *extra_sid;
/* Add some random component to the file name. */
snprintf(fname, 256, "session_reauth4_%s.dat",
generate_random_str(tctx, 8));
smb2_util_unlink(tree, fname);
smb2_oplock_create_share(&io1, fname,
smb2_util_share_access(""),
smb2_util_oplock_level("b"));
status = smb2_create(tree, mem_ctx, &io1);
CHECK_STATUS(status, NT_STATUS_OK);
_h1 = io1.out.file.handle;
h1 = &_h1;
CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
CHECK_VAL(io1.out.oplock_level, smb2_util_oplock_level("b"));
/* get the security descriptor */
ZERO_STRUCT(qfinfo);
qfinfo.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
qfinfo.query_secdesc.in.file.handle = _h1;
qfinfo.query_secdesc.in.secinfo_flags = secinfo_flags;
status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
CHECK_STATUS(status, NT_STATUS_OK);
sd1 = qfinfo.query_secdesc.out.sd;
/* re-authenticate as anonymous */
anon_creds = cli_credentials_init_anon(mem_ctx);
torture_assert(tctx, (anon_creds != NULL), "talloc error");
status = smb2_session_setup_spnego(tree->session,
anon_creds,
0 /* previous_session_id */);
CHECK_STATUS(status, NT_STATUS_OK);
/* give full access on the file to anonymous */
extra_sid = dom_sid_parse_talloc(tctx, SID_NT_ANONYMOUS);
ZERO_STRUCT(ace);
ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED;
ace.flags = 0;
ace.access_mask = SEC_STD_ALL | SEC_FILE_ALL;
ace.trustee = *extra_sid;
status = security_descriptor_dacl_add(sd1, &ace);
CHECK_STATUS(status, NT_STATUS_OK);
ZERO_STRUCT(sfinfo);
sfinfo.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
sfinfo.set_secdesc.in.file.handle = _h1;
sfinfo.set_secdesc.in.secinfo_flags = SECINFO_DACL;
sfinfo.set_secdesc.in.sd = sd1;
status = smb2_setinfo_file(tree, &sfinfo);
CHECK_STATUS(status, NT_STATUS_OK);
/* re-authenticate as original user again */
status = smb2_session_setup_spnego(tree->session,
cmdline_credentials,
0 /* previous_session_id */);
CHECK_STATUS(status, NT_STATUS_OK);
/* re-get the security descriptor */
ZERO_STRUCT(qfinfo);
qfinfo.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
qfinfo.query_secdesc.in.file.handle = _h1;
qfinfo.query_secdesc.in.secinfo_flags = secinfo_flags;
status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
CHECK_STATUS(status, NT_STATUS_OK);
ret = true;
done:
if (h1 != NULL) {
smb2_util_close(tree, *h1);
}
smb2_util_unlink(tree, fname);
talloc_free(tree);
talloc_free(mem_ctx);
return ret;
}
/**
* test renaming after reauth.
* compare security descriptors before and after rename/reauth
*/
bool test_session_reauth5(struct torture_context *tctx, struct smb2_tree *tree)
{
NTSTATUS status;
TALLOC_CTX *mem_ctx = talloc_new(tctx);
char dname[256];
char fname[256];
char fname2[256];
struct smb2_handle _dh1;
struct smb2_handle *dh1 = NULL;
struct smb2_handle _h1;
struct smb2_handle *h1 = NULL;
struct smb2_create io1;
bool ret = true;
bool ok;
union smb_fileinfo qfinfo;
union smb_setfileinfo sfinfo;
struct cli_credentials *anon_creds = NULL;
uint32_t secinfo_flags = SECINFO_OWNER
| SECINFO_GROUP
| SECINFO_DACL
| SECINFO_PROTECTED_DACL
| SECINFO_UNPROTECTED_DACL;
struct security_descriptor *f_sd1;
struct security_descriptor *d_sd1 = NULL;
struct security_ace ace;
struct dom_sid *extra_sid;
/* Add some random component to the file name. */
snprintf(dname, 256, "session_reauth5_%s.d",
generate_random_str(tctx, 8));
snprintf(fname, 256, "%s\\file.dat", dname);
ok = smb2_util_setup_dir(tctx, tree, dname);
CHECK_VAL(ok, true);
status = torture_smb2_testdir(tree, dname, &_dh1);
CHECK_STATUS(status, NT_STATUS_OK);
dh1 = &_dh1;
smb2_oplock_create_share(&io1, fname,
smb2_util_share_access(""),
smb2_util_oplock_level("b"));
status = smb2_create(tree, mem_ctx, &io1);
CHECK_STATUS(status, NT_STATUS_OK);
_h1 = io1.out.file.handle;
h1 = &_h1;
CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
CHECK_VAL(io1.out.oplock_level, smb2_util_oplock_level("b"));
/* get the security descriptor */
ZERO_STRUCT(qfinfo);
qfinfo.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
qfinfo.query_secdesc.in.file.handle = _h1;
qfinfo.query_secdesc.in.secinfo_flags = secinfo_flags;
status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
CHECK_STATUS(status, NT_STATUS_OK);
f_sd1 = qfinfo.query_secdesc.out.sd;
/* re-authenticate as anonymous */
anon_creds = cli_credentials_init_anon(mem_ctx);
torture_assert(tctx, (anon_creds != NULL), "talloc error");
status = smb2_session_setup_spnego(tree->session,
anon_creds,
0 /* previous_session_id */);
CHECK_STATUS(status, NT_STATUS_OK);
/* try to rename the file: fails */
snprintf(fname2, 256, "%s\\file2.dat", dname);
smb2_util_unlink(tree, fname2);
ZERO_STRUCT(sfinfo);
sfinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
sfinfo.rename_information.in.file.handle = _h1;
sfinfo.rename_information.in.overwrite = true;
sfinfo.rename_information.in.new_name = fname2;
status = smb2_setinfo_file(tree, &sfinfo);
CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
/* re-authenticate as original user again */
status = smb2_session_setup_spnego(tree->session,
cmdline_credentials,
0 /* previous_session_id */);
CHECK_STATUS(status, NT_STATUS_OK);
/* give full access on the file to anonymous */
extra_sid = dom_sid_parse_talloc(tctx, SID_NT_ANONYMOUS);
ZERO_STRUCT(ace);
ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED;
ace.flags = 0;
ace.access_mask = SEC_RIGHTS_FILE_ALL;
ace.trustee = *extra_sid;
status = security_descriptor_dacl_add(f_sd1, &ace);
CHECK_STATUS(status, NT_STATUS_OK);
ZERO_STRUCT(sfinfo);
sfinfo.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
sfinfo.set_secdesc.in.file.handle = _h1;
sfinfo.set_secdesc.in.secinfo_flags = secinfo_flags;
sfinfo.set_secdesc.in.sd = f_sd1;
status = smb2_setinfo_file(tree, &sfinfo);
CHECK_STATUS(status, NT_STATUS_OK);
/* re-get the security descriptor */
ZERO_STRUCT(qfinfo);
qfinfo.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
qfinfo.query_secdesc.in.file.handle = _h1;
qfinfo.query_secdesc.in.secinfo_flags = secinfo_flags;
status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
CHECK_STATUS(status, NT_STATUS_OK);
/* re-authenticate as anonymous - again */
anon_creds = cli_credentials_init_anon(mem_ctx);
torture_assert(tctx, (anon_creds != NULL), "talloc error");
status = smb2_session_setup_spnego(tree->session,
anon_creds,
0 /* previous_session_id */);
CHECK_STATUS(status, NT_STATUS_OK);
/* try to rename the file: fails */
ZERO_STRUCT(sfinfo);
sfinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
sfinfo.rename_information.in.file.handle = _h1;
sfinfo.rename_information.in.overwrite = true;
sfinfo.rename_information.in.new_name = fname2;
status = smb2_setinfo_file(tree, &sfinfo);
CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
/* give full access on the parent dir to anonymous */
ZERO_STRUCT(qfinfo);
qfinfo.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
qfinfo.query_secdesc.in.file.handle = _dh1;
qfinfo.query_secdesc.in.secinfo_flags = secinfo_flags;
status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
CHECK_STATUS(status, NT_STATUS_OK);
d_sd1 = qfinfo.query_secdesc.out.sd;
ZERO_STRUCT(ace);
ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED;
ace.flags = 0;
ace.access_mask = SEC_RIGHTS_FILE_ALL;
ace.trustee = *extra_sid;
status = security_descriptor_dacl_add(d_sd1, &ace);
CHECK_STATUS(status, NT_STATUS_OK);
ZERO_STRUCT(sfinfo);
sfinfo.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
sfinfo.set_secdesc.in.file.handle = _dh1;
sfinfo.set_secdesc.in.secinfo_flags = secinfo_flags;
sfinfo.set_secdesc.in.secinfo_flags = SECINFO_DACL;
sfinfo.set_secdesc.in.sd = d_sd1;
status = smb2_setinfo_file(tree, &sfinfo);
CHECK_STATUS(status, NT_STATUS_OK);
ZERO_STRUCT(qfinfo);
qfinfo.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
qfinfo.query_secdesc.in.file.handle = _dh1;
qfinfo.query_secdesc.in.secinfo_flags = secinfo_flags;
status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
CHECK_STATUS(status, NT_STATUS_OK);
smb2_util_close(tree, _dh1);
dh1 = NULL;
/* try to rename the file: still fails */
ZERO_STRUCT(sfinfo);
sfinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
sfinfo.rename_information.in.file.handle = _h1;
sfinfo.rename_information.in.overwrite = true;
sfinfo.rename_information.in.new_name = fname2;
status = smb2_setinfo_file(tree, &sfinfo);
CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
/* re-authenticate as original user - again */
status = smb2_session_setup_spnego(tree->session,
cmdline_credentials,
0 /* previous_session_id */);
CHECK_STATUS(status, NT_STATUS_OK);
/* rename the file - for verification that it works */
ZERO_STRUCT(sfinfo);
sfinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
sfinfo.rename_information.in.file.handle = _h1;
sfinfo.rename_information.in.overwrite = true;
sfinfo.rename_information.in.new_name = fname2;
status = smb2_setinfo_file(tree, &sfinfo);
CHECK_STATUS(status, NT_STATUS_OK);
/* closs the file, check it is gone and reopen under the new name */
smb2_util_close(tree, _h1);
ZERO_STRUCT(io1);
smb2_generic_create_share(&io1,
NULL /* lease */, false /* dir */,
fname,
NTCREATEX_DISP_OPEN,
smb2_util_share_access(""),
smb2_util_oplock_level("b"),
0 /* leasekey */, 0 /* leasestate */);
status = smb2_create(tree, mem_ctx, &io1);
CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
ZERO_STRUCT(io1);
smb2_generic_create_share(&io1,
NULL /* lease */, false /* dir */,
fname2,
NTCREATEX_DISP_OPEN,
smb2_util_share_access(""),
smb2_util_oplock_level("b"),
0 /* leasekey */, 0 /* leasestate */);
status = smb2_create(tree, mem_ctx, &io1);
CHECK_STATUS(status, NT_STATUS_OK);
_h1 = io1.out.file.handle;
h1 = &_h1;
CHECK_CREATED(&io1, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
CHECK_VAL(io1.out.oplock_level, smb2_util_oplock_level("b"));
/* try to access the file via the old handle */
ZERO_STRUCT(qfinfo);
qfinfo.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
qfinfo.query_secdesc.in.file.handle = _h1;
qfinfo.query_secdesc.in.secinfo_flags = secinfo_flags;
status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
CHECK_STATUS(status, NT_STATUS_OK);
done:
if (dh1 != NULL) {
smb2_util_close(tree, *dh1);
}
if (h1 != NULL) {
smb2_util_close(tree, *h1);
}
smb2_deltree(tree, dname);
talloc_free(tree);
talloc_free(mem_ctx);
return ret;
}
bool test_session_reauth1(struct torture_context *tctx, struct smb2_tree *tree)
{
NTSTATUS status;
TALLOC_CTX *mem_ctx = talloc_new(tctx);
char fname[256];
struct smb2_handle _h1;
struct smb2_handle *h1 = NULL;
struct smb2_create io1;
bool ret = true;
union smb_fileinfo qfinfo;
/* Add some random component to the file name. */
snprintf(fname, 256, "session_reauth1_%s.dat",
generate_random_str(tctx, 8));
smb2_util_unlink(tree, fname);
smb2_oplock_create_share(&io1, fname,
smb2_util_share_access(""),
smb2_util_oplock_level("b"));
status = smb2_create(tree, mem_ctx, &io1);
CHECK_STATUS(status, NT_STATUS_OK);
_h1 = io1.out.file.handle;
h1 = &_h1;
CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
CHECK_VAL(io1.out.oplock_level, smb2_util_oplock_level("b"));
status = smb2_session_setup_spnego(tree->session,
cmdline_credentials,
0 /* previous_session_id */);
CHECK_STATUS(status, NT_STATUS_OK);
/* try to access the file via the old handle */
ZERO_STRUCT(qfinfo);
qfinfo.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
qfinfo.generic.in.file.handle = _h1;
status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
CHECK_STATUS(status, NT_STATUS_OK);
status = smb2_session_setup_spnego(tree->session,
cmdline_credentials,
0 /* previous_session_id */);
CHECK_STATUS(status, NT_STATUS_OK);
/* try to access the file via the old handle */
ZERO_STRUCT(qfinfo);
qfinfo.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
qfinfo.generic.in.file.handle = _h1;
status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
CHECK_STATUS(status, NT_STATUS_OK);
done:
if (h1 != NULL) {
smb2_util_close(tree, *h1);
}
smb2_util_unlink(tree, fname);
talloc_free(tree);
talloc_free(mem_ctx);
return ret;
}
/**
* test getting security descriptor after reauth
*/
bool test_session_reauth3(struct torture_context *tctx, struct smb2_tree *tree)
{
NTSTATUS status;
TALLOC_CTX *mem_ctx = talloc_new(tctx);
char fname[256];
struct smb2_handle _h1;
struct smb2_handle *h1 = NULL;
struct smb2_create io1;
bool ret = true;
union smb_fileinfo qfinfo;
struct cli_credentials *anon_creds = NULL;
uint32_t secinfo_flags = SECINFO_OWNER
| SECINFO_GROUP
| SECINFO_DACL
| SECINFO_PROTECTED_DACL
| SECINFO_UNPROTECTED_DACL;
/* Add some random component to the file name. */
snprintf(fname, 256, "session_reauth3_%s.dat",
generate_random_str(tctx, 8));
smb2_util_unlink(tree, fname);
smb2_oplock_create_share(&io1, fname,
smb2_util_share_access(""),
smb2_util_oplock_level("b"));
status = smb2_create(tree, mem_ctx, &io1);
CHECK_STATUS(status, NT_STATUS_OK);
_h1 = io1.out.file.handle;
h1 = &_h1;
CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
CHECK_VAL(io1.out.oplock_level, smb2_util_oplock_level("b"));
/* get the security descriptor */
ZERO_STRUCT(qfinfo);
qfinfo.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
qfinfo.query_secdesc.in.file.handle = _h1;
qfinfo.query_secdesc.in.secinfo_flags = secinfo_flags;
status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
CHECK_STATUS(status, NT_STATUS_OK);
/* re-authenticate as anonymous */
anon_creds = cli_credentials_init_anon(mem_ctx);
torture_assert(tctx, (anon_creds != NULL), "talloc error");
status = smb2_session_setup_spnego(tree->session,
anon_creds,
0 /* previous_session_id */);
CHECK_STATUS(status, NT_STATUS_OK);
/* try to access the file via the old handle */
ZERO_STRUCT(qfinfo);
qfinfo.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
qfinfo.query_secdesc.in.file.handle = _h1;
qfinfo.query_secdesc.in.secinfo_flags = secinfo_flags;
status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
CHECK_STATUS(status, NT_STATUS_OK);
/* re-authenticate as original user again */
status = smb2_session_setup_spnego(tree->session,
cmdline_credentials,
0 /* previous_session_id */);
CHECK_STATUS(status, NT_STATUS_OK);
/* try to access the file via the old handle */
ZERO_STRUCT(qfinfo);
qfinfo.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
qfinfo.query_secdesc.in.file.handle = _h1;
qfinfo.query_secdesc.in.secinfo_flags = secinfo_flags;
status = smb2_getinfo_file(tree, mem_ctx, &qfinfo);
CHECK_STATUS(status, NT_STATUS_OK);
done:
if (h1 != NULL) {
smb2_util_close(tree, *h1);
}
smb2_util_unlink(tree, fname);
talloc_free(tree);
talloc_free(mem_ctx);
return ret;
}
/**
* Basic test for doing a durable open
* and do a session reconnect while the first
* session is still active and the handle is
* still open in the client.
* This closes the original session and a
* durable reconnect on the new session succeeds.
*/
bool test_durable_v2_open_reopen1a(struct torture_context *tctx,
struct smb2_tree *tree)
{
NTSTATUS status;
TALLOC_CTX *mem_ctx = talloc_new(tctx);
char fname[256];
struct smb2_handle _h;
struct smb2_handle *h = NULL;
struct smb2_create io, io2;
struct GUID create_guid = GUID_random();
bool ret = true;
struct smb2_tree *tree2 = NULL;
uint64_t previous_session_id;
struct smbcli_options options;
options = tree->session->transport->options;
/* Choose a random name in case the state is left a little funky. */
snprintf(fname, 256, "durable_v2_open_reopen1a_%s.dat",
generate_random_str(tctx, 8));
smb2_util_unlink(tree, fname);
smb2_oplock_create_share(&io, fname,
smb2_util_share_access(""),
smb2_util_oplock_level("b"));
io.in.durable_open = false;
io.in.durable_open_v2 = true;
io.in.persistent_open = false;
io.in.create_guid = create_guid;
io.in.timeout = UINT32_MAX;
status = smb2_create(tree, mem_ctx, &io);
CHECK_STATUS(status, NT_STATUS_OK);
_h = io.out.file.handle;
h = &_h;
CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("b"));
CHECK_VAL(io.out.durable_open, false);
CHECK_VAL(io.out.durable_open_v2, true);
CHECK_VAL(io.out.persistent_open, false);
CHECK_VAL(io.out.timeout, io.in.timeout);
/*
* a session reconnect on a second tcp connection
*/
previous_session_id = smb2cli_session_current_id(tree->session->smbXcli);
if (!torture_smb2_connection_ext(tctx, previous_session_id,
&options, &tree2))
{
torture_warning(tctx, "couldn't reconnect, bailing\n");
ret = false;
goto done;
}
/*
* check that this has deleted the old session
*/
ZERO_STRUCT(io);
io.in.fname = "";
io.in.durable_handle_v2 = h;
io.in.create_guid = create_guid;
status = smb2_create(tree, mem_ctx, &io);
CHECK_STATUS(status, NT_STATUS_USER_SESSION_DELETED);
/*
* but a durable reconnect on the new session succeeds:
*/
ZERO_STRUCT(io2);
io2.in.fname = "";
io2.in.durable_handle_v2 = h;
io2.in.create_guid = create_guid;
status = smb2_create(tree2, mem_ctx, &io2);
CHECK_STATUS(status, NT_STATUS_OK);
CHECK_CREATED(&io2, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
CHECK_VAL(io2.out.oplock_level, smb2_util_oplock_level("b"));
CHECK_VAL(io2.out.durable_open, false);
CHECK_VAL(io2.out.durable_open_v2, false); /* no dh2q response blob */
CHECK_VAL(io2.out.persistent_open, false);
CHECK_VAL(io2.out.timeout, io.in.timeout);
_h = io2.out.file.handle;
h = &_h;
done:
if (h != NULL) {
smb2_util_close(tree, *h);
}
smb2_util_unlink(tree, fname);
talloc_free(tree);
talloc_free(mem_ctx);
return ret;
}
/*
test generic cldap operations
*/
static bool test_cldap_generic(struct torture_context *tctx, const char *dest)
{
struct cldap_socket *cldap;
NTSTATUS status;
struct cldap_search search;
const char *attrs1[] = { "currentTime", "highestCommittedUSN", NULL };
const char *attrs2[] = { "currentTime", "highestCommittedUSN", "netlogon", NULL };
const char *attrs3[] = { "netlogon", NULL };
struct tsocket_address *dest_addr;
int ret;
ret = tsocket_address_inet_from_strings(tctx, "ip",
dest,
lpcfg_cldap_port(tctx->lp_ctx),
&dest_addr);
CHECK_VAL(ret, 0);
/* cldap_socket_init should now know about the dest. address */
status = cldap_socket_init(tctx, NULL, dest_addr, &cldap);
CHECK_STATUS(status, NT_STATUS_OK);
ZERO_STRUCT(search);
search.in.dest_address = NULL;
search.in.dest_port = 0;
search.in.timeout = 10;
search.in.retries = 3;
status = cldap_search(cldap, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
printf("fetching whole rootDSE\n");
search.in.filter = "(objectclass=*)";
search.in.attributes = NULL;
status = cldap_search(cldap, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
if (DEBUGLVL(3)) cldap_dump_results(&search);
printf("fetching currentTime and USN\n");
search.in.filter = "(objectclass=*)";
search.in.attributes = attrs1;
status = cldap_search(cldap, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
if (DEBUGLVL(3)) cldap_dump_results(&search);
printf("Testing currentTime, USN and netlogon\n");
search.in.filter = "(objectclass=*)";
search.in.attributes = attrs2;
status = cldap_search(cldap, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
if (DEBUGLVL(3)) cldap_dump_results(&search);
printf("Testing objectClass=* and netlogon\n");
search.in.filter = "(objectclass2=*)";
search.in.attributes = attrs3;
status = cldap_search(cldap, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
if (DEBUGLVL(3)) cldap_dump_results(&search);
printf("Testing a false expression\n");
search.in.filter = "(&(objectclass=*)(highestCommittedUSN=2))";
search.in.attributes = attrs1;
status = cldap_search(cldap, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
if (DEBUGLVL(3)) cldap_dump_results(&search);
return true;
}
bool test_session_bind1(struct torture_context *tctx, struct smb2_tree *tree1)
{
const char *host = torture_setting_string(tctx, "host", NULL);
const char *share = torture_setting_string(tctx, "share", NULL);
struct cli_credentials *credentials = cmdline_credentials;
NTSTATUS status;
TALLOC_CTX *mem_ctx = talloc_new(tctx);
char fname[256];
struct smb2_handle _h1;
struct smb2_handle *h1 = NULL;
struct smb2_create io1;
union smb_fileinfo qfinfo;
bool ret = false;
struct smb2_tree *tree2 = NULL;
struct smb2_transport *transport1 = tree1->session->transport;
struct smb2_transport *transport2 = NULL;
struct smb2_session *session1_1 = tree1->session;
struct smb2_session *session1_2 = NULL;
struct smb2_session *session2_1 = NULL;
struct smb2_session *session2_2 = NULL;
uint32_t caps;
caps = smb2cli_conn_server_capabilities(transport1->conn);
if (!(caps & SMB2_CAP_MULTI_CHANNEL)) {
torture_skip(tctx, "server doesn't support SMB2_CAP_MULTI_CHANNEL\n");
}
/* Add some random component to the file name. */
snprintf(fname, sizeof(fname), "session_bind1_%s.dat",
generate_random_str(tctx, 8));
smb2_util_unlink(tree1, fname);
smb2_oplock_create_share(&io1, fname,
smb2_util_share_access(""),
smb2_util_oplock_level("b"));
status = smb2_create(tree1, mem_ctx, &io1);
CHECK_STATUS(status, NT_STATUS_OK);
_h1 = io1.out.file.handle;
h1 = &_h1;
CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
CHECK_VAL(io1.out.oplock_level, smb2_util_oplock_level("b"));
status = smb2_connect(tctx,
host,
lpcfg_smb_ports(tctx->lp_ctx),
share,
lpcfg_resolve_context(tctx->lp_ctx),
credentials,
&tree2,
tctx->ev,
&transport1->options,
lpcfg_socket_options(tctx->lp_ctx),
lpcfg_gensec_settings(tctx, tctx->lp_ctx)
);
torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
"smb2_connect failed");
session2_2 = tree2->session;
transport2 = tree2->session->transport;
/*
* Now bind the 2nd transport connection to the 1st session
*/
session1_2 = smb2_session_channel(transport2,
lpcfg_gensec_settings(tctx, tctx->lp_ctx),
tree2,
session1_1);
torture_assert(tctx, session1_2 != NULL, "smb2_session_channel failed");
status = smb2_session_setup_spnego(session1_2,
cmdline_credentials,
0 /* previous_session_id */);
CHECK_STATUS(status, NT_STATUS_OK);
/* use the 1st connection, 1st session */
ZERO_STRUCT(qfinfo);
qfinfo.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
qfinfo.generic.in.file.handle = _h1;
tree1->session = session1_1;
status = smb2_getinfo_file(tree1, mem_ctx, &qfinfo);
CHECK_STATUS(status, NT_STATUS_OK);
/* use the 2nd connection, 1st session */
ZERO_STRUCT(qfinfo);
qfinfo.generic.level = RAW_FILEINFO_POSITION_INFORMATION;
qfinfo.generic.in.file.handle = _h1;
tree1->session = session1_2;
status = smb2_getinfo_file(tree1, mem_ctx, &qfinfo);
CHECK_STATUS(status, NT_STATUS_OK);
tree1->session = session1_1;
smb2_util_close(tree1, *h1);
h1 = NULL;
/*
* Now bind the 1st transport connection to the 2nd session
*/
session2_1 = smb2_session_channel(transport1,
lpcfg_gensec_settings(tctx, tctx->lp_ctx),
tree1,
session2_2);
torture_assert(tctx, session2_1 != NULL, "smb2_session_channel failed");
status = smb2_session_setup_spnego(session2_1,
cmdline_credentials,
0 /* previous_session_id */);
CHECK_STATUS(status, NT_STATUS_OK);
tree2->session = session2_1;
status = smb2_util_unlink(tree2, fname);
CHECK_STATUS(status, NT_STATUS_OK);
ret = true;
done:
talloc_free(tree2);
tree1->session = session1_1;
if (h1 != NULL) {
smb2_util_close(tree1, *h1);
}
smb2_util_unlink(tree1, fname);
talloc_free(tree1);
talloc_free(mem_ctx);
return ret;
}
/*
test SMB2 open
*/
static bool test_smb2_open(struct torture_context *tctx,
struct smb2_tree *tree)
{
union smb_open io;
union smb_fileinfo finfo;
const char *fname = DNAME "\\torture_ntcreatex.txt";
const char *dname = DNAME "\\torture_ntcreatex.dir";
NTSTATUS status;
struct smb2_handle h, h1;
bool ret = true;
int i;
struct {
uint32_t create_disp;
bool with_file;
NTSTATUS correct_status;
} open_funcs[] = {
{ NTCREATEX_DISP_SUPERSEDE, true, NT_STATUS_OK },
{ NTCREATEX_DISP_SUPERSEDE, false, NT_STATUS_OK },
{ NTCREATEX_DISP_OPEN, true, NT_STATUS_OK },
{ NTCREATEX_DISP_OPEN, false, NT_STATUS_OBJECT_NAME_NOT_FOUND },
{ NTCREATEX_DISP_CREATE, true, NT_STATUS_OBJECT_NAME_COLLISION },
{ NTCREATEX_DISP_CREATE, false, NT_STATUS_OK },
{ NTCREATEX_DISP_OPEN_IF, true, NT_STATUS_OK },
{ NTCREATEX_DISP_OPEN_IF, false, NT_STATUS_OK },
{ NTCREATEX_DISP_OVERWRITE, true, NT_STATUS_OK },
{ NTCREATEX_DISP_OVERWRITE, false, NT_STATUS_OBJECT_NAME_NOT_FOUND },
{ NTCREATEX_DISP_OVERWRITE_IF, true, NT_STATUS_OK },
{ NTCREATEX_DISP_OVERWRITE_IF, false, NT_STATUS_OK },
{ 6, true, NT_STATUS_INVALID_PARAMETER },
{ 6, false, NT_STATUS_INVALID_PARAMETER },
};
torture_comment(tctx, "Checking SMB2 Open\n");
smb2_util_unlink(tree, fname);
smb2_util_rmdir(tree, dname);
status = torture_smb2_testdir(tree, DNAME, &h);
CHECK_STATUS(status, NT_STATUS_OK);
ZERO_STRUCT(io.smb2);
/* reasonable default parameters */
io.generic.level = RAW_OPEN_SMB2;
io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
io.smb2.in.alloc_size = 1024*1024;
io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
io.smb2.in.create_options = 0;
io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
io.smb2.in.security_flags = 0;
io.smb2.in.fname = fname;
/* test the create disposition */
for (i=0; i<ARRAY_SIZE(open_funcs); i++) {
if (open_funcs[i].with_file) {
io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
status= smb2_create(tree, tctx, &(io.smb2));
if (!NT_STATUS_IS_OK(status)) {
torture_comment(tctx,
"Failed to create file %s status %s %d\n",
fname, nt_errstr(status), i);
ret = false;
goto done;
}
smb2_util_close(tree, io.smb2.out.file.handle);
}
io.smb2.in.create_disposition = open_funcs[i].create_disp;
status = smb2_create(tree, tctx, &(io.smb2));
if (!NT_STATUS_EQUAL(status, open_funcs[i].correct_status)) {
torture_comment(tctx,
"(%s) incorrect status %s should be %s (i=%d "
"with_file=%d open_disp=%d)\n",
__location__, nt_errstr(status),
nt_errstr(open_funcs[i].correct_status),
i, (int)open_funcs[i].with_file,
(int)open_funcs[i].create_disp);
ret = false;
goto done;
}
if (NT_STATUS_IS_OK(status) || open_funcs[i].with_file) {
smb2_util_close(tree, io.smb2.out.file.handle);
smb2_util_unlink(tree, fname);
}
}
/* basic field testing */
io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
status = smb2_create(tree, tctx, &(io.smb2));
CHECK_STATUS(status, NT_STATUS_OK);
h1 = io.smb2.out.file.handle;
CHECK_VAL(io.smb2.out.oplock_level, 0);
CHECK_VAL(io.smb2.out.create_action, NTCREATEX_ACTION_CREATED);
CHECK_NTTIME(io.smb2.out.create_time, create_time);
CHECK_NTTIME(io.smb2.out.access_time, access_time);
CHECK_NTTIME(io.smb2.out.write_time, write_time);
CHECK_NTTIME(io.smb2.out.change_time, change_time);
CHECK_ALL_INFO(io.smb2.out.file_attr, attrib);
CHECK_ALL_INFO(io.smb2.out.alloc_size, alloc_size);
CHECK_ALL_INFO(io.smb2.out.size, size);
/* check fields when the file already existed */
smb2_util_close(tree, h1);
smb2_util_unlink(tree, fname);
status = smb2_create_complex_file(tree, fname, &h1);
CHECK_STATUS(status, NT_STATUS_OK);
smb2_util_close(tree, h1);
io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
status = smb2_create(tree, tctx, &(io.smb2));
CHECK_STATUS(status, NT_STATUS_OK);
h1 = io.smb2.out.file.handle;
CHECK_VAL(io.smb2.out.oplock_level, 0);
CHECK_VAL(io.smb2.out.create_action, NTCREATEX_ACTION_EXISTED);
CHECK_NTTIME(io.smb2.out.create_time, create_time);
CHECK_NTTIME(io.smb2.out.access_time, access_time);
CHECK_NTTIME(io.smb2.out.write_time, write_time);
CHECK_NTTIME(io.smb2.out.change_time, change_time);
CHECK_ALL_INFO(io.smb2.out.file_attr, attrib);
CHECK_ALL_INFO(io.smb2.out.alloc_size, alloc_size);
CHECK_ALL_INFO(io.smb2.out.size, size);
smb2_util_close(tree, h1);
smb2_util_unlink(tree, fname);
/* create a directory */
io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
io.smb2.in.alloc_size = 0;
io.smb2.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY;
io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
io.smb2.in.create_options = 0;
io.smb2.in.fname = dname;
fname = dname;
smb2_util_rmdir(tree, fname);
smb2_util_unlink(tree, fname);
io.smb2.in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED;
io.smb2.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
NTCREATEX_SHARE_ACCESS_WRITE;
status = smb2_create(tree, tctx, &(io.smb2));
CHECK_STATUS(status, NT_STATUS_OK);
h1 = io.smb2.out.file.handle;
CHECK_VAL(io.smb2.out.oplock_level, 0);
CHECK_VAL(io.smb2.out.create_action, NTCREATEX_ACTION_CREATED);
CHECK_NTTIME(io.smb2.out.create_time, create_time);
CHECK_NTTIME(io.smb2.out.access_time, access_time);
CHECK_NTTIME(io.smb2.out.write_time, write_time);
CHECK_NTTIME(io.smb2.out.change_time, change_time);
CHECK_ALL_INFO(io.smb2.out.file_attr, attrib);
CHECK_VAL(io.smb2.out.file_attr & ~FILE_ATTRIBUTE_NONINDEXED,
FILE_ATTRIBUTE_DIRECTORY);
CHECK_ALL_INFO(io.smb2.out.alloc_size, alloc_size);
CHECK_ALL_INFO(io.smb2.out.size, size);
CHECK_VAL(io.smb2.out.size, 0);
CHECK_VAL(io.smb2.out.alloc_size, 0);
smb2_util_unlink(tree, fname);
done:
smb2_util_close(tree, h1);
smb2_util_unlink(tree, fname);
smb2_deltree(tree, DNAME);
return ret;
}
/**
* durable reconnect test:
* connect with v1, reconnect with v2 : fails (no create_guid...)
*/
bool test_durable_v2_open_reopen2c(struct torture_context *tctx,
struct smb2_tree *tree)
{
NTSTATUS status;
TALLOC_CTX *mem_ctx = talloc_new(tctx);
char fname[256];
struct smb2_handle _h;
struct smb2_handle *h = NULL;
struct smb2_create io;
struct GUID create_guid = GUID_random();
bool ret = true;
struct smbcli_options options;
options = tree->session->transport->options;
/* Choose a random name in case the state is left a little funky. */
snprintf(fname, 256, "durable_v2_open_reopen2c_%s.dat",
generate_random_str(tctx, 8));
smb2_util_unlink(tree, fname);
smb2_oplock_create_share(&io, fname,
smb2_util_share_access(""),
smb2_util_oplock_level("b"));
io.in.durable_open = true;
io.in.durable_open_v2 = false;
io.in.persistent_open = false;
io.in.create_guid = create_guid;
io.in.timeout = UINT32_MAX;
status = smb2_create(tree, mem_ctx, &io);
CHECK_STATUS(status, NT_STATUS_OK);
_h = io.out.file.handle;
h = &_h;
CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("b"));
CHECK_VAL(io.out.durable_open, true);
CHECK_VAL(io.out.durable_open_v2, false);
CHECK_VAL(io.out.persistent_open, false);
CHECK_VAL(io.out.timeout, 0);
/* disconnect, leaving the durable open */
TALLOC_FREE(tree);
if (!torture_smb2_connection_ext(tctx, 0, &options, &tree)) {
torture_warning(tctx, "couldn't reconnect, bailing\n");
ret = false;
goto done;
}
ZERO_STRUCT(io);
io.in.fname = fname;
io.in.durable_handle_v2 = h; /* durable v2 reconnect */
io.in.create_guid = create_guid;
status = smb2_create(tree, mem_ctx, &io);
CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
done:
if (h != NULL) {
smb2_util_close(tree, *h);
}
smb2_util_unlink(tree, fname);
talloc_free(tree);
talloc_free(mem_ctx);
return ret;
}
/**
* testing various create blob combinations.
*/
bool test_durable_v2_open_create_blob(struct torture_context *tctx,
struct smb2_tree *tree)
{
NTSTATUS status;
TALLOC_CTX *mem_ctx = talloc_new(tctx);
char fname[256];
struct smb2_handle _h;
struct smb2_handle *h = NULL;
struct smb2_create io;
struct GUID create_guid = GUID_random();
bool ret = true;
struct smbcli_options options;
options = tree->session->transport->options;
/* Choose a random name in case the state is left a little funky. */
snprintf(fname, 256, "durable_v2_open_create_blob_%s.dat",
generate_random_str(tctx, 8));
smb2_util_unlink(tree, fname);
smb2_oplock_create_share(&io, fname,
smb2_util_share_access(""),
smb2_util_oplock_level("b"));
io.in.durable_open = false;
io.in.durable_open_v2 = true;
io.in.persistent_open = false;
io.in.create_guid = create_guid;
io.in.timeout = UINT32_MAX;
status = smb2_create(tree, mem_ctx, &io);
CHECK_STATUS(status, NT_STATUS_OK);
_h = io.out.file.handle;
h = &_h;
CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("b"));
CHECK_VAL(io.out.durable_open, false);
CHECK_VAL(io.out.durable_open_v2, true);
CHECK_VAL(io.out.persistent_open, false);
CHECK_VAL(io.out.timeout, io.in.timeout);
/* disconnect */
TALLOC_FREE(tree);
/* create a new session (same client_guid) */
if (!torture_smb2_connection_ext(tctx, 0, &options, &tree)) {
torture_warning(tctx, "couldn't reconnect, bailing\n");
ret = false;
goto done;
}
/*
* check invalid combinations of durable handle
* request and reconnect blobs
* See MS-SMB2: 3.3.5.9.12
* Handling the SMB2_CREATE_DURABLE_HANDLE_RECONNECT_V2 Create Context
*/
ZERO_STRUCT(io);
io.in.fname = fname;
io.in.durable_handle_v2 = h; /* durable v2 reconnect request */
io.in.durable_open = true; /* durable v1 handle request */
io.in.create_guid = create_guid;
status = smb2_create(tree, mem_ctx, &io);
CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
ZERO_STRUCT(io);
io.in.fname = fname;
io.in.durable_handle = h; /* durable v1 reconnect request */
io.in.durable_open_v2 = true; /* durable v2 handle request */
io.in.create_guid = create_guid;
status = smb2_create(tree, mem_ctx, &io);
CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
ZERO_STRUCT(io);
io.in.fname = fname;
io.in.durable_handle = h; /* durable v1 reconnect request */
io.in.durable_handle_v2 = h; /* durable v2 reconnect request */
io.in.create_guid = create_guid;
status = smb2_create(tree, mem_ctx, &io);
CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
ZERO_STRUCT(io);
io.in.fname = fname;
io.in.durable_handle_v2 = h; /* durable v2 reconnect request */
io.in.durable_open_v2 = true; /* durable v2 handle request */
io.in.create_guid = create_guid;
status = smb2_create(tree, mem_ctx, &io);
CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER);
done:
if (h != NULL) {
smb2_util_close(tree, *h);
}
smb2_util_unlink(tree, fname);
talloc_free(tree);
talloc_free(mem_ctx);
return ret;
}
static NTSTATUS tcp_ldap_netlogon(void *conn,
TALLOC_CTX *mem_ctx,
struct cldap_netlogon *io)
{
struct cldap_search search;
struct ldap_SearchResEntry *res;
NTSTATUS status;
DATA_BLOB *blob;
ZERO_STRUCT(search);
search.in.attributes = (const char *[]) { "netlogon", NULL };
search.in.filter = cldap_netlogon_create_filter(mem_ctx, io);
if (search.in.filter == NULL) {
return NT_STATUS_NO_MEMORY;
}
status = tcp_ldap_rootdse(conn, mem_ctx, &search);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
res = search.out.response;
if (res == NULL) {
return NT_STATUS_NOT_FOUND;
}
if (res->num_attributes != 1 ||
strcasecmp(res->attributes[0].name, "netlogon") != 0 ||
res->attributes[0].num_values != 1 ||
res->attributes[0].values->length < 2) {
return NT_STATUS_UNEXPECTED_NETWORK_ERROR;
}
blob = res->attributes[0].values;
status = pull_netlogon_samlogon_response(blob, mem_ctx,
&io->out.netlogon);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
if (io->in.map_response) {
map_netlogon_samlogon_response(&io->out.netlogon);
}
return NT_STATUS_OK;
}
static NTSTATUS udp_ldap_rootdse(void *data, TALLOC_CTX *mem_ctx,
struct cldap_search *io)
{
struct cldap_socket *cldap = talloc_get_type(data,
struct cldap_socket);
return cldap_search(cldap, mem_ctx, io);
}
static bool test_netlogon_extra_attrs(struct torture_context *tctx,
request_rootdse_t request_rootdse,
void *conn)
{
struct cldap_search io;
NTSTATUS status;
const char *attrs[] = {
"netlogon",
"supportedCapabilities",
NULL
};
const char *attrs2[] = { "netlogon", "*", NULL };
struct ldb_message ldbmsg = { NULL, 0, NULL };
ZERO_STRUCT(io);
io.in.dest_address = NULL;
io.in.dest_port = 0;
io.in.timeout = 2;
io.in.retries = 2;
/* Additional attributes may be requested next to netlogon */
torture_comment(tctx, "Requesting netlogon with additional attribute\n");
io.in.filter =
talloc_asprintf(tctx, "(&"
"(NtVer=%s)(AAC=%s)"
/* Query for LDAP_CAP_ACTIVE_DIRECTORY_OID */
"(supportedCapabilities=1.2.840.113556.1.4.800)"
")",
ldap_encode_ndr_uint32(tctx,
NETLOGON_NT_VERSION_5EX),
ldap_encode_ndr_uint32(tctx, 0));
torture_assert(tctx, io.in.filter != NULL, "OOM");
io.in.attributes = attrs;
status = request_rootdse(conn, tctx, &io);
CHECK_STATUS(status, NT_STATUS_OK);
torture_assert(tctx, io.out.response != NULL, "No Entries found.");
CHECK_VAL(io.out.response->num_attributes, 2);
/* netlogon + '*' attr return zero results */
torture_comment(tctx, "Requesting netlogon and '*' attributes\n");
io.in.attributes = attrs2;
status = request_rootdse(conn, tctx, &io);
CHECK_STATUS(status, NT_STATUS_OK);
torture_assert(tctx, io.out.response != NULL, "No Entries found.");
ldbmsg.num_elements = io.out.response->num_attributes;
ldbmsg.elements = io.out.response->attributes;
torture_assert(tctx, ldb_msg_find_element(&ldbmsg, "netlogon") != NULL,
"Attribute netlogon not found in Result Entry\n");
/* Wildcards are not allowed in filters when netlogon is requested. */
torture_comment(tctx, "Requesting netlogon with invalid attr filter\n");
io.in.filter =
talloc_asprintf(tctx,
"(&(NtVer=%s)(AAC=%s)(supportedCapabilities=*))",
ldap_encode_ndr_uint32(tctx,
NETLOGON_NT_VERSION_5EX),
ldap_encode_ndr_uint32(tctx, 0));
torture_assert(tctx, io.in.filter != NULL, "OOM");
io.in.attributes = attrs;
status = request_rootdse(conn, tctx, &io);
CHECK_STATUS(status, NT_STATUS_OK);
torture_assert(tctx, io.out.response == NULL,
"A wildcard filter should return no entries.");
return true;
}
bool torture_netlogon_tcp(struct torture_context *tctx)
{
const char *host = torture_setting_string(tctx, "host", NULL);
bool ret = true;
NTSTATUS status;
struct ldap_connection *conn;
TALLOC_CTX *mem_ctx;
const char *url;
mem_ctx = talloc_init("torture_ldap_netlogon");
url = talloc_asprintf(mem_ctx, "ldap://%s/", host);
status = torture_ldap_connection(tctx, &conn, url);
if (!NT_STATUS_IS_OK(status)) {
return false;
}
ret &= test_ldap_netlogon(tctx, tcp_ldap_netlogon, conn, host);
ret &= test_ldap_netlogon_flags(tctx, tcp_ldap_netlogon, conn, host);
ret &= test_netlogon_extra_attrs(tctx, tcp_ldap_rootdse, conn);
return ret;
}
static NTSTATUS udp_ldap_netlogon(void *data,
TALLOC_CTX *mem_ctx,
struct cldap_netlogon *io)
{
struct cldap_socket *cldap = talloc_get_type(data,
struct cldap_socket);
return cldap_netlogon(cldap, mem_ctx, io);
}
bool torture_netlogon_udp(struct torture_context *tctx)
{
const char *host = torture_setting_string(tctx, "host", NULL);
bool ret = true;
int r;
struct cldap_socket *cldap;
NTSTATUS status;
struct tsocket_address *dest_addr;
r = tsocket_address_inet_from_strings(tctx, "ip",
host,
lpcfg_cldap_port(tctx->lp_ctx),
&dest_addr);
CHECK_VAL(r, 0);
/* cldap_socket_init should now know about the dest. address */
status = cldap_socket_init(tctx, NULL, dest_addr, &cldap);
CHECK_STATUS(status, NT_STATUS_OK);
ret &= test_ldap_netlogon(tctx, udp_ldap_netlogon, cldap, host);
ret &= test_ldap_netlogon_flags(tctx, udp_ldap_netlogon, cldap, host);
ret &= test_netlogon_extra_attrs(tctx, udp_ldap_rootdse, cldap);
return ret;
}
/*
test netlogon operations
*/
static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest)
{
struct cldap_socket *cldap;
NTSTATUS status;
struct cldap_netlogon search, empty_search;
struct netlogon_samlogon_response n1;
struct GUID guid;
int i;
struct smb_iconv_convenience *iconv_convenience = lp_iconv_convenience(tctx->lp_ctx);
struct tsocket_address *dest_addr;
int ret;
ret = tsocket_address_inet_from_strings(tctx, "ip",
dest,
lp_cldap_port(tctx->lp_ctx),
&dest_addr);
status = cldap_socket_init(tctx, NULL, NULL, dest_addr, &cldap);
CHECK_STATUS(status, NT_STATUS_OK);
ZERO_STRUCT(search);
search.in.dest_address = NULL;
search.in.dest_port = 0;
search.in.acct_control = -1;
search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
search.in.map_response = true;
empty_search = search;
printf("Trying without any attributes\n");
search = empty_search;
status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
n1 = search.out.netlogon;
search.in.user = "******";
search.in.realm = n1.data.nt5_ex.dns_domain;
search.in.host = "__cldap_torture__";
printf("Scanning for netlogon levels\n");
for (i=0;i<256;i++) {
search.in.version = i;
printf("Trying netlogon level %d\n", i);
status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
}
printf("Scanning for netlogon level bits\n");
for (i=0;i<31;i++) {
search.in.version = (1<<i);
printf("Trying netlogon level 0x%x\n", i);
status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
}
search.in.version = NETLOGON_NT_VERSION_5|NETLOGON_NT_VERSION_5EX|NETLOGON_NT_VERSION_IP;
status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
printf("Trying with User=NULL\n");
search.in.user = NULL;
status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
printf("Trying with User=Administrator\n");
search.in.user = "******";
status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
search.in.version = NETLOGON_NT_VERSION_5;
status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
printf("Trying with User=NULL\n");
search.in.user = NULL;
status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE);
printf("Trying with User=Administrator\n");
search.in.user = "******";
status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN);
search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
printf("Trying with a GUID\n");
search.in.realm = NULL;
search.in.domain_guid = GUID_string(tctx, &n1.data.nt5_ex.domain_uuid);
status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
CHECK_STRING(GUID_string(tctx, &search.out.netlogon.data.nt5_ex.domain_uuid), search.in.domain_guid);
printf("Trying with a incorrect GUID\n");
guid = GUID_random();
search.in.user = NULL;
search.in.domain_guid = GUID_string(tctx, &guid);
status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
CHECK_STATUS(status, NT_STATUS_NOT_FOUND);
printf("Trying with a AAC\n");
search.in.acct_control = ACB_WSTRUST|ACB_SVRTRUST;
search.in.realm = n1.data.nt5_ex.dns_domain;
status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
printf("Trying with a zero AAC\n");
search.in.acct_control = 0x0;
search.in.realm = n1.data.nt5_ex.dns_domain;
status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
printf("Trying with a zero AAC and user=Administrator\n");
search.in.acct_control = 0x0;
search.in.user = "******";
search.in.realm = n1.data.nt5_ex.dns_domain;
status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "Administrator");
printf("Trying with a bad AAC\n");
search.in.user = NULL;
search.in.acct_control = 0xFF00FF00;
search.in.realm = n1.data.nt5_ex.dns_domain;
status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
printf("Trying with a user only\n");
search = empty_search;
search.in.user = "******";
status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
printf("Trying with just a bad username\n");
search.in.user = "******";
status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
printf("Trying with just a bad domain\n");
search = empty_search;
search.in.realm = "___no_such_domain___";
status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
CHECK_STATUS(status, NT_STATUS_NOT_FOUND);
printf("Trying with a incorrect domain and correct guid\n");
search.in.domain_guid = GUID_string(tctx, &n1.data.nt5_ex.domain_uuid);
status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
printf("Trying with a incorrect domain and incorrect guid\n");
search.in.domain_guid = GUID_string(tctx, &guid);
status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
CHECK_STATUS(status, NT_STATUS_NOT_FOUND);
CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
printf("Trying with a incorrect GUID and correct domain\n");
search.in.domain_guid = GUID_string(tctx, &guid);
search.in.realm = n1.data.nt5_ex.dns_domain;
status = cldap_netlogon(cldap, iconv_convenience, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
return true;
}
/*
basic testing of all RAW_SEARCH_* calls using a single file
*/
static bool test_one_file(struct torture_context *tctx,
struct smbcli_state *cli)
{
bool ret = true;
int fnum;
const char *fname = "\\torture_search.txt";
const char *fname2 = "\\torture_search-NOTEXIST.txt";
NTSTATUS status;
int i;
union smb_fileinfo all_info, alt_info, name_info, internal_info;
union smb_search_data *s;
fnum = create_complex_file(cli, tctx, fname);
if (fnum == -1) {
printf("ERROR: open of %s failed (%s)\n", fname, smbcli_errstr(cli->tree));
ret = false;
goto done;
}
/* call all the levels */
for (i=0;i<ARRAY_SIZE(levels);i++) {
NTSTATUS expected_status;
uint32_t cap = cli->transport->negotiate.capabilities;
torture_comment(tctx, "testing %s\n", levels[i].name);
levels[i].status = torture_single_search(cli, tctx, fname,
levels[i].level,
levels[i].data_level,
0,
&levels[i].data);
/* see if this server claims to support this level */
if ((cap & levels[i].capability_mask) != levels[i].capability_mask) {
printf("search level %s(%d) not supported by server\n",
levels[i].name, (int)levels[i].level);
continue;
}
if (!NT_STATUS_IS_OK(levels[i].status)) {
printf("search level %s(%d) failed - %s\n",
levels[i].name, (int)levels[i].level,
nt_errstr(levels[i].status));
ret = false;
continue;
}
status = torture_single_search(cli, tctx, fname2,
levels[i].level,
levels[i].data_level,
0,
&levels[i].data);
expected_status = NT_STATUS_NO_SUCH_FILE;
if (levels[i].level == RAW_SEARCH_SEARCH ||
levels[i].level == RAW_SEARCH_FFIRST ||
levels[i].level == RAW_SEARCH_FUNIQUE) {
expected_status = STATUS_NO_MORE_FILES;
}
if (!NT_STATUS_EQUAL(status, expected_status)) {
printf("search level %s(%d) should fail with %s - %s\n",
levels[i].name, (int)levels[i].level,
nt_errstr(expected_status),
nt_errstr(status));
ret = false;
}
}
/* get the all_info file into to check against */
all_info.generic.level = RAW_FILEINFO_ALL_INFO;
all_info.generic.in.file.path = fname;
status = smb_raw_pathinfo(cli->tree, tctx, &all_info);
torture_assert_ntstatus_ok(tctx, status, "RAW_FILEINFO_ALL_INFO failed");
alt_info.generic.level = RAW_FILEINFO_ALT_NAME_INFO;
alt_info.generic.in.file.path = fname;
status = smb_raw_pathinfo(cli->tree, tctx, &alt_info);
torture_assert_ntstatus_ok(tctx, status, "RAW_FILEINFO_ALT_NAME_INFO failed");
internal_info.generic.level = RAW_FILEINFO_INTERNAL_INFORMATION;
internal_info.generic.in.file.path = fname;
status = smb_raw_pathinfo(cli->tree, tctx, &internal_info);
torture_assert_ntstatus_ok(tctx, status, "RAW_FILEINFO_INTERNAL_INFORMATION failed");
name_info.generic.level = RAW_FILEINFO_NAME_INFO;
name_info.generic.in.file.path = fname;
status = smb_raw_pathinfo(cli->tree, tctx, &name_info);
torture_assert_ntstatus_ok(tctx, status, "RAW_FILEINFO_NAME_INFO failed");
#define CHECK_VAL(name, sname1, field1, v, sname2, field2) do { \
s = find(name); \
if (s) { \
if ((s->sname1.field1) != (v.sname2.out.field2)) { \
printf("(%s) %s/%s [0x%x] != %s/%s [0x%x]\n", \
__location__, \
#sname1, #field1, (int)s->sname1.field1, \
#sname2, #field2, (int)v.sname2.out.field2); \
ret = false; \
} \
}} while (0)
#define CHECK_TIME(name, sname1, field1, v, sname2, field2) do { \
s = find(name); \
if (s) { \
if (s->sname1.field1 != (~1 & nt_time_to_unix(v.sname2.out.field2))) { \
printf("(%s) %s/%s [%s] != %s/%s [%s]\n", \
__location__, \
#sname1, #field1, timestring(tctx, s->sname1.field1), \
#sname2, #field2, nt_time_string(tctx, v.sname2.out.field2)); \
ret = false; \
} \
}} while (0)
#define CHECK_NTTIME(name, sname1, field1, v, sname2, field2) do { \
s = find(name); \
if (s) { \
if (s->sname1.field1 != v.sname2.out.field2) { \
printf("(%s) %s/%s [%s] != %s/%s [%s]\n", \
__location__, \
#sname1, #field1, nt_time_string(tctx, s->sname1.field1), \
#sname2, #field2, nt_time_string(tctx, v.sname2.out.field2)); \
ret = false; \
} \
}} while (0)
#define CHECK_STR(name, sname1, field1, v, sname2, field2) do { \
s = find(name); \
if (s) { \
if (!s->sname1.field1 || strcmp(s->sname1.field1, v.sname2.out.field2.s)) { \
printf("(%s) %s/%s [%s] != %s/%s [%s]\n", \
__location__, \
#sname1, #field1, s->sname1.field1, \
#sname2, #field2, v.sname2.out.field2.s); \
ret = false; \
} \
}} while (0)
#define CHECK_WSTR(name, sname1, field1, v, sname2, field2, flags) do { \
s = find(name); \
if (s) { \
if (!s->sname1.field1.s || \
strcmp(s->sname1.field1.s, v.sname2.out.field2.s) || \
wire_bad_flags(&s->sname1.field1, flags, cli->transport)) { \
printf("(%s) %s/%s [%s] != %s/%s [%s]\n", \
__location__, \
#sname1, #field1, s->sname1.field1.s, \
#sname2, #field2, v.sname2.out.field2.s); \
ret = false; \
} \
}} while (0)
#define CHECK_NAME(name, sname1, field1, fname, flags) do { \
s = find(name); \
if (s) { \
if (!s->sname1.field1.s || \
strcmp(s->sname1.field1.s, fname) || \
wire_bad_flags(&s->sname1.field1, flags, cli->transport)) { \
printf("(%s) %s/%s [%s] != %s\n", \
__location__, \
#sname1, #field1, s->sname1.field1.s, \
fname); \
ret = false; \
} \
}} while (0)
#define CHECK_UNIX_NAME(name, sname1, field1, fname, flags) do { \
s = find(name); \
if (s) { \
if (!s->sname1.field1 || \
strcmp(s->sname1.field1, fname)) { \
printf("(%s) %s/%s [%s] != %s\n", \
__location__, \
#sname1, #field1, s->sname1.field1, \
fname); \
ret = false; \
} \
}} while (0)
/* check that all the results are as expected */
CHECK_VAL("SEARCH", search, attrib, all_info, all_info, attrib&0xFFF);
CHECK_VAL("STANDARD", standard, attrib, all_info, all_info, attrib&0xFFF);
CHECK_VAL("EA_SIZE", ea_size, attrib, all_info, all_info, attrib&0xFFF);
CHECK_VAL("DIRECTORY_INFO", directory_info, attrib, all_info, all_info, attrib);
CHECK_VAL("FULL_DIRECTORY_INFO", full_directory_info, attrib, all_info, all_info, attrib);
CHECK_VAL("BOTH_DIRECTORY_INFO", both_directory_info, attrib, all_info, all_info, attrib);
CHECK_VAL("ID_FULL_DIRECTORY_INFO", id_full_directory_info, attrib, all_info, all_info, attrib);
CHECK_VAL("ID_BOTH_DIRECTORY_INFO", id_both_directory_info, attrib, all_info, all_info, attrib);
CHECK_TIME("SEARCH", search, write_time, all_info, all_info, write_time);
CHECK_TIME("STANDARD", standard, write_time, all_info, all_info, write_time);
CHECK_TIME("EA_SIZE", ea_size, write_time, all_info, all_info, write_time);
CHECK_TIME("STANDARD", standard, create_time, all_info, all_info, create_time);
CHECK_TIME("EA_SIZE", ea_size, create_time, all_info, all_info, create_time);
CHECK_TIME("STANDARD", standard, access_time, all_info, all_info, access_time);
CHECK_TIME("EA_SIZE", ea_size, access_time, all_info, all_info, access_time);
CHECK_NTTIME("DIRECTORY_INFO", directory_info, write_time, all_info, all_info, write_time);
CHECK_NTTIME("FULL_DIRECTORY_INFO", full_directory_info, write_time, all_info, all_info, write_time);
CHECK_NTTIME("BOTH_DIRECTORY_INFO", both_directory_info, write_time, all_info, all_info, write_time);
CHECK_NTTIME("ID_FULL_DIRECTORY_INFO", id_full_directory_info, write_time, all_info, all_info, write_time);
CHECK_NTTIME("ID_BOTH_DIRECTORY_INFO", id_both_directory_info, write_time, all_info, all_info, write_time);
CHECK_NTTIME("DIRECTORY_INFO", directory_info, create_time, all_info, all_info, create_time);
CHECK_NTTIME("FULL_DIRECTORY_INFO", full_directory_info, create_time, all_info, all_info, create_time);
CHECK_NTTIME("BOTH_DIRECTORY_INFO", both_directory_info, create_time, all_info, all_info, create_time);
CHECK_NTTIME("ID_FULL_DIRECTORY_INFO", id_full_directory_info, create_time, all_info, all_info, create_time);
CHECK_NTTIME("ID_BOTH_DIRECTORY_INFO", id_both_directory_info, create_time, all_info, all_info, create_time);
CHECK_NTTIME("DIRECTORY_INFO", directory_info, access_time, all_info, all_info, access_time);
CHECK_NTTIME("FULL_DIRECTORY_INFO", full_directory_info, access_time, all_info, all_info, access_time);
CHECK_NTTIME("BOTH_DIRECTORY_INFO", both_directory_info, access_time, all_info, all_info, access_time);
CHECK_NTTIME("ID_FULL_DIRECTORY_INFO", id_full_directory_info, access_time, all_info, all_info, access_time);
CHECK_NTTIME("ID_BOTH_DIRECTORY_INFO", id_both_directory_info, access_time, all_info, all_info, access_time);
CHECK_NTTIME("DIRECTORY_INFO", directory_info, change_time, all_info, all_info, change_time);
CHECK_NTTIME("FULL_DIRECTORY_INFO", full_directory_info, change_time, all_info, all_info, change_time);
CHECK_NTTIME("BOTH_DIRECTORY_INFO", both_directory_info, change_time, all_info, all_info, change_time);
CHECK_NTTIME("ID_FULL_DIRECTORY_INFO", id_full_directory_info, change_time, all_info, all_info, change_time);
CHECK_NTTIME("ID_BOTH_DIRECTORY_INFO", id_both_directory_info, change_time, all_info, all_info, change_time);
CHECK_VAL("SEARCH", search, size, all_info, all_info, size);
CHECK_VAL("STANDARD", standard, size, all_info, all_info, size);
CHECK_VAL("EA_SIZE", ea_size, size, all_info, all_info, size);
CHECK_VAL("DIRECTORY_INFO", directory_info, size, all_info, all_info, size);
CHECK_VAL("FULL_DIRECTORY_INFO", full_directory_info, size, all_info, all_info, size);
CHECK_VAL("BOTH_DIRECTORY_INFO", both_directory_info, size, all_info, all_info, size);
CHECK_VAL("ID_FULL_DIRECTORY_INFO", id_full_directory_info, size, all_info, all_info, size);
CHECK_VAL("ID_BOTH_DIRECTORY_INFO", id_both_directory_info, size, all_info, all_info, size);
CHECK_VAL("UNIX_INFO", unix_info, size, all_info, all_info, size);
CHECK_VAL("STANDARD", standard, alloc_size, all_info, all_info, alloc_size);
CHECK_VAL("EA_SIZE", ea_size, alloc_size, all_info, all_info, alloc_size);
CHECK_VAL("DIRECTORY_INFO", directory_info, alloc_size, all_info, all_info, alloc_size);
CHECK_VAL("FULL_DIRECTORY_INFO", full_directory_info, alloc_size, all_info, all_info, alloc_size);
CHECK_VAL("BOTH_DIRECTORY_INFO", both_directory_info, alloc_size, all_info, all_info, alloc_size);
CHECK_VAL("ID_FULL_DIRECTORY_INFO", id_full_directory_info, alloc_size, all_info, all_info, alloc_size);
CHECK_VAL("ID_BOTH_DIRECTORY_INFO", id_both_directory_info, alloc_size, all_info, all_info, alloc_size);
CHECK_VAL("UNIX_INFO", unix_info, alloc_size, all_info, all_info, alloc_size);
CHECK_VAL("EA_SIZE", ea_size, ea_size, all_info, all_info, ea_size);
CHECK_VAL("FULL_DIRECTORY_INFO", full_directory_info, ea_size, all_info, all_info, ea_size);
CHECK_VAL("BOTH_DIRECTORY_INFO", both_directory_info, ea_size, all_info, all_info, ea_size);
CHECK_VAL("ID_FULL_DIRECTORY_INFO", id_full_directory_info, ea_size, all_info, all_info, ea_size);
CHECK_VAL("ID_BOTH_DIRECTORY_INFO", id_both_directory_info, ea_size, all_info, all_info, ea_size);
CHECK_STR("SEARCH", search, name, alt_info, alt_name_info, fname);
CHECK_WSTR("BOTH_DIRECTORY_INFO", both_directory_info, short_name, alt_info, alt_name_info, fname, STR_UNICODE);
CHECK_NAME("STANDARD", standard, name, fname+1, 0);
CHECK_NAME("EA_SIZE", ea_size, name, fname+1, 0);
CHECK_NAME("DIRECTORY_INFO", directory_info, name, fname+1, STR_TERMINATE_ASCII);
CHECK_NAME("FULL_DIRECTORY_INFO", full_directory_info, name, fname+1, STR_TERMINATE_ASCII);
CHECK_NAME("NAME_INFO", name_info, name, fname+1, STR_TERMINATE_ASCII);
CHECK_NAME("BOTH_DIRECTORY_INFO", both_directory_info, name, fname+1, STR_TERMINATE_ASCII);
CHECK_NAME("ID_FULL_DIRECTORY_INFO", id_full_directory_info, name, fname+1, STR_TERMINATE_ASCII);
CHECK_NAME("ID_BOTH_DIRECTORY_INFO", id_both_directory_info, name, fname+1, STR_TERMINATE_ASCII);
CHECK_UNIX_NAME("UNIX_INFO", unix_info, name, fname+1, STR_TERMINATE_ASCII);
CHECK_VAL("ID_FULL_DIRECTORY_INFO", id_full_directory_info, file_id, internal_info, internal_information, file_id);
CHECK_VAL("ID_BOTH_DIRECTORY_INFO", id_both_directory_info, file_id, internal_info, internal_information, file_id);
done:
smb_raw_exit(cli->session);
smbcli_unlink(cli->tree, fname);
return ret;
}
/**
* do reauth with wrong credentials,
* hence triggering the error path in reauth.
* The invalid reauth deletes the session.
*/
bool test_session_reauth6(struct torture_context *tctx, struct smb2_tree *tree)
{
NTSTATUS status;
TALLOC_CTX *mem_ctx = talloc_new(tctx);
char fname[256];
struct smb2_handle _h1;
struct smb2_handle *h1 = NULL;
struct smb2_create io1;
bool ret = true;
char *corrupted_password;
struct cli_credentials *broken_creds;
bool ok;
bool encrypted;
NTSTATUS expected;
enum credentials_use_kerberos krb_state;
krb_state = cli_credentials_get_kerberos_state(cmdline_credentials);
if (krb_state == CRED_MUST_USE_KERBEROS) {
torture_skip(tctx,
"Can't test failing session setup with kerberos.");
}
encrypted = smb2cli_tcon_is_encryption_on(tree->smbXcli);
/* Add some random component to the file name. */
snprintf(fname, 256, "session_reauth1_%s.dat",
generate_random_str(tctx, 8));
smb2_util_unlink(tree, fname);
smb2_oplock_create_share(&io1, fname,
smb2_util_share_access(""),
smb2_util_oplock_level("b"));
io1.in.create_options |= NTCREATEX_OPTIONS_DELETE_ON_CLOSE;
status = smb2_create(tree, mem_ctx, &io1);
CHECK_STATUS(status, NT_STATUS_OK);
_h1 = io1.out.file.handle;
h1 = &_h1;
CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
CHECK_VAL(io1.out.oplock_level, smb2_util_oplock_level("b"));
/*
* reauthentication with invalid credentials:
*/
broken_creds = cli_credentials_shallow_copy(mem_ctx,
cmdline_credentials);
torture_assert(tctx, (broken_creds != NULL), "talloc error");
corrupted_password = talloc_asprintf(mem_ctx, "%s%s",
cli_credentials_get_password(broken_creds),
"corrupt");
torture_assert(tctx, (corrupted_password != NULL), "talloc error");
ok = cli_credentials_set_password(broken_creds, corrupted_password,
CRED_SPECIFIED);
CHECK_VAL(ok, true);
status = smb2_session_setup_spnego(tree->session,
broken_creds,
0 /* previous_session_id */);
CHECK_STATUS(status, NT_STATUS_LOGON_FAILURE);
torture_comment(tctx, "did failed reauth\n");
/*
* now verify that the invalid session reauth has closed our session
*/
if (encrypted) {
expected = NT_STATUS_CONNECTION_DISCONNECTED;
} else {
expected = NT_STATUS_USER_SESSION_DELETED;
}
smb2_oplock_create_share(&io1, fname,
smb2_util_share_access(""),
smb2_util_oplock_level("b"));
status = smb2_create(tree, mem_ctx, &io1);
CHECK_STATUS(status, expected);
done:
if (h1 != NULL) {
smb2_util_close(tree, *h1);
}
smb2_util_unlink(tree, fname);
talloc_free(tree);
talloc_free(mem_ctx);
return ret;
}
static bool test_smb2_open_for_delete(struct torture_context *tctx,
struct smb2_tree *tree)
{
union smb_open io;
union smb_fileinfo finfo;
const char *fname = DNAME "\\torture_open_for_delete.txt";
NTSTATUS status;
struct smb2_handle h, h1;
bool ret = true;
torture_comment(tctx,
"Checking SMB2_OPEN for delete on a readonly file.\n");
smb2_util_unlink(tree, fname);
smb2_deltree(tree, fname);
status = torture_smb2_testdir(tree, DNAME, &h);
CHECK_STATUS(status, NT_STATUS_OK);
/* reasonable default parameters */
ZERO_STRUCT(io.smb2);
io.generic.level = RAW_OPEN_SMB2;
io.smb2.in.create_flags = NTCREATEX_FLAGS_EXTENDED;
io.smb2.in.alloc_size = 0;
io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
io.smb2.in.file_attributes = FILE_ATTRIBUTE_READONLY;
io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
io.smb2.in.create_options = 0;
io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
io.smb2.in.security_flags = 0;
io.smb2.in.fname = fname;
/* Create the readonly file. */
status = smb2_create(tree, tctx, &(io.smb2));
CHECK_STATUS(status, NT_STATUS_OK);
h1 = io.smb2.out.file.handle;
CHECK_VAL(io.smb2.out.oplock_level, 0);
io.smb2.in.create_options = 0;
CHECK_VAL(io.smb2.out.create_action, NTCREATEX_ACTION_CREATED);
CHECK_ALL_INFO(io.smb2.out.file_attr, attrib);
smb2_util_close(tree, h1);
/* Now try and open for delete only - should succeed. */
io.smb2.in.desired_access = SEC_STD_DELETE;
io.smb2.in.file_attributes = 0;
io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
NTCREATEX_SHARE_ACCESS_WRITE |
NTCREATEX_SHARE_ACCESS_DELETE;
io.smb2.in.create_disposition = NTCREATEX_DISP_OPEN;
status = smb2_create(tree, tctx, &(io.smb2));
CHECK_STATUS(status, NT_STATUS_OK);
smb2_util_unlink(tree, fname);
smb2_util_close(tree, h1);
smb2_util_unlink(tree, fname);
smb2_deltree(tree, DNAME);
return ret;
}
static bool test_session_expire1(struct torture_context *tctx)
{
NTSTATUS status;
bool ret = false;
struct smbcli_options options;
const char *host = torture_setting_string(tctx, "host", NULL);
const char *share = torture_setting_string(tctx, "share", NULL);
struct cli_credentials *credentials = cmdline_credentials;
struct smb2_tree *tree = NULL;
enum credentials_use_kerberos use_kerberos;
char fname[256];
struct smb2_handle _h1;
struct smb2_handle *h1 = NULL;
struct smb2_create io1;
union smb_fileinfo qfinfo;
size_t i;
use_kerberos = cli_credentials_get_kerberos_state(credentials);
if (use_kerberos != CRED_MUST_USE_KERBEROS) {
torture_warning(tctx, "smb2.session.expire1 requires -k yes!");
torture_skip(tctx, "smb2.session.expire1 requires -k yes!");
}
torture_assert_int_equal(tctx, use_kerberos, CRED_MUST_USE_KERBEROS,
"please use -k yes");
lpcfg_set_option(tctx->lp_ctx, "gensec_gssapi:requested_life_time=4");
lpcfg_smbcli_options(tctx->lp_ctx, &options);
status = smb2_connect(tctx,
host,
lpcfg_smb_ports(tctx->lp_ctx),
share,
lpcfg_resolve_context(tctx->lp_ctx),
credentials,
&tree,
tctx->ev,
&options,
lpcfg_socket_options(tctx->lp_ctx),
lpcfg_gensec_settings(tctx, tctx->lp_ctx)
);
torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
"smb2_connect failed");
/* Add some random component to the file name. */
snprintf(fname, 256, "session_expire1_%s.dat",
generate_random_str(tctx, 8));
smb2_util_unlink(tree, fname);
smb2_oplock_create_share(&io1, fname,
smb2_util_share_access(""),
smb2_util_oplock_level("b"));
io1.in.create_options |= NTCREATEX_OPTIONS_DELETE_ON_CLOSE;
status = smb2_create(tree, tctx, &io1);
CHECK_STATUS(status, NT_STATUS_OK);
_h1 = io1.out.file.handle;
h1 = &_h1;
CHECK_CREATED(&io1, CREATED, FILE_ATTRIBUTE_ARCHIVE);
CHECK_VAL(io1.out.oplock_level, smb2_util_oplock_level("b"));
/* get the security descriptor */
ZERO_STRUCT(qfinfo);
qfinfo.access_information.level = RAW_FILEINFO_ACCESS_INFORMATION;
qfinfo.access_information.in.file.handle = _h1;
for (i=0; i < 2; i++) {
torture_comment(tctx, "query info => OK\n");
ZERO_STRUCT(qfinfo.access_information.out);
status = smb2_getinfo_file(tree, tctx, &qfinfo);
CHECK_STATUS(status, NT_STATUS_OK);
torture_comment(tctx, "sleep 5 seconds\n");
smb_msleep(5*1000);
torture_comment(tctx, "query info => EXPIRED\n");
ZERO_STRUCT(qfinfo.access_information.out);
status = smb2_getinfo_file(tree, tctx, &qfinfo);
CHECK_STATUS(status, NT_STATUS_NETWORK_SESSION_EXPIRED);
/*
* the krb5 library may not handle expired creds
* well, lets start with an empty ccache.
*/
cli_credentials_invalidate_ccache(credentials, CRED_SPECIFIED);
torture_comment(tctx, "reauth => OK\n");
status = smb2_session_setup_spnego(tree->session,
credentials,
0 /* previous_session_id */);
CHECK_STATUS(status, NT_STATUS_OK);
}
ZERO_STRUCT(qfinfo.access_information.out);
status = smb2_getinfo_file(tree, tctx, &qfinfo);
CHECK_STATUS(status, NT_STATUS_OK);
ret = true;
done:
if (h1 != NULL) {
smb2_util_close(tree, *h1);
}
talloc_free(tree);
lpcfg_set_option(tctx->lp_ctx, "gensec_gssapi:requested_life_time=0");
return ret;
}
/**
* basic test for doing a durable open
* tcp disconnect, reconnect, do a durable reopen (succeeds)
*/
bool test_durable_v2_open_reopen2(struct torture_context *tctx,
struct smb2_tree *tree)
{
NTSTATUS status;
TALLOC_CTX *mem_ctx = talloc_new(tctx);
char fname[256];
struct smb2_handle _h;
struct smb2_handle *h = NULL;
struct smb2_create io;
struct GUID create_guid = GUID_random();
struct GUID create_guid_invalid = GUID_random();
bool ret = true;
/* Choose a random name in case the state is left a little funky. */
snprintf(fname, 256, "durable_v2_open_reopen2_%s.dat",
generate_random_str(tctx, 8));
smb2_util_unlink(tree, fname);
smb2_oplock_create_share(&io, fname,
smb2_util_share_access(""),
smb2_util_oplock_level("b"));
io.in.durable_open = false;
io.in.durable_open_v2 = true;
io.in.persistent_open = false;
io.in.create_guid = create_guid;
io.in.timeout = UINT32_MAX;
status = smb2_create(tree, mem_ctx, &io);
CHECK_STATUS(status, NT_STATUS_OK);
_h = io.out.file.handle;
h = &_h;
CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE);
CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("b"));
CHECK_VAL(io.out.durable_open, false);
CHECK_VAL(io.out.durable_open_v2, true);
CHECK_VAL(io.out.persistent_open, false);
CHECK_VAL(io.out.timeout, io.in.timeout);
/* disconnect, leaving the durable open */
TALLOC_FREE(tree);
if (!torture_smb2_connection(tctx, &tree)) {
torture_warning(tctx, "couldn't reconnect, bailing\n");
ret = false;
goto done;
}
/*
* first a few failure cases
*/
ZERO_STRUCT(io);
io.in.fname = "";
io.in.durable_handle_v2 = h;
status = smb2_create(tree, mem_ctx, &io);
CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
ZERO_STRUCT(io);
io.in.fname = "__non_existing_fname__";
io.in.durable_handle_v2 = h;
status = smb2_create(tree, mem_ctx, &io);
CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
ZERO_STRUCT(io);
io.in.fname = fname;
io.in.durable_handle_v2 = h;
status = smb2_create(tree, mem_ctx, &io);
CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
/* a non-zero but non-matching create_guid does not change it: */
ZERO_STRUCT(io);
io.in.fname = fname;
io.in.durable_handle_v2 = h;
io.in.create_guid = create_guid_invalid;
status = smb2_create(tree, mem_ctx, &io);
CHECK_STATUS(status, NT_STATUS_OBJECT_NAME_NOT_FOUND);
/*
* now success:
* The important difference is that the create_guid is provided.
*/
ZERO_STRUCT(io);
io.in.fname = fname;
io.in.durable_open_v2 = false;
io.in.durable_handle_v2 = h;
io.in.create_guid = create_guid;
h = NULL;
status = smb2_create(tree, mem_ctx, &io);
CHECK_STATUS(status, NT_STATUS_OK);
CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
CHECK_VAL(io.out.durable_open, false);
CHECK_VAL(io.out.durable_open_v2, false); /* no dh2q response blob */
CHECK_VAL(io.out.persistent_open, false);
CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("b"));
_h = io.out.file.handle;
h = &_h;
/* disconnect one more time */
TALLOC_FREE(tree);
if (!torture_smb2_connection(tctx, &tree)) {
torture_warning(tctx, "couldn't reconnect, bailing\n");
ret = false;
goto done;
}
ZERO_STRUCT(io);
/* These are completely ignored by the server */
io.in.security_flags = 0x78;
io.in.oplock_level = 0x78;
io.in.impersonation_level = 0x12345678;
io.in.create_flags = 0x12345678;
io.in.reserved = 0x12345678;
io.in.desired_access = 0x12345678;
io.in.file_attributes = 0x12345678;
io.in.share_access = 0x12345678;
io.in.create_disposition = 0x12345678;
io.in.create_options = 0x12345678;
io.in.fname = "__non_existing_fname__";
/*
* only io.in.durable_handle_v2 and
* io.in.create_guid are checked
*/
io.in.durable_open_v2 = false;
io.in.durable_handle_v2 = h;
io.in.create_guid = create_guid;
h = NULL;
status = smb2_create(tree, mem_ctx, &io);
CHECK_STATUS(status, NT_STATUS_OK);
CHECK_CREATED(&io, EXISTED, FILE_ATTRIBUTE_ARCHIVE);
CHECK_VAL(io.out.durable_open, false);
CHECK_VAL(io.out.durable_open_v2, false); /* no dh2q response blob */
CHECK_VAL(io.out.persistent_open, false);
CHECK_VAL(io.out.oplock_level, smb2_util_oplock_level("b"));
_h = io.out.file.handle;
h = &_h;
done:
if (h != NULL) {
smb2_util_close(tree, *h);
}
smb2_util_unlink(tree, fname);
talloc_free(tree);
talloc_free(mem_ctx);
return ret;
}
/*
test netlogon operations
*/
static bool test_ldap_netlogon(struct torture_context *tctx,
request_netlogon_t request_netlogon,
void *cldap,
const char *dest)
{
NTSTATUS status;
struct cldap_netlogon search, empty_search;
struct netlogon_samlogon_response n1;
struct GUID guid;
int i;
ZERO_STRUCT(search);
search.in.dest_address = NULL;
search.in.dest_port = 0;
search.in.acct_control = -1;
search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
search.in.map_response = true;
empty_search = search;
printf("Trying without any attributes\n");
search = empty_search;
status = request_netlogon(cldap, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
n1 = search.out.netlogon;
search.in.user = "******";
search.in.realm = n1.data.nt5_ex.dns_domain;
search.in.host = "__cldap_torture__";
printf("Scanning for netlogon levels\n");
for (i=0;i<256;i++) {
search.in.version = i;
printf("Trying netlogon level %d\n", i);
status = request_netlogon(cldap, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
}
printf("Scanning for netlogon level bits\n");
for (i=0;i<31;i++) {
search.in.version = (1<<i);
printf("Trying netlogon level 0x%x\n", i);
status = request_netlogon(cldap, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
}
search.in.version = NETLOGON_NT_VERSION_5|NETLOGON_NT_VERSION_5EX|NETLOGON_NT_VERSION_IP;
status = request_netlogon(cldap, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
printf("Trying with User=NULL\n");
search.in.user = NULL;
status = request_netlogon(cldap, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
torture_assert(tctx,
strstr(search.out.netlogon.data.nt5_ex.pdc_name, "\\\\") == NULL,
"PDC name should not be in UNC form");
printf("Trying with User=Administrator\n");
search.in.user = "******";
status = request_netlogon(cldap, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
torture_assert(tctx,
strstr(search.out.netlogon.data.nt5_ex.pdc_name, "\\\\") == NULL,
"PDC name should not be in UNC form");
search.in.version = NETLOGON_NT_VERSION_5;
status = request_netlogon(cldap, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
printf("Trying with User=NULL\n");
search.in.user = NULL;
status = request_netlogon(cldap, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE);
CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
torture_assert(tctx,
strstr(search.out.netlogon.data.nt5_ex.pdc_name, "\\\\") != NULL,
"PDC name should be in UNC form");
printf("Trying with User=Administrator\n");
search.in.user = "******";
status = request_netlogon(cldap, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN);
CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
torture_assert(tctx,
strstr(search.out.netlogon.data.nt5_ex.pdc_name, "\\\\") != NULL,
"PDC name should be in UNC form");
search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
printf("Trying with a GUID\n");
search.in.realm = NULL;
search.in.domain_guid = GUID_string(tctx, &n1.data.nt5_ex.domain_uuid);
status = request_netlogon(cldap, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
CHECK_STRING(GUID_string(tctx, &search.out.netlogon.data.nt5_ex.domain_uuid), search.in.domain_guid);
torture_assert(tctx,
strstr(search.out.netlogon.data.nt5_ex.pdc_name, "\\\\") == NULL,
"PDC name should not be in UNC form");
printf("Trying with a incorrect GUID\n");
guid = GUID_random();
search.in.user = NULL;
search.in.domain_guid = GUID_string(tctx, &guid);
status = request_netlogon(cldap, tctx, &search);
CHECK_STATUS(status, NT_STATUS_NOT_FOUND);
printf("Trying with a AAC\n");
search.in.acct_control = ACB_WSTRUST|ACB_SVRTRUST;
search.in.realm = n1.data.nt5_ex.dns_domain;
status = request_netlogon(cldap, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
printf("Trying with a zero AAC\n");
search.in.acct_control = 0x0;
search.in.realm = n1.data.nt5_ex.dns_domain;
status = request_netlogon(cldap, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
printf("Trying with a zero AAC and user=Administrator\n");
search.in.acct_control = 0x0;
search.in.user = "******";
search.in.realm = n1.data.nt5_ex.dns_domain;
status = request_netlogon(cldap, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "Administrator");
printf("Trying with a bad AAC\n");
search.in.user = NULL;
search.in.acct_control = 0xFF00FF00;
search.in.realm = n1.data.nt5_ex.dns_domain;
status = request_netlogon(cldap, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
printf("Trying with a user only\n");
search = empty_search;
search.in.user = "******";
status = request_netlogon(cldap, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain);
CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
CHECK_STRING(search.out.netlogon.data.nt5_ex.domain_name, n1.data.nt5_ex.domain_name);
CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name);
CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site);
CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site);
printf("Trying with just a bad username\n");
search.in.user = "******";
status = request_netlogon(cldap, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX);
CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain);
CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
CHECK_STRING(search.out.netlogon.data.nt5_ex.domain_name, n1.data.nt5_ex.domain_name);
CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name);
CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site);
CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site);
printf("Trying with just a bad domain\n");
search = empty_search;
search.in.realm = "___no_such_domain___";
status = request_netlogon(cldap, tctx, &search);
CHECK_STATUS(status, NT_STATUS_NOT_FOUND);
printf("Trying with a incorrect domain and correct guid\n");
search.in.domain_guid = GUID_string(tctx, &n1.data.nt5_ex.domain_uuid);
status = request_netlogon(cldap, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain);
CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
CHECK_STRING(search.out.netlogon.data.nt5_ex.domain_name, n1.data.nt5_ex.domain_name);
CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name);
CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site);
CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site);
printf("Trying with a incorrect domain and incorrect guid\n");
search.in.domain_guid = GUID_string(tctx, &guid);
status = request_netlogon(cldap, tctx, &search);
CHECK_STATUS(status, NT_STATUS_NOT_FOUND);
CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain);
CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
CHECK_STRING(search.out.netlogon.data.nt5_ex.domain_name, n1.data.nt5_ex.domain_name);
CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name);
CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site);
CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site);
printf("Trying with a incorrect GUID and correct domain\n");
search.in.domain_guid = GUID_string(tctx, &guid);
search.in.realm = n1.data.nt5_ex.dns_domain;
status = request_netlogon(cldap, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX);
CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain);
CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
CHECK_STRING(search.out.netlogon.data.nt5_ex.domain_name, n1.data.nt5_ex.domain_name);
CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name);
CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "");
CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site);
CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site);
printf("Proof other results\n");
search.in.user = "******";
status = request_netlogon(cldap, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
CHECK_STRING(search.out.netlogon.data.nt5_ex.forest, n1.data.nt5_ex.dns_domain);
CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain);
CHECK_STRING(search.out.netlogon.data.nt5_ex.domain_name, n1.data.nt5_ex.domain_name);
CHECK_STRING(search.out.netlogon.data.nt5_ex.pdc_name, n1.data.nt5_ex.pdc_name);
CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user);
CHECK_STRING(search.out.netlogon.data.nt5_ex.server_site, n1.data.nt5_ex.server_site);
CHECK_STRING(search.out.netlogon.data.nt5_ex.client_site, n1.data.nt5_ex.client_site);
return true;
}
/*
test cldap netlogon server type flags
*/
static bool test_cldap_netlogon_flags(struct torture_context *tctx,
const char *dest)
{
struct cldap_socket *cldap;
NTSTATUS status;
struct cldap_netlogon search;
struct netlogon_samlogon_response n1;
uint32_t server_type;
struct tsocket_address *dest_addr;
int ret;
ret = tsocket_address_inet_from_strings(tctx, "ip",
dest,
lpcfg_cldap_port(tctx->lp_ctx),
&dest_addr);
CHECK_VAL(ret, 0);
/* cldap_socket_init should now know about the dest. address */
status = cldap_socket_init(tctx, NULL, dest_addr, &cldap);
CHECK_STATUS(status, NT_STATUS_OK);
printf("Printing out netlogon server type flags: %s\n", dest);
ZERO_STRUCT(search);
search.in.dest_address = NULL;
search.in.dest_port = 0;
search.in.acct_control = -1;
search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
search.in.map_response = true;
status = cldap_netlogon(cldap, tctx, &search);
CHECK_STATUS(status, NT_STATUS_OK);
n1 = search.out.netlogon;
if (n1.ntver == NETLOGON_NT_VERSION_5)
server_type = n1.data.nt5.server_type;
else if (n1.ntver == NETLOGON_NT_VERSION_5EX)
server_type = n1.data.nt5_ex.server_type;
printf("The word is: %i\n", server_type);
if (server_type & NBT_SERVER_PDC)
printf("NBT_SERVER_PDC ");
if (server_type & NBT_SERVER_GC)
printf("NBT_SERVER_GC ");
if (server_type & NBT_SERVER_LDAP)
printf("NBT_SERVER_LDAP ");
if (server_type & NBT_SERVER_DS)
printf("NBT_SERVER_DS ");
if (server_type & NBT_SERVER_KDC)
printf("NBT_SERVER_KDC ");
if (server_type & NBT_SERVER_TIMESERV)
printf("NBT_SERVER_TIMESERV ");
if (server_type & NBT_SERVER_CLOSEST)
printf("NBT_SERVER_CLOSEST ");
if (server_type & NBT_SERVER_WRITABLE)
printf("NBT_SERVER_WRITABLE ");
if (server_type & NBT_SERVER_GOOD_TIMESERV)
printf("NBT_SERVER_GOOD_TIMESERV ");
if (server_type & NBT_SERVER_NDNC)
printf("NBT_SERVER_NDNC ");
if (server_type & NBT_SERVER_SELECT_SECRET_DOMAIN_6)
printf("NBT_SERVER_SELECT_SECRET_DOMAIN_6");
if (server_type & NBT_SERVER_FULL_SECRET_DOMAIN_6)
printf("NBT_SERVER_FULL_SECRET_DOMAIN_6");
if (server_type & DS_DNS_CONTROLLER)
printf("DS_DNS_CONTROLLER ");
if (server_type & DS_DNS_DOMAIN)
printf("DS_DNS_DOMAIN ");
if (server_type & DS_DNS_FOREST_ROOT)
printf("DS_DNS_FOREST_ROOT ");
printf("\n");
return true;
}