/*
spoolss_EnumForms
*/
static WERROR dcesrv_spoolss_EnumForms(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct spoolss_EnumForms *r)
{
struct ntptr_GenericHandle *handle;
struct dcesrv_handle *h;
WERROR status;
struct smb_iconv_convenience *ic = lp_iconv_convenience(dce_call->conn->dce_ctx->lp_ctx);
DCESRV_PULL_HANDLE_WERR(h, r->in.handle, DCESRV_HANDLE_ANY);
handle = talloc_get_type(h->data, struct ntptr_GenericHandle);
if (!handle)
return WERR_BADFID;
switch (handle->type) {
case NTPTR_HANDLE_SERVER:
status = ntptr_EnumPrintServerForms(handle, mem_ctx, r);
W_ERROR_NOT_OK_RETURN(status);
break;
case NTPTR_HANDLE_PRINTER:
status = ntptr_EnumPrinterForms(handle, mem_ctx, r);
W_ERROR_NOT_OK_RETURN(status);
break;
default:
return WERR_FOOBAR;
}
*r->out.needed = SPOOLSS_BUFFER_UNION_ARRAY(spoolss_EnumForms, ic, *r->out.info, r->in.level, *r->out.count);
*r->out.info = SPOOLSS_BUFFER_OK(*r->out.info, NULL);
*r->out.count = SPOOLSS_BUFFER_OK(*r->out.count, 0);
return SPOOLSS_BUFFER_OK(WERR_OK, WERR_INSUFFICIENT_BUFFER);
}
static WERROR sptr_GetPrintServerData(struct ntptr_GenericHandle *server, TALLOC_CTX *mem_ctx,
struct spoolss_GetPrinterData *r)
{
WERROR result;
union spoolss_PrinterData data;
DATA_BLOB blob;
enum ndr_err_code ndr_err;
result = sptr_PrintServerData(server, mem_ctx, r->in.value_name, &data, r->out.type);
if (!W_ERROR_IS_OK(result)) {
return result;
}
ndr_err = ndr_push_union_blob(&blob, mem_ctx, lp_iconv_convenience(server->ntptr->lp_ctx),
&data, *r->out.type, (ndr_push_flags_fn_t)ndr_push_spoolss_PrinterData);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
return WERR_GENERAL_FAILURE;
}
*r->out.needed = blob.length;
if (r->in.offered >= *r->out.needed) {
memcpy(r->out.data, blob.data, blob.length);
}
return WERR_OK;
}
bool torture_raw_qfileinfo_pipe(struct torture_context *torture,
struct smbcli_state *cli)
{
bool ret = true;
int fnum;
const char *fname = "\\lsass";
struct dcerpc_pipe *p;
struct smbcli_tree *ipc_tree;
NTSTATUS status;
if (!(p = dcerpc_pipe_init(torture, cli->tree->session->transport->socket->event.ctx,
lp_iconv_convenience(torture->lp_ctx)))) {
return false;
}
status = dcerpc_pipe_open_smb(p, cli->tree, fname);
torture_assert_ntstatus_ok(torture, status, "dcerpc_pipe_open_smb failed");
ipc_tree = dcerpc_smb_tree(p->conn);
fnum = dcerpc_smb_fnum(p->conn);
ret = torture_raw_qfileinfo_internals(torture, torture, ipc_tree, fnum, fname, true /* is_ipc */);
talloc_free(p);
return ret;
}
/*
spoolss_GetForm
*/
static WERROR dcesrv_spoolss_GetForm(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct spoolss_GetForm *r)
{
struct ntptr_GenericHandle *handle;
struct dcesrv_handle *h;
WERROR status;
struct smb_iconv_convenience *ic = lp_iconv_convenience(dce_call->conn->dce_ctx->lp_ctx);
DCESRV_PULL_HANDLE_WERR(h, r->in.handle, DCESRV_HANDLE_ANY);
handle = talloc_get_type(h->data, struct ntptr_GenericHandle);
if (!handle)
return WERR_BADFID;
switch (handle->type) {
case NTPTR_HANDLE_SERVER:
/*
* stupid, but w2k3 returns WERR_BADFID here?
*/
return WERR_BADFID;
case NTPTR_HANDLE_PRINTER:
status = ntptr_GetPrinterForm(handle, mem_ctx, r);
W_ERROR_NOT_OK_RETURN(status);
break;
default:
return WERR_FOOBAR;
}
*r->out.needed = SPOOLSS_BUFFER_UNION(spoolss_FormInfo, ic, r->out.info, r->in.level);
r->out.info = SPOOLSS_BUFFER_OK(r->out.info, NULL);
return SPOOLSS_BUFFER_OK(WERR_OK, WERR_INSUFFICIENT_BUFFER);
}
static void unbecomeDC_recv_cldap(struct tevent_req *req)
{
struct libnet_UnbecomeDC_state *s = tevent_req_callback_data(req,
struct libnet_UnbecomeDC_state);
struct composite_context *c = s->creq;
c->status = cldap_netlogon_recv(req,
lp_iconv_convenience(s->libnet->lp_ctx),
s, &s->cldap.io);
talloc_free(req);
if (!composite_is_ok(c)) return;
s->cldap.netlogon = s->cldap.io.out.netlogon.data.nt5_ex;
s->domain.dns_name = s->cldap.netlogon.dns_domain;
s->domain.netbios_name = s->cldap.netlogon.domain;
s->domain.guid = s->cldap.netlogon.domain_uuid;
s->source_dsa.dns_name = s->cldap.netlogon.pdc_dns_name;
s->source_dsa.netbios_name = s->cldap.netlogon.pdc_name;
s->source_dsa.site_name = s->cldap.netlogon.server_site;
s->dest_dsa.site_name = s->cldap.netlogon.client_site;
unbecomeDC_connect_ldap(s);
}
/*
make a IRPC call to the drepl task to ask it to get the RID
Manager to give us another RID pool.
This function just sends the message to the drepl task then
returns immediately. It should be called well before we
completely run out of RIDs
*/
static void ridalloc_poke_rid_manager(struct ldb_module *module)
{
struct messaging_context *msg;
struct server_id *server;
struct ldb_context *ldb = ldb_module_get_ctx(module);
struct loadparm_context *lp_ctx = ldb_get_opaque(ldb, "loadparm");
TALLOC_CTX *tmp_ctx = talloc_new(module);
msg = messaging_client_init(tmp_ctx, lp_messaging_path(tmp_ctx, lp_ctx),
lp_iconv_convenience(lp_ctx),
ldb_get_event_context(ldb));
if (!msg) {
DEBUG(3,(__location__ ": Failed to create messaging context\n"));
talloc_free(tmp_ctx);
return;
}
server = irpc_servers_byname(msg, msg, "dreplsrv");
if (!server) {
/* this means the drepl service is not running */
talloc_free(tmp_ctx);
return;
}
messaging_send(msg, server[0], MSG_DREPL_ALLOCATE_RID, NULL);
/* we don't care if the message got through */
talloc_free(tmp_ctx);
}
static bool test_check_string_terminator(struct torture_context *tctx)
{
struct ndr_pull *ndr;
DATA_BLOB blob;
TALLOC_CTX *mem_ctx = tctx;
/* Simple test */
blob = strhex_to_data_blob(tctx, "0000");
ndr = ndr_pull_init_blob(&blob, mem_ctx, lp_iconv_convenience(tctx->lp_ctx));
torture_assert_ndr_success(tctx, ndr_check_string_terminator(ndr, 1, 2),
"simple check_string_terminator test failed");
torture_assert(tctx, ndr->offset == 0,
"check_string_terminator did not reset offset");
if (NDR_ERR_CODE_IS_SUCCESS(ndr_check_string_terminator(ndr, 1, 3))) {
torture_fail(tctx, "check_string_terminator checked beyond string boundaries");
}
torture_assert(tctx, ndr->offset == 0,
"check_string_terminator did not reset offset");
talloc_free(ndr);
blob = strhex_to_data_blob(tctx, "11220000");
ndr = ndr_pull_init_blob(&blob, mem_ctx, lp_iconv_convenience(tctx->lp_ctx));
torture_assert_ndr_success(tctx,
ndr_check_string_terminator(ndr, 4, 1),
"check_string_terminator failed to recognize terminator");
torture_assert_ndr_success(tctx,
ndr_check_string_terminator(ndr, 3, 1),
"check_string_terminator failed to recognize terminator");
if (NDR_ERR_CODE_IS_SUCCESS(ndr_check_string_terminator(ndr, 2, 1))) {
torture_fail(tctx, "check_string_terminator erroneously reported terminator");
}
torture_assert(tctx, ndr->offset == 0,
"check_string_terminator did not reset offset");
return true;
}
NTSTATUS libnet_SamDump(struct libnet_context *ctx, TALLOC_CTX *mem_ctx,
struct libnet_SamDump *r)
{
NTSTATUS nt_status;
struct libnet_SamSync r2;
struct samdump_state *samdump_state = talloc(mem_ctx, struct samdump_state);
struct samdump_trusted_domain *t;
struct samdump_secret *s;
if (!samdump_state) {
return NT_STATUS_NO_MEMORY;
}
samdump_state->secrets = NULL;
samdump_state->trusted_domains = NULL;
r2.out.error_string = NULL;
r2.in.binding_string = r->in.binding_string;
r2.in.init_fn = NULL;
r2.in.delta_fn = libnet_samdump_fn;
r2.in.fn_ctx = samdump_state;
r2.in.machine_account = r->in.machine_account;
nt_status = libnet_SamSync_netlogon(ctx, samdump_state, &r2);
r->out.error_string = r2.out.error_string;
talloc_steal(mem_ctx, r->out.error_string);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(samdump_state);
return nt_status;
}
printf("Trusted domains, sids and secrets:\n");
for (t=samdump_state->trusted_domains; t; t=t->next) {
char *secret_name = talloc_asprintf(mem_ctx, "G$$%s", t->name);
for (s=samdump_state->secrets; s; s=s->next) {
char *secret_string;
if (strcasecmp_m(s->name, secret_name) != 0) {
continue;
}
if (!convert_string_talloc_convenience(mem_ctx, lp_iconv_convenience(ctx->lp_ctx), CH_UTF16, CH_UNIX,
s->secret.data, s->secret.length,
(void **)&secret_string, NULL, false)) {
r->out.error_string = talloc_asprintf(mem_ctx,
"Could not convert secret for domain %s to a string",
t->name);
talloc_free(samdump_state);
return NT_STATUS_INVALID_PARAMETER;
}
printf("%s\t%s\t%s\n",
t->name, dom_sid_string(mem_ctx, t->sid),
secret_string);
}
}
talloc_free(samdump_state);
return nt_status;
}
/**
* The challenge from the target server, when operating in security=server
**/
static NTSTATUS server_get_challenge(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx, uint8_t chal[8])
{
struct smb_composite_connect io;
struct smbcli_options smb_options;
const char **host_list;
NTSTATUS status;
/* Make a connection to the target server, found by 'password server' in smb.conf */
lp_smbcli_options(ctx->auth_ctx->lp_ctx, &smb_options);
/* Make a negprot, WITHOUT SPNEGO, so we get a challenge nice an easy */
io.in.options.use_spnego = false;
/* Hope we don't get * (the default), as this won't work... */
host_list = lp_passwordserver(ctx->auth_ctx->lp_ctx);
if (!host_list) {
return NT_STATUS_INTERNAL_ERROR;
}
io.in.dest_host = host_list[0];
if (strequal(io.in.dest_host, "*")) {
return NT_STATUS_INTERNAL_ERROR;
}
io.in.dest_ports = lp_smb_ports(ctx->auth_ctx->lp_ctx);
io.in.socket_options = lp_socket_options(ctx->auth_ctx->lp_ctx);
io.in.gensec_settings = lp_gensec_settings(mem_ctx, ctx->auth_ctx->lp_ctx);
io.in.called_name = strupper_talloc(mem_ctx, io.in.dest_host);
/* We don't want to get as far as the session setup */
io.in.credentials = cli_credentials_init_anon(mem_ctx);
cli_credentials_set_workstation(io.in.credentials,
lp_netbios_name(ctx->auth_ctx->lp_ctx),
CRED_SPECIFIED);
io.in.service = NULL;
io.in.workgroup = ""; /* only used with SPNEGO, disabled above */
io.in.options = smb_options;
io.in.iconv_convenience = lp_iconv_convenience(ctx->auth_ctx->lp_ctx);
lp_smbcli_session_options(ctx->auth_ctx->lp_ctx, &io.in.session_options);
status = smb_composite_connect(&io, mem_ctx, lp_resolve_context(ctx->auth_ctx->lp_ctx),
ctx->auth_ctx->event_ctx);
NT_STATUS_NOT_OK_RETURN(status);
if (io.out.tree->session->transport->negotiate.secblob.length != 8) {
return NT_STATUS_INTERNAL_ERROR;
}
memcpy(chal, io.out.tree->session->transport->negotiate.secblob.data, 8);
ctx->private_data = talloc_steal(ctx, io.out.tree->session);
return NT_STATUS_OK;
}
/*
open a file using a set of unicode code points for the name
the prefix BASEDIR is added before the name
*/
static NTSTATUS unicode_open(struct torture_context *tctx,
struct smbcli_tree *tree,
TALLOC_CTX *mem_ctx,
uint32_t open_disposition,
const uint32_t *u_name,
size_t u_name_len)
{
union smb_open io;
char *fname, *fname2=NULL, *ucs_name;
size_t i;
NTSTATUS status;
ucs_name = talloc_size(mem_ctx, (1+u_name_len)*2);
if (!ucs_name) {
printf("Failed to create UCS2 Name - talloc() failure\n");
return NT_STATUS_NO_MEMORY;
}
for (i=0;i<u_name_len;i++) {
SSVAL(ucs_name, i*2, u_name[i]);
}
SSVAL(ucs_name, i*2, 0);
if (!convert_string_talloc_convenience(ucs_name, lp_iconv_convenience(tctx->lp_ctx), CH_UTF16, CH_UNIX, ucs_name, (1+u_name_len)*2, (void **)&fname, &i, false)) {
torture_comment(tctx, "Failed to convert UCS2 Name into unix - convert_string_talloc() failure\n");
talloc_free(ucs_name);
return NT_STATUS_NO_MEMORY;
}
fname2 = talloc_asprintf(ucs_name, "%s%s", BASEDIR, fname);
if (!fname2) {
talloc_free(ucs_name);
return NT_STATUS_NO_MEMORY;
}
io.generic.level = RAW_OPEN_NTCREATEX;
io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED;
io.ntcreatex.in.root_fid = 0;
io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
io.ntcreatex.in.alloc_size = 0;
io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
io.ntcreatex.in.create_options = 0;
io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
io.ntcreatex.in.security_flags = 0;
io.ntcreatex.in.fname = fname2;
io.ntcreatex.in.open_disposition = open_disposition;
status = smb_raw_open(tree, tctx, &io);
talloc_free(ucs_name);
return status;
}
WERROR dsdb_read_prefixes_from_ldb(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, struct dsdb_schema_prefixmap **_pfm)
{
WERROR werr;
int ldb_ret;
const struct ldb_val *prefix_val;
struct smb_iconv_convenience *iconv_convenience;
struct ldb_dn *schema_dn;
struct ldb_result *schema_res = NULL;
static const char *schema_attrs[] = {
"prefixMap",
NULL
};
schema_dn = samdb_schema_dn(ldb);
if (!schema_dn) {
DEBUG(0,("dsdb_read_prefixes_from_ldb: no schema dn present\n"));
return WERR_FOOBAR;
}
ldb_ret = ldb_search(ldb, mem_ctx, &schema_res, schema_dn, LDB_SCOPE_BASE, schema_attrs, NULL);
if (ldb_ret == LDB_ERR_NO_SUCH_OBJECT) {
DEBUG(0,("dsdb_read_prefixes_from_ldb: no prefix map present\n"));
talloc_free(schema_res);
return WERR_FOOBAR;
} else if (ldb_ret != LDB_SUCCESS) {
DEBUG(0,("dsdb_read_prefixes_from_ldb: failed to search the schema head\n"));
talloc_free(schema_res);
return WERR_FOOBAR;
}
prefix_val = ldb_msg_find_ldb_val(schema_res->msgs[0], "prefixMap");
if (!prefix_val) {
DEBUG(0,("dsdb_read_prefixes_from_ldb: no prefixMap attribute found\n"));
talloc_free(schema_res);
return WERR_FOOBAR;
}
iconv_convenience = lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm"));
werr = _dsdb_prefixmap_from_ldb_val(prefix_val,
iconv_convenience,
mem_ctx,
_pfm);
talloc_free(schema_res);
W_ERROR_NOT_OK_RETURN(werr);
return WERR_OK;
}
/*
spoolss_GetPrintProcessorDirectory
*/
static WERROR dcesrv_spoolss_GetPrintProcessorDirectory(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct spoolss_GetPrintProcessorDirectory *r)
{
struct ntptr_context *ntptr = talloc_get_type(dce_call->context->private_data, struct ntptr_context);
WERROR status;
struct smb_iconv_convenience *ic = lp_iconv_convenience(ntptr->lp_ctx);
status = dcesrv_spoolss_check_server_name(dce_call, mem_ctx, r->in.server);
W_ERROR_NOT_OK_RETURN(status);
status = ntptr_GetPrintProcessorDirectory(ntptr, mem_ctx, r);
W_ERROR_NOT_OK_RETURN(status);
*r->out.needed = SPOOLSS_BUFFER_UNION(spoolss_PrintProcessorDirectoryInfo, ic, r->out.info, r->in.level);
r->out.info = SPOOLSS_BUFFER_OK(r->out.info, NULL);
return SPOOLSS_BUFFER_OK(WERR_OK, WERR_INSUFFICIENT_BUFFER);
}
/*
spoolss_EnumMonitors
*/
static WERROR dcesrv_spoolss_EnumMonitors(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct spoolss_EnumMonitors *r)
{
struct ntptr_context *ntptr = talloc_get_type(dce_call->context->private_data, struct ntptr_context);
WERROR status;
struct smb_iconv_convenience *ic = lp_iconv_convenience(ntptr->lp_ctx);
status = dcesrv_spoolss_check_server_name(dce_call, mem_ctx, r->in.servername);
W_ERROR_NOT_OK_RETURN(status);
status = ntptr_EnumMonitors(ntptr, mem_ctx, r);
W_ERROR_NOT_OK_RETURN(status);
*r->out.needed = SPOOLSS_BUFFER_UNION_ARRAY(spoolss_EnumMonitors, ic, *r->out.info, r->in.level, *r->out.count);
*r->out.info = SPOOLSS_BUFFER_OK(*r->out.info, NULL);
*r->out.count = SPOOLSS_BUFFER_OK(*r->out.count, 0);
return SPOOLSS_BUFFER_OK(WERR_OK, WERR_INSUFFICIENT_BUFFER);
}
/*
setup messaging for the top level samba (parent) task
*/
static NTSTATUS setup_parent_messaging(struct tevent_context *event_ctx,
struct loadparm_context *lp_ctx)
{
struct messaging_context *msg;
NTSTATUS status;
msg = messaging_init(talloc_autofree_context(),
lp_messaging_path(event_ctx, lp_ctx),
cluster_id(0, SAMBA_PARENT_TASKID),
lp_iconv_convenience(lp_ctx),
event_ctx);
NT_STATUS_HAVE_NO_MEMORY(msg);
irpc_add_name(msg, "samba");
status = IRPC_REGISTER(msg, irpc, SAMBA_TERMINATE,
samba_terminate, NULL);
return status;
}
/*
spoolss_GetPrinterData
*/
static WERROR dcesrv_spoolss_GetPrinterData(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct spoolss_GetPrinterData *r)
{
struct ntptr_GenericHandle *handle;
struct dcesrv_handle *h;
WERROR status;
struct smb_iconv_convenience *ic = lp_iconv_convenience(dce_call->conn->dce_ctx->lp_ctx);
DCESRV_PULL_HANDLE_WERR(h, r->in.handle, DCESRV_HANDLE_ANY);
handle = talloc_get_type(h->data, struct ntptr_GenericHandle);
if (!handle)
return WERR_BADFID;
r->out.type = talloc_zero(mem_ctx, enum winreg_Type);
W_ERROR_HAVE_NO_MEMORY(r->out.type);
r->out.needed = talloc_zero(mem_ctx, uint32_t);
W_ERROR_HAVE_NO_MEMORY(r->out.needed);
r->out.data = talloc_zero(mem_ctx, union spoolss_PrinterData);
W_ERROR_HAVE_NO_MEMORY(r->out.data);
switch (handle->type) {
case NTPTR_HANDLE_SERVER:
status = ntptr_GetPrintServerData(handle, mem_ctx, r);
break;
default:
status = WERR_FOOBAR;
break;
}
W_ERROR_NOT_OK_RETURN(status);
*r->out.needed = ndr_size_spoolss_PrinterData(r->out.data, *r->out.type, ic, 0);
*r->out.type = SPOOLSS_BUFFER_OK(*r->out.type, REG_NONE);
r->out.data = SPOOLSS_BUFFER_OK(r->out.data, r->out.data);
return SPOOLSS_BUFFER_OK(WERR_OK, WERR_MORE_DATA);
}
static bool wrap_ndr_pull_test(struct torture_context *tctx,
struct torture_tcase *tcase,
struct torture_test *test)
{
bool (*check_fn) (struct torture_context *ctx, void *data) = test->fn;
const struct ndr_pull_test_data *data = (const struct ndr_pull_test_data *)test->data;
void *ds = talloc_zero_size(tctx, data->struct_size);
struct ndr_pull *ndr = ndr_pull_init_blob(&(data->data), tctx, lp_iconv_convenience(tctx->lp_ctx));
ndr->flags |= LIBNDR_FLAG_REF_ALLOC;
torture_assert_ndr_success(tctx, data->pull_fn(ndr, data->ndr_flags, ds),
"pulling");
torture_assert(tctx, ndr->offset == ndr->data_size,
talloc_asprintf(tctx,
"%d unread bytes", ndr->data_size - ndr->offset));
if (check_fn != NULL)
return check_fn(tctx, ds);
else
return true;
}
static bool hive_setup_regf(struct torture_context *tctx, void **data)
{
struct hive_key *key;
WERROR error;
char *dirname;
NTSTATUS status;
status = torture_temp_dir(tctx, "hive-regf", &dirname);
if (!NT_STATUS_IS_OK(status))
return false;
rmdir(dirname);
error = reg_create_regf_file(tctx, lp_iconv_convenience(tctx->lp_ctx),
dirname, 5, &key);
if (!W_ERROR_IS_OK(error)) {
fprintf(stderr, "Unable to create new regf file\n");
return false;
}
*data = key;
return true;
}
static bool process_one(struct loadparm_context *lp_ctx, struct tevent_context *ev,
struct interface *ifaces, const char *name, int nbt_port)
{
TALLOC_CTX *tmp_ctx = talloc_new(NULL);
enum nbt_name_type node_type = NBT_NAME_CLIENT;
char *node_name, *p;
struct socket_address *all_zero_addr;
struct nbt_name_socket *nbtsock;
NTSTATUS status = NT_STATUS_OK;
bool ret = true;
if (!options.case_sensitive) {
name = strupper_talloc(tmp_ctx, name);
}
if (options.find_master) {
node_type = NBT_NAME_MASTER;
if (*name == '-' || *name == '_') {
name = "\01\02__MSBROWSE__\02";
node_type = NBT_NAME_MS;
}
}
p = strchr(name, '#');
if (p) {
node_name = talloc_strndup(tmp_ctx, name, PTR_DIFF(p,name));
node_type = (enum nbt_name_type)strtol(p+1, NULL, 16);
} else {
node_name = talloc_strdup(tmp_ctx, name);
}
nbtsock = nbt_name_socket_init(tmp_ctx, ev, lp_iconv_convenience(lp_ctx));
if (options.root_port) {
all_zero_addr = socket_address_from_strings(tmp_ctx, nbtsock->sock->backend_name,
"0.0.0.0", NBT_NAME_SERVICE_PORT);
if (!all_zero_addr) {
talloc_free(tmp_ctx);
return false;
}
status = socket_listen(nbtsock->sock, all_zero_addr, 0, 0);
if (!NT_STATUS_IS_OK(status)) {
printf("Failed to bind to local port 137 - %s\n", nt_errstr(status));
talloc_free(tmp_ctx);
return false;
}
}
if (options.lookup_by_ip) {
ret = do_node_status(nbtsock, name, nbt_port);
talloc_free(tmp_ctx);
return ret;
}
if (options.broadcast_address) {
status = do_node_query(nbtsock, options.broadcast_address, nbt_port,
node_name, node_type, true);
} else if (options.unicast_address) {
status = do_node_query(nbtsock, options.unicast_address,
nbt_port, node_name, node_type, false);
} else {
int i, num_interfaces;
num_interfaces = iface_count(ifaces);
for (i=0;i<num_interfaces;i++) {
const char *bcast = iface_n_bcast(ifaces, i);
if (bcast == NULL) continue;
status = do_node_query(nbtsock, bcast, nbt_port,
node_name, node_type, true);
if (NT_STATUS_IS_OK(status)) break;
}
}
if (!NT_STATUS_IS_OK(status)) {
printf("Lookup failed - %s\n", nt_errstr(status));
ret = false;
}
talloc_free(tmp_ctx);
return ret;
}
/**
* 1. Setup a CLDAP socket.
* 2. Lookup the default Site-Name.
*/
NTSTATUS libnet_FindSite(TALLOC_CTX *ctx, struct libnet_context *lctx, struct libnet_JoinSite *r)
{
NTSTATUS status;
TALLOC_CTX *tmp_ctx;
char *site_name_str;
char *config_dn_str;
char *server_dn_str;
struct cldap_socket *cldap = NULL;
struct cldap_netlogon search;
tmp_ctx = talloc_named(ctx, 0, "libnet_FindSite temp context");
if (!tmp_ctx) {
r->out.error_string = NULL;
return NT_STATUS_NO_MEMORY;
}
/* Resolve the site name. */
ZERO_STRUCT(search);
search.in.dest_address = r->in.dest_address;
search.in.dest_port = r->in.cldap_port;
search.in.acct_control = -1;
search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
search.in.map_response = true;
/* we want to use non async calls, so we're not passing an event context */
status = cldap_socket_init(tmp_ctx, NULL, NULL, NULL, &cldap);//TODO
if (!NT_STATUS_IS_OK(status)) {
talloc_free(tmp_ctx);
r->out.error_string = NULL;
return status;
}
status = cldap_netlogon(cldap, lp_iconv_convenience(lctx->lp_ctx), tmp_ctx, &search);
if (!NT_STATUS_IS_OK(status)
|| !search.out.netlogon.data.nt5_ex.client_site) {
/*
If cldap_netlogon() returns in error,
default to using Default-First-Site-Name.
*/
site_name_str = talloc_asprintf(tmp_ctx, "%s",
"Default-First-Site-Name");
if (!site_name_str) {
r->out.error_string = NULL;
talloc_free(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
} else {
site_name_str = talloc_asprintf(tmp_ctx, "%s",
search.out.netlogon.data.nt5_ex.client_site);
if (!site_name_str) {
r->out.error_string = NULL;
talloc_free(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
}
/* Generate the CN=Configuration,... DN. */
/* TODO: look it up! */
config_dn_str = talloc_asprintf(tmp_ctx, "CN=Configuration,%s", r->in.domain_dn_str);
if (!config_dn_str) {
r->out.error_string = NULL;
talloc_free(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
/* Generate the CN=Servers,... DN. */
server_dn_str = talloc_asprintf(tmp_ctx, "CN=%s,CN=Servers,CN=%s,CN=Sites,%s",
r->in.netbios_name, site_name_str, config_dn_str);
if (!server_dn_str) {
r->out.error_string = NULL;
talloc_free(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
r->out.site_name_str = site_name_str;
talloc_steal(r, site_name_str);
r->out.config_dn_str = config_dn_str;
talloc_steal(r, config_dn_str);
r->out.server_dn_str = server_dn_str;
talloc_steal(r, server_dn_str);
talloc_free(tmp_ctx);
return NT_STATUS_OK;
}
static WERROR sptr_PrintServerData(struct ntptr_GenericHandle *server,
TALLOC_CTX *mem_ctx,
const char *value_name,
union spoolss_PrinterData *r,
enum winreg_Type *type)
{
struct dcerpc_server_info *server_info = lp_dcerpc_server_info(mem_ctx, server->ntptr->lp_ctx);
if (strcmp("W3SvcInstalled", value_name) == 0) {
*type = REG_DWORD;
r->value = 0;
return WERR_OK;
} else if (strcmp("BeepEnabled", value_name) == 0) {
*type = REG_DWORD;
r->value = 0;
return WERR_OK;
} else if (strcmp("EventLog", value_name) == 0) {
*type = REG_DWORD;
r->value = 0;
return WERR_OK;
} else if (strcmp("NetPopup", value_name) == 0) {
*type = REG_DWORD;
r->value = 0;
return WERR_OK;
} else if (strcmp("NetPopupToComputer", value_name) == 0) {
*type = REG_DWORD;
r->value = 0;
return WERR_OK;
} else if (strcmp("MajorVersion", value_name) == 0) {
*type = REG_DWORD;
r->value = 3;
return WERR_OK;
} else if (strcmp("MinorVersion", value_name) == 0) {
*type = REG_DWORD;
r->value = 0;
return WERR_OK;
} else if (strcmp("DefaultSpoolDirectory", value_name) == 0) {
*type = REG_SZ;
r->string = talloc_strdup(mem_ctx, "C:\\PRINTERS");
W_ERROR_HAVE_NO_MEMORY(r->string);
return WERR_OK;
} else if (strcmp("Architecture", value_name) == 0) {
*type = REG_SZ;
r->string = talloc_strdup(mem_ctx, SPOOLSS_ARCHITECTURE_NT_X86);
W_ERROR_HAVE_NO_MEMORY(r->string);
return WERR_OK;
} else if (strcmp("DsPresent", value_name) == 0) {
*type = REG_DWORD;
r->value = 1;
return WERR_OK;
} else if (strcmp("OSVersion", value_name) == 0) {
DATA_BLOB blob;
enum ndr_err_code ndr_err;
struct spoolss_OSVersion os;
os.major = server_info->version_major;
os.minor = server_info->version_minor;
os.build = server_info->version_build;
os.extra_string = "";
ndr_err = ndr_push_struct_blob(&blob, mem_ctx, lp_iconv_convenience(server->ntptr->lp_ctx), &os, (ndr_push_flags_fn_t)ndr_push_spoolss_OSVersion);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
return WERR_GENERAL_FAILURE;
}
*type = REG_BINARY;
r->binary = blob;
return WERR_OK;
} else if (strcmp("OSVersionEx", value_name) == 0) {
DATA_BLOB blob;
enum ndr_err_code ndr_err;
struct spoolss_OSVersionEx os_ex;
os_ex.major = server_info->version_major;
os_ex.minor = server_info->version_minor;
os_ex.build = server_info->version_build;
os_ex.extra_string = "";
os_ex.service_pack_major= 0;
os_ex.service_pack_minor= 0;
os_ex.suite_mask = 0;
os_ex.product_type = 0;
os_ex.reserved = 0;
ndr_err = ndr_push_struct_blob(&blob, mem_ctx, lp_iconv_convenience(server->ntptr->lp_ctx), &os_ex, (ndr_push_flags_fn_t)ndr_push_spoolss_OSVersionEx);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
return WERR_GENERAL_FAILURE;
}
*type = REG_BINARY;
r->binary = blob;
return WERR_OK;
} else if (strcmp("DNSMachineName", value_name) == 0) {
if (!lp_realm(server->ntptr->lp_ctx)) return WERR_INVALID_PARAM;
*type = REG_SZ;
r->string = talloc_asprintf(mem_ctx, "%s.%s",
lp_netbios_name(server->ntptr->lp_ctx),
lp_realm(server->ntptr->lp_ctx));
W_ERROR_HAVE_NO_MEMORY(r->string);
return WERR_OK;
}
return WERR_INVALID_PARAM;
}
/* test UDP/138 netlogon requests */
static bool nbt_test_netlogon2(struct torture_context *tctx)
{
struct dgram_mailslot_handler *dgmslot;
struct nbt_dgram_socket *dgmsock = nbt_dgram_socket_init(tctx, tctx->ev,
lp_iconv_convenience(tctx->lp_ctx));
struct socket_address *dest;
const char *myaddress;
struct nbt_netlogon_packet logon;
struct nbt_netlogon_response *response;
struct nbt_name myname;
NTSTATUS status;
struct timeval tv = timeval_current();
struct socket_address *socket_address;
const char *address;
struct nbt_name name;
struct interface *ifaces;
struct test_join *join_ctx;
struct cli_credentials *machine_credentials;
const struct dom_sid *dom_sid;
name.name = lp_workgroup(tctx->lp_ctx);
name.type = NBT_NAME_LOGON;
name.scope = NULL;
/* do an initial name resolution to find its IP */
torture_assert_ntstatus_ok(tctx,
resolve_name(lp_resolve_context(tctx->lp_ctx), &name, tctx, &address, tctx->ev),
talloc_asprintf(tctx, "Failed to resolve %s", name.name));
load_interfaces(tctx, lp_interfaces(tctx->lp_ctx), &ifaces);
myaddress = talloc_strdup(dgmsock, iface_best_ip(ifaces, address));
socket_address = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name,
myaddress, lp_dgram_port(tctx->lp_ctx));
torture_assert(tctx, socket_address != NULL, "Error getting address");
/* try receiving replies on port 138 first, which will only
work if we are root and smbd/nmbd are not running - fall
back to listening on any port, which means replies from
some windows versions won't be seen */
status = socket_listen(dgmsock->sock, socket_address, 0, 0);
if (!NT_STATUS_IS_OK(status)) {
talloc_free(socket_address);
socket_address = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name,
myaddress, 0);
torture_assert(tctx, socket_address != NULL, "Error getting address");
socket_listen(dgmsock->sock, socket_address, 0, 0);
}
/* setup a temporary mailslot listener for replies */
dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC,
netlogon_handler, NULL);
ZERO_STRUCT(logon);
logon.command = LOGON_SAM_LOGON_REQUEST;
logon.req.logon.request_count = 0;
logon.req.logon.computer_name = TEST_NAME;
logon.req.logon.user_name = "";
logon.req.logon.mailslot_name = dgmslot->mailslot_name;
logon.req.logon.nt_version = NETLOGON_NT_VERSION_5EX_WITH_IP|NETLOGON_NT_VERSION_5|NETLOGON_NT_VERSION_1;
logon.req.logon.lmnt_token = 0xFFFF;
logon.req.logon.lm20_token = 0xFFFF;
make_nbt_name_client(&myname, TEST_NAME);
dest = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name,
address, lp_dgram_port(tctx->lp_ctx));
torture_assert(tctx, dest != NULL, "Error getting address");
status = dgram_mailslot_netlogon_send(dgmsock, &name, dest,
NBT_MAILSLOT_NETLOGON,
&myname, &logon);
torture_assert_ntstatus_ok(tctx, status, "Failed to send netlogon request");
while (timeval_elapsed(&tv) < 5 && dgmslot->private_data == NULL) {
event_loop_once(dgmsock->event_ctx);
}
response = talloc_get_type(dgmslot->private_data, struct nbt_netlogon_response);
torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet");
torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response");
map_netlogon_samlogon_response(&response->data.samlogon);
torture_assert_int_equal(tctx, response->data.samlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX, "Got incorrect netlogon response command");
torture_assert_int_equal(tctx, response->data.samlogon.data.nt5_ex.nt_version, NETLOGON_NT_VERSION_5EX_WITH_IP|NETLOGON_NT_VERSION_5EX|NETLOGON_NT_VERSION_1, "Got incorrect netlogon response command");
/* setup (another) temporary mailslot listener for replies */
dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC,
netlogon_handler, NULL);
ZERO_STRUCT(logon);
logon.command = LOGON_SAM_LOGON_REQUEST;
logon.req.logon.request_count = 0;
logon.req.logon.computer_name = TEST_NAME;
logon.req.logon.user_name = TEST_NAME"$";
logon.req.logon.mailslot_name = dgmslot->mailslot_name;
logon.req.logon.nt_version = 1;
logon.req.logon.lmnt_token = 0xFFFF;
logon.req.logon.lm20_token = 0xFFFF;
make_nbt_name_client(&myname, TEST_NAME);
dest = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name,
address, lp_dgram_port(tctx->lp_ctx));
torture_assert(tctx, dest != NULL, "Error getting address");
status = dgram_mailslot_netlogon_send(dgmsock, &name, dest,
NBT_MAILSLOT_NETLOGON,
&myname, &logon);
torture_assert_ntstatus_ok(tctx, status, "Failed to send netlogon request");
while (timeval_elapsed(&tv) < 5 && dgmslot->private_data == NULL) {
event_loop_once(dgmsock->event_ctx);
}
response = talloc_get_type(dgmslot->private_data, struct nbt_netlogon_response);
torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet");
torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response");
map_netlogon_samlogon_response(&response->data.samlogon);
torture_assert_int_equal(tctx, response->data.samlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN, "Got incorrect netlogon response command");
torture_assert_str_equal(tctx, response->data.samlogon.data.nt5_ex.user_name, TEST_NAME"$", "Got incorrect user in netlogon response");
join_ctx = torture_join_domain(tctx, TEST_NAME,
ACB_WSTRUST, &machine_credentials);
torture_assert(tctx, join_ctx != NULL,
talloc_asprintf(tctx, "Failed to join domain %s as %s\n",
lp_workgroup(tctx->lp_ctx), TEST_NAME));
dom_sid = torture_join_sid(join_ctx);
/* setup (another) temporary mailslot listener for replies */
dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC,
netlogon_handler, NULL);
ZERO_STRUCT(logon);
logon.command = LOGON_SAM_LOGON_REQUEST;
logon.req.logon.request_count = 0;
logon.req.logon.computer_name = TEST_NAME;
logon.req.logon.user_name = TEST_NAME"$";
logon.req.logon.mailslot_name = dgmslot->mailslot_name;
logon.req.logon.sid = *dom_sid;
logon.req.logon.nt_version = 1;
logon.req.logon.lmnt_token = 0xFFFF;
logon.req.logon.lm20_token = 0xFFFF;
make_nbt_name_client(&myname, TEST_NAME);
dest = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name,
address, lp_dgram_port(tctx->lp_ctx));
torture_assert(tctx, dest != NULL, "Error getting address");
status = dgram_mailslot_netlogon_send(dgmsock, &name, dest,
NBT_MAILSLOT_NETLOGON,
&myname, &logon);
torture_assert_ntstatus_ok(tctx, status, "Failed to send netlogon request");
while (timeval_elapsed(&tv) < 5 && dgmslot->private_data == NULL) {
event_loop_once(dgmsock->event_ctx);
}
response = talloc_get_type(dgmslot->private_data, struct nbt_netlogon_response);
torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet");
torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response");
map_netlogon_samlogon_response(&response->data.samlogon);
torture_assert_int_equal(tctx, response->data.samlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN, "Got incorrect netlogon response command");
/* setup (another) temporary mailslot listener for replies */
dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC,
netlogon_handler, NULL);
torture_assert(tctx, dgmslot != NULL, "Error getting a Mailslot for GetDC reply");
ZERO_STRUCT(logon);
logon.command = LOGON_SAM_LOGON_REQUEST;
logon.req.logon.request_count = 0;
logon.req.logon.computer_name = TEST_NAME;
logon.req.logon.user_name = TEST_NAME"$";
logon.req.logon.mailslot_name = dgmslot->mailslot_name;
logon.req.logon.sid = *dom_sid;
logon.req.logon.acct_control = ACB_WSTRUST;
logon.req.logon.nt_version = 1;
logon.req.logon.lmnt_token = 0xFFFF;
logon.req.logon.lm20_token = 0xFFFF;
make_nbt_name_client(&myname, TEST_NAME);
dest = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name,
address, lp_dgram_port(tctx->lp_ctx));
torture_assert(tctx, dest != NULL, "Error getting address");
status = dgram_mailslot_netlogon_send(dgmsock, &name, dest,
NBT_MAILSLOT_NETLOGON,
&myname, &logon);
torture_assert_ntstatus_ok(tctx, status, "Failed to send netlogon request");
while (timeval_elapsed(&tv) < 5 && dgmslot->private_data == NULL) {
event_loop_once(dgmsock->event_ctx);
}
response = talloc_get_type(dgmslot->private_data, struct nbt_netlogon_response);
torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet");
torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response");
map_netlogon_samlogon_response(&response->data.samlogon);
torture_assert_int_equal(tctx, response->data.samlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE, "Got incorrect netlogon response command");
dgmslot->private_data = NULL;
ZERO_STRUCT(logon);
logon.command = LOGON_SAM_LOGON_REQUEST;
logon.req.logon.request_count = 0;
logon.req.logon.computer_name = TEST_NAME;
logon.req.logon.user_name = TEST_NAME"$";
logon.req.logon.mailslot_name = dgmslot->mailslot_name;
logon.req.logon.sid = *dom_sid;
logon.req.logon.acct_control = ACB_NORMAL;
logon.req.logon.nt_version = 1;
logon.req.logon.lmnt_token = 0xFFFF;
logon.req.logon.lm20_token = 0xFFFF;
make_nbt_name_client(&myname, TEST_NAME);
dest = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name,
address, lp_dgram_port(tctx->lp_ctx));
torture_assert(tctx, dest != NULL, "Error getting address");
status = dgram_mailslot_netlogon_send(dgmsock, &name, dest,
NBT_MAILSLOT_NETLOGON,
&myname, &logon);
torture_assert_ntstatus_ok(tctx, status, "Failed to send netlogon request");
while (timeval_elapsed(&tv) < 5 && dgmslot->private_data == NULL) {
event_loop_once(dgmsock->event_ctx);
}
response = talloc_get_type(dgmslot->private_data, struct nbt_netlogon_response);
torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet");
torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response");
map_netlogon_samlogon_response(&response->data.samlogon);
torture_assert_int_equal(tctx, response->data.samlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN, "Got incorrect netlogon response command");
torture_leave_domain(tctx, join_ctx);
return true;
}
bool torture_utable(struct torture_context *tctx,
struct smbcli_state *cli)
{
char fname[256];
const char *alt_name;
int fnum;
uint8_t c2[4];
int c, fd;
size_t len;
int chars_allowed=0, alt_allowed=0;
uint8_t valid[0x10000];
torture_comment(tctx, "Generating valid character table\n");
memset(valid, 0, sizeof(valid));
torture_assert(tctx, torture_setup_dir(cli, "\\utable"),
"Setting up dir \\utable failed");
for (c=1; c < 0x10000; c++) {
char *p;
SSVAL(c2, 0, c);
strncpy(fname, "\\utable\\x", sizeof(fname)-1);
p = fname+strlen(fname);
convert_string_convenience(lp_iconv_convenience(tctx->lp_ctx), CH_UTF16, CH_UNIX,
c2, 2,
p, sizeof(fname)-strlen(fname), &len, false);
p[len] = 0;
strncat(fname,"_a_long_extension",sizeof(fname)-1);
fnum = smbcli_open(cli->tree, fname, O_RDWR | O_CREAT | O_TRUNC,
DENY_NONE);
if (fnum == -1) continue;
chars_allowed++;
smbcli_qpathinfo_alt_name(cli->tree, fname, &alt_name);
if (strncmp(alt_name, "X_A_L", 5) != 0) {
alt_allowed++;
valid[c] = 1;
torture_comment(tctx, "fname=[%s] alt_name=[%s]\n", fname, alt_name);
}
smbcli_close(cli->tree, fnum);
smbcli_unlink(cli->tree, fname);
if (c % 100 == 0) {
if (torture_setting_bool(tctx, "progress", true)) {
torture_comment(tctx, "%d (%d/%d)\r", c, chars_allowed, alt_allowed);
fflush(stdout);
}
}
}
torture_comment(tctx, "%d (%d/%d)\n", c, chars_allowed, alt_allowed);
smbcli_rmdir(cli->tree, "\\utable");
torture_comment(tctx, "%d chars allowed %d alt chars allowed\n", chars_allowed, alt_allowed);
fd = open("valid.dat", O_WRONLY|O_CREAT|O_TRUNC, 0644);
torture_assert(tctx, fd != -1,
talloc_asprintf(tctx,
"Failed to create valid.dat - %s", strerror(errno)));
write(fd, valid, 0x10000);
close(fd);
torture_comment(tctx, "wrote valid.dat\n");
return true;
}
/*****************************************************
return a connection to a server
*******************************************************/
static struct smbcli_state *connect_one(struct tevent_context *ev,
struct loadparm_context *lp_ctx,
TALLOC_CTX *mem_ctx,
char *share, int snum, int conn)
{
struct smbcli_state *c;
char *server, *myname;
NTSTATUS status;
int retries = 10;
struct smbcli_options options;
struct smbcli_session_options session_options;
lp_smbcli_options(lp_ctx, &options);
lp_smbcli_session_options(lp_ctx, &session_options);
printf("connect_one(%s, %d, %d)\n", share, snum, conn);
server = talloc_strdup(mem_ctx, share+2);
share = strchr_m(server,'\\');
if (!share) return NULL;
*share = 0;
share++;
if (snum == 0) {
char **unc_list = NULL;
int num_unc_names;
const char *p;
p = lp_parm_string(lp_ctx, NULL, "torture", "unclist");
if (p) {
char *h, *s;
unc_list = file_lines_load(p, &num_unc_names, 0, NULL);
if (!unc_list || num_unc_names <= 0) {
printf("Failed to load unc names list from '%s'\n", p);
exit(1);
}
if (!smbcli_parse_unc(unc_list[conn % num_unc_names],
NULL, &h, &s)) {
printf("Failed to parse UNC name %s\n",
unc_list[conn % num_unc_names]);
exit(1);
}
server = talloc_strdup(mem_ctx, h);
share = talloc_strdup(mem_ctx, s);
}
}
myname = talloc_asprintf(mem_ctx, "lock-%u-%u", getpid(), snum);
cli_credentials_set_workstation(servers[snum], myname, CRED_SPECIFIED);
do {
printf("\\\\%s\\%s\n", server, share);
status = smbcli_full_connection(NULL, &c,
server,
lp_smb_ports(lp_ctx),
share, NULL,
lp_socket_options(lp_ctx),
servers[snum],
lp_resolve_context(lp_ctx),
ev, &options, &session_options,
lp_iconv_convenience(lp_ctx),
lp_gensec_settings(mem_ctx, lp_ctx));
if (!NT_STATUS_IS_OK(status)) {
sleep(2);
}
} while (!NT_STATUS_IS_OK(status) && retries--);
if (!NT_STATUS_IS_OK(status)) {
return NULL;
}
return c;
}
bool torture_casetable(struct torture_context *tctx,
struct smbcli_state *cli)
{
char *fname;
int fnum;
int c, i;
#define MAX_EQUIVALENCE 8
codepoint_t equiv[0x10000][MAX_EQUIVALENCE];
torture_comment(tctx, "Determining upper/lower case table\n");
memset(equiv, 0, sizeof(equiv));
torture_assert(tctx, torture_setup_dir(cli, "\\utable"),
"Error setting up dir \\utable");
for (c=1; c < 0x10000; c++) {
size_t size;
if (c == '.' || c == '\\') continue;
torture_comment(tctx, "%04x (%c)\n", c, isprint(c)?c:'.');
fname = form_name(lp_iconv_convenience(tctx->lp_ctx), c);
fnum = smbcli_nt_create_full(cli->tree, fname, 0,
#if 0
SEC_RIGHT_MAXIMUM_ALLOWED,
#else
SEC_RIGHTS_FILE_ALL,
#endif
FILE_ATTRIBUTE_NORMAL,
NTCREATEX_SHARE_ACCESS_NONE,
NTCREATEX_DISP_OPEN_IF, 0, 0);
torture_assert(tctx, fnum != -1,
talloc_asprintf(tctx,
"Failed to create file with char %04x\n", c));
size = 0;
if (NT_STATUS_IS_ERR(smbcli_qfileinfo(cli->tree, fnum, NULL, &size,
NULL, NULL, NULL, NULL, NULL))) continue;
if (size > 0) {
/* found a character equivalence! */
int c2[MAX_EQUIVALENCE];
if (size/sizeof(int) >= MAX_EQUIVALENCE) {
torture_comment(tctx, "too many chars match?? size=%d c=0x%04x\n",
(int)size, c);
smbcli_close(cli->tree, fnum);
return false;
}
smbcli_read(cli->tree, fnum, c2, 0, size);
torture_comment(tctx, "%04x: ", c);
equiv[c][0] = c;
for (i=0; i<size/sizeof(int); i++) {
torture_comment(tctx, "%04x ", c2[i]);
equiv[c][i+1] = c2[i];
}
torture_comment(tctx, "\n");
}
smbcli_write(cli->tree, fnum, 0, &c, size, sizeof(c));
smbcli_close(cli->tree, fnum);
}
smbcli_unlink(cli->tree, "\\utable\\*");
smbcli_rmdir(cli->tree, "\\utable");
return true;
}
/*
start listening on the given address
*/
static NTSTATUS nbtd_add_socket(struct nbtd_server *nbtsrv,
struct loadparm_context *lp_ctx,
const char *bind_address,
const char *address,
const char *bcast,
const char *netmask)
{
struct nbtd_interface *iface;
NTSTATUS status;
struct socket_address *bcast_address;
struct socket_address *unicast_address;
DEBUG(6,("nbtd_add_socket(%s, %s, %s, %s)\n", bind_address, address, bcast, netmask));
/*
we actually create two sockets. One listens on the broadcast address
for the interface, and the other listens on our specific address. This
allows us to run with "bind interfaces only" while still receiving
broadcast addresses, and also simplifies matching incoming requests
to interfaces
*/
iface = talloc(nbtsrv, struct nbtd_interface);
NT_STATUS_HAVE_NO_MEMORY(iface);
iface->nbtsrv = nbtsrv;
iface->bcast_address = talloc_steal(iface, bcast);
iface->ip_address = talloc_steal(iface, address);
iface->netmask = talloc_steal(iface, netmask);
iface->names = NULL;
iface->wack_queue = NULL;
if (strcmp(netmask, "0.0.0.0") != 0) {
struct nbt_name_socket *bcast_nbtsock;
/* listen for broadcasts on port 137 */
bcast_nbtsock = nbt_name_socket_init(iface, nbtsrv->task->event_ctx, lp_iconv_convenience(nbtsrv->task->lp_ctx));
if (!bcast_nbtsock) {
talloc_free(iface);
return NT_STATUS_NO_MEMORY;
}
bcast_address = socket_address_from_strings(bcast_nbtsock, bcast_nbtsock->sock->backend_name,
bcast, lp_nbt_port(lp_ctx));
if (!bcast_address) {
talloc_free(iface);
return NT_STATUS_NO_MEMORY;
}
status = socket_listen(bcast_nbtsock->sock, bcast_address, 0, 0);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("Failed to bind to %s:%d - %s\n",
bcast, lp_nbt_port(lp_ctx), nt_errstr(status)));
talloc_free(iface);
return status;
}
talloc_free(bcast_address);
nbt_set_incoming_handler(bcast_nbtsock, nbtd_request_handler, iface);
}
/* listen for unicasts on port 137 */
iface->nbtsock = nbt_name_socket_init(iface, nbtsrv->task->event_ctx,
lp_iconv_convenience(nbtsrv->task->lp_ctx));
if (!iface->nbtsock) {
talloc_free(iface);
return NT_STATUS_NO_MEMORY;
}
unicast_address = socket_address_from_strings(iface->nbtsock,
iface->nbtsock->sock->backend_name,
bind_address, lp_nbt_port(lp_ctx));
status = socket_listen(iface->nbtsock->sock, unicast_address, 0, 0);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("Failed to bind to %s:%d - %s\n",
bind_address, lp_nbt_port(lp_ctx), nt_errstr(status)));
talloc_free(iface);
return status;
}
talloc_free(unicast_address);
nbt_set_incoming_handler(iface->nbtsock, nbtd_request_handler, iface);
nbt_set_unexpected_handler(iface->nbtsock, nbtd_unexpected_handler, iface);
/* also setup the datagram listeners */
status = nbtd_dgram_setup(iface, bind_address);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("Failed to setup dgram listen on %s - %s\n",
bind_address, nt_errstr(status)));
talloc_free(iface);
return status;
}
if (strcmp(netmask, "0.0.0.0") == 0) {
DLIST_ADD(nbtsrv->bcast_interface, iface);
} else {
DLIST_ADD(nbtsrv->interfaces, iface);
}
return NT_STATUS_OK;
}
static int copy_files(struct tevent_context *ev, struct loadparm_context *lp_ctx)
{
uint8_t * iobuf; /* IO buffer. */
uint64_t iomax; /* Size of the IO buffer. */
uint64_t data_size; /* Amount of data in the IO buffer. */
uint64_t ibs;
uint64_t obs;
uint64_t count;
struct dd_iohandle * ifile;
struct dd_iohandle * ofile;
struct smbcli_options options;
struct smbcli_session_options session_options;
ibs = check_arg_numeric("ibs");
obs = check_arg_numeric("obs");
count = check_arg_numeric("count");
lp_smbcli_options(lp_ctx, &options);
lp_smbcli_session_options(lp_ctx, &session_options);
/* Allocate IO buffer. We need more than the max IO size because we
* could accumulate a remainder if ibs and obs don't match.
*/
iomax = 2 * MAX(ibs, obs);
if ((iobuf = malloc_array_p(uint8_t, iomax)) == NULL) {
fprintf(stderr,
"%s: failed to allocate IO buffer of %llu bytes\n",
PROGNAME, (unsigned long long)iomax);
return(EOM_EXIT_CODE);
}
options.max_xmit = MAX(ibs, obs);
DEBUG(4, ("IO buffer size is %llu, max xmit is %d\n",
(unsigned long long)iomax, options.max_xmit));
if (!(ifile = open_file(lp_resolve_context(lp_ctx), ev, "if",
lp_smb_ports(lp_ctx), &options,
lp_socket_options(lp_ctx),
&session_options, lp_iconv_convenience(lp_ctx),
lp_gensec_settings(lp_ctx, lp_ctx)))) {
return(FILESYS_EXIT_CODE);
}
if (!(ofile = open_file(lp_resolve_context(lp_ctx), ev, "of",
lp_smb_ports(lp_ctx), &options,
lp_socket_options(lp_ctx),
&session_options,
lp_iconv_convenience(lp_ctx),
lp_gensec_settings(lp_ctx, lp_ctx)))) {
return(FILESYS_EXIT_CODE);
}
/* Seek the files to their respective starting points. */
ifile->io_seek(ifile, check_arg_numeric("skip") * ibs);
ofile->io_seek(ofile, check_arg_numeric("seek") * obs);
DEBUG(4, ("max xmit was negotiated to be %d\n", options.max_xmit));
for (data_size = 0;;) {
/* Handle signals. We are somewhat compatible with GNU dd.
* SIGINT makes us stop, but still print transfer statistics.
* SIGUSR1 makes us print transfer statistics but we continue
* copying.
*/
if (dd_sigint) {
break;
}
if (dd_sigusr1) {
print_transfer_stats();
dd_sigusr1 = 0;
}
if (ifile->io_flags & DD_END_OF_FILE) {
DEBUG(4, ("flushing %llu bytes at EOF\n",
(unsigned long long)data_size));
while (data_size > 0) {
if (!dd_flush_block(ofile, iobuf,
&data_size, obs)) {
return(IOERROR_EXIT_CODE);
}
}
goto done;
}
/* Try and read enough blocks of ibs bytes to be able write
* out one of obs bytes.
*/
if (!dd_fill_block(ifile, iobuf, &data_size, obs, ibs)) {
return(IOERROR_EXIT_CODE);
}
if (data_size == 0) {
/* Done. */
SMB_ASSERT(ifile->io_flags & DD_END_OF_FILE);
}
/* Stop reading when we hit the block count. */
if (dd_stats.in.bytes >= (ibs * count)) {
ifile->io_flags |= DD_END_OF_FILE;
}
/* If we wanted to be a legitimate dd, we would do character
* conversions and other shenanigans here.
*/
/* Flush what we read in units of obs bytes. We want to have
* at least obs bytes in the IO buffer but might not if the
* file is too small.
*/
if (data_size &&
!dd_flush_block(ofile, iobuf, &data_size, obs)) {
return(IOERROR_EXIT_CODE);
}
}
done:
print_transfer_stats();
return(0);
}
static bool torture_pac_self_check(struct torture_context *tctx)
{
NTSTATUS nt_status;
DATA_BLOB tmp_blob;
struct PAC_DATA *pac_data;
struct PAC_LOGON_INFO *logon_info;
union netr_Validation validation;
/* Generate a nice, arbitary keyblock */
uint8_t server_bytes[16];
uint8_t krbtgt_bytes[16];
krb5_keyblock server_keyblock;
krb5_keyblock krbtgt_keyblock;
krb5_error_code ret;
struct smb_krb5_context *smb_krb5_context;
struct auth_serversupplied_info *server_info;
struct auth_serversupplied_info *server_info_out;
krb5_principal client_principal;
time_t logon_time = time(NULL);
TALLOC_CTX *mem_ctx = tctx;
torture_assert(tctx, 0 == smb_krb5_init_context(mem_ctx,
NULL,
tctx->lp_ctx,
&smb_krb5_context),
"smb_krb5_init_context");
generate_random_buffer(server_bytes, 16);
generate_random_buffer(krbtgt_bytes, 16);
ret = krb5_keyblock_init(smb_krb5_context->krb5_context,
ENCTYPE_ARCFOUR_HMAC,
server_bytes, sizeof(server_bytes),
&server_keyblock);
torture_assert(tctx, !ret, talloc_asprintf(tctx,
"(self test) Server Keyblock encoding failed: %s",
smb_get_krb5_error_message(smb_krb5_context->krb5_context,
ret, mem_ctx)));
ret = krb5_keyblock_init(smb_krb5_context->krb5_context,
ENCTYPE_ARCFOUR_HMAC,
krbtgt_bytes, sizeof(krbtgt_bytes),
&krbtgt_keyblock);
if (ret) {
char *err = smb_get_krb5_error_message(smb_krb5_context->krb5_context,
ret, mem_ctx);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
torture_fail(tctx, talloc_asprintf(tctx,
"(self test) KRBTGT Keyblock encoding failed: %s", err));
}
/* We need an input, and this one requires no underlying database */
nt_status = auth_anonymous_server_info(mem_ctx, lp_netbios_name(tctx->lp_ctx), &server_info);
if (!NT_STATUS_IS_OK(nt_status)) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&krbtgt_keyblock);
torture_fail(tctx, "auth_anonymous_server_info");
}
ret = krb5_parse_name_flags(smb_krb5_context->krb5_context,
server_info->account_name,
KRB5_PRINCIPAL_PARSE_NO_REALM,
&client_principal);
if (ret) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&krbtgt_keyblock);
torture_fail(tctx, "krb5_parse_name_flags(norealm)");
}
/* OK, go ahead and make a PAC */
ret = kerberos_create_pac(mem_ctx,
lp_iconv_convenience(tctx->lp_ctx),
server_info,
smb_krb5_context->krb5_context,
&krbtgt_keyblock,
&server_keyblock,
client_principal,
logon_time,
&tmp_blob);
if (ret) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&krbtgt_keyblock);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
krb5_free_principal(smb_krb5_context->krb5_context,
client_principal);
torture_fail(tctx, talloc_asprintf(tctx,
"(self test) PAC encoding failed: %s",
smb_get_krb5_error_message(smb_krb5_context->krb5_context,
ret, mem_ctx)));
}
dump_data(10,tmp_blob.data,tmp_blob.length);
/* Now check that we can read it back (using full decode and validate) */
nt_status = kerberos_decode_pac(mem_ctx,
lp_iconv_convenience(tctx->lp_ctx),
&pac_data,
tmp_blob,
smb_krb5_context->krb5_context,
&krbtgt_keyblock,
&server_keyblock,
client_principal,
logon_time, NULL);
if (!NT_STATUS_IS_OK(nt_status)) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&krbtgt_keyblock);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
krb5_free_principal(smb_krb5_context->krb5_context,
client_principal);
torture_fail(tctx, talloc_asprintf(tctx,
"(self test) PAC decoding failed: %s",
nt_errstr(nt_status)));
}
/* Now check we can read it back (using Heimdal's pac parsing) */
nt_status = kerberos_pac_blob_to_server_info(mem_ctx,
lp_iconv_convenience(tctx->lp_ctx),
tmp_blob,
smb_krb5_context->krb5_context,
&server_info_out);
if (!dom_sid_equal(server_info->account_sid,
server_info_out->account_sid)) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&krbtgt_keyblock);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
krb5_free_principal(smb_krb5_context->krb5_context,
client_principal);
torture_fail(tctx,
talloc_asprintf(tctx,
"(self test) PAC Decode resulted in *different* domain SID: %s != %s",
dom_sid_string(mem_ctx, server_info->account_sid),
dom_sid_string(mem_ctx, server_info_out->account_sid)));
}
talloc_free(server_info_out);
/* Now check that we can read it back (yet again) */
nt_status = kerberos_pac_logon_info(mem_ctx,
lp_iconv_convenience(tctx->lp_ctx),
&logon_info,
tmp_blob,
smb_krb5_context->krb5_context,
&krbtgt_keyblock,
&server_keyblock,
client_principal,
logon_time,
NULL);
if (!NT_STATUS_IS_OK(nt_status)) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&krbtgt_keyblock);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
krb5_free_principal(smb_krb5_context->krb5_context,
client_principal);
torture_fail(tctx,
talloc_asprintf(tctx,
"(self test) PAC decoding (for logon info) failed: %s",
nt_errstr(nt_status)));
}
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&krbtgt_keyblock);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
krb5_free_principal(smb_krb5_context->krb5_context,
client_principal);
/* And make a server info from the samba-parsed PAC */
validation.sam3 = &logon_info->info3;
nt_status = make_server_info_netlogon_validation(mem_ctx,
"",
3, &validation,
&server_info_out);
if (!NT_STATUS_IS_OK(nt_status)) {
torture_fail(tctx,
talloc_asprintf(tctx,
"(self test) PAC decoding (make server info) failed: %s",
nt_errstr(nt_status)));
}
if (!dom_sid_equal(server_info->account_sid,
server_info_out->account_sid)) {
torture_fail(tctx,
talloc_asprintf(tctx,
"(self test) PAC Decode resulted in *different* domain SID: %s != %s",
dom_sid_string(mem_ctx, server_info->account_sid),
dom_sid_string(mem_ctx, server_info_out->account_sid)));
}
return true;
}
/* Check with a known 'well formed' PAC, from my test server */
static bool torture_pac_saved_check(struct torture_context *tctx)
{
NTSTATUS nt_status;
enum ndr_err_code ndr_err;
DATA_BLOB tmp_blob, validate_blob;
struct PAC_DATA *pac_data, pac_data2;
struct PAC_LOGON_INFO *logon_info;
union netr_Validation validation;
const char *pac_file, *pac_kdc_key, *pac_member_key;
struct auth_serversupplied_info *server_info_out;
krb5_keyblock server_keyblock;
krb5_keyblock krbtgt_keyblock, *krbtgt_keyblock_p;
struct samr_Password *krbtgt_bytes, *krbsrv_bytes;
krb5_error_code ret;
struct smb_krb5_context *smb_krb5_context;
const char *principal_string;
char *broken_principal_string;
krb5_principal client_principal;
const char *authtime_string;
time_t authtime;
TALLOC_CTX *mem_ctx = tctx;
torture_assert(tctx, 0 == smb_krb5_init_context(mem_ctx, NULL,
tctx->lp_ctx,
&smb_krb5_context),
"smb_krb5_init_context");
pac_kdc_key = torture_setting_string(tctx, "pac_kdc_key",
"B286757148AF7FD252C53603A150B7E7");
pac_member_key = torture_setting_string(tctx, "pac_member_key",
"D217FAEAE5E6B5F95CCC94077AB8A5FC");
torture_comment(tctx, "Using pac_kdc_key '%s'\n", pac_kdc_key);
torture_comment(tctx, "Using pac_member_key '%s'\n", pac_member_key);
/* The krbtgt key in use when the above PAC was generated.
* This is an arcfour-hmac-md5 key, extracted with our 'net
* samdump' tool. */
if (*pac_kdc_key == 0) {
krbtgt_bytes = NULL;
} else {
krbtgt_bytes = smbpasswd_gethexpwd(mem_ctx, pac_kdc_key);
if (!krbtgt_bytes) {
torture_fail(tctx, "(saved test) Could not interpret krbtgt key");
}
}
krbsrv_bytes = smbpasswd_gethexpwd(mem_ctx, pac_member_key);
if (!krbsrv_bytes) {
torture_fail(tctx, "(saved test) Could not interpret krbsrv key");
}
ret = krb5_keyblock_init(smb_krb5_context->krb5_context,
ENCTYPE_ARCFOUR_HMAC,
krbsrv_bytes->hash, sizeof(krbsrv_bytes->hash),
&server_keyblock);
torture_assert(tctx, !ret,
talloc_asprintf(tctx,
"(saved test) Server Keyblock encoding failed: %s",
smb_get_krb5_error_message(smb_krb5_context->krb5_context,
ret, mem_ctx)));
if (krbtgt_bytes) {
ret = krb5_keyblock_init(smb_krb5_context->krb5_context,
ENCTYPE_ARCFOUR_HMAC,
krbtgt_bytes->hash, sizeof(krbtgt_bytes->hash),
&krbtgt_keyblock);
if (ret) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
torture_fail(tctx,
talloc_asprintf(tctx,
"(saved test) Server Keyblock encoding failed: %s",
smb_get_krb5_error_message(smb_krb5_context->krb5_context,
ret, mem_ctx)));
}
krbtgt_keyblock_p = &krbtgt_keyblock;
} else {
krbtgt_keyblock_p = NULL;
}
pac_file = torture_setting_string(tctx, "pac_file", NULL);
if (pac_file) {
tmp_blob.data = (uint8_t *)file_load(pac_file, &tmp_blob.length, 0, mem_ctx);
torture_comment(tctx, "(saved test) Loaded pac of size %ld from %s\n", (long)tmp_blob.length, pac_file);
} else {
tmp_blob = data_blob_talloc(mem_ctx, saved_pac, sizeof(saved_pac));
}
dump_data(10,tmp_blob.data,tmp_blob.length);
principal_string = torture_setting_string(tctx, "pac_client_principal",
"[email protected]");
authtime_string = torture_setting_string(tctx, "pac_authtime", "1120440609");
authtime = strtoull(authtime_string, NULL, 0);
ret = krb5_parse_name(smb_krb5_context->krb5_context, principal_string,
&client_principal);
if (ret) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
krbtgt_keyblock_p);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
torture_fail(tctx,
talloc_asprintf(tctx,
"(saved test) parsing of client principal [%s] failed: %s",
principal_string,
smb_get_krb5_error_message(smb_krb5_context->krb5_context, ret, mem_ctx)));
}
/* Decode and verify the signaure on the PAC */
nt_status = kerberos_decode_pac(mem_ctx,
lp_iconv_convenience(tctx->lp_ctx),
&pac_data,
tmp_blob,
smb_krb5_context->krb5_context,
krbtgt_keyblock_p,
&server_keyblock,
client_principal, authtime, NULL);
if (!NT_STATUS_IS_OK(nt_status)) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
krbtgt_keyblock_p);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
krb5_free_principal(smb_krb5_context->krb5_context, client_principal);
torture_fail(tctx, talloc_asprintf(tctx,
"(saved test) PAC decoding failed: %s",
nt_errstr(nt_status)));
}
/* Now check we can read it back (using Heimdal's pac parsing) */
nt_status = kerberos_pac_blob_to_server_info(mem_ctx,
lp_iconv_convenience(tctx->lp_ctx),
tmp_blob,
smb_krb5_context->krb5_context,
&server_info_out);
if (!NT_STATUS_IS_OK(nt_status)) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
krbtgt_keyblock_p);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
krb5_free_principal(smb_krb5_context->krb5_context, client_principal);
torture_fail(tctx, talloc_asprintf(tctx,
"(saved test) Heimdal PAC decoding failed: %s",
nt_errstr(nt_status)));
}
if (!pac_file &&
!dom_sid_equal(dom_sid_parse_talloc(mem_ctx,
"S-1-5-21-3048156945-3961193616-3706469200-1005"),
server_info_out->account_sid)) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
krbtgt_keyblock_p);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
krb5_free_principal(smb_krb5_context->krb5_context, client_principal);
torture_fail(tctx,
talloc_asprintf(tctx,
"(saved test) Heimdal PAC Decode resulted in *different* domain SID: %s != %s",
"S-1-5-21-3048156945-3961193616-3706469200-1005",
dom_sid_string(mem_ctx, server_info_out->account_sid)));
}
talloc_free(server_info_out);
/* Parse the PAC again, for the logon info this time (using Samba4's parsing) */
nt_status = kerberos_pac_logon_info(mem_ctx,
lp_iconv_convenience(tctx->lp_ctx),
&logon_info,
tmp_blob,
smb_krb5_context->krb5_context,
krbtgt_keyblock_p,
&server_keyblock,
client_principal, authtime, NULL);
if (!NT_STATUS_IS_OK(nt_status)) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
krbtgt_keyblock_p);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
krb5_free_principal(smb_krb5_context->krb5_context, client_principal);
torture_fail(tctx,
talloc_asprintf(tctx,
"(saved test) PAC decoding (for logon info) failed: %s",
nt_errstr(nt_status)));
}
validation.sam3 = &logon_info->info3;
nt_status = make_server_info_netlogon_validation(mem_ctx,
"",
3, &validation,
&server_info_out);
if (!NT_STATUS_IS_OK(nt_status)) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
krbtgt_keyblock_p);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
krb5_free_principal(smb_krb5_context->krb5_context, client_principal);
torture_fail(tctx,
talloc_asprintf(tctx,
"(saved test) PAC decoding (make server info) failed: %s",
nt_errstr(nt_status)));
}
if (!pac_file &&
!dom_sid_equal(dom_sid_parse_talloc(mem_ctx,
"S-1-5-21-3048156945-3961193616-3706469200-1005"),
server_info_out->account_sid)) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
krbtgt_keyblock_p);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
krb5_free_principal(smb_krb5_context->krb5_context, client_principal);
torture_fail(tctx,
talloc_asprintf(tctx,
"(saved test) PAC Decode resulted in *different* domain SID: %s != %s",
"S-1-5-21-3048156945-3961193616-3706469200-1005",
dom_sid_string(mem_ctx, server_info_out->account_sid)));
}
if (krbtgt_bytes == NULL) {
torture_comment(tctx, "skipping PAC encoding tests as non kdc key\n");
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
krb5_free_principal(smb_krb5_context->krb5_context, client_principal);
return true;
}
ret = kerberos_encode_pac(mem_ctx,
lp_iconv_convenience(tctx->lp_ctx),
pac_data,
smb_krb5_context->krb5_context,
krbtgt_keyblock_p,
&server_keyblock,
&validate_blob);
if (ret != 0) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
krbtgt_keyblock_p);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
krb5_free_principal(smb_krb5_context->krb5_context, client_principal);
torture_fail(tctx, "(saved test) PAC push failed");
}
dump_data(10, validate_blob.data, validate_blob.length);
/* compare both the length and the data bytes after a
* pull/push cycle. This ensures we use the exact same
* pointer, padding etc algorithms as win2k3.
*/
if (tmp_blob.length != validate_blob.length) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
krbtgt_keyblock_p);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
krb5_free_principal(smb_krb5_context->krb5_context, client_principal);
torture_fail(tctx,
talloc_asprintf(tctx,
"(saved test) PAC push failed: original buffer length[%u] != created buffer length[%u]",
(unsigned)tmp_blob.length, (unsigned)validate_blob.length));
}
if (memcmp(tmp_blob.data, validate_blob.data, tmp_blob.length) != 0) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
krbtgt_keyblock_p);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
krb5_free_principal(smb_krb5_context->krb5_context, client_principal);
DEBUG(0, ("tmp_data:\n"));
dump_data(0, tmp_blob.data, tmp_blob.length);
DEBUG(0, ("validate_blob:\n"));
dump_data(0, validate_blob.data, validate_blob.length);
torture_fail(tctx, talloc_asprintf(tctx, "(saved test) PAC push failed: length[%u] matches, but data does not", (unsigned)tmp_blob.length));
}
ret = kerberos_create_pac(mem_ctx,
lp_iconv_convenience(tctx->lp_ctx),
server_info_out,
smb_krb5_context->krb5_context,
krbtgt_keyblock_p,
&server_keyblock,
client_principal, authtime,
&validate_blob);
if (ret != 0) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
krbtgt_keyblock_p);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
krb5_free_principal(smb_krb5_context->krb5_context, client_principal);
torture_fail(tctx, "(saved test) regnerated PAC create failed");
}
dump_data(10,validate_blob.data,validate_blob.length);
/* compare both the length and the data bytes after a
* pull/push cycle. This ensures we use the exact same
* pointer, padding etc algorithms as win2k3.
*/
if (tmp_blob.length != validate_blob.length) {
ndr_err = ndr_pull_struct_blob(&validate_blob, mem_ctx,
lp_iconv_convenience(tctx->lp_ctx), &pac_data2,
(ndr_pull_flags_fn_t)ndr_pull_PAC_DATA);
nt_status = ndr_map_error2ntstatus(ndr_err);
torture_assert_ntstatus_ok(tctx, nt_status, "can't parse the PAC");
NDR_PRINT_DEBUG(PAC_DATA, pac_data);
NDR_PRINT_DEBUG(PAC_DATA, &pac_data2);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
krbtgt_keyblock_p);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
krb5_free_principal(smb_krb5_context->krb5_context, client_principal);
torture_fail(tctx, talloc_asprintf(tctx,
"(saved test) PAC regenerate failed: original buffer length[%u] != created buffer length[%u]",
(unsigned)tmp_blob.length, (unsigned)validate_blob.length));
}
if (memcmp(tmp_blob.data, validate_blob.data, tmp_blob.length) != 0) {
ndr_err = ndr_pull_struct_blob(&validate_blob, mem_ctx,
lp_iconv_convenience(tctx->lp_ctx), &pac_data2,
(ndr_pull_flags_fn_t)ndr_pull_PAC_DATA);
nt_status = ndr_map_error2ntstatus(ndr_err);
torture_assert_ntstatus_ok(tctx, nt_status, "can't parse the PAC");
NDR_PRINT_DEBUG(PAC_DATA, pac_data);
NDR_PRINT_DEBUG(PAC_DATA, &pac_data2);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
krbtgt_keyblock_p);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
krb5_free_principal(smb_krb5_context->krb5_context, client_principal);
DEBUG(0, ("tmp_data:\n"));
dump_data(0, tmp_blob.data, tmp_blob.length);
DEBUG(0, ("validate_blob:\n"));
dump_data(0, validate_blob.data, validate_blob.length);
torture_fail(tctx, talloc_asprintf(tctx,
"(saved test) PAC regenerate failed: length[%u] matches, but data does not", (unsigned)tmp_blob.length));
}
/* Break the auth time, to ensure we check this vital detail (not setting this caused all the pain in the first place... */
nt_status = kerberos_decode_pac(mem_ctx,
lp_iconv_convenience(tctx->lp_ctx),
&pac_data,
tmp_blob,
smb_krb5_context->krb5_context,
krbtgt_keyblock_p,
&server_keyblock,
client_principal,
authtime + 1, NULL);
if (NT_STATUS_IS_OK(nt_status)) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
krbtgt_keyblock_p);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
krb5_free_principal(smb_krb5_context->krb5_context, client_principal);
torture_fail(tctx, "(saved test) PAC decoding DID NOT fail on broken auth time (time + 1)");
}
/* Break the client principal */
krb5_free_principal(smb_krb5_context->krb5_context, client_principal);
broken_principal_string = talloc_strdup(mem_ctx, principal_string);
broken_principal_string[0]++;
ret = krb5_parse_name(smb_krb5_context->krb5_context,
broken_principal_string, &client_principal);
if (ret) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
krbtgt_keyblock_p);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
torture_fail(tctx, talloc_asprintf(tctx,
"(saved test) parsing of broken client principal failed: %s",
smb_get_krb5_error_message(smb_krb5_context->krb5_context, ret, mem_ctx)));
}
nt_status = kerberos_decode_pac(mem_ctx,
lp_iconv_convenience(tctx->lp_ctx),
&pac_data,
tmp_blob,
smb_krb5_context->krb5_context,
krbtgt_keyblock_p,
&server_keyblock,
client_principal,
authtime, NULL);
if (NT_STATUS_IS_OK(nt_status)) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
krbtgt_keyblock_p);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
torture_fail(tctx, "(saved test) PAC decoding DID NOT fail on modified principal");
}
/* Finally... Bugger up the signature, and check we fail the checksum */
tmp_blob.data[tmp_blob.length - 2]++;
nt_status = kerberos_decode_pac(mem_ctx,
lp_iconv_convenience(tctx->lp_ctx),
&pac_data,
tmp_blob,
smb_krb5_context->krb5_context,
krbtgt_keyblock_p,
&server_keyblock,
client_principal,
authtime, NULL);
if (NT_STATUS_IS_OK(nt_status)) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
krbtgt_keyblock_p);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
torture_fail(tctx, "(saved test) PAC decoding DID NOT fail on broken checksum");
}
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
krbtgt_keyblock_p);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
return true;
}
/* test UDP/138 netlogon requests */
static bool nbt_test_netlogon(struct torture_context *tctx)
{
struct dgram_mailslot_handler *dgmslot;
struct nbt_dgram_socket *dgmsock = nbt_dgram_socket_init(tctx, tctx->ev,
lp_iconv_convenience(tctx->lp_ctx));
struct socket_address *dest;
const char *myaddress;
struct nbt_netlogon_packet logon;
struct nbt_netlogon_response *response;
struct nbt_name myname;
NTSTATUS status;
struct timeval tv = timeval_current();
struct socket_address *socket_address;
const char *address;
struct nbt_name name;
struct interface *ifaces;
name.name = lp_workgroup(tctx->lp_ctx);
name.type = NBT_NAME_LOGON;
name.scope = NULL;
/* do an initial name resolution to find its IP */
torture_assert_ntstatus_ok(tctx,
resolve_name(lp_resolve_context(tctx->lp_ctx), &name, tctx, &address, tctx->ev),
talloc_asprintf(tctx, "Failed to resolve %s", name.name));
load_interfaces(tctx, lp_interfaces(tctx->lp_ctx), &ifaces);
myaddress = talloc_strdup(dgmsock, iface_best_ip(ifaces, address));
socket_address = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name,
myaddress, lp_dgram_port(tctx->lp_ctx));
torture_assert(tctx, socket_address != NULL, "Error getting address");
/* try receiving replies on port 138 first, which will only
work if we are root and smbd/nmbd are not running - fall
back to listening on any port, which means replies from
most windows versions won't be seen */
status = socket_listen(dgmsock->sock, socket_address, 0, 0);
if (!NT_STATUS_IS_OK(status)) {
talloc_free(socket_address);
socket_address = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name,
myaddress, 0);
torture_assert(tctx, socket_address != NULL, "Error getting address");
socket_listen(dgmsock->sock, socket_address, 0, 0);
}
/* setup a temporary mailslot listener for replies */
dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC,
netlogon_handler, NULL);
ZERO_STRUCT(logon);
logon.command = LOGON_PRIMARY_QUERY;
logon.req.pdc.computer_name = TEST_NAME;
logon.req.pdc.mailslot_name = dgmslot->mailslot_name;
logon.req.pdc.unicode_name = TEST_NAME;
logon.req.pdc.nt_version = 1;
logon.req.pdc.lmnt_token = 0xFFFF;
logon.req.pdc.lm20_token = 0xFFFF;
make_nbt_name_client(&myname, TEST_NAME);
dest = socket_address_from_strings(dgmsock, dgmsock->sock->backend_name,
address, lp_dgram_port(tctx->lp_ctx));
torture_assert(tctx, dest != NULL, "Error getting address");
status = dgram_mailslot_netlogon_send(dgmsock, &name, dest,
NBT_MAILSLOT_NETLOGON,
&myname, &logon);
torture_assert_ntstatus_ok(tctx, status, "Failed to send netlogon request");
while (timeval_elapsed(&tv) < 5 && !dgmslot->private_data) {
event_loop_once(dgmsock->event_ctx);
}
response = talloc_get_type(dgmslot->private_data, struct nbt_netlogon_response);
torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet");
torture_assert(tctx, response->response_type == NETLOGON_GET_PDC, "Got incorrect type of netlogon response");
torture_assert(tctx, response->data.get_pdc.command == NETLOGON_RESPONSE_FROM_PDC, "Got incorrect netlogon response command");
return true;
}
static int fork_tcon_client(struct torture_context *tctx,
int *tcon_count, unsigned tcon_timelimit,
const char *host, const char *share)
{
pid_t child;
struct smbcli_state *cli;
struct timeval end;
struct timeval now;
struct smbcli_options options;
struct smbcli_session_options session_options;
lp_smbcli_options(tctx->lp_ctx, &options);
lp_smbcli_session_options(tctx->lp_ctx, &session_options);
child = fork();
if (child == -1) {
printf("failed to fork child: %s\n,", strerror(errno));
return -1;
} else if (child != 0) {
/* Parent, just return. */
return 0;
}
/* Child. Just make as many connections as possible within the
* time limit. Don't bother synchronising the child start times
* because it's probably not work the effort, and a bit of startup
* jitter is probably a more realistic test.
*/
end = timeval_current();
now = timeval_current();
end.tv_sec += tcon_timelimit;
*tcon_count = 0;
while (timeval_compare(&now, &end) == -1) {
NTSTATUS status;
status = smbcli_full_connection(NULL, &cli,
host, lp_smb_ports(tctx->lp_ctx), share,
NULL, lp_socket_options(tctx->lp_ctx), cmdline_credentials,
lp_resolve_context(tctx->lp_ctx),
tctx->ev, &options, &session_options,
lp_iconv_convenience(tctx->lp_ctx),
lp_gensec_settings(tctx, tctx->lp_ctx));
if (!NT_STATUS_IS_OK(status)) {
printf("failed to connect to //%s/%s: %s\n",
host, share, nt_errstr(status));
goto done;
}
smbcli_tdis(cli);
talloc_free(cli);
*tcon_count = *tcon_count + 1;
now = timeval_current();
}
done:
exit(0);
}
