static bool test_compound_invalid2(struct torture_context *tctx, struct smb2_tree *tree) { struct smb2_handle hd; struct smb2_create cr; NTSTATUS status; const char *fname = "compound_invalid2.dat"; struct smb2_close cl; bool ret = true; struct smb2_request *req[5]; struct smbXcli_tcon *saved_tcon = tree->smbXcli; struct smbXcli_session *saved_session = tree->session->smbXcli; smb2_transport_credits_ask_num(tree->session->transport, 5); smb2_util_unlink(tree, fname); smb2_transport_credits_ask_num(tree->session->transport, 1); ZERO_STRUCT(cr); cr.in.security_flags = 0x00; cr.in.oplock_level = 0; cr.in.impersonation_level = NTCREATEX_IMPERSONATION_IMPERSONATION; cr.in.create_flags = 0x00000000; cr.in.reserved = 0x00000000; cr.in.desired_access = SEC_RIGHTS_FILE_ALL; cr.in.file_attributes = FILE_ATTRIBUTE_NORMAL; cr.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE | NTCREATEX_SHARE_ACCESS_DELETE; cr.in.create_disposition = NTCREATEX_DISP_OPEN_IF; cr.in.create_options = NTCREATEX_OPTIONS_SEQUENTIAL_ONLY | NTCREATEX_OPTIONS_ASYNC_ALERT | NTCREATEX_OPTIONS_NON_DIRECTORY_FILE | 0x00200000; cr.in.fname = fname; smb2_transport_compound_start(tree->session->transport, 5); req[0] = smb2_create_send(tree, &cr); hd.data[0] = UINT64_MAX; hd.data[1] = UINT64_MAX; smb2_transport_compound_set_related(tree->session->transport, true); ZERO_STRUCT(cl); cl.in.file.handle = hd; tree->smbXcli = smbXcli_tcon_create(tree); smb2cli_tcon_set_values(tree->smbXcli, NULL, /* session */ 0xFFFFFFFF, /* tcon_id */ 0, /* type */ 0, /* flags */ 0, /* capabilities */ 0 /* maximal_access */); tree->session->smbXcli = smbXcli_session_copy(tree->session, tree->session->smbXcli); smb2cli_session_set_id_and_flags(tree->session->smbXcli, UINT64_MAX, 0); req[1] = smb2_close_send(tree, &cl); /* strange that this is not generating invalid parameter */ smb2_transport_compound_set_related(tree->session->transport, false); req[2] = smb2_close_send(tree, &cl); req[3] = smb2_close_send(tree, &cl); smb2_transport_compound_set_related(tree->session->transport, true); req[4] = smb2_close_send(tree, &cl); status = smb2_create_recv(req[0], tree, &cr); CHECK_STATUS(status, NT_STATUS_OK); status = smb2_close_recv(req[1], &cl); CHECK_STATUS(status, NT_STATUS_OK); status = smb2_close_recv(req[2], &cl); CHECK_STATUS(status, NT_STATUS_USER_SESSION_DELETED); status = smb2_close_recv(req[3], &cl); CHECK_STATUS(status, NT_STATUS_USER_SESSION_DELETED); status = smb2_close_recv(req[4], &cl); CHECK_STATUS(status, NT_STATUS_INVALID_PARAMETER); TALLOC_FREE(tree->smbXcli); tree->smbXcli = saved_tcon; TALLOC_FREE(tree->session->smbXcli); tree->session->smbXcli = saved_session; smb2_util_unlink(tree, fname); done: return ret; }
struct cli_state *cli_state_create(TALLOC_CTX *mem_ctx, int fd, const char *remote_name, const char *remote_realm, int signing_state, int flags) { struct cli_state *cli = NULL; bool use_spnego = lp_client_use_spnego(); bool force_dos_errors = false; bool force_ascii = false; bool use_level_II_oplocks = false; uint32_t smb1_capabilities = 0; uint32_t smb2_capabilities = 0; struct GUID client_guid = GUID_random(); /* Check the effective uid - make sure we are not setuid */ if (is_setuid_root()) { DEBUG(0,("libsmb based programs must *NOT* be setuid root.\n")); return NULL; } cli = talloc_zero(mem_ctx, struct cli_state); if (!cli) { return NULL; } cli->server_domain = talloc_strdup(cli, ""); if (!cli->server_domain) { goto error; } cli->server_os = talloc_strdup(cli, ""); if (!cli->server_os) { goto error; } cli->server_type = talloc_strdup(cli, ""); if (!cli->server_type) { goto error; } cli->dfs_mountpoint = talloc_strdup(cli, ""); if (!cli->dfs_mountpoint) { goto error; } cli->raw_status = NT_STATUS_INTERNAL_ERROR; cli->map_dos_errors = true; /* remove this */ cli->timeout = CLIENT_TIMEOUT; cli->case_sensitive = false; /* Set the CLI_FORCE_DOSERR environment variable to test client routines using DOS errors instead of STATUS32 ones. This intended only as a temporary hack. */ if (getenv("CLI_FORCE_DOSERR")) { force_dos_errors = true; } if (flags & CLI_FULL_CONNECTION_FORCE_DOS_ERRORS) { force_dos_errors = true; } if (getenv("CLI_FORCE_ASCII")) { force_ascii = true; } if (!lp_unicode()) { force_ascii = true; } if (flags & CLI_FULL_CONNECTION_FORCE_ASCII) { force_ascii = true; } if (flags & CLI_FULL_CONNECTION_DONT_SPNEGO) { use_spnego = false; } else if (flags & CLI_FULL_CONNECTION_USE_KERBEROS) { cli->use_kerberos = true; } if ((flags & CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS) && cli->use_kerberos) { cli->fallback_after_kerberos = true; } if (flags & CLI_FULL_CONNECTION_USE_CCACHE) { cli->use_ccache = true; } if (flags & CLI_FULL_CONNECTION_USE_NT_HASH) { cli->pw_nt_hash = true; } if (flags & CLI_FULL_CONNECTION_OPLOCKS) { cli->use_oplocks = true; } if (flags & CLI_FULL_CONNECTION_LEVEL_II_OPLOCKS) { use_level_II_oplocks = true; } if (signing_state == SMB_SIGNING_DEFAULT) { signing_state = lp_client_signing(); } smb1_capabilities = 0; smb1_capabilities |= CAP_LARGE_FILES; smb1_capabilities |= CAP_NT_SMBS | CAP_RPC_REMOTE_APIS; smb1_capabilities |= CAP_LOCK_AND_READ | CAP_NT_FIND; smb1_capabilities |= CAP_DFS | CAP_W2K_SMBS; smb1_capabilities |= CAP_LARGE_READX|CAP_LARGE_WRITEX; smb1_capabilities |= CAP_LWIO; if (!force_dos_errors) { smb1_capabilities |= CAP_STATUS32; } if (!force_ascii) { smb1_capabilities |= CAP_UNICODE; } if (use_spnego) { smb1_capabilities |= CAP_EXTENDED_SECURITY; } if (use_level_II_oplocks) { smb1_capabilities |= CAP_LEVEL_II_OPLOCKS; } smb2_capabilities = SMB2_CAP_ALL; if (remote_realm) { cli->remote_realm = talloc_strdup(cli, remote_realm); if (cli->remote_realm == NULL) { goto error; } } cli->conn = smbXcli_conn_create(cli, fd, remote_name, signing_state, smb1_capabilities, &client_guid, smb2_capabilities); if (cli->conn == NULL) { goto error; } cli->smb1.pid = (uint16_t)getpid(); cli->smb1.vc_num = cli->smb1.pid; cli->smb1.tcon = smbXcli_tcon_create(cli); if (cli->smb1.tcon == NULL) { goto error; } smb1cli_tcon_set_id(cli->smb1.tcon, UINT16_MAX); cli->smb1.session = smbXcli_session_create(cli, cli->conn); if (cli->smb1.session == NULL) { goto error; } cli->initialised = 1; return cli; /* Clean up after malloc() error */ error: TALLOC_FREE(cli); return NULL; }