static bool print_printjob(struct torture_context *tctx, struct smbcli_tree *tree) { int fnum; DATA_BLOB data; ssize_t size_written; const char *str; torture_comment(tctx, "creating printjob %s\n", TORTURE_PRINT_FILE); fnum = smbcli_open(tree, TORTURE_PRINT_FILE, O_RDWR|O_CREAT|O_TRUNC, DENY_NONE); if (fnum == -1) { torture_fail(tctx, "failed to open file"); } str = talloc_asprintf(tctx, "TortureTestPage: %d\nData\n",0); data = data_blob_string_const(str); size_written = smbcli_write(tree, fnum, 0, data.data, 0, data.length); if (size_written != data.length) { torture_fail(tctx, "failed to write file"); } torture_assert_ntstatus_ok(tctx, smbcli_close(tree, fnum), "failed to close file"); return true; }
static isc_result_t dlz_bind9_writeable_zone_hook(dns_view_t *view, const char *zone_name) { struct torture_context *tctx = talloc_get_type((void *)view, struct torture_context); struct ldb_context *samdb = samdb_connect_url(tctx, NULL, tctx->lp_ctx, system_session(tctx->lp_ctx), 0, lpcfg_private_path(tctx, tctx->lp_ctx, "dns/sam.ldb")); struct ldb_message *msg; int ret; const char *attrs[] = { NULL }; if (!samdb) { torture_fail(tctx, "Failed to connect to samdb"); return ISC_R_FAILURE; } ret = dsdb_search_one(samdb, tctx, &msg, NULL, LDB_SCOPE_SUBTREE, attrs, DSDB_SEARCH_SEARCH_ALL_PARTITIONS, "(&(objectClass=dnsZone)(name=%s))", zone_name); if (ret != LDB_SUCCESS) { torture_fail(tctx, talloc_asprintf(tctx, "Failed to search for %s: %s", zone_name, ldb_errstring(samdb))); return ISC_R_FAILURE; } talloc_free(msg); return ISC_R_SUCCESS; }
static bool get_downleveltrust(struct torture_context *tctx, struct dcerpc_binding_handle *b, struct policy_handle *handle, struct dom_sid **sid) { struct lsa_EnumTrustDom r; uint32_t resume_handle = 0; struct lsa_DomainList domains; int i; r.in.handle = handle; r.in.resume_handle = &resume_handle; r.in.max_size = 1000; r.out.domains = &domains; r.out.resume_handle = &resume_handle; torture_assert_ntstatus_ok(tctx, dcerpc_lsa_EnumTrustDom_r(b, tctx, &r), "EnumTrustDom failed"); if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NO_MORE_ENTRIES)) torture_fail(tctx, "no trusts"); if (domains.count == 0) { torture_fail(tctx, "no trusts"); } for (i=0; i<domains.count; i++) { struct lsa_QueryTrustedDomainInfoBySid q; union lsa_TrustedDomainInfo *info = NULL; if (domains.domains[i].sid == NULL) continue; q.in.handle = handle; q.in.dom_sid = domains.domains[i].sid; q.in.level = 6; q.out.info = &info; torture_assert_ntstatus_ok(tctx, dcerpc_lsa_QueryTrustedDomainInfoBySid_r(b, tctx, &q), "QueryTrustedDomainInfoBySid failed"); if (!NT_STATUS_IS_OK(q.out.result)) continue; if ((info->info_ex.trust_direction & 2) && (info->info_ex.trust_type == 1)) { *sid = domains.domains[i].sid; return true; } } torture_fail(tctx, "I need a AD DC with an outgoing trust to NT4"); }
static struct smbcli_state *connect_to_server(struct torture_context *tctx) { NTSTATUS status; struct smbcli_state *cli; const char *host = torture_setting_string(tctx, "host", NULL); const char *share = torture_setting_string(tctx, "share", NULL); struct smbcli_options options; struct smbcli_session_options session_options; lpcfg_smbcli_options(tctx->lp_ctx, &options); lpcfg_smbcli_session_options(tctx->lp_ctx, &session_options); status = smbcli_full_connection(tctx, &cli, host, lpcfg_smb_ports(tctx->lp_ctx), share, NULL, lpcfg_socket_options(tctx->lp_ctx), cmdline_credentials, lpcfg_resolve_context(tctx->lp_ctx), tctx->ev, &options, &session_options, lpcfg_gensec_settings(tctx, tctx->lp_ctx)); if (!NT_STATUS_IS_OK(status)) { torture_comment(tctx, "failed to connect to //%s/%s: %s\n", host, share, nt_errstr(status)); torture_fail(tctx, "Failed to connect to server"); return NULL; } return cli; }
static BOOL test_EnumPrinterKey(struct torture_context *tctx, LPSTR servername, HANDLE handle, LPCSTR key) { LPSTR buffer = NULL; DWORD needed = 0; DWORD err = 0; char tmp[1024]; torture_comment(tctx, "Testing EnumPrinterKey(%s)", key); err = EnumPrinterKey(handle, key, NULL, 0, &needed); if (err == ERROR_MORE_DATA) { buffer = (LPTSTR)malloc(needed); torture_assert(tctx, buffer, "malloc failed"); err = EnumPrinterKey(handle, key, buffer, needed, &needed); } if (err) { sprintf(tmp, "EnumPrinterKey(%s) failed on [%s] (buffer size = %d), error: %s\n", key, servername, needed, errstr(err)); torture_fail(tctx, tmp); } if (tctx->print) { print_printer_keys(buffer); } free(buffer); return TRUE; }
/* test a echodata call over the internal messaging system */ static bool test_echodata(struct torture_context *tctx, const void *tcase_data, const void *test_data) { struct echo_EchoData r; NTSTATUS status; const struct irpc_test_data *data = (const struct irpc_test_data *)tcase_data; TALLOC_CTX *mem_ctx = tctx; struct dcerpc_binding_handle *irpc_handle; irpc_handle = irpc_binding_handle(mem_ctx, data->msg_ctx1, cluster_id(0, MSG_ID2), &ndr_table_rpcecho); torture_assert(tctx, irpc_handle, "no memory"); /* make the call */ r.in.in_data = (unsigned char *)talloc_strdup(mem_ctx, "0123456789"); r.in.len = strlen((char *)r.in.in_data); status = dcerpc_echo_EchoData_r(irpc_handle, mem_ctx, &r); torture_assert_ntstatus_ok(tctx, status, "EchoData failed"); /* check the answer */ if (memcmp(r.out.out_data, r.in.in_data, r.in.len) != 0) { NDR_PRINT_OUT_DEBUG(echo_EchoData, &r); torture_fail(tctx, "EchoData wrong answer"); } torture_comment(tctx, "Echo '%*.*s' -> '%*.*s'\n", r.in.len, r.in.len, r.in.in_data, r.in.len, r.in.len, r.out.out_data); return true; }
static bool torture_rpc_setup_machine_bdc(struct torture_context *tctx, void **data) { NTSTATUS status; struct dcerpc_binding *binding; struct torture_rpc_tcase *tcase = talloc_get_type(tctx->active_tcase, struct torture_rpc_tcase); struct torture_rpc_tcase_data *tcase_data; status = torture_rpc_binding(tctx, &binding); if (NT_STATUS_IS_ERR(status)) return false; *data = tcase_data = talloc_zero(tctx, struct torture_rpc_tcase_data); tcase_data->credentials = popt_get_cmdline_credentials(); tcase_data->join_ctx = torture_join_domain(tctx, tcase->machine_name, ACB_SVRTRUST, &tcase_data->credentials); if (tcase_data->join_ctx == NULL) torture_fail(tctx, "Failed to join as BDC"); status = dcerpc_pipe_connect_b(tctx, &(tcase_data->pipe), binding, tcase->table, tcase_data->credentials, tctx->ev, tctx->lp_ctx); torture_assert_ntstatus_ok(tctx, status, "Error connecting to server"); return NT_STATUS_IS_OK(status); }
static bool wrap_simple_1smb2_test(struct torture_context *torture_ctx, struct torture_tcase *tcase, struct torture_test *test) { bool (*fn) (struct torture_context *, struct smb2_tree *); bool ret; struct smb2_tree *tree1; TALLOC_CTX *mem_ctx = talloc_new(torture_ctx); if (!torture_smb2_connection(torture_ctx, &tree1)) { torture_fail(torture_ctx, "Establishing SMB2 connection failed\n"); return false; } /* * This is a trick: * The test might close the connection. If we steal the tree context * before that and free the parent instead of tree directly, we avoid * a double free error. */ talloc_steal(mem_ctx, tree1); fn = test->fn; ret = fn(torture_ctx, tree1); talloc_free(mem_ctx); return ret; }
static bool test_check_string_terminator(struct torture_context *tctx) { struct ndr_pull *ndr; DATA_BLOB blob; TALLOC_CTX *mem_ctx = tctx; /* Simple test */ blob = strhex_to_data_blob(tctx, "0000"); ndr = ndr_pull_init_blob(&blob, mem_ctx); torture_assert_ndr_success(tctx, ndr_check_string_terminator(ndr, 1, 2), "simple check_string_terminator test failed"); torture_assert(tctx, ndr->offset == 0, "check_string_terminator did not reset offset"); if (NDR_ERR_CODE_IS_SUCCESS(ndr_check_string_terminator(ndr, 1, 3))) { torture_fail(tctx, "check_string_terminator checked beyond string boundaries"); } torture_assert(tctx, ndr->offset == 0, "check_string_terminator did not reset offset"); talloc_free(ndr); blob = strhex_to_data_blob(tctx, "11220000"); ndr = ndr_pull_init_blob(&blob, mem_ctx); torture_assert_ndr_success(tctx, ndr_check_string_terminator(ndr, 4, 1), "check_string_terminator failed to recognize terminator"); torture_assert_ndr_success(tctx, ndr_check_string_terminator(ndr, 3, 1), "check_string_terminator failed to recognize terminator"); if (NDR_ERR_CODE_IS_SUCCESS(ndr_check_string_terminator(ndr, 2, 1))) { torture_fail(tctx, "check_string_terminator erroneously reported terminator"); } torture_assert(tctx, ndr->offset == 0, "check_string_terminator did not reset offset"); return true; }
static BOOL test_ClosePrinter(struct torture_context *tctx, HANDLE handle) { torture_comment(tctx, "Testing ClosePrinter"); if (!ClosePrinter(handle)) { char tmp[1024]; sprintf(tmp, "failed to close printer, error was: %s\n", errstr(GetLastError())); torture_fail(tctx, tmp); } return TRUE; }
static bool wrap_simple_2smb2_test(struct torture_context *torture_ctx, struct torture_tcase *tcase, struct torture_test *test) { bool (*fn) (struct torture_context *, struct smb2_tree *, struct smb2_tree *); bool ret = false; struct smb2_tree *tree1; struct smb2_tree *tree2; TALLOC_CTX *mem_ctx = talloc_new(torture_ctx); if (!torture_smb2_connection(torture_ctx, &tree1)) { torture_fail(torture_ctx, "Establishing SMB2 connection failed\n"); goto done; } talloc_steal(mem_ctx, tree1); if (!torture_smb2_connection(torture_ctx, &tree2)) { torture_fail(torture_ctx, "Establishing SMB2 connection failed\n"); goto done; } talloc_steal(mem_ctx, tree2); fn = test->fn; ret = fn(torture_ctx, tree1, tree2); done: /* the test may already have closed some of the connections */ talloc_free(mem_ctx); return ret; }
static BOOL test_GetPrinterDataEx(struct torture_context *tctx, LPSTR servername, LPSTR keyname, LPSTR valuename, HANDLE handle, DWORD *type_p, LPBYTE *buffer_p, DWORD *size_p) { LPBYTE buffer = NULL; DWORD needed = 0; DWORD type; DWORD err = 0; char tmp[1024]; torture_comment(tctx, "Testing GetPrinterDataEx(%s - %s)", keyname, valuename); err = GetPrinterDataEx(handle, keyname, valuename, &type, NULL, 0, &needed); if (err == ERROR_MORE_DATA) { buffer = (LPBYTE)malloc(needed); torture_assert(tctx, buffer, "malloc failed"); err = GetPrinterDataEx(handle, keyname, valuename, &type, buffer, needed, &needed); } if (err) { sprintf(tmp, "GetPrinterDataEx(%s) failed on [%s] (buffer size = %d), error: %s\n", valuename, servername, needed, errstr(err)); torture_fail(tctx, tmp); } if (tctx->print) { print_printer_data(keyname, valuename, needed, buffer, type); } if (type_p) { *type_p = type; } if (size_p) { *size_p = needed; } if (buffer_p) { *buffer_p = buffer; } else { free(buffer); } return TRUE; }
static BOOL test_GetPrinterDriver(struct torture_context *tctx, LPSTR printername, LPSTR architecture, HANDLE handle) { DWORD levels[] = { 1, 2, 3, 4, 5, 6, 8 }; DWORD success[] = { 1, 1, 1, 1, 1, 1, 1 }; DWORD i; LPBYTE buffer = NULL; for (i=0; i < ARRAY_SIZE(levels); i++) { DWORD needed = 0; DWORD err = 0; char tmp[1024]; torture_comment(tctx, "Testing GetPrinterDriver level %d", levels[i]); GetPrinterDriver(handle, architecture, levels[i], NULL, 0, &needed); err = GetLastError(); if (err == ERROR_INSUFFICIENT_BUFFER) { err = 0; buffer = malloc(needed); torture_assert(tctx, buffer, "malloc failed"); if (!GetPrinterDriver(handle, architecture, levels[i], buffer, needed, &needed)) { err = GetLastError(); } } if (err) { sprintf(tmp, "GetPrinterDriver failed level %d on [%s] (buffer size = %d), error: %s\n", levels[i], printername, needed, errstr(err)); if (success[i]) { torture_fail(tctx, tmp); } else { torture_warning(tctx, tmp); } } if (tctx->print) { print_driver_info_bylevel(levels[i], buffer, 1); } free(buffer); buffer = NULL; } return TRUE; }
static BOOL test_EnumPrinters(struct torture_context *tctx, LPSTR servername) { DWORD levels[] = { 1, 2, 5 }; DWORD success[] = { 1, 1, 1 }; DWORD i; DWORD flags = PRINTER_ENUM_NAME; LPBYTE buffer = NULL; for (i=0; i < ARRAY_SIZE(levels); i++) { DWORD needed = 0; DWORD returned = 0; DWORD err = 0; char tmp[1024]; torture_comment(tctx, "Testing EnumPrinters level %d", levels[i]); EnumPrinters(flags, servername, levels[i], NULL, 0, &needed, &returned); err = GetLastError(); if (err == ERROR_INSUFFICIENT_BUFFER) { err = 0; buffer = malloc(needed); torture_assert(tctx, buffer, "malloc failed"); if (!EnumPrinters(flags, servername, levels[i], buffer, needed, &needed, &returned)) { err = GetLastError(); } } if (err) { sprintf(tmp, "EnumPrinters failed level %d on [%s] (buffer size = %d), error: %s\n", levels[i], servername, needed, errstr(err)); if (success[i]) { torture_fail(tctx, tmp); } else { torture_warning(tctx, tmp); } } if (tctx->print) { print_printer_info_bylevel(levels[i], buffer, returned); } free(buffer); buffer = NULL; } return TRUE; }
static BOOL test_OpenPrinter(struct torture_context *tctx, LPSTR printername, LPPRINTER_DEFAULTS defaults, LPHANDLE handle) { torture_comment(tctx, "Testing OpenPrinter(%s)", printername); if (!OpenPrinter(printername, handle, defaults)) { char tmp[1024]; sprintf(tmp, "failed to open printer %s, error was: 0x%08x\n", printername, GetLastError()); torture_fail(tctx, tmp); } return TRUE; }
static BOOL test_EnumPrinterDataEx(struct torture_context *tctx, LPSTR servername, LPSTR keyname, HANDLE handle, LPBYTE *buffer_p, DWORD *returned_p) { LPBYTE buffer = NULL; DWORD needed = 0; DWORD returned = 0; DWORD err = 0; char tmp[1024]; torture_comment(tctx, "Testing EnumPrinterDataEx(%s)", keyname); err = EnumPrinterDataEx(handle, keyname, NULL, 0, &needed, &returned); if (err == ERROR_MORE_DATA) { buffer = malloc(needed); torture_assert(tctx, buffer, "malloc failed"); err = EnumPrinterDataEx(handle, keyname, buffer, needed, &needed, &returned); } if (err) { sprintf(tmp, "EnumPrinterDataEx(%s) failed on [%s] (buffer size = %d), error: %s\n", keyname, servername, needed, errstr(err)); torture_fail(tctx, tmp); } if (tctx->print) { DWORD i; LPPRINTER_ENUM_VALUES v = (LPPRINTER_ENUM_VALUES)buffer; for (i=0; i < returned; i++) { print_printer_enum_values(&v[i]); } } if (returned_p) { *returned_p = returned; } if (buffer_p) { *buffer_p = buffer; } else { free(buffer); } return TRUE; }
static BOOL test_EnumJobs(struct torture_context *tctx, LPSTR printername, HANDLE handle) { DWORD levels[] = { 1, 2, 3, 4 }; DWORD success[] = { 1, 1, 1, 1 }; DWORD i; LPBYTE buffer = NULL; for (i=0; i < ARRAY_SIZE(levels); i++) { DWORD needed = 0; DWORD returned = 0; DWORD err = 0; char tmp[1024]; torture_comment(tctx, "Testing EnumJobs level %d", levels[i]); EnumJobs(handle, 0, 100, levels[i], NULL, 0, &needed, &returned); err = GetLastError(); if (err == ERROR_INSUFFICIENT_BUFFER) { err = 0; buffer = malloc(needed); torture_assert(tctx, buffer, "malloc failed"); if (!EnumJobs(handle, 0, 100, levels[i], buffer, needed, &needed, &returned)) { err = GetLastError(); } } if (err) { sprintf(tmp, "EnumJobs failed level %d on [%s] (buffer size = %d), error: %s\n", levels[i], printername, needed, errstr(err)); if (success[i]) { torture_fail(tctx, tmp); } else { torture_warning(tctx, tmp); } } free(buffer); buffer = NULL; } return TRUE; }
static BOOL test_EachPrinter(struct torture_context *tctx, LPSTR servername, LPSTR architecture, LPPRINTER_DEFAULTS defaults) { DWORD needed = 0; DWORD returned = 0; DWORD err = 0; char tmp[1024]; DWORD i; DWORD flags = PRINTER_ENUM_NAME; PPRINTER_INFO_1 buffer = NULL; BOOL ret = TRUE; torture_comment(tctx, "Testing EnumPrinters level %d", 1); EnumPrinters(flags, servername, 1, NULL, 0, &needed, &returned); err = GetLastError(); if (err == ERROR_INSUFFICIENT_BUFFER) { err = 0; buffer = (PPRINTER_INFO_1)malloc(needed); torture_assert(tctx, buffer, "malloc failed"); if (!EnumPrinters(flags, servername, 1, (LPBYTE)buffer, needed, &needed, &returned)) { err = GetLastError(); } } if (err) { sprintf(tmp, "EnumPrinters failed level %d on [%s] (buffer size = %d), error: %s\n", 1, servername, needed, errstr(err)); torture_fail(tctx, tmp); } for (i=0; i < returned; i++) { ret &= test_OnePrinter(tctx, buffer[i].pName, architecture, defaults); } free(buffer); return ret; }
static bool test_opendir(struct torture_context *tctx, SMBCCTX *ctx, const char *fname, bool expect_success) { int handle, ret; torture_comment(tctx, "Testing smbc_opendir(%s)\n", fname); handle = smbc_opendir(fname); if (!expect_success) { return true; } if (handle < 0) { torture_fail(tctx, talloc_asprintf(tctx, "failed to obain file handle for '%s'", fname)); } ret = smbc_closedir(handle); torture_assert_int_equal(tctx, ret, 0, talloc_asprintf(tctx, "failed to close file handle for '%s'", fname)); return true; }
bool torture_samba3_hide(struct torture_context *torture) { struct smbcli_state *cli; const char *fname = "test.txt"; int fnum; NTSTATUS status; struct smbcli_tree *hideunread; struct smbcli_tree *hideunwrite; if (!torture_open_connection_share( torture, &cli, torture, torture_setting_string(torture, "host", NULL), torture_setting_string(torture, "share", NULL), torture->ev)) { torture_fail(torture, "torture_open_connection_share failed\n"); } status = torture_second_tcon(torture, cli->session, "hideunread", &hideunread); torture_assert_ntstatus_ok(torture, status, "second_tcon(hideunread) failed\n"); status = torture_second_tcon(torture, cli->session, "hideunwrite", &hideunwrite); torture_assert_ntstatus_ok(torture, status, "second_tcon(hideunwrite) failed\n"); status = smbcli_unlink(cli->tree, fname); if (NT_STATUS_EQUAL(status, NT_STATUS_CANNOT_DELETE)) { smbcli_setatr(cli->tree, fname, 0, -1); smbcli_unlink(cli->tree, fname); } fnum = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT, DENY_NONE); if (fnum == -1) { torture_fail(torture, talloc_asprintf(torture, "Failed to create %s - %s\n", fname, smbcli_errstr(cli->tree))); } smbcli_close(cli->tree, fnum); if (!smbcli_file_exists(cli->tree, fname)) { torture_fail(torture, talloc_asprintf(torture, "%s does not exist\n", fname)); } /* R/W file should be visible everywhere */ status = smbcli_chmod(cli->tree, fname, UNIX_R_USR|UNIX_W_USR); torture_assert_ntstatus_ok(torture, status, "smbcli_chmod failed\n"); if (!is_writeable(torture, cli->tree, fname)) { torture_fail(torture, "File not writable\n"); } if (!is_readable(cli->tree, fname)) { torture_fail(torture, "File not readable\n"); } if (!is_visible(cli->tree, fname)) { torture_fail(torture, "r/w file not visible via normal share\n"); } if (!is_visible(hideunread, fname)) { torture_fail(torture, "r/w file not visible via hide unreadable\n"); } if (!is_visible(hideunwrite, fname)) { torture_fail(torture, "r/w file not visible via hide unwriteable\n"); } /* R/O file should not be visible via hide unwriteable files */ status = smbcli_chmod(cli->tree, fname, UNIX_R_USR); torture_assert_ntstatus_ok(torture, status, "smbcli_chmod failed\n"); if (is_writeable(torture, cli->tree, fname)) { torture_fail(torture, "r/o is writable\n"); } if (!is_readable(cli->tree, fname)) { torture_fail(torture, "r/o not readable\n"); } if (!is_visible(cli->tree, fname)) { torture_fail(torture, "r/o file not visible via normal share\n"); } if (!is_visible(hideunread, fname)) { torture_fail(torture, "r/o file not visible via hide unreadable\n"); } if (is_visible(hideunwrite, fname)) { torture_fail(torture, "r/o file visible via hide unwriteable\n"); } /* inaccessible file should be only visible on normal share */ status = smbcli_chmod(cli->tree, fname, 0); torture_assert_ntstatus_ok(torture, status, "smbcli_chmod failed\n"); if (is_writeable(torture, cli->tree, fname)) { torture_fail(torture, "inaccessible file is writable\n"); } if (is_readable(cli->tree, fname)) { torture_fail(torture, "inaccessible file is readable\n"); } if (!is_visible(cli->tree, fname)) { torture_fail(torture, "inaccessible file not visible via normal share\n"); } if (is_visible(hideunread, fname)) { torture_fail(torture, "inaccessible file visible via hide unreadable\n"); } if (is_visible(hideunwrite, fname)) { torture_fail(torture, "inaccessible file visible via hide unwriteable\n"); } smbcli_chmod(cli->tree, fname, UNIX_R_USR|UNIX_W_USR); smbcli_unlink(cli->tree, fname); return true; }
static bool test_DsCrackNamesMatrix(struct torture_context *tctx, struct DsPrivate *priv, const char *dn, const char *user_principal_name, const char *service_principal_name) { NTSTATUS status; const char *err_msg; struct drsuapi_DsCrackNames r; union drsuapi_DsNameRequest req; uint32_t level_out; union drsuapi_DsNameCtr ctr; struct dcerpc_pipe *p = priv->drs_pipe; TALLOC_CTX *mem_ctx = priv; enum drsuapi_DsNameFormat formats[] = { DRSUAPI_DS_NAME_FORMAT_UNKNOWN, DRSUAPI_DS_NAME_FORMAT_FQDN_1779, DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT, DRSUAPI_DS_NAME_FORMAT_DISPLAY, DRSUAPI_DS_NAME_FORMAT_GUID, DRSUAPI_DS_NAME_FORMAT_CANONICAL, DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL, DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX, DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL, DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY, DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN }; struct drsuapi_DsNameString names[ARRAY_SIZE(formats)]; int i, j; const char *n_matrix[ARRAY_SIZE(formats)][ARRAY_SIZE(formats)]; const char *n_from[ARRAY_SIZE(formats)]; ZERO_STRUCT(r); r.in.bind_handle = &priv->bind_handle; r.in.level = 1; r.in.req = &req; r.in.req->req1.codepage = 1252; /* german */ r.in.req->req1.language = 0x00000407; /* german */ r.in.req->req1.count = 1; r.in.req->req1.names = names; r.in.req->req1.format_flags = DRSUAPI_DS_NAME_FLAG_NO_FLAGS; r.out.level_out = &level_out; r.out.ctr = &ctr; n_matrix[0][0] = dn; for (i = 0; i < ARRAY_SIZE(formats); i++) { r.in.req->req1.format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779; r.in.req->req1.format_desired = formats[i]; names[0].str = dn; status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { const char *errstr = nt_errstr(status); err_msg = talloc_asprintf(mem_ctx, "testing DsCrackNames (matrix prep) with name '%s' from format: %d desired format:%d failed - %s", names[0].str, r.in.req->req1.format_offered, r.in.req->req1.format_desired, errstr); torture_fail(tctx, err_msg); } else if (!W_ERROR_IS_OK(r.out.result)) { err_msg = talloc_asprintf(mem_ctx, "testing DsCrackNames (matrix prep) with name '%s' from format: %d desired format:%d failed - %s", names[0].str, r.in.req->req1.format_offered, r.in.req->req1.format_desired, win_errstr(r.out.result)); torture_fail(tctx, err_msg); } switch (formats[i]) { case DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL: if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE) { err_msg = talloc_asprintf(mem_ctx, "Unexpected error (%d): This name lookup should fail", r.out.ctr->ctr1->array[0].status); torture_fail(tctx, err_msg); } torture_comment(tctx, __location__ ": (expected) error\n"); break; case DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL: if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_NO_MAPPING) { err_msg = talloc_asprintf(mem_ctx, "Unexpected error (%d): This name lookup should fail", r.out.ctr->ctr1->array[0].status); torture_fail(tctx, err_msg); } torture_comment(tctx, __location__ ": (expected) error\n"); break; case DRSUAPI_DS_NAME_FORMAT_UNKNOWN: /* should fail as we ask server to convert to Unknown format */ case DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN: case DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY: if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR) { err_msg = talloc_asprintf(mem_ctx, "Unexpected error (%d): This name lookup should fail", r.out.ctr->ctr1->array[0].status); torture_fail(tctx, err_msg); } torture_comment(tctx, __location__ ": (expected) error\n"); break; default: if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) { err_msg = talloc_asprintf(mem_ctx, "DsCrackNames error: %d", r.out.ctr->ctr1->array[0].status); torture_fail(tctx, err_msg); } break; } switch (formats[i]) { case DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL: n_from[i] = user_principal_name; break; case DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL: n_from[i] = service_principal_name; break; case DRSUAPI_DS_NAME_FORMAT_UNKNOWN: case DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY: case DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN: n_from[i] = NULL; break; default: n_from[i] = r.out.ctr->ctr1->array[0].result_name; printf("%s\n", n_from[i]); break; } } for (i = 0; i < ARRAY_SIZE(formats); i++) { for (j = 0; j < ARRAY_SIZE(formats); j++) { r.in.req->req1.format_offered = formats[i]; r.in.req->req1.format_desired = formats[j]; if (!n_from[i]) { n_matrix[i][j] = NULL; continue; } names[0].str = n_from[i]; status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { const char *errstr = nt_errstr(status); err_msg = talloc_asprintf(mem_ctx, "testing DsCrackNames (matrix) with name '%s' from format: %d desired format:%d failed - %s", names[0].str, r.in.req->req1.format_offered, r.in.req->req1.format_desired, errstr); torture_fail(tctx, err_msg); } else if (!W_ERROR_IS_OK(r.out.result)) { err_msg = talloc_asprintf(mem_ctx, "testing DsCrackNames (matrix) with name '%s' from format: %d desired format:%d failed - %s", names[0].str, r.in.req->req1.format_offered, r.in.req->req1.format_desired, win_errstr(r.out.result)); torture_fail(tctx, err_msg); } if (r.out.ctr->ctr1->array[0].status == DRSUAPI_DS_NAME_STATUS_OK) { n_matrix[i][j] = r.out.ctr->ctr1->array[0].result_name; } else { n_matrix[i][j] = NULL; } } } for (i = 0; i < ARRAY_SIZE(formats); i++) { for (j = 0; j < ARRAY_SIZE(formats); j++) { if (n_matrix[i][j] == n_from[j]) { /* We don't have a from name for these yet (and we can't map to them to find it out) */ } else if (n_matrix[i][j] == NULL && n_from[i] == NULL) { /* we can't map to these two */ } else if (n_matrix[i][j] == NULL && formats[j] == DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL) { } else if (n_matrix[i][j] == NULL && formats[j] == DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL) { } else if (n_matrix[i][j] == NULL && n_from[j] != NULL) { err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames mismatch - from %d to %d: %s should be %s", formats[i], formats[j], n_matrix[i][j], n_from[j]); torture_fail(tctx, err_msg); } else if (n_matrix[i][j] != NULL && n_from[j] == NULL) { err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames mismatch - from %d to %d: %s should be %s", formats[i], formats[j], n_matrix[i][j], n_from[j]); torture_fail(tctx, err_msg); } else if (strcmp(n_matrix[i][j], n_from[j]) != 0) { err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames mismatch - from %d to %d: %s should be %s", formats[i], formats[j], n_matrix[i][j], n_from[j]); torture_fail(tctx, err_msg); } } } return true; }
bool test_DsCrackNames(struct torture_context *tctx, struct DsPrivate *priv) { NTSTATUS status; const char *err_msg; struct drsuapi_DsCrackNames r; union drsuapi_DsNameRequest req; uint32_t level_out; union drsuapi_DsNameCtr ctr; struct drsuapi_DsNameString names[1]; const char *dns_domain; const char *nt4_domain; const char *FQDN_1779_name; struct ldb_context *ldb; struct ldb_dn *FQDN_1779_dn; struct ldb_dn *realm_dn; const char *realm_dn_str; const char *realm_canonical; const char *realm_canonical_ex; const char *user_principal_name; char *user_principal_name_short; const char *service_principal_name; const char *canonical_name; const char *canonical_ex_name; const char *dom_sid; const char *test_dc = torture_join_netbios_name(priv->join); struct dcerpc_pipe *p = priv->drs_pipe; TALLOC_CTX *mem_ctx = priv; ZERO_STRUCT(r); r.in.bind_handle = &priv->bind_handle; r.in.level = 1; r.in.req = &req; r.in.req->req1.codepage = 1252; /* german */ r.in.req->req1.language = 0x00000407; /* german */ r.in.req->req1.count = 1; r.in.req->req1.names = names; r.in.req->req1.format_flags = DRSUAPI_DS_NAME_FLAG_NO_FLAGS; r.in.req->req1.format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY; r.in.req->req1.format_desired = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT; r.out.level_out = &level_out; r.out.ctr = &ctr; dom_sid = dom_sid_string(mem_ctx, torture_join_sid(priv->join)); names[0].str = dom_sid; torture_comment(tctx, "Testing DsCrackNames with name '%s' desired format:%d\n", names[0].str, r.in.req->req1.format_desired); status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { const char *errstr = nt_errstr(status); err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr); torture_fail(tctx, err_msg); } else if (!W_ERROR_IS_OK(r.out.result)) { err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result)); torture_fail(tctx, err_msg); } else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) { err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed on name - %d", r.out.ctr->ctr1->array[0].status); torture_fail(tctx, err_msg); } dns_domain = r.out.ctr->ctr1->array[0].dns_domain_name; nt4_domain = r.out.ctr->ctr1->array[0].result_name; r.in.req->req1.format_desired = DRSUAPI_DS_NAME_FORMAT_GUID; torture_comment(tctx, "Testing DsCrackNames with name '%s' desired format:%d\n", names[0].str, r.in.req->req1.format_desired); status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { const char *errstr = nt_errstr(status); err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr); torture_fail(tctx, err_msg); } else if (!W_ERROR_IS_OK(r.out.result)) { err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result)); torture_fail(tctx, err_msg); } else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) { err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed on name - %d", r.out.ctr->ctr1->array[0].status); torture_fail(tctx, err_msg); } priv->domain_dns_name = r.out.ctr->ctr1->array[0].dns_domain_name; priv->domain_guid_str = r.out.ctr->ctr1->array[0].result_name; GUID_from_string(priv->domain_guid_str, &priv->domain_guid); r.in.req->req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779; torture_comment(tctx, "Testing DsCrackNames with name '%s' desired format:%d\n", names[0].str, r.in.req->req1.format_desired); status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { const char *errstr = nt_errstr(status); err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr); torture_fail(tctx, err_msg); } else if (!W_ERROR_IS_OK(r.out.result)) { err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result)); torture_fail(tctx, err_msg); } else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) { err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed on name - %d", r.out.ctr->ctr1->array[0].status); torture_fail(tctx, err_msg); } ldb = ldb_init(mem_ctx, tctx->ev); realm_dn_str = r.out.ctr->ctr1->array[0].result_name; realm_dn = ldb_dn_new(mem_ctx, ldb, realm_dn_str); realm_canonical = ldb_dn_canonical_string(mem_ctx, realm_dn); if (strcmp(realm_canonical, talloc_asprintf(mem_ctx, "%s/", dns_domain))!= 0) { err_msg = talloc_asprintf(mem_ctx, "local Round trip on canonical name failed: %s != %s!", realm_canonical, talloc_asprintf(mem_ctx, "%s/", dns_domain)); torture_fail(tctx, err_msg); }; realm_canonical_ex = ldb_dn_canonical_ex_string(mem_ctx, realm_dn); if (strcmp(realm_canonical_ex, talloc_asprintf(mem_ctx, "%s\n", dns_domain))!= 0) { err_msg = talloc_asprintf(mem_ctx, "local Round trip on canonical ex name failed: %s != %s!", realm_canonical, talloc_asprintf(mem_ctx, "%s\n", dns_domain)); torture_fail(tctx, err_msg); }; r.in.req->req1.format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT; r.in.req->req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779; names[0].str = nt4_domain; torture_comment(tctx, "Testing DsCrackNames with name '%s' desired format:%d\n", names[0].str, r.in.req->req1.format_desired); status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { const char *errstr = nt_errstr(status); err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr); torture_fail(tctx, err_msg); } else if (!W_ERROR_IS_OK(r.out.result)) { err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result)); torture_fail(tctx, err_msg); } else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) { err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed on name - %d", r.out.ctr->ctr1->array[0].status); torture_fail(tctx, err_msg); } priv->domain_obj_dn = r.out.ctr->ctr1->array[0].result_name; r.in.req->req1.format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT; r.in.req->req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779; names[0].str = talloc_asprintf(mem_ctx, "%s%s$", nt4_domain, test_dc); torture_comment(tctx, "Testing DsCrackNames with name '%s' desired format:%d\n", names[0].str, r.in.req->req1.format_desired); status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { const char *errstr = nt_errstr(status); err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr); torture_fail(tctx, err_msg); } else if (!W_ERROR_IS_OK(r.out.result)) { err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result)); torture_fail(tctx, err_msg); } else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) { err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed on name - %d", r.out.ctr->ctr1->array[0].status); torture_fail(tctx, err_msg); } FQDN_1779_name = r.out.ctr->ctr1->array[0].result_name; r.in.req->req1.format_offered = DRSUAPI_DS_NAME_FORMAT_GUID; r.in.req->req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779; names[0].str = priv->domain_guid_str; torture_comment(tctx, "Testing DsCrackNames with name '%s' desired format:%d\n", names[0].str, r.in.req->req1.format_desired); status = dcerpc_drsuapi_DsCrackNames_r(p->binding_handle, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { const char *errstr = nt_errstr(status); err_msg = talloc_asprintf(mem_ctx, "dcerpc_drsuapi_DsCrackNames failed - %s", errstr); torture_fail(tctx, err_msg); } else if (!W_ERROR_IS_OK(r.out.result)) { err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed - %s", win_errstr(r.out.result)); torture_fail(tctx, err_msg); } else if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) { err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed on name - %d", r.out.ctr->ctr1->array[0].status); torture_fail(tctx, err_msg); } if (strcmp(priv->domain_dns_name, r.out.ctr->ctr1->array[0].dns_domain_name) != 0) { err_msg = talloc_asprintf(mem_ctx, "DsCrackNames failed to return same DNS name - expected %s got %s", priv->domain_dns_name, r.out.ctr->ctr1->array[0].dns_domain_name); torture_fail(tctx, err_msg); } FQDN_1779_dn = ldb_dn_new(mem_ctx, ldb, FQDN_1779_name); canonical_name = ldb_dn_canonical_string(mem_ctx, FQDN_1779_dn); canonical_ex_name = ldb_dn_canonical_ex_string(mem_ctx, FQDN_1779_dn); user_principal_name = talloc_asprintf(mem_ctx, "%s$@%s", test_dc, dns_domain); /* form up a user@DOMAIN */ user_principal_name_short = talloc_asprintf(mem_ctx, "%s$@%s", test_dc, nt4_domain); /* variable nt4_domain includs a trailing \ */ user_principal_name_short[strlen(user_principal_name_short) - 1] = '\0'; service_principal_name = talloc_asprintf(mem_ctx, "HOST/%s", test_dc); { struct { enum drsuapi_DsNameFormat format_offered; enum drsuapi_DsNameFormat format_desired; const char *comment; const char *str; const char *expected_str; const char *expected_dns; enum drsuapi_DsNameStatus status; enum drsuapi_DsNameStatus alternate_status; enum drsuapi_DsNameFlags flags; bool skip; } crack[] = { { .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL, .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779, .str = user_principal_name, .expected_str = FQDN_1779_name, .status = DRSUAPI_DS_NAME_STATUS_OK }, { .format_offered = DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL, .format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779, .str = user_principal_name_short, .expected_str = FQDN_1779_name, .status = DRSUAPI_DS_NAME_STATUS_OK }, { .format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779,
/* test ldb speed */ static bool test_ldb_speed(struct torture_context *torture, const void *_data) { struct timeval tv; struct ldb_context *ldb; int timelimit = torture_setting_int(torture, "timelimit", 10); int i, count; TALLOC_CTX *tmp_ctx = talloc_new(torture); struct ldb_ldif *ldif; const char *init_ldif = "dn: @INDEXLIST\n" \ "@IDXATTR: UID\n"; float ldb_speed; unlink("./test.ldb"); torture_comment(torture, "Testing ldb speed for sidmap\n"); ldb = ldb_wrap_connect(tmp_ctx, torture->ev, torture->lp_ctx, "tdb://test.ldb", NULL, NULL, LDB_FLG_NOSYNC, NULL); if (!ldb) { unlink("./test.ldb"); talloc_free(tmp_ctx); torture_fail(torture, "Failed to open test.ldb"); } /* add an index */ ldif = ldb_ldif_read_string(ldb, &init_ldif); if (ldif == NULL) goto failed; if (ldb_add(ldb, ldif->msg) != LDB_SUCCESS) goto failed; talloc_free(ldif); torture_comment(torture, "Adding %d SID records\n", torture_entries); for (i=0;i<torture_entries;i++) { if (!ldb_add_record(ldb, i)) { torture_result(torture, TORTURE_FAIL, "Failed to add SID %d\n", i); goto failed; } } if (talloc_total_blocks(torture) > 100) { torture_result(torture, TORTURE_FAIL, "memory leak in ldb add\n"); goto failed; } torture_comment(torture, "Testing for %d seconds\n", timelimit); tv = timeval_current(); for (count=0;timeval_elapsed(&tv) < timelimit;count++) { struct ldb_dn *dn; struct ldb_result *res; i = random() % torture_entries; dn = ldb_dn_new_fmt(tmp_ctx, ldb, "SID=S-1-5-21-53173311-3623041448-2049097239-%u", i); if (ldb_search(ldb, tmp_ctx, &res, dn, LDB_SCOPE_BASE, NULL, NULL) != LDB_SUCCESS || res->count != 1) { torture_fail(torture, talloc_asprintf(torture, "Failed to find SID %d", i)); } talloc_free(res); talloc_free(dn); if (ldb_search(ldb, tmp_ctx, &res, NULL, LDB_SCOPE_SUBTREE, NULL, "(UID=%u)", i) != LDB_SUCCESS || res->count != 1) { torture_fail(torture, talloc_asprintf(torture, "Failed to find UID %d", i)); } talloc_free(res); } if (talloc_total_blocks(torture) > 100) { unlink("./test.ldb"); talloc_free(tmp_ctx); torture_fail(torture, "memory leak in ldb search"); } ldb_speed = count/timeval_elapsed(&tv); torture_comment(torture, "ldb speed %.2f ops/sec\n", ldb_speed); torture_comment(torture, "ldb/tdb speed ratio is %.2f%%\n", (100*ldb_speed/tdb_speed)); unlink("./test.ldb"); talloc_free(tmp_ctx); return true; failed: unlink("./test.ldb"); talloc_free(tmp_ctx); return false; }
static bool torture_local_idtree_simple(struct torture_context *tctx) { struct idr_context *idr; int i, ret; int *ids; int *present; extern int torture_numops; int n = torture_numops; TALLOC_CTX *mem_ctx = tctx; idr = idr_init(mem_ctx); ids = talloc_zero_array(mem_ctx, int, n); present = talloc_zero_array(mem_ctx, int, n); for (i=0;i<n;i++) { ids[i] = -1; } for (i=0;i<n;i++) { int ii = random() % n; void *p = idr_find(idr, ids[ii]); if (present[ii]) { if (p != &ids[ii]) { torture_fail(tctx, talloc_asprintf(tctx, "wrong ptr at %d - %p should be %p", ii, p, &ids[ii])); } if (random() % 7 == 0) { if (idr_remove(idr, ids[ii]) != 0) { torture_fail(tctx, talloc_asprintf(tctx, "remove failed at %d (id=%d)", i, ids[ii])); } present[ii] = 0; ids[ii] = -1; } } else { if (p != NULL) { torture_fail(tctx, talloc_asprintf(tctx, "non-present at %d gave %p (would be %d)", ii, p, (int)((((char *)p) - (char *)(&ids[0])) / sizeof(int)))); } if (random() % 5) { ids[ii] = idr_get_new(idr, &ids[ii], n); if (ids[ii] < 0) { torture_fail(tctx, talloc_asprintf(tctx, "alloc failure at %d (ret=%d)", ii, ids[ii])); } else { present[ii] = 1; } } } } torture_comment(tctx, "done %d random ops\n", i); for (i=0;i<n;i++) { if (present[i]) { if (idr_remove(idr, ids[i]) != 0) { torture_fail(tctx, talloc_asprintf(tctx, "delete failed on cleanup at %d (id=%d)", i, ids[i])); } } } /* now test some limits */ for (i=0;i<25000;i++) { ret = idr_get_new_above(idr, &ids[0], random() % 25000, 0x10000-3); torture_assert(tctx, ret != -1, "idr_get_new_above failed"); } ret = idr_get_new_above(idr, &ids[0], 0x10000-2, 0x10000); torture_assert_int_equal(tctx, ret, 0x10000-2, "idr_get_new_above failed"); ret = idr_get_new_above(idr, &ids[0], 0x10000-1, 0x10000); torture_assert_int_equal(tctx, ret, 0x10000-1, "idr_get_new_above failed"); ret = idr_get_new_above(idr, &ids[0], 0x10000, 0x10000); torture_assert_int_equal(tctx, ret, 0x10000, "idr_get_new_above failed"); ret = idr_get_new_above(idr, &ids[0], 0x10000+1, 0x10000); torture_assert_int_equal(tctx, ret, -1, "idr_get_new_above succeeded above limit"); ret = idr_get_new_above(idr, &ids[0], 0x10000+2, 0x10000); torture_assert_int_equal(tctx, ret, -1, "idr_get_new_above succeeded above limit"); torture_comment(tctx, "cleaned up\n"); return true; }
/* Check with a known 'well formed' PAC, from my test server */ static bool torture_pac_saved_check(struct torture_context *tctx) { NTSTATUS nt_status; enum ndr_err_code ndr_err; DATA_BLOB tmp_blob, validate_blob; struct PAC_DATA *pac_data, pac_data2; struct PAC_LOGON_INFO *logon_info; union netr_Validation validation; const char *pac_file, *pac_kdc_key, *pac_member_key; struct auth_serversupplied_info *server_info_out; krb5_keyblock server_keyblock; krb5_keyblock krbtgt_keyblock, *krbtgt_keyblock_p; struct samr_Password *krbtgt_bytes, *krbsrv_bytes; krb5_error_code ret; struct smb_krb5_context *smb_krb5_context; const char *principal_string; char *broken_principal_string; krb5_principal client_principal; const char *authtime_string; time_t authtime; TALLOC_CTX *mem_ctx = tctx; torture_assert(tctx, 0 == smb_krb5_init_context(mem_ctx, NULL, tctx->lp_ctx, &smb_krb5_context), "smb_krb5_init_context"); pac_kdc_key = torture_setting_string(tctx, "pac_kdc_key", "B286757148AF7FD252C53603A150B7E7"); pac_member_key = torture_setting_string(tctx, "pac_member_key", "D217FAEAE5E6B5F95CCC94077AB8A5FC"); torture_comment(tctx, "Using pac_kdc_key '%s'\n", pac_kdc_key); torture_comment(tctx, "Using pac_member_key '%s'\n", pac_member_key); /* The krbtgt key in use when the above PAC was generated. * This is an arcfour-hmac-md5 key, extracted with our 'net * samdump' tool. */ if (*pac_kdc_key == 0) { krbtgt_bytes = NULL; } else { krbtgt_bytes = smbpasswd_gethexpwd(mem_ctx, pac_kdc_key); if (!krbtgt_bytes) { torture_fail(tctx, "(saved test) Could not interpret krbtgt key"); } } krbsrv_bytes = smbpasswd_gethexpwd(mem_ctx, pac_member_key); if (!krbsrv_bytes) { torture_fail(tctx, "(saved test) Could not interpret krbsrv key"); } ret = krb5_keyblock_init(smb_krb5_context->krb5_context, ENCTYPE_ARCFOUR_HMAC, krbsrv_bytes->hash, sizeof(krbsrv_bytes->hash), &server_keyblock); torture_assert(tctx, !ret, talloc_asprintf(tctx, "(saved test) Server Keyblock encoding failed: %s", smb_get_krb5_error_message(smb_krb5_context->krb5_context, ret, mem_ctx))); if (krbtgt_bytes) { ret = krb5_keyblock_init(smb_krb5_context->krb5_context, ENCTYPE_ARCFOUR_HMAC, krbtgt_bytes->hash, sizeof(krbtgt_bytes->hash), &krbtgt_keyblock); if (ret) { krb5_free_keyblock_contents(smb_krb5_context->krb5_context, &server_keyblock); torture_fail(tctx, talloc_asprintf(tctx, "(saved test) Server Keyblock encoding failed: %s", smb_get_krb5_error_message(smb_krb5_context->krb5_context, ret, mem_ctx))); } krbtgt_keyblock_p = &krbtgt_keyblock; } else { krbtgt_keyblock_p = NULL; } pac_file = torture_setting_string(tctx, "pac_file", NULL); if (pac_file) { tmp_blob.data = (uint8_t *)file_load(pac_file, &tmp_blob.length, 0, mem_ctx); torture_comment(tctx, "(saved test) Loaded pac of size %ld from %s\n", (long)tmp_blob.length, pac_file); } else { tmp_blob = data_blob_talloc(mem_ctx, saved_pac, sizeof(saved_pac)); } dump_data(10,tmp_blob.data,tmp_blob.length); principal_string = torture_setting_string(tctx, "pac_client_principal", "[email protected]"); authtime_string = torture_setting_string(tctx, "pac_authtime", "1120440609"); authtime = strtoull(authtime_string, NULL, 0); ret = krb5_parse_name(smb_krb5_context->krb5_context, principal_string, &client_principal); if (ret) { krb5_free_keyblock_contents(smb_krb5_context->krb5_context, krbtgt_keyblock_p); krb5_free_keyblock_contents(smb_krb5_context->krb5_context, &server_keyblock); torture_fail(tctx, talloc_asprintf(tctx, "(saved test) parsing of client principal [%s] failed: %s", principal_string, smb_get_krb5_error_message(smb_krb5_context->krb5_context, ret, mem_ctx))); } /* Decode and verify the signaure on the PAC */ nt_status = kerberos_decode_pac(mem_ctx, lp_iconv_convenience(tctx->lp_ctx), &pac_data, tmp_blob, smb_krb5_context->krb5_context, krbtgt_keyblock_p, &server_keyblock, client_principal, authtime, NULL); if (!NT_STATUS_IS_OK(nt_status)) { krb5_free_keyblock_contents(smb_krb5_context->krb5_context, krbtgt_keyblock_p); krb5_free_keyblock_contents(smb_krb5_context->krb5_context, &server_keyblock); krb5_free_principal(smb_krb5_context->krb5_context, client_principal); torture_fail(tctx, talloc_asprintf(tctx, "(saved test) PAC decoding failed: %s", nt_errstr(nt_status))); } /* Now check we can read it back (using Heimdal's pac parsing) */ nt_status = kerberos_pac_blob_to_server_info(mem_ctx, lp_iconv_convenience(tctx->lp_ctx), tmp_blob, smb_krb5_context->krb5_context, &server_info_out); if (!NT_STATUS_IS_OK(nt_status)) { krb5_free_keyblock_contents(smb_krb5_context->krb5_context, krbtgt_keyblock_p); krb5_free_keyblock_contents(smb_krb5_context->krb5_context, &server_keyblock); krb5_free_principal(smb_krb5_context->krb5_context, client_principal); torture_fail(tctx, talloc_asprintf(tctx, "(saved test) Heimdal PAC decoding failed: %s", nt_errstr(nt_status))); } if (!pac_file && !dom_sid_equal(dom_sid_parse_talloc(mem_ctx, "S-1-5-21-3048156945-3961193616-3706469200-1005"), server_info_out->account_sid)) { krb5_free_keyblock_contents(smb_krb5_context->krb5_context, krbtgt_keyblock_p); krb5_free_keyblock_contents(smb_krb5_context->krb5_context, &server_keyblock); krb5_free_principal(smb_krb5_context->krb5_context, client_principal); torture_fail(tctx, talloc_asprintf(tctx, "(saved test) Heimdal PAC Decode resulted in *different* domain SID: %s != %s", "S-1-5-21-3048156945-3961193616-3706469200-1005", dom_sid_string(mem_ctx, server_info_out->account_sid))); } talloc_free(server_info_out); /* Parse the PAC again, for the logon info this time (using Samba4's parsing) */ nt_status = kerberos_pac_logon_info(mem_ctx, lp_iconv_convenience(tctx->lp_ctx), &logon_info, tmp_blob, smb_krb5_context->krb5_context, krbtgt_keyblock_p, &server_keyblock, client_principal, authtime, NULL); if (!NT_STATUS_IS_OK(nt_status)) { krb5_free_keyblock_contents(smb_krb5_context->krb5_context, krbtgt_keyblock_p); krb5_free_keyblock_contents(smb_krb5_context->krb5_context, &server_keyblock); krb5_free_principal(smb_krb5_context->krb5_context, client_principal); torture_fail(tctx, talloc_asprintf(tctx, "(saved test) PAC decoding (for logon info) failed: %s", nt_errstr(nt_status))); } validation.sam3 = &logon_info->info3; nt_status = make_server_info_netlogon_validation(mem_ctx, "", 3, &validation, &server_info_out); if (!NT_STATUS_IS_OK(nt_status)) { krb5_free_keyblock_contents(smb_krb5_context->krb5_context, krbtgt_keyblock_p); krb5_free_keyblock_contents(smb_krb5_context->krb5_context, &server_keyblock); krb5_free_principal(smb_krb5_context->krb5_context, client_principal); torture_fail(tctx, talloc_asprintf(tctx, "(saved test) PAC decoding (make server info) failed: %s", nt_errstr(nt_status))); } if (!pac_file && !dom_sid_equal(dom_sid_parse_talloc(mem_ctx, "S-1-5-21-3048156945-3961193616-3706469200-1005"), server_info_out->account_sid)) { krb5_free_keyblock_contents(smb_krb5_context->krb5_context, krbtgt_keyblock_p); krb5_free_keyblock_contents(smb_krb5_context->krb5_context, &server_keyblock); krb5_free_principal(smb_krb5_context->krb5_context, client_principal); torture_fail(tctx, talloc_asprintf(tctx, "(saved test) PAC Decode resulted in *different* domain SID: %s != %s", "S-1-5-21-3048156945-3961193616-3706469200-1005", dom_sid_string(mem_ctx, server_info_out->account_sid))); } if (krbtgt_bytes == NULL) { torture_comment(tctx, "skipping PAC encoding tests as non kdc key\n"); krb5_free_keyblock_contents(smb_krb5_context->krb5_context, &server_keyblock); krb5_free_principal(smb_krb5_context->krb5_context, client_principal); return true; } ret = kerberos_encode_pac(mem_ctx, lp_iconv_convenience(tctx->lp_ctx), pac_data, smb_krb5_context->krb5_context, krbtgt_keyblock_p, &server_keyblock, &validate_blob); if (ret != 0) { krb5_free_keyblock_contents(smb_krb5_context->krb5_context, krbtgt_keyblock_p); krb5_free_keyblock_contents(smb_krb5_context->krb5_context, &server_keyblock); krb5_free_principal(smb_krb5_context->krb5_context, client_principal); torture_fail(tctx, "(saved test) PAC push failed"); } dump_data(10, validate_blob.data, validate_blob.length); /* compare both the length and the data bytes after a * pull/push cycle. This ensures we use the exact same * pointer, padding etc algorithms as win2k3. */ if (tmp_blob.length != validate_blob.length) { krb5_free_keyblock_contents(smb_krb5_context->krb5_context, krbtgt_keyblock_p); krb5_free_keyblock_contents(smb_krb5_context->krb5_context, &server_keyblock); krb5_free_principal(smb_krb5_context->krb5_context, client_principal); torture_fail(tctx, talloc_asprintf(tctx, "(saved test) PAC push failed: original buffer length[%u] != created buffer length[%u]", (unsigned)tmp_blob.length, (unsigned)validate_blob.length)); } if (memcmp(tmp_blob.data, validate_blob.data, tmp_blob.length) != 0) { krb5_free_keyblock_contents(smb_krb5_context->krb5_context, krbtgt_keyblock_p); krb5_free_keyblock_contents(smb_krb5_context->krb5_context, &server_keyblock); krb5_free_principal(smb_krb5_context->krb5_context, client_principal); DEBUG(0, ("tmp_data:\n")); dump_data(0, tmp_blob.data, tmp_blob.length); DEBUG(0, ("validate_blob:\n")); dump_data(0, validate_blob.data, validate_blob.length); torture_fail(tctx, talloc_asprintf(tctx, "(saved test) PAC push failed: length[%u] matches, but data does not", (unsigned)tmp_blob.length)); } ret = kerberos_create_pac(mem_ctx, lp_iconv_convenience(tctx->lp_ctx), server_info_out, smb_krb5_context->krb5_context, krbtgt_keyblock_p, &server_keyblock, client_principal, authtime, &validate_blob); if (ret != 0) { krb5_free_keyblock_contents(smb_krb5_context->krb5_context, krbtgt_keyblock_p); krb5_free_keyblock_contents(smb_krb5_context->krb5_context, &server_keyblock); krb5_free_principal(smb_krb5_context->krb5_context, client_principal); torture_fail(tctx, "(saved test) regnerated PAC create failed"); } dump_data(10,validate_blob.data,validate_blob.length); /* compare both the length and the data bytes after a * pull/push cycle. This ensures we use the exact same * pointer, padding etc algorithms as win2k3. */ if (tmp_blob.length != validate_blob.length) { ndr_err = ndr_pull_struct_blob(&validate_blob, mem_ctx, lp_iconv_convenience(tctx->lp_ctx), &pac_data2, (ndr_pull_flags_fn_t)ndr_pull_PAC_DATA); nt_status = ndr_map_error2ntstatus(ndr_err); torture_assert_ntstatus_ok(tctx, nt_status, "can't parse the PAC"); NDR_PRINT_DEBUG(PAC_DATA, pac_data); NDR_PRINT_DEBUG(PAC_DATA, &pac_data2); krb5_free_keyblock_contents(smb_krb5_context->krb5_context, krbtgt_keyblock_p); krb5_free_keyblock_contents(smb_krb5_context->krb5_context, &server_keyblock); krb5_free_principal(smb_krb5_context->krb5_context, client_principal); torture_fail(tctx, talloc_asprintf(tctx, "(saved test) PAC regenerate failed: original buffer length[%u] != created buffer length[%u]", (unsigned)tmp_blob.length, (unsigned)validate_blob.length)); } if (memcmp(tmp_blob.data, validate_blob.data, tmp_blob.length) != 0) { ndr_err = ndr_pull_struct_blob(&validate_blob, mem_ctx, lp_iconv_convenience(tctx->lp_ctx), &pac_data2, (ndr_pull_flags_fn_t)ndr_pull_PAC_DATA); nt_status = ndr_map_error2ntstatus(ndr_err); torture_assert_ntstatus_ok(tctx, nt_status, "can't parse the PAC"); NDR_PRINT_DEBUG(PAC_DATA, pac_data); NDR_PRINT_DEBUG(PAC_DATA, &pac_data2); krb5_free_keyblock_contents(smb_krb5_context->krb5_context, krbtgt_keyblock_p); krb5_free_keyblock_contents(smb_krb5_context->krb5_context, &server_keyblock); krb5_free_principal(smb_krb5_context->krb5_context, client_principal); DEBUG(0, ("tmp_data:\n")); dump_data(0, tmp_blob.data, tmp_blob.length); DEBUG(0, ("validate_blob:\n")); dump_data(0, validate_blob.data, validate_blob.length); torture_fail(tctx, talloc_asprintf(tctx, "(saved test) PAC regenerate failed: length[%u] matches, but data does not", (unsigned)tmp_blob.length)); } /* Break the auth time, to ensure we check this vital detail (not setting this caused all the pain in the first place... */ nt_status = kerberos_decode_pac(mem_ctx, lp_iconv_convenience(tctx->lp_ctx), &pac_data, tmp_blob, smb_krb5_context->krb5_context, krbtgt_keyblock_p, &server_keyblock, client_principal, authtime + 1, NULL); if (NT_STATUS_IS_OK(nt_status)) { krb5_free_keyblock_contents(smb_krb5_context->krb5_context, krbtgt_keyblock_p); krb5_free_keyblock_contents(smb_krb5_context->krb5_context, &server_keyblock); krb5_free_principal(smb_krb5_context->krb5_context, client_principal); torture_fail(tctx, "(saved test) PAC decoding DID NOT fail on broken auth time (time + 1)"); } /* Break the client principal */ krb5_free_principal(smb_krb5_context->krb5_context, client_principal); broken_principal_string = talloc_strdup(mem_ctx, principal_string); broken_principal_string[0]++; ret = krb5_parse_name(smb_krb5_context->krb5_context, broken_principal_string, &client_principal); if (ret) { krb5_free_keyblock_contents(smb_krb5_context->krb5_context, krbtgt_keyblock_p); krb5_free_keyblock_contents(smb_krb5_context->krb5_context, &server_keyblock); torture_fail(tctx, talloc_asprintf(tctx, "(saved test) parsing of broken client principal failed: %s", smb_get_krb5_error_message(smb_krb5_context->krb5_context, ret, mem_ctx))); } nt_status = kerberos_decode_pac(mem_ctx, lp_iconv_convenience(tctx->lp_ctx), &pac_data, tmp_blob, smb_krb5_context->krb5_context, krbtgt_keyblock_p, &server_keyblock, client_principal, authtime, NULL); if (NT_STATUS_IS_OK(nt_status)) { krb5_free_keyblock_contents(smb_krb5_context->krb5_context, krbtgt_keyblock_p); krb5_free_keyblock_contents(smb_krb5_context->krb5_context, &server_keyblock); torture_fail(tctx, "(saved test) PAC decoding DID NOT fail on modified principal"); } /* Finally... Bugger up the signature, and check we fail the checksum */ tmp_blob.data[tmp_blob.length - 2]++; nt_status = kerberos_decode_pac(mem_ctx, lp_iconv_convenience(tctx->lp_ctx), &pac_data, tmp_blob, smb_krb5_context->krb5_context, krbtgt_keyblock_p, &server_keyblock, client_principal, authtime, NULL); if (NT_STATUS_IS_OK(nt_status)) { krb5_free_keyblock_contents(smb_krb5_context->krb5_context, krbtgt_keyblock_p); krb5_free_keyblock_contents(smb_krb5_context->krb5_context, &server_keyblock); torture_fail(tctx, "(saved test) PAC decoding DID NOT fail on broken checksum"); } krb5_free_keyblock_contents(smb_krb5_context->krb5_context, krbtgt_keyblock_p); krb5_free_keyblock_contents(smb_krb5_context->krb5_context, &server_keyblock); return true; }
static bool torture_pac_self_check(struct torture_context *tctx) { NTSTATUS nt_status; DATA_BLOB tmp_blob; struct PAC_DATA *pac_data; struct PAC_LOGON_INFO *logon_info; union netr_Validation validation; /* Generate a nice, arbitary keyblock */ uint8_t server_bytes[16]; uint8_t krbtgt_bytes[16]; krb5_keyblock server_keyblock; krb5_keyblock krbtgt_keyblock; krb5_error_code ret; struct smb_krb5_context *smb_krb5_context; struct auth_serversupplied_info *server_info; struct auth_serversupplied_info *server_info_out; krb5_principal client_principal; time_t logon_time = time(NULL); TALLOC_CTX *mem_ctx = tctx; torture_assert(tctx, 0 == smb_krb5_init_context(mem_ctx, NULL, tctx->lp_ctx, &smb_krb5_context), "smb_krb5_init_context"); generate_random_buffer(server_bytes, 16); generate_random_buffer(krbtgt_bytes, 16); ret = krb5_keyblock_init(smb_krb5_context->krb5_context, ENCTYPE_ARCFOUR_HMAC, server_bytes, sizeof(server_bytes), &server_keyblock); torture_assert(tctx, !ret, talloc_asprintf(tctx, "(self test) Server Keyblock encoding failed: %s", smb_get_krb5_error_message(smb_krb5_context->krb5_context, ret, mem_ctx))); ret = krb5_keyblock_init(smb_krb5_context->krb5_context, ENCTYPE_ARCFOUR_HMAC, krbtgt_bytes, sizeof(krbtgt_bytes), &krbtgt_keyblock); if (ret) { char *err = smb_get_krb5_error_message(smb_krb5_context->krb5_context, ret, mem_ctx); krb5_free_keyblock_contents(smb_krb5_context->krb5_context, &server_keyblock); torture_fail(tctx, talloc_asprintf(tctx, "(self test) KRBTGT Keyblock encoding failed: %s", err)); } /* We need an input, and this one requires no underlying database */ nt_status = auth_anonymous_server_info(mem_ctx, lp_netbios_name(tctx->lp_ctx), &server_info); if (!NT_STATUS_IS_OK(nt_status)) { krb5_free_keyblock_contents(smb_krb5_context->krb5_context, &server_keyblock); krb5_free_keyblock_contents(smb_krb5_context->krb5_context, &krbtgt_keyblock); torture_fail(tctx, "auth_anonymous_server_info"); } ret = krb5_parse_name_flags(smb_krb5_context->krb5_context, server_info->account_name, KRB5_PRINCIPAL_PARSE_NO_REALM, &client_principal); if (ret) { krb5_free_keyblock_contents(smb_krb5_context->krb5_context, &server_keyblock); krb5_free_keyblock_contents(smb_krb5_context->krb5_context, &krbtgt_keyblock); torture_fail(tctx, "krb5_parse_name_flags(norealm)"); } /* OK, go ahead and make a PAC */ ret = kerberos_create_pac(mem_ctx, lp_iconv_convenience(tctx->lp_ctx), server_info, smb_krb5_context->krb5_context, &krbtgt_keyblock, &server_keyblock, client_principal, logon_time, &tmp_blob); if (ret) { krb5_free_keyblock_contents(smb_krb5_context->krb5_context, &krbtgt_keyblock); krb5_free_keyblock_contents(smb_krb5_context->krb5_context, &server_keyblock); krb5_free_principal(smb_krb5_context->krb5_context, client_principal); torture_fail(tctx, talloc_asprintf(tctx, "(self test) PAC encoding failed: %s", smb_get_krb5_error_message(smb_krb5_context->krb5_context, ret, mem_ctx))); } dump_data(10,tmp_blob.data,tmp_blob.length); /* Now check that we can read it back (using full decode and validate) */ nt_status = kerberos_decode_pac(mem_ctx, lp_iconv_convenience(tctx->lp_ctx), &pac_data, tmp_blob, smb_krb5_context->krb5_context, &krbtgt_keyblock, &server_keyblock, client_principal, logon_time, NULL); if (!NT_STATUS_IS_OK(nt_status)) { krb5_free_keyblock_contents(smb_krb5_context->krb5_context, &krbtgt_keyblock); krb5_free_keyblock_contents(smb_krb5_context->krb5_context, &server_keyblock); krb5_free_principal(smb_krb5_context->krb5_context, client_principal); torture_fail(tctx, talloc_asprintf(tctx, "(self test) PAC decoding failed: %s", nt_errstr(nt_status))); } /* Now check we can read it back (using Heimdal's pac parsing) */ nt_status = kerberos_pac_blob_to_server_info(mem_ctx, lp_iconv_convenience(tctx->lp_ctx), tmp_blob, smb_krb5_context->krb5_context, &server_info_out); if (!dom_sid_equal(server_info->account_sid, server_info_out->account_sid)) { krb5_free_keyblock_contents(smb_krb5_context->krb5_context, &krbtgt_keyblock); krb5_free_keyblock_contents(smb_krb5_context->krb5_context, &server_keyblock); krb5_free_principal(smb_krb5_context->krb5_context, client_principal); torture_fail(tctx, talloc_asprintf(tctx, "(self test) PAC Decode resulted in *different* domain SID: %s != %s", dom_sid_string(mem_ctx, server_info->account_sid), dom_sid_string(mem_ctx, server_info_out->account_sid))); } talloc_free(server_info_out); /* Now check that we can read it back (yet again) */ nt_status = kerberos_pac_logon_info(mem_ctx, lp_iconv_convenience(tctx->lp_ctx), &logon_info, tmp_blob, smb_krb5_context->krb5_context, &krbtgt_keyblock, &server_keyblock, client_principal, logon_time, NULL); if (!NT_STATUS_IS_OK(nt_status)) { krb5_free_keyblock_contents(smb_krb5_context->krb5_context, &krbtgt_keyblock); krb5_free_keyblock_contents(smb_krb5_context->krb5_context, &server_keyblock); krb5_free_principal(smb_krb5_context->krb5_context, client_principal); torture_fail(tctx, talloc_asprintf(tctx, "(self test) PAC decoding (for logon info) failed: %s", nt_errstr(nt_status))); } krb5_free_keyblock_contents(smb_krb5_context->krb5_context, &krbtgt_keyblock); krb5_free_keyblock_contents(smb_krb5_context->krb5_context, &server_keyblock); krb5_free_principal(smb_krb5_context->krb5_context, client_principal); /* And make a server info from the samba-parsed PAC */ validation.sam3 = &logon_info->info3; nt_status = make_server_info_netlogon_validation(mem_ctx, "", 3, &validation, &server_info_out); if (!NT_STATUS_IS_OK(nt_status)) { torture_fail(tctx, talloc_asprintf(tctx, "(self test) PAC decoding (make server info) failed: %s", nt_errstr(nt_status))); } if (!dom_sid_equal(server_info->account_sid, server_info_out->account_sid)) { torture_fail(tctx, talloc_asprintf(tctx, "(self test) PAC Decode resulted in *different* domain SID: %s != %s", dom_sid_string(mem_ctx, server_info->account_sid), dom_sid_string(mem_ctx, server_info_out->account_sid))); } return true; }
/* basic testing of all RAW_FILEINFO_* calls for each call we test that it succeeds, and where possible test for consistency between the calls. */ static bool torture_raw_qfileinfo_internals(struct torture_context *torture, TALLOC_CTX *mem_ctx, struct smbcli_tree *tree, int fnum, const char *fname, bool is_ipc) { int i; bool ret = true; int count; union smb_fileinfo *s1, *s2; NTTIME correct_time; uint64_t correct_size; uint32_t correct_attrib; const char *correct_name; bool skip_streams = false; /* scan all the fileinfo and pathinfo levels */ for (i=0; levels[i].name; i++) { if (!levels[i].only_paths) { levels[i].fnum_finfo.generic.level = levels[i].level; levels[i].fnum_finfo.generic.in.file.fnum = fnum; levels[i].fnum_status = smb_raw_fileinfo(tree, mem_ctx, &levels[i].fnum_finfo); } if (!levels[i].only_handles) { levels[i].fname_finfo.generic.level = levels[i].level; levels[i].fname_finfo.generic.in.file.path = talloc_strdup(mem_ctx, fname); levels[i].fname_status = smb_raw_pathinfo(tree, mem_ctx, &levels[i].fname_finfo); } } /* check for completely broken levels */ for (count=i=0; levels[i].name; i++) { uint32_t cap = tree->session->transport->negotiate.capabilities; /* see if this server claims to support this level */ if ((cap & levels[i].capability_mask) != levels[i].capability_mask) { continue; } if (is_ipc) { if (levels[i].expected_ipc_access_denied && NT_STATUS_EQUAL(NT_STATUS_ACCESS_DENIED, levels[i].fname_status)) { } else if (!levels[i].only_handles && NT_STATUS_EQUAL(levels[i].fname_status, NT_STATUS_NOT_SUPPORTED)) { torture_warning(torture, "fname level %s %s", levels[i].name, nt_errstr(levels[i].fname_status)); continue; } else if (!levels[i].only_handles && !NT_STATUS_EQUAL(NT_STATUS_INVALID_DEVICE_REQUEST, levels[i].fname_status)) { printf("ERROR: fname level %s failed, expected NT_STATUS_INVALID_DEVICE_REQUEST - %s\n", levels[i].name, nt_errstr(levels[i].fname_status)); count++; } if (!levels[i].only_paths && (NT_STATUS_EQUAL(levels[i].fnum_status, NT_STATUS_NOT_SUPPORTED) || NT_STATUS_EQUAL(levels[i].fnum_status, NT_STATUS_NOT_IMPLEMENTED))) { torture_warning(torture, "fnum level %s %s", levels[i].name, nt_errstr(levels[i].fnum_status)); continue; } if (!levels[i].only_paths && !NT_STATUS_EQUAL(levels[i].expected_ipc_fnum_status, levels[i].fnum_status)) { printf("ERROR: fnum level %s failed, expected %s - %s\n", levels[i].name, nt_errstr(levels[i].expected_ipc_fnum_status), nt_errstr(levels[i].fnum_status)); count++; } } else { if (!levels[i].only_paths && (NT_STATUS_EQUAL(levels[i].fnum_status, NT_STATUS_NOT_SUPPORTED) || NT_STATUS_EQUAL(levels[i].fnum_status, NT_STATUS_NOT_IMPLEMENTED))) { torture_warning(torture, "fnum level %s %s", levels[i].name, nt_errstr(levels[i].fnum_status)); continue; } if (!levels[i].only_handles && (NT_STATUS_EQUAL(levels[i].fname_status, NT_STATUS_NOT_SUPPORTED) || NT_STATUS_EQUAL(levels[i].fname_status, NT_STATUS_NOT_IMPLEMENTED))) { torture_warning(torture, "fname level %s %s", levels[i].name, nt_errstr(levels[i].fname_status)); continue; } if (!levels[i].only_paths && !NT_STATUS_IS_OK(levels[i].fnum_status)) { printf("ERROR: fnum level %s failed - %s\n", levels[i].name, nt_errstr(levels[i].fnum_status)); count++; } if (!levels[i].only_handles && !NT_STATUS_IS_OK(levels[i].fname_status)) { printf("ERROR: fname level %s failed - %s\n", levels[i].name, nt_errstr(levels[i].fname_status)); count++; } } } if (count != 0) { ret = false; printf("%d levels failed\n", count); if (count > 35) { torture_fail(torture, "too many level failures - giving up"); } } /* see if we can do streams */ s1 = fnum_find("STREAM_INFO"); if (!s1 || s1->stream_info.out.num_streams == 0) { if (!is_ipc) { printf("STREAM_INFO broken (%d) - skipping streams checks\n", s1 ? s1->stream_info.out.num_streams : -1); } skip_streams = true; } /* this code is incredibly repititive but doesn't lend itself to loops, so we use lots of macros to make it less painful */ /* first off we check the levels that are supposed to be aliases. It will be quite rare for this code to fail, but we need to check it for completeness */ #define ALIAS_CHECK(sname1, sname2) \ do { \ s1 = fnum_find(sname1); s2 = fnum_find(sname2); \ if (s1 && s2) { INFO_CHECK } \ s1 = fname_find(is_ipc, sname1); s2 = fname_find(is_ipc, sname2); \ if (s1 && s2) { INFO_CHECK } \ s1 = fnum_find(sname1); s2 = fname_find(is_ipc, sname2); \ if (s1 && s2) { INFO_CHECK } \ } while (0) #define INFO_CHECK \ STRUCT_EQUAL(basic_info, create_time, basic_info, create_time); \ STRUCT_EQUAL(basic_info, access_time, basic_info, access_time); \ STRUCT_EQUAL(basic_info, write_time, basic_info, write_time); \ STRUCT_EQUAL(basic_info, change_time, basic_info, change_time); \ VAL_EQUAL (basic_info, attrib, basic_info, attrib); ALIAS_CHECK("BASIC_INFO", "BASIC_INFORMATION"); #undef INFO_CHECK #define INFO_CHECK \ VAL_EQUAL(standard_info, alloc_size, standard_info, alloc_size); \ VAL_EQUAL(standard_info, size, standard_info, size); \ VAL_EQUAL(standard_info, nlink, standard_info, nlink); \ VAL_EQUAL(standard_info, delete_pending, standard_info, delete_pending); \ VAL_EQUAL(standard_info, directory, standard_info, directory); ALIAS_CHECK("STANDARD_INFO", "STANDARD_INFORMATION"); #undef INFO_CHECK #define INFO_CHECK \ VAL_EQUAL(ea_info, ea_size, ea_info, ea_size); ALIAS_CHECK("EA_INFO", "EA_INFORMATION"); #undef INFO_CHECK #define INFO_CHECK \ STR_EQUAL(name_info, fname, name_info, fname); ALIAS_CHECK("NAME_INFO", "NAME_INFORMATION"); #undef INFO_CHECK #define INFO_CHECK \ STRUCT_EQUAL(all_info, create_time, all_info, create_time); \ STRUCT_EQUAL(all_info, access_time, all_info, access_time); \ STRUCT_EQUAL(all_info, write_time, all_info, write_time); \ STRUCT_EQUAL(all_info, change_time, all_info, change_time); \ VAL_EQUAL(all_info, attrib, all_info, attrib); \ VAL_EQUAL(all_info, alloc_size, all_info, alloc_size); \ VAL_EQUAL(all_info, size, all_info, size); \ VAL_EQUAL(all_info, nlink, all_info, nlink); \ VAL_EQUAL(all_info, delete_pending, all_info, delete_pending); \ VAL_EQUAL(all_info, directory, all_info, directory); \ VAL_EQUAL(all_info, ea_size, all_info, ea_size); \ STR_EQUAL(all_info, fname, all_info, fname); ALIAS_CHECK("ALL_INFO", "ALL_INFORMATION"); #undef INFO_CHECK #define INFO_CHECK \ VAL_EQUAL(compression_info, compressed_size,compression_info, compressed_size); \ VAL_EQUAL(compression_info, format, compression_info, format); \ VAL_EQUAL(compression_info, unit_shift, compression_info, unit_shift); \ VAL_EQUAL(compression_info, chunk_shift, compression_info, chunk_shift); \ VAL_EQUAL(compression_info, cluster_shift, compression_info, cluster_shift); ALIAS_CHECK("COMPRESSION_INFO", "COMPRESSION_INFORMATION"); #undef INFO_CHECK #define INFO_CHECK \ STR_EQUAL(alt_name_info, fname, alt_name_info, fname); ALIAS_CHECK("ALT_NAME_INFO", "ALT_NAME_INFORMATION"); #define TIME_CHECK_NT(sname, stype, tfield) do { \ s1 = fnum_find(sname); \ if (s1 && memcmp(&s1->stype.out.tfield, &correct_time, sizeof(correct_time)) != 0) { \ printf("(%d) handle %s/%s incorrect - %s should be %s\n", __LINE__, #stype, #tfield, \ nt_time_string(mem_ctx, s1->stype.out.tfield), \ nt_time_string(mem_ctx, correct_time)); \ ret = false; \ } \ s1 = fname_find(is_ipc, sname); \ if (s1 && memcmp(&s1->stype.out.tfield, &correct_time, sizeof(correct_time)) != 0) { \ printf("(%d) path %s/%s incorrect - %s should be %s\n", __LINE__, #stype, #tfield, \ nt_time_string(mem_ctx, s1->stype.out.tfield), \ nt_time_string(mem_ctx, correct_time)); \ ret = false; \ }} while (0) #define TIME_CHECK_DOS(sname, stype, tfield) do { \ s1 = fnum_find(sname); \ if (s1 && dos_nt_time_cmp(s1->stype.out.tfield, correct_time) != 0) { \ printf("(%d) handle %s/%s incorrect - %s should be %s\n", __LINE__, #stype, #tfield, \ timestring(mem_ctx, s1->stype.out.tfield), \ nt_time_string(mem_ctx, correct_time)); \ ret = false; \ } \ s1 = fname_find(is_ipc, sname); \ if (s1 && dos_nt_time_cmp(s1->stype.out.tfield, correct_time) != 0) { \ printf("(%d) path %s/%s incorrect - %s should be %s\n", __LINE__, #stype, #tfield, \ timestring(mem_ctx, s1->stype.out.tfield), \ nt_time_string(mem_ctx, correct_time)); \ ret = false; \ }} while (0) #if 0 /* unused */ #define TIME_CHECK_UNX(sname, stype, tfield) do { \ s1 = fnum_find(sname); \ if (s1 && unx_nt_time_cmp(s1->stype.out.tfield, correct_time) != 0) { \ printf("(%d) handle %s/%s incorrect - %s should be %s\n", __LINE__, #stype, #tfield, \ timestring(mem_ctx, s1->stype.out.tfield), \ nt_time_string(mem_ctx, correct_time)); \ ret = false; \ } \ s1 = fname_find(is_ipc, sname); \ if (s1 && unx_nt_time_cmp(s1->stype.out.tfield, correct_time) != 0) { \ printf("(%d) path %s/%s incorrect - %s should be %s\n", __LINE__, #stype, #tfield, \ timestring(mem_ctx, s1->stype.out.tfield), \ nt_time_string(mem_ctx, correct_time)); \ ret = false; \ }} while (0) #endif /* now check that all the times that are supposed to be equal are correct */ s1 = fnum_find("BASIC_INFO"); correct_time = s1->basic_info.out.create_time; torture_comment(torture, "create_time: %s\n", nt_time_string(mem_ctx, correct_time)); TIME_CHECK_NT ("BASIC_INFO", basic_info, create_time); TIME_CHECK_NT ("BASIC_INFORMATION", basic_info, create_time); TIME_CHECK_DOS("GETATTRE", getattre, create_time); TIME_CHECK_DOS("STANDARD", standard, create_time); TIME_CHECK_DOS("EA_SIZE", ea_size, create_time); TIME_CHECK_NT ("ALL_INFO", all_info, create_time); TIME_CHECK_NT ("NETWORK_OPEN_INFORMATION", network_open_information, create_time); s1 = fnum_find("BASIC_INFO"); correct_time = s1->basic_info.out.access_time; torture_comment(torture, "access_time: %s\n", nt_time_string(mem_ctx, correct_time)); TIME_CHECK_NT ("BASIC_INFO", basic_info, access_time); TIME_CHECK_NT ("BASIC_INFORMATION", basic_info, access_time); TIME_CHECK_DOS("GETATTRE", getattre, access_time); TIME_CHECK_DOS("STANDARD", standard, access_time); TIME_CHECK_DOS("EA_SIZE", ea_size, access_time); TIME_CHECK_NT ("ALL_INFO", all_info, access_time); TIME_CHECK_NT ("NETWORK_OPEN_INFORMATION", network_open_information, access_time); s1 = fnum_find("BASIC_INFO"); correct_time = s1->basic_info.out.write_time; torture_comment(torture, "write_time : %s\n", nt_time_string(mem_ctx, correct_time)); TIME_CHECK_NT ("BASIC_INFO", basic_info, write_time); TIME_CHECK_NT ("BASIC_INFORMATION", basic_info, write_time); TIME_CHECK_DOS("GETATTR", getattr, write_time); TIME_CHECK_DOS("GETATTRE", getattre, write_time); TIME_CHECK_DOS("STANDARD", standard, write_time); TIME_CHECK_DOS("EA_SIZE", ea_size, write_time); TIME_CHECK_NT ("ALL_INFO", all_info, write_time); TIME_CHECK_NT ("NETWORK_OPEN_INFORMATION", network_open_information, write_time); s1 = fnum_find("BASIC_INFO"); correct_time = s1->basic_info.out.change_time; torture_comment(torture, "change_time: %s\n", nt_time_string(mem_ctx, correct_time)); TIME_CHECK_NT ("BASIC_INFO", basic_info, change_time); TIME_CHECK_NT ("BASIC_INFORMATION", basic_info, change_time); TIME_CHECK_NT ("ALL_INFO", all_info, change_time); TIME_CHECK_NT ("NETWORK_OPEN_INFORMATION", network_open_information, change_time); #define SIZE_CHECK(sname, stype, tfield) do { \ s1 = fnum_find(sname); \ if (s1 && s1->stype.out.tfield != correct_size) { \ printf("(%d) handle %s/%s incorrect - %u should be %u\n", __LINE__, #stype, #tfield, \ (unsigned int)s1->stype.out.tfield, \ (unsigned int)correct_size); \ ret = false; \ } \ s1 = fname_find(is_ipc, sname); \ if (s1 && s1->stype.out.tfield != correct_size) { \ printf("(%d) path %s/%s incorrect - %u should be %u\n", __LINE__, #stype, #tfield, \ (unsigned int)s1->stype.out.tfield, \ (unsigned int)correct_size); \ ret = false; \ }} while (0) s1 = fnum_find("STANDARD_INFO"); correct_size = s1->standard_info.out.size; torture_comment(torture, "size: %u\n", (unsigned int)correct_size); SIZE_CHECK("GETATTR", getattr, size); SIZE_CHECK("GETATTRE", getattre, size); SIZE_CHECK("STANDARD", standard, size); SIZE_CHECK("EA_SIZE", ea_size, size); SIZE_CHECK("STANDARD_INFO", standard_info, size); SIZE_CHECK("STANDARD_INFORMATION", standard_info, size); SIZE_CHECK("ALL_INFO", all_info, size); SIZE_CHECK("ALL_INFORMATION", all_info, size); SIZE_CHECK("COMPRESSION_INFO", compression_info, compressed_size); SIZE_CHECK("COMPRESSION_INFORMATION", compression_info, compressed_size); SIZE_CHECK("NETWORK_OPEN_INFORMATION", network_open_information, size); if (!skip_streams) { SIZE_CHECK("STREAM_INFO", stream_info, streams[0].size); SIZE_CHECK("STREAM_INFORMATION", stream_info, streams[0].size); } s1 = fnum_find("STANDARD_INFO"); correct_size = s1->standard_info.out.alloc_size; torture_comment(torture, "alloc_size: %u\n", (unsigned int)correct_size); SIZE_CHECK("GETATTRE", getattre, alloc_size); SIZE_CHECK("STANDARD", standard, alloc_size); SIZE_CHECK("EA_SIZE", ea_size, alloc_size); SIZE_CHECK("STANDARD_INFO", standard_info, alloc_size); SIZE_CHECK("STANDARD_INFORMATION", standard_info, alloc_size); SIZE_CHECK("ALL_INFO", all_info, alloc_size); SIZE_CHECK("ALL_INFORMATION", all_info, alloc_size); SIZE_CHECK("NETWORK_OPEN_INFORMATION", network_open_information, alloc_size); if (!skip_streams) { SIZE_CHECK("STREAM_INFO", stream_info, streams[0].alloc_size); SIZE_CHECK("STREAM_INFORMATION", stream_info, streams[0].alloc_size); } #define ATTRIB_CHECK(sname, stype, tfield) do { \ s1 = fnum_find(sname); \ if (s1 && s1->stype.out.tfield != correct_attrib) { \ printf("(%d) handle %s/%s incorrect - 0x%x should be 0x%x\n", __LINE__, #stype, #tfield, \ (unsigned int)s1->stype.out.tfield, \ (unsigned int)correct_attrib); \ ret = false; \ } \ s1 = fname_find(is_ipc, sname); \ if (s1 && s1->stype.out.tfield != correct_attrib) { \ printf("(%d) path %s/%s incorrect - 0x%x should be 0x%x\n", __LINE__, #stype, #tfield, \ (unsigned int)s1->stype.out.tfield, \ (unsigned int)correct_attrib); \ ret = false; \ }} while (0) s1 = fnum_find("BASIC_INFO"); correct_attrib = s1->basic_info.out.attrib; torture_comment(torture, "attrib: 0x%x\n", (unsigned int)correct_attrib); ATTRIB_CHECK("GETATTR", getattr, attrib); if (!is_ipc) { ATTRIB_CHECK("GETATTRE", getattre, attrib); ATTRIB_CHECK("STANDARD", standard, attrib); ATTRIB_CHECK("EA_SIZE", ea_size, attrib); } ATTRIB_CHECK("BASIC_INFO", basic_info, attrib); ATTRIB_CHECK("BASIC_INFORMATION", basic_info, attrib); ATTRIB_CHECK("ALL_INFO", all_info, attrib); ATTRIB_CHECK("ALL_INFORMATION", all_info, attrib); ATTRIB_CHECK("NETWORK_OPEN_INFORMATION", network_open_information, attrib); ATTRIB_CHECK("ATTRIBUTE_TAG_INFORMATION", attribute_tag_information, attrib); correct_name = fname; torture_comment(torture, "name: %s\n", correct_name); #define NAME_CHECK(sname, stype, tfield, flags) do { \ s1 = fnum_find(sname); \ if (s1 && (strcmp_safe(s1->stype.out.tfield.s, correct_name) != 0 || \ wire_bad_flags(&s1->stype.out.tfield, flags, tree->session->transport))) { \ printf("(%d) handle %s/%s incorrect - '%s/%d'\n", __LINE__, #stype, #tfield, \ s1->stype.out.tfield.s, s1->stype.out.tfield.private_length); \ ret = false; \ } \ s1 = fname_find(is_ipc, sname); \ if (s1 && (strcmp_safe(s1->stype.out.tfield.s, correct_name) != 0 || \ wire_bad_flags(&s1->stype.out.tfield, flags, tree->session->transport))) { \ printf("(%d) path %s/%s incorrect - '%s/%d'\n", __LINE__, #stype, #tfield, \ s1->stype.out.tfield.s, s1->stype.out.tfield.private_length); \ ret = false; \ }} while (0) NAME_CHECK("NAME_INFO", name_info, fname, STR_UNICODE); NAME_CHECK("NAME_INFORMATION", name_info, fname, STR_UNICODE); /* the ALL_INFO file name is the full path on the filesystem */ s1 = fnum_find("ALL_INFO"); if (s1 && !s1->all_info.out.fname.s) { torture_fail(torture, "ALL_INFO didn't give a filename"); } if (s1 && s1->all_info.out.fname.s) { char *p = strrchr(s1->all_info.out.fname.s, '\\'); if (!p) { printf("Not a full path in all_info/fname? - '%s'\n", s1->all_info.out.fname.s); ret = false; } else { if (strcmp_safe(correct_name, p) != 0) { printf("incorrect basename in all_info/fname - '%s'\n", s1->all_info.out.fname.s); ret = false; } } if (wire_bad_flags(&s1->all_info.out.fname, STR_UNICODE, tree->session->transport)) { printf("Should not null terminate all_info/fname\n"); ret = false; } } s1 = fnum_find("ALT_NAME_INFO"); if (s1) { correct_name = s1->alt_name_info.out.fname.s; } if (!correct_name) { torture_comment(torture, "no alternate name information\n"); } else { torture_comment(torture, "alt_name: %s\n", correct_name); NAME_CHECK("ALT_NAME_INFO", alt_name_info, fname, STR_UNICODE); NAME_CHECK("ALT_NAME_INFORMATION", alt_name_info, fname, STR_UNICODE); /* and make sure we can open by alternate name */ smbcli_close(tree, fnum); fnum = smbcli_nt_create_full(tree, correct_name, 0, SEC_RIGHTS_FILE_ALL, FILE_ATTRIBUTE_NORMAL, NTCREATEX_SHARE_ACCESS_DELETE| NTCREATEX_SHARE_ACCESS_READ| NTCREATEX_SHARE_ACCESS_WRITE, NTCREATEX_DISP_OVERWRITE_IF, 0, 0); if (fnum == -1) { printf("Unable to open by alt_name - %s\n", smbcli_errstr(tree)); ret = false; } if (!skip_streams) { correct_name = "::$DATA"; torture_comment(torture, "stream_name: %s\n", correct_name); NAME_CHECK("STREAM_INFO", stream_info, streams[0].stream_name, STR_UNICODE); NAME_CHECK("STREAM_INFORMATION", stream_info, streams[0].stream_name, STR_UNICODE); } } /* make sure the EAs look right */ s1 = fnum_find("ALL_EAS"); s2 = fnum_find("ALL_INFO"); if (s1) { for (i=0;i<s1->all_eas.out.num_eas;i++) { printf(" flags=%d %s=%*.*s\n", s1->all_eas.out.eas[i].flags, s1->all_eas.out.eas[i].name.s, (int)s1->all_eas.out.eas[i].value.length, (int)s1->all_eas.out.eas[i].value.length, s1->all_eas.out.eas[i].value.data); } } if (s1 && s2) { if (s1->all_eas.out.num_eas == 0) { if (s2->all_info.out.ea_size != 0) { printf("ERROR: num_eas==0 but fnum all_info.out.ea_size == %d\n", s2->all_info.out.ea_size); } } else { if (s2->all_info.out.ea_size != ea_list_size(s1->all_eas.out.num_eas, s1->all_eas.out.eas)) { printf("ERROR: ea_list_size=%d != fnum all_info.out.ea_size=%d\n", (int)ea_list_size(s1->all_eas.out.num_eas, s1->all_eas.out.eas), (int)s2->all_info.out.ea_size); } } } s2 = fname_find(is_ipc, "ALL_EAS"); if (s2) { VAL_EQUAL(all_eas, num_eas, all_eas, num_eas); for (i=0;i<s1->all_eas.out.num_eas;i++) { VAL_EQUAL(all_eas, eas[i].flags, all_eas, eas[i].flags); STR_EQUAL(all_eas, eas[i].name, all_eas, eas[i].name); VAL_EQUAL(all_eas, eas[i].value.length, all_eas, eas[i].value.length); } } #define VAL_CHECK(sname1, stype1, tfield1, sname2, stype2, tfield2) do { \ s1 = fnum_find(sname1); s2 = fnum_find(sname2); \ if (s1 && s2 && s1->stype1.out.tfield1 != s2->stype2.out.tfield2) { \ printf("(%d) handle %s/%s != %s/%s - 0x%x vs 0x%x\n", __LINE__, \ #stype1, #tfield1, #stype2, #tfield2, \ s1->stype1.out.tfield1, s2->stype2.out.tfield2); \ ret = false; \ } \ s1 = fname_find(is_ipc, sname1); s2 = fname_find(is_ipc, sname2); \ if (s1 && s2 && s1->stype1.out.tfield1 != s2->stype2.out.tfield2) { \ printf("(%d) path %s/%s != %s/%s - 0x%x vs 0x%x\n", __LINE__, \ #stype1, #tfield1, #stype2, #tfield2, \ s1->stype1.out.tfield1, s2->stype2.out.tfield2); \ ret = false; \ } \ s1 = fnum_find(sname1); s2 = fname_find(is_ipc, sname2); \ if (s1 && s2 && s1->stype1.out.tfield1 != s2->stype2.out.tfield2) { \ printf("(%d) handle %s/%s != path %s/%s - 0x%x vs 0x%x\n", __LINE__, \ #stype1, #tfield1, #stype2, #tfield2, \ s1->stype1.out.tfield1, s2->stype2.out.tfield2); \ ret = false; \ } \ s1 = fname_find(is_ipc, sname1); s2 = fnum_find(sname2); \ if (s1 && s2 && s1->stype1.out.tfield1 != s2->stype2.out.tfield2) { \ printf("(%d) path %s/%s != handle %s/%s - 0x%x vs 0x%x\n", __LINE__, \ #stype1, #tfield1, #stype2, #tfield2, \ s1->stype1.out.tfield1, s2->stype2.out.tfield2); \ ret = false; \ }} while (0) VAL_CHECK("STANDARD_INFO", standard_info, delete_pending, "ALL_INFO", all_info, delete_pending); VAL_CHECK("STANDARD_INFO", standard_info, directory, "ALL_INFO", all_info, directory); VAL_CHECK("STANDARD_INFO", standard_info, nlink, "ALL_INFO", all_info, nlink); s1 = fnum_find("BASIC_INFO"); if (s1 && is_ipc) { if (s1->basic_info.out.attrib != FILE_ATTRIBUTE_NORMAL) { printf("(%d) attrib basic_info/nlink incorrect - %d should be %d\n", __LINE__, s1->basic_info.out.attrib, (int)FILE_ATTRIBUTE_NORMAL); ret = false; } } s1 = fnum_find("STANDARD_INFO"); if (s1 && is_ipc) { if (s1->standard_info.out.nlink != 1) { printf("(%d) nlinks standard_info/nlink incorrect - %d should be 1\n", __LINE__, s1->standard_info.out.nlink); ret = false; } if (s1->standard_info.out.delete_pending != 1) { printf("(%d) nlinks standard_info/delete_pending incorrect - %d should be 1\n", __LINE__, s1->standard_info.out.delete_pending); ret = false; } } VAL_CHECK("EA_INFO", ea_info, ea_size, "ALL_INFO", all_info, ea_size); if (!is_ipc) { VAL_CHECK("EA_SIZE", ea_size, ea_size, "ALL_INFO", all_info, ea_size); } #define NAME_PATH_CHECK(sname, stype, field) do { \ s1 = fname_find(is_ipc, sname); s2 = fnum_find(sname); \ if (s1 && s2) { \ VAL_EQUAL(stype, field, stype, field); \ } \ } while (0) s1 = fnum_find("INTERNAL_INFORMATION"); if (s1) { torture_comment(torture, "file_id=%.0f\n", (double)s1->internal_information.out.file_id); } NAME_PATH_CHECK("INTERNAL_INFORMATION", internal_information, file_id); NAME_PATH_CHECK("POSITION_INFORMATION", position_information, position); if (s1 && s2) { printf("fnum pos = %.0f, fname pos = %.0f\n", (double)s2->position_information.out.position, (double)s1->position_information.out.position ); } NAME_PATH_CHECK("MODE_INFORMATION", mode_information, mode); NAME_PATH_CHECK("ALIGNMENT_INFORMATION", alignment_information, alignment_requirement); NAME_PATH_CHECK("ATTRIBUTE_TAG_INFORMATION", attribute_tag_information, attrib); NAME_PATH_CHECK("ATTRIBUTE_TAG_INFORMATION", attribute_tag_information, reparse_tag); #if 0 /* these are expected to differ */ NAME_PATH_CHECK("ACCESS_INFORMATION", access_information, access_flags); #endif #if 0 /* unused */ #define UNKNOWN_CHECK(sname, stype, tfield) do { \ s1 = fnum_find(sname); \ if (s1 && s1->stype.out.tfield != 0) { \ printf("(%d) handle %s/%s unknown != 0 (0x%x)\n", __LINE__, \ #stype, #tfield, \ (unsigned int)s1->stype.out.tfield); \ } \ s1 = fname_find(is_ipc, sname); \ if (s1 && s1->stype.out.tfield != 0) { \ printf("(%d) path %s/%s unknown != 0 (0x%x)\n", __LINE__, \ #stype, #tfield, \ (unsigned int)s1->stype.out.tfield); \ }} while (0) #endif /* now get a bit fancier .... */ /* when we set the delete disposition then the link count should drop to 0 and delete_pending should be 1 */ return ret; }
static bool test_schannel_anonymous_setPassword(struct torture_context *tctx, uint32_t dcerpc_flags, bool use2) { NTSTATUS status, result; const char *binding = torture_setting_string(tctx, "binding", NULL); struct dcerpc_binding *b; struct dcerpc_pipe *p = NULL; struct cli_credentials *credentials; bool ok = true; credentials = cli_credentials_init(NULL); torture_assert(tctx, credentials != NULL, "Bad credentials"); cli_credentials_set_anonymous(credentials); status = dcerpc_parse_binding(tctx, binding, &b); torture_assert_ntstatus_ok(tctx, status, "Bad binding string"); status = dcerpc_binding_set_flags(b, dcerpc_flags, DCERPC_AUTH_OPTIONS); torture_assert_ntstatus_ok(tctx, status, "set flags"); status = dcerpc_pipe_connect_b(tctx, &p, b, &ndr_table_netlogon, credentials, tctx->ev, tctx->lp_ctx); torture_assert_ntstatus_ok(tctx, status, "Failed to connect without schannel"); if (use2) { struct netr_ServerPasswordSet2 r = {}; struct netr_Authenticator credential = {}; struct netr_Authenticator return_authenticator = {}; struct netr_CryptPassword new_password = {}; r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p)); r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME); r.in.secure_channel_type = 0; r.in.computer_name = TEST_MACHINE_NAME; r.in.credential = &credential; r.in.new_password = &new_password; r.out.return_authenticator = &return_authenticator; status = dcerpc_netr_ServerPasswordSet2_r(p->binding_handle, tctx, &r); result = r.out.result; } else { struct netr_ServerPasswordSet r = {}; struct netr_Authenticator credential = {}; struct netr_Authenticator return_authenticator = {}; struct samr_Password new_password = {}; r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p)); r.in.account_name = talloc_asprintf(tctx, "%s$", TEST_MACHINE_NAME); r.in.secure_channel_type = 0; r.in.computer_name = TEST_MACHINE_NAME; r.in.credential = &credential; r.in.new_password = &new_password; r.out.return_authenticator = &return_authenticator; status = dcerpc_netr_ServerPasswordSet_r(p->binding_handle, tctx, &r); result = r.out.result; } torture_assert_ntstatus_ok(tctx, status, "ServerPasswordSet failed"); if (NT_STATUS_IS_OK(result)) { torture_fail(tctx, "unexpectedly received NT_STATUS_OK"); } return ok; }
static bool torture_rpc_spoolss_access_setup_common(struct torture_context *tctx, struct torture_access_context *t) { void *testuser; const char *testuser_passwd; struct cli_credentials *test_credentials; struct dom_sid *test_sid; struct dcerpc_pipe *p; const char *printername; const char *binding = torture_setting_string(tctx, "binding", NULL); struct dcerpc_pipe *spoolss_pipe; testuser = torture_create_testuser_max_pwlen(tctx, t->user.username, torture_setting_string(tctx, "workgroup", NULL), ACB_NORMAL, &testuser_passwd, 32); if (!testuser) { torture_fail(tctx, "Failed to create test user"); } test_credentials = cli_credentials_init(tctx); cli_credentials_set_workstation(test_credentials, "localhost", CRED_SPECIFIED); cli_credentials_set_domain(test_credentials, lpcfg_workgroup(tctx->lp_ctx), CRED_SPECIFIED); cli_credentials_set_username(test_credentials, t->user.username, CRED_SPECIFIED); cli_credentials_set_password(test_credentials, testuser_passwd, CRED_SPECIFIED); test_sid = discard_const_p(struct dom_sid, torture_join_user_sid(testuser)); if (t->user.num_builtin_memberships) { struct dcerpc_pipe *samr_pipe = torture_join_samr_pipe(testuser); torture_assert(tctx, spoolss_access_setup_membership(tctx, samr_pipe, t->user.num_builtin_memberships, t->user.builtin_memberships, test_sid), "failed to setup membership"); } if (t->user.num_privs) { struct dcerpc_pipe *lsa_pipe; torture_assert_ntstatus_ok(tctx, torture_rpc_connection(tctx, &lsa_pipe, &ndr_table_lsarpc), "Error connecting to server"); torture_assert(tctx, spoolss_access_setup_privs(tctx, lsa_pipe, t->user.num_privs, t->user.privs, test_sid, &t->user.privs_present), "failed to setup privs"); talloc_free(lsa_pipe); } torture_assert_ntstatus_ok(tctx, torture_rpc_connection(tctx, &spoolss_pipe, &ndr_table_spoolss), "Error connecting to server"); torture_assert(tctx, test_EnumPrinters_findone(tctx, spoolss_pipe, &printername), "failed to enumerate printers"); if (t->user.sd && printername) { torture_assert(tctx, spoolss_access_setup_sd(tctx, spoolss_pipe, printername, test_sid, &t->sd_orig), "failed to setup sd"); } talloc_free(spoolss_pipe); torture_assert_ntstatus_ok(tctx, dcerpc_pipe_connect(tctx, &p, binding, &ndr_table_spoolss, test_credentials, tctx->ev, tctx->lp_ctx), "Error connecting to server"); t->spoolss_pipe = p; t->printername = printername; t->user.testuser = testuser; return true; }
/* test tdb speed */ static bool test_tdb_speed(struct torture_context *torture, const void *_data) { struct timeval tv; struct tdb_wrap *tdbw; int timelimit = torture_setting_int(torture, "timelimit", 10); int i, count; TALLOC_CTX *tmp_ctx = talloc_new(torture); unlink("test.tdb"); torture_comment(torture, "Testing tdb speed for sidmap\n"); tdbw = tdb_wrap_open(tmp_ctx, "test.tdb", 10000, 0, O_RDWR|O_CREAT|O_TRUNC, 0600); if (!tdbw) { unlink("test.tdb"); talloc_free(tmp_ctx); torture_fail(torture, "Failed to open test.tdb"); } torture_comment(torture, "Adding %d SID records\n", torture_entries); for (i=0;i<torture_entries;i++) { if (!tdb_add_record(tdbw, "S-1-5-21-53173311-3623041448-2049097239-%u", "UID %u", i)) { torture_result(torture, TORTURE_FAIL, "Failed to add SID %d\n", i); goto failed; } if (!tdb_add_record(tdbw, "UID %u", "S-1-5-21-53173311-3623041448-2049097239-%u", i)) { torture_result(torture, TORTURE_FAIL, "Failed to add UID %d\n", i); goto failed; } } torture_comment(torture, "Testing for %d seconds\n", timelimit); tv = timeval_current(); for (count=0;timeval_elapsed(&tv) < timelimit;count++) { TDB_DATA key, data; i = random() % torture_entries; key.dptr = (uint8_t *)talloc_asprintf(tmp_ctx, "S-1-5-21-53173311-3623041448-2049097239-%u", i); key.dsize = strlen((char *)key.dptr)+1; data = tdb_fetch(tdbw->tdb, key); talloc_free(key.dptr); if (data.dptr == NULL) { torture_result(torture, TORTURE_FAIL, "Failed to fetch SID %d\n", i); goto failed; } free(data.dptr); key.dptr = (uint8_t *)talloc_asprintf(tmp_ctx, "UID %u", i); key.dsize = strlen((char *)key.dptr)+1; data = tdb_fetch(tdbw->tdb, key); talloc_free(key.dptr); if (data.dptr == NULL) { torture_result(torture, TORTURE_FAIL, "Failed to fetch UID %d\n", i); goto failed; } free(data.dptr); } tdb_speed = count/timeval_elapsed(&tv); torture_comment(torture, "tdb speed %.2f ops/sec\n", tdb_speed); unlink("test.tdb"); talloc_free(tmp_ctx); return true; failed: unlink("test.tdb"); talloc_free(tmp_ctx); return false; }