2003-08-13 05:53:07 +04:00
/*
Unix SMB / CIFS implementation .
SMB torture tester - scanning functions
Copyright ( C ) Andrew Tridgell 2001
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 2 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program ; if not , write to the Free Software
Foundation , Inc . , 675 Mass Ave , Cambridge , MA 0213 9 , USA .
*/
# include "includes.h"
2006-01-03 16:41:17 +03:00
# include "torture/torture.h"
2006-01-03 18:40:05 +03:00
# include "libcli/libcli.h"
2006-03-17 20:59:58 +03:00
# include "torture/util.h"
2004-11-01 04:03:22 +03:00
# include "libcli/raw/libcliraw.h"
2005-02-10 08:09:35 +03:00
# include "system/filesys.h"
# include "pstring.h"
2003-08-13 05:53:07 +04:00
# define VERBOSE 0
# define OP_MIN 0
# define OP_MAX 100
/****************************************************************************
look for a partial hit
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static void trans2_check_hit ( const char * format , int op , int level , NTSTATUS status )
{
2005-07-04 09:05:28 +04:00
if ( NT_STATUS_EQUAL ( status , NT_STATUS_INVALID_LEVEL ) | |
NT_STATUS_EQUAL ( status , NT_STATUS_NOT_IMPLEMENTED ) | |
NT_STATUS_EQUAL ( status , NT_STATUS_NOT_SUPPORTED ) | |
NT_STATUS_EQUAL ( status , NT_STATUS_UNSUCCESSFUL ) | |
NT_STATUS_EQUAL ( status , NT_STATUS_INVALID_INFO_CLASS ) ) {
2003-08-13 05:53:07 +04:00
return ;
}
# if VERBOSE
printf ( " possible %s hit op=%3d level=%5d status=%s \n " ,
format , op , level , nt_errstr ( status ) ) ;
# endif
}
/****************************************************************************
check for existance of a trans2 call
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2004-08-04 17:23:35 +04:00
static NTSTATUS try_trans2 ( struct smbcli_state * cli ,
2003-08-13 05:53:07 +04:00
int op ,
2004-11-25 23:01:47 +03:00
uint8_t * param , uint8_t * data ,
2003-08-13 05:53:07 +04:00
int param_len , int data_len ,
int * rparam_len , int * rdata_len )
{
NTSTATUS status ;
struct smb_trans2 t2 ;
2004-05-25 21:24:24 +04:00
uint16_t setup = op ;
2003-08-13 05:53:07 +04:00
TALLOC_CTX * mem_ctx ;
mem_ctx = talloc_init ( " try_trans2 " ) ;
2004-10-30 06:17:03 +04:00
t2 . in . max_param = 64 ;
t2 . in . max_data = smb_raw_max_trans_data ( cli - > tree , 64 ) ;
2003-08-13 05:53:07 +04:00
t2 . in . max_setup = 10 ;
t2 . in . flags = 0 ;
t2 . in . timeout = 0 ;
t2 . in . setup_count = 1 ;
t2 . in . setup = & setup ;
t2 . in . params . data = param ;
t2 . in . params . length = param_len ;
t2 . in . data . data = data ;
t2 . in . data . length = data_len ;
status = smb_raw_trans2 ( cli - > tree , mem_ctx , & t2 ) ;
* rparam_len = t2 . out . params . length ;
* rdata_len = t2 . out . data . length ;
2005-01-27 10:08:20 +03:00
talloc_free ( mem_ctx ) ;
2003-08-13 05:53:07 +04:00
return status ;
}
2004-08-04 17:23:35 +04:00
static NTSTATUS try_trans2_len ( struct smbcli_state * cli ,
2003-08-13 05:53:07 +04:00
const char * format ,
int op , int level ,
2004-11-25 23:01:47 +03:00
uint8_t * param , uint8_t * data ,
2003-08-13 05:53:07 +04:00
int param_len , int * data_len ,
int * rparam_len , int * rdata_len )
{
NTSTATUS ret = NT_STATUS_OK ;
ret = try_trans2 ( cli , op , param , data , param_len ,
sizeof ( pstring ) , rparam_len , rdata_len ) ;
# if VERBOSE
printf ( " op=%d level=%d ret=%s \n " , op , level , nt_errstr ( ret ) ) ;
# endif
if ( ! NT_STATUS_IS_OK ( ret ) ) return ret ;
* data_len = 0 ;
while ( * data_len < sizeof ( pstring ) ) {
ret = try_trans2 ( cli , op , param , data , param_len ,
* data_len , rparam_len , rdata_len ) ;
if ( NT_STATUS_IS_OK ( ret ) ) break ;
* data_len + = 2 ;
}
if ( NT_STATUS_IS_OK ( ret ) ) {
printf ( " found %s level=%d data_len=%d rparam_len=%d rdata_len=%d \n " ,
format , level , * data_len , * rparam_len , * rdata_len ) ;
} else {
trans2_check_hit ( format , op , level , ret ) ;
}
return ret ;
}
/****************************************************************************
check whether a trans2 opnum exists at all
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2004-08-04 17:23:35 +04:00
static BOOL trans2_op_exists ( struct smbcli_state * cli , int op )
2003-08-13 05:53:07 +04:00
{
int data_len = 0 ;
int param_len = 0 ;
int rparam_len , rdata_len ;
2004-11-25 23:01:47 +03:00
uint8_t param [ 1024 ] , data [ 1024 ] ;
2003-08-13 05:53:07 +04:00
NTSTATUS status1 , status2 ;
memset ( data , 0 , sizeof ( data ) ) ;
data_len = 4 ;
/* try with a info level only */
param_len = sizeof ( param ) ;
data_len = sizeof ( data ) ;
memset ( param , 0xFF , sizeof ( param ) ) ;
memset ( data , 0xFF , sizeof ( data ) ) ;
status1 = try_trans2 ( cli , 0xFFFF , param , data , param_len , data_len ,
& rparam_len , & rdata_len ) ;
status2 = try_trans2 ( cli , op , param , data , param_len , data_len ,
& rparam_len , & rdata_len ) ;
if ( NT_STATUS_EQUAL ( status1 , status2 ) ) return False ;
printf ( " Found op %d (status=%s) \n " , op , nt_errstr ( status2 ) ) ;
return True ;
}
/****************************************************************************
check for existance of a trans2 call
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2004-08-04 17:23:35 +04:00
static BOOL scan_trans2 ( struct smbcli_state * cli , int op , int level ,
2003-08-13 05:53:07 +04:00
int fnum , int dnum , int qfnum , const char * fname )
{
int data_len = 0 ;
int param_len = 0 ;
int rparam_len , rdata_len ;
2004-11-25 23:01:47 +03:00
uint8_t param [ 1024 ] , data [ 1024 ] ;
2003-08-13 05:53:07 +04:00
NTSTATUS status ;
memset ( data , 0 , sizeof ( data ) ) ;
data_len = 4 ;
/* try with a info level only */
param_len = 2 ;
SSVAL ( param , 0 , level ) ;
status = try_trans2_len ( cli , " void " , op , level , param , data , param_len , & data_len ,
& rparam_len , & rdata_len ) ;
if ( NT_STATUS_IS_OK ( status ) ) return True ;
/* try with a file descriptor */
param_len = 6 ;
SSVAL ( param , 0 , fnum ) ;
SSVAL ( param , 2 , level ) ;
SSVAL ( param , 4 , 0 ) ;
status = try_trans2_len ( cli , " fnum " , op , level , param , data , param_len , & data_len ,
& rparam_len , & rdata_len ) ;
if ( NT_STATUS_IS_OK ( status ) ) return True ;
/* try with a quota file descriptor */
param_len = 6 ;
SSVAL ( param , 0 , qfnum ) ;
SSVAL ( param , 2 , level ) ;
SSVAL ( param , 4 , 0 ) ;
status = try_trans2_len ( cli , " qfnum " , op , level , param , data , param_len , & data_len ,
& rparam_len , & rdata_len ) ;
if ( NT_STATUS_IS_OK ( status ) ) return True ;
/* try with a notify style */
param_len = 6 ;
SSVAL ( param , 0 , dnum ) ;
SSVAL ( param , 2 , dnum ) ;
SSVAL ( param , 4 , level ) ;
status = try_trans2_len ( cli , " notify " , op , level , param , data , param_len , & data_len ,
& rparam_len , & rdata_len ) ;
if ( NT_STATUS_IS_OK ( status ) ) return True ;
/* try with a file name */
param_len = 6 ;
SSVAL ( param , 0 , level ) ;
SSVAL ( param , 2 , 0 ) ;
SSVAL ( param , 4 , 0 ) ;
r2552: Character set conversion and string handling updates.
The intial motivation for this commit was to merge in some of the
bugfixes present in Samba3's chrcnv and string handling code into
Samba4. However, along the way I found a lot of unused functions, and
decided to do a bit more...
The strlen_m code now does not use a fixed buffer, but more work is
needed to finish off other functions in str_util.c. These fixed
length buffers hav caused very nasty, hard to chase down bugs at some
sites.
The strupper_m() function has a strupper_talloc() to replace it (we
need to go around and fix more uses, but it's a start). Use of these
new functions will avoid bugs where the upper or lowercase version of
a string is a different length.
I have removed the push_*_allocate functions, which are replaced by
calls to push_*_talloc. Likewise, pstring and other 'fixed length'
wrappers are removed, where possible.
I have removed the first ('base pointer') argument, used by push_ucs2,
as the Samba4 way of doing things ensures that this is always on an
even boundary anyway. (It was used in only one place, in any case).
(This used to be commit dfecb0150627b500cb026b8a4932fe87902ca392)
2004-09-23 04:51:45 +04:00
param_len + = push_string ( & param [ 6 ] , fname , sizeof ( pstring ) - 7 , STR_TERMINATE | STR_UNICODE ) ;
2003-08-13 05:53:07 +04:00
status = try_trans2_len ( cli , " fname " , op , level , param , data , param_len , & data_len ,
& rparam_len , & rdata_len ) ;
if ( NT_STATUS_IS_OK ( status ) ) return True ;
/* try with a new file name */
param_len = 6 ;
SSVAL ( param , 0 , level ) ;
SSVAL ( param , 2 , 0 ) ;
SSVAL ( param , 4 , 0 ) ;
r2552: Character set conversion and string handling updates.
The intial motivation for this commit was to merge in some of the
bugfixes present in Samba3's chrcnv and string handling code into
Samba4. However, along the way I found a lot of unused functions, and
decided to do a bit more...
The strlen_m code now does not use a fixed buffer, but more work is
needed to finish off other functions in str_util.c. These fixed
length buffers hav caused very nasty, hard to chase down bugs at some
sites.
The strupper_m() function has a strupper_talloc() to replace it (we
need to go around and fix more uses, but it's a start). Use of these
new functions will avoid bugs where the upper or lowercase version of
a string is a different length.
I have removed the push_*_allocate functions, which are replaced by
calls to push_*_talloc. Likewise, pstring and other 'fixed length'
wrappers are removed, where possible.
I have removed the first ('base pointer') argument, used by push_ucs2,
as the Samba4 way of doing things ensures that this is always on an
even boundary anyway. (It was used in only one place, in any case).
(This used to be commit dfecb0150627b500cb026b8a4932fe87902ca392)
2004-09-23 04:51:45 +04:00
param_len + = push_string ( & param [ 6 ] , " \\ newfile.dat " , sizeof ( pstring ) - 7 , STR_TERMINATE | STR_UNICODE ) ;
2003-08-13 05:53:07 +04:00
status = try_trans2_len ( cli , " newfile " , op , level , param , data , param_len , & data_len ,
& rparam_len , & rdata_len ) ;
2004-08-04 17:23:35 +04:00
smbcli_unlink ( cli - > tree , " \\ newfile.dat " ) ;
smbcli_rmdir ( cli - > tree , " \\ newfile.dat " ) ;
2003-08-13 05:53:07 +04:00
if ( NT_STATUS_IS_OK ( status ) ) return True ;
/* try dfs style */
2004-08-04 17:23:35 +04:00
smbcli_mkdir ( cli - > tree , " \\ testdir " ) ;
2003-08-13 05:53:07 +04:00
param_len = 2 ;
SSVAL ( param , 0 , level ) ;
r2552: Character set conversion and string handling updates.
The intial motivation for this commit was to merge in some of the
bugfixes present in Samba3's chrcnv and string handling code into
Samba4. However, along the way I found a lot of unused functions, and
decided to do a bit more...
The strlen_m code now does not use a fixed buffer, but more work is
needed to finish off other functions in str_util.c. These fixed
length buffers hav caused very nasty, hard to chase down bugs at some
sites.
The strupper_m() function has a strupper_talloc() to replace it (we
need to go around and fix more uses, but it's a start). Use of these
new functions will avoid bugs where the upper or lowercase version of
a string is a different length.
I have removed the push_*_allocate functions, which are replaced by
calls to push_*_talloc. Likewise, pstring and other 'fixed length'
wrappers are removed, where possible.
I have removed the first ('base pointer') argument, used by push_ucs2,
as the Samba4 way of doing things ensures that this is always on an
even boundary anyway. (It was used in only one place, in any case).
(This used to be commit dfecb0150627b500cb026b8a4932fe87902ca392)
2004-09-23 04:51:45 +04:00
param_len + = push_string ( & param [ 2 ] , " \\ testdir " , sizeof ( pstring ) - 3 , STR_TERMINATE | STR_UNICODE ) ;
2003-08-13 05:53:07 +04:00
status = try_trans2_len ( cli , " dfs " , op , level , param , data , param_len , & data_len ,
& rparam_len , & rdata_len ) ;
2004-08-04 17:23:35 +04:00
smbcli_rmdir ( cli - > tree , " \\ testdir " ) ;
2003-08-13 05:53:07 +04:00
if ( NT_STATUS_IS_OK ( status ) ) return True ;
return False ;
}
2006-03-25 19:01:28 +03:00
BOOL torture_trans2_scan ( struct torture_context * torture )
2003-08-13 05:53:07 +04:00
{
2004-08-04 17:23:35 +04:00
static struct smbcli_state * cli ;
2003-08-13 05:53:07 +04:00
int op , level ;
const char * fname = " \\ scanner.dat " ;
int fnum , dnum , qfnum ;
printf ( " starting trans2 scan test \n " ) ;
if ( ! torture_open_connection ( & cli ) ) {
return False ;
}
2004-08-04 17:23:35 +04:00
fnum = smbcli_open ( cli - > tree , fname , O_RDWR | O_CREAT | O_TRUNC , DENY_NONE ) ;
2003-08-13 05:53:07 +04:00
if ( fnum = = - 1 ) {
2004-08-04 17:23:35 +04:00
printf ( " file open failed - %s \n " , smbcli_errstr ( cli - > tree ) ) ;
2003-08-13 05:53:07 +04:00
}
2004-08-04 17:23:35 +04:00
dnum = smbcli_nt_create_full ( cli - > tree , " \\ " ,
2004-11-30 07:33:27 +03:00
0 ,
SEC_RIGHTS_FILE_READ ,
FILE_ATTRIBUTE_NORMAL ,
NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE ,
NTCREATEX_DISP_OPEN ,
NTCREATEX_OPTIONS_DIRECTORY , 0 ) ;
2003-08-13 05:53:07 +04:00
if ( dnum = = - 1 ) {
2004-08-04 17:23:35 +04:00
printf ( " directory open failed - %s \n " , smbcli_errstr ( cli - > tree ) ) ;
2003-08-13 05:53:07 +04:00
}
2004-08-04 17:23:35 +04:00
qfnum = smbcli_nt_create_full ( cli - > tree , " \\ $Extend \\ $Quota:$Q:$INDEX_ALLOCATION " ,
2003-08-13 05:53:07 +04:00
NTCREATEX_FLAGS_EXTENDED ,
2004-12-02 07:37:36 +03:00
SEC_FLAG_MAXIMUM_ALLOWED ,
2003-08-13 05:53:07 +04:00
0 ,
NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE ,
NTCREATEX_DISP_OPEN ,
0 , 0 ) ;
if ( qfnum = = - 1 ) {
2004-08-04 17:23:35 +04:00
printf ( " quota open failed - %s \n " , smbcli_errstr ( cli - > tree ) ) ;
2003-08-13 05:53:07 +04:00
}
for ( op = OP_MIN ; op < = OP_MAX ; op + + ) {
if ( ! trans2_op_exists ( cli , op ) ) {
continue ;
}
for ( level = 0 ; level < = 50 ; level + + ) {
scan_trans2 ( cli , op , level , fnum , dnum , qfnum , fname ) ;
}
for ( level = 0x100 ; level < = 0x130 ; level + + ) {
scan_trans2 ( cli , op , level , fnum , dnum , qfnum , fname ) ;
}
for ( level = 1000 ; level < 1050 ; level + + ) {
scan_trans2 ( cli , op , level , fnum , dnum , qfnum , fname ) ;
}
}
torture_close_connection ( cli ) ;
printf ( " trans2 scan finished \n " ) ;
return True ;
}
/****************************************************************************
look for a partial hit
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static void nttrans_check_hit ( const char * format , int op , int level , NTSTATUS status )
{
2005-07-04 09:05:28 +04:00
if ( NT_STATUS_EQUAL ( status , NT_STATUS_INVALID_LEVEL ) | |
NT_STATUS_EQUAL ( status , NT_STATUS_NOT_IMPLEMENTED ) | |
NT_STATUS_EQUAL ( status , NT_STATUS_NOT_SUPPORTED ) | |
NT_STATUS_EQUAL ( status , NT_STATUS_UNSUCCESSFUL ) | |
NT_STATUS_EQUAL ( status , NT_STATUS_INVALID_INFO_CLASS ) ) {
2003-08-13 05:53:07 +04:00
return ;
}
# if VERBOSE
printf ( " possible %s hit op=%3d level=%5d status=%s \n " ,
format , op , level , nt_errstr ( status ) ) ;
# endif
}
/****************************************************************************
check for existence of a nttrans call
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2004-08-04 17:23:35 +04:00
static NTSTATUS try_nttrans ( struct smbcli_state * cli ,
2003-08-13 05:53:07 +04:00
int op ,
2004-11-25 23:01:47 +03:00
uint8_t * param , uint8_t * data ,
2003-08-13 05:53:07 +04:00
int param_len , int data_len ,
int * rparam_len , int * rdata_len )
{
struct smb_nttrans parms ;
DATA_BLOB ntparam_blob , ntdata_blob ;
TALLOC_CTX * mem_ctx ;
NTSTATUS status ;
mem_ctx = talloc_init ( " try_nttrans " ) ;
ntparam_blob . length = param_len ;
ntparam_blob . data = param ;
ntdata_blob . length = data_len ;
ntdata_blob . data = data ;
2004-10-30 06:17:03 +04:00
parms . in . max_param = 64 ;
parms . in . max_data = smb_raw_max_trans_data ( cli - > tree , 64 ) ;
2003-08-13 05:53:07 +04:00
parms . in . max_setup = 0 ;
parms . in . setup_count = 0 ;
parms . in . function = op ;
parms . in . params = ntparam_blob ;
parms . in . data = ntdata_blob ;
status = smb_raw_nttrans ( cli - > tree , mem_ctx , & parms ) ;
if ( NT_STATUS_IS_ERR ( status ) ) {
DEBUG ( 1 , ( " Failed to send NT_TRANS \n " ) ) ;
2005-01-27 10:08:20 +03:00
talloc_free ( mem_ctx ) ;
2003-08-13 05:53:07 +04:00
return status ;
}
* rparam_len = parms . out . params . length ;
* rdata_len = parms . out . data . length ;
2005-01-27 10:08:20 +03:00
talloc_free ( mem_ctx ) ;
2003-08-13 05:53:07 +04:00
return status ;
}
2004-08-04 17:23:35 +04:00
static NTSTATUS try_nttrans_len ( struct smbcli_state * cli ,
2003-08-13 05:53:07 +04:00
const char * format ,
int op , int level ,
2004-11-25 23:01:47 +03:00
uint8_t * param , uint8_t * data ,
2003-08-13 05:53:07 +04:00
int param_len , int * data_len ,
int * rparam_len , int * rdata_len )
{
NTSTATUS ret = NT_STATUS_OK ;
ret = try_nttrans ( cli , op , param , data , param_len ,
sizeof ( pstring ) , rparam_len , rdata_len ) ;
# if VERBOSE
printf ( " op=%d level=%d ret=%s \n " , op , level , nt_errstr ( ret ) ) ;
# endif
if ( ! NT_STATUS_IS_OK ( ret ) ) return ret ;
* data_len = 0 ;
while ( * data_len < sizeof ( pstring ) ) {
ret = try_nttrans ( cli , op , param , data , param_len ,
* data_len , rparam_len , rdata_len ) ;
if ( NT_STATUS_IS_OK ( ret ) ) break ;
* data_len + = 2 ;
}
if ( NT_STATUS_IS_OK ( ret ) ) {
printf ( " found %s level=%d data_len=%d rparam_len=%d rdata_len=%d \n " ,
format , level , * data_len , * rparam_len , * rdata_len ) ;
} else {
nttrans_check_hit ( format , op , level , ret ) ;
}
return ret ;
}
/****************************************************************************
check for existance of a nttrans call
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2004-08-04 17:23:35 +04:00
static BOOL scan_nttrans ( struct smbcli_state * cli , int op , int level ,
2003-08-13 05:53:07 +04:00
int fnum , int dnum , const char * fname )
{
int data_len = 0 ;
int param_len = 0 ;
int rparam_len , rdata_len ;
2004-11-25 23:01:47 +03:00
uint8_t param [ 1024 ] , data [ 1024 ] ;
2003-08-13 05:53:07 +04:00
NTSTATUS status ;
memset ( data , 0 , sizeof ( data ) ) ;
data_len = 4 ;
/* try with a info level only */
param_len = 2 ;
SSVAL ( param , 0 , level ) ;
status = try_nttrans_len ( cli , " void " , op , level , param , data , param_len , & data_len ,
& rparam_len , & rdata_len ) ;
if ( NT_STATUS_IS_OK ( status ) ) return True ;
/* try with a file descriptor */
param_len = 6 ;
SSVAL ( param , 0 , fnum ) ;
SSVAL ( param , 2 , level ) ;
SSVAL ( param , 4 , 0 ) ;
status = try_nttrans_len ( cli , " fnum " , op , level , param , data , param_len , & data_len ,
& rparam_len , & rdata_len ) ;
if ( NT_STATUS_IS_OK ( status ) ) return True ;
/* try with a notify style */
param_len = 6 ;
SSVAL ( param , 0 , dnum ) ;
SSVAL ( param , 2 , dnum ) ;
SSVAL ( param , 4 , level ) ;
status = try_nttrans_len ( cli , " notify " , op , level , param , data , param_len , & data_len ,
& rparam_len , & rdata_len ) ;
if ( NT_STATUS_IS_OK ( status ) ) return True ;
/* try with a file name */
param_len = 6 ;
SSVAL ( param , 0 , level ) ;
SSVAL ( param , 2 , 0 ) ;
SSVAL ( param , 4 , 0 ) ;
2006-01-27 01:22:26 +03:00
param_len + = push_string ( & param [ 6 ] , fname , sizeof ( pstring ) , STR_TERMINATE | STR_UNICODE ) ;
2003-08-13 05:53:07 +04:00
status = try_nttrans_len ( cli , " fname " , op , level , param , data , param_len , & data_len ,
& rparam_len , & rdata_len ) ;
if ( NT_STATUS_IS_OK ( status ) ) return True ;
/* try with a new file name */
param_len = 6 ;
SSVAL ( param , 0 , level ) ;
SSVAL ( param , 2 , 0 ) ;
SSVAL ( param , 4 , 0 ) ;
2006-01-27 01:22:26 +03:00
param_len + = push_string ( & param [ 6 ] , " \\ newfile.dat " , sizeof ( pstring ) , STR_TERMINATE | STR_UNICODE ) ;
2003-08-13 05:53:07 +04:00
status = try_nttrans_len ( cli , " newfile " , op , level , param , data , param_len , & data_len ,
& rparam_len , & rdata_len ) ;
2004-08-04 17:23:35 +04:00
smbcli_unlink ( cli - > tree , " \\ newfile.dat " ) ;
smbcli_rmdir ( cli - > tree , " \\ newfile.dat " ) ;
2003-08-13 05:53:07 +04:00
if ( NT_STATUS_IS_OK ( status ) ) return True ;
/* try dfs style */
2004-08-04 17:23:35 +04:00
smbcli_mkdir ( cli - > tree , " \\ testdir " ) ;
2003-08-13 05:53:07 +04:00
param_len = 2 ;
SSVAL ( param , 0 , level ) ;
2006-01-27 01:22:26 +03:00
param_len + = push_string ( & param [ 2 ] , " \\ testdir " , sizeof ( pstring ) , STR_TERMINATE | STR_UNICODE ) ;
2003-08-13 05:53:07 +04:00
status = try_nttrans_len ( cli , " dfs " , op , level , param , data , param_len , & data_len ,
& rparam_len , & rdata_len ) ;
2004-08-04 17:23:35 +04:00
smbcli_rmdir ( cli - > tree , " \\ testdir " ) ;
2003-08-13 05:53:07 +04:00
if ( NT_STATUS_IS_OK ( status ) ) return True ;
return False ;
}
2006-03-25 19:01:28 +03:00
BOOL torture_nttrans_scan ( struct torture_context * torture )
2003-08-13 05:53:07 +04:00
{
2004-08-04 17:23:35 +04:00
static struct smbcli_state * cli ;
2003-08-13 05:53:07 +04:00
int op , level ;
const char * fname = " \\ scanner.dat " ;
int fnum , dnum ;
printf ( " starting nttrans scan test \n " ) ;
if ( ! torture_open_connection ( & cli ) ) {
return False ;
}
2004-08-04 17:23:35 +04:00
fnum = smbcli_open ( cli - > tree , fname , O_RDWR | O_CREAT | O_TRUNC ,
2003-08-13 05:53:07 +04:00
DENY_NONE ) ;
2004-08-04 17:23:35 +04:00
dnum = smbcli_open ( cli - > tree , " \\ " , O_RDONLY , DENY_NONE ) ;
2003-08-13 05:53:07 +04:00
for ( op = OP_MIN ; op < = OP_MAX ; op + + ) {
printf ( " Scanning op=%d \n " , op ) ;
for ( level = 0 ; level < = 50 ; level + + ) {
scan_nttrans ( cli , op , level , fnum , dnum , fname ) ;
}
for ( level = 0x100 ; level < = 0x130 ; level + + ) {
scan_nttrans ( cli , op , level , fnum , dnum , fname ) ;
}
for ( level = 1000 ; level < 1050 ; level + + ) {
scan_nttrans ( cli , op , level , fnum , dnum , fname ) ;
}
}
torture_close_connection ( cli ) ;
printf ( " nttrans scan finished \n " ) ;
return True ;
}
2003-08-14 02:23:18 +04:00
/* scan for valid base SMB requests */
2006-03-25 19:01:28 +03:00
BOOL torture_smb_scan ( struct torture_context * torture )
2003-08-14 02:23:18 +04:00
{
2004-08-04 17:23:35 +04:00
static struct smbcli_state * cli ;
2003-08-14 02:23:18 +04:00
int op ;
2004-08-04 17:23:35 +04:00
struct smbcli_request * req ;
2003-08-14 02:23:18 +04:00
NTSTATUS status ;
for ( op = 0x0 ; op < = 0xFF ; op + + ) {
if ( op = = SMBreadbraw ) continue ;
if ( ! torture_open_connection ( & cli ) ) {
return False ;
}
2004-08-04 17:23:35 +04:00
req = smbcli_request_setup ( cli - > tree , op , 0 , 0 ) ;
2003-08-14 02:23:18 +04:00
2004-08-04 17:23:35 +04:00
if ( ! smbcli_request_send ( req ) ) {
smbcli_request_destroy ( req ) ;
2003-08-14 02:23:18 +04:00
break ;
}
usleep ( 10000 ) ;
2004-08-04 17:23:35 +04:00
smbcli_transport_process ( cli - > transport ) ;
if ( req - > state > SMBCLI_REQUEST_RECV ) {
status = smbcli_request_simple_recv ( req ) ;
2003-08-14 02:23:18 +04:00
printf ( " op=0x%x status=%s \n " , op , nt_errstr ( status ) ) ;
torture_close_connection ( cli ) ;
continue ;
}
sleep ( 1 ) ;
2004-08-04 17:23:35 +04:00
smbcli_transport_process ( cli - > transport ) ;
if ( req - > state > SMBCLI_REQUEST_RECV ) {
status = smbcli_request_simple_recv ( req ) ;
2003-08-14 02:23:18 +04:00
printf ( " op=0x%x status=%s \n " , op , nt_errstr ( status ) ) ;
} else {
printf ( " op=0x%x no reply \n " , op ) ;
2004-08-04 17:23:35 +04:00
smbcli_request_destroy ( req ) ;
2003-08-14 02:23:18 +04:00
continue ; /* don't attempt close! */
}
torture_close_connection ( cli ) ;
}
printf ( " smb scan finished \n " ) ;
return True ;
}
