2003-08-13 05:53:07 +04:00
/*
Unix SMB / CIFS implementation .
SMB torture tester - scanning functions
Copyright ( C ) Andrew Tridgell 2001
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-10 06:07:03 +04:00
the Free Software Foundation ; either version 3 of the License , or
2003-08-13 05:53:07 +04:00
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
2007-07-10 06:07:03 +04:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
2003-08-13 05:53:07 +04:00
*/
# include "includes.h"
2006-01-03 18:40:05 +03:00
# include "libcli/libcli.h"
2006-03-17 20:59:58 +03:00
# include "torture/util.h"
2008-04-02 06:53:27 +04:00
# include "libcli/raw/raw_proto.h"
2005-02-10 08:09:35 +03:00
# include "system/filesys.h"
2007-12-14 00:46:09 +03:00
# include "param/param.h"
2011-03-19 02:42:52 +03:00
# include "torture/basic/proto.h"
2003-08-13 05:53:07 +04:00
# define VERBOSE 0
# define OP_MIN 0
# define OP_MAX 100
2007-12-16 01:16:43 +03:00
# define PARAM_SIZE 1024
2003-08-13 05:53:07 +04:00
/****************************************************************************
look for a partial hit
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static void trans2_check_hit ( const char * format , int op , int level , NTSTATUS status )
{
2005-07-04 09:05:28 +04:00
if ( NT_STATUS_EQUAL ( status , NT_STATUS_INVALID_LEVEL ) | |
NT_STATUS_EQUAL ( status , NT_STATUS_NOT_IMPLEMENTED ) | |
NT_STATUS_EQUAL ( status , NT_STATUS_NOT_SUPPORTED ) | |
NT_STATUS_EQUAL ( status , NT_STATUS_UNSUCCESSFUL ) | |
NT_STATUS_EQUAL ( status , NT_STATUS_INVALID_INFO_CLASS ) ) {
2003-08-13 05:53:07 +04:00
return ;
}
# if VERBOSE
printf ( " possible %s hit op=%3d level=%5d status=%s \n " ,
format , op , level , nt_errstr ( status ) ) ;
# endif
}
/****************************************************************************
check for existance of a trans2 call
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2004-08-04 17:23:35 +04:00
static NTSTATUS try_trans2 ( struct smbcli_state * cli ,
2003-08-13 05:53:07 +04:00
int op ,
2004-11-25 23:01:47 +03:00
uint8_t * param , uint8_t * data ,
2003-08-13 05:53:07 +04:00
int param_len , int data_len ,
int * rparam_len , int * rdata_len )
{
NTSTATUS status ;
struct smb_trans2 t2 ;
2004-05-25 21:24:24 +04:00
uint16_t setup = op ;
2003-08-13 05:53:07 +04:00
TALLOC_CTX * mem_ctx ;
mem_ctx = talloc_init ( " try_trans2 " ) ;
2008-07-07 20:07:47 +04:00
t2 . in . max_param = UINT16_MAX ;
t2 . in . max_data = UINT16_MAX ;
2003-08-13 05:53:07 +04:00
t2 . in . max_setup = 10 ;
t2 . in . flags = 0 ;
t2 . in . timeout = 0 ;
t2 . in . setup_count = 1 ;
t2 . in . setup = & setup ;
t2 . in . params . data = param ;
t2 . in . params . length = param_len ;
t2 . in . data . data = data ;
t2 . in . data . length = data_len ;
status = smb_raw_trans2 ( cli - > tree , mem_ctx , & t2 ) ;
* rparam_len = t2 . out . params . length ;
* rdata_len = t2 . out . data . length ;
2005-01-27 10:08:20 +03:00
talloc_free ( mem_ctx ) ;
2007-12-16 01:16:43 +03:00
2003-08-13 05:53:07 +04:00
return status ;
}
2007-12-16 01:16:43 +03:00
static NTSTATUS try_trans2_len ( struct smbcli_state * cli ,
2003-08-13 05:53:07 +04:00
const char * format ,
int op , int level ,
2004-11-25 23:01:47 +03:00
uint8_t * param , uint8_t * data ,
2003-08-13 05:53:07 +04:00
int param_len , int * data_len ,
int * rparam_len , int * rdata_len )
{
NTSTATUS ret = NT_STATUS_OK ;
ret = try_trans2 ( cli , op , param , data , param_len ,
2007-12-16 01:16:43 +03:00
PARAM_SIZE , rparam_len , rdata_len ) ;
# if VERBOSE
2003-08-13 05:53:07 +04:00
printf ( " op=%d level=%d ret=%s \n " , op , level , nt_errstr ( ret ) ) ;
# endif
if ( ! NT_STATUS_IS_OK ( ret ) ) return ret ;
* data_len = 0 ;
2007-12-16 01:16:43 +03:00
while ( * data_len < PARAM_SIZE ) {
2003-08-13 05:53:07 +04:00
ret = try_trans2 ( cli , op , param , data , param_len ,
* data_len , rparam_len , rdata_len ) ;
if ( NT_STATUS_IS_OK ( ret ) ) break ;
* data_len + = 2 ;
}
if ( NT_STATUS_IS_OK ( ret ) ) {
printf ( " found %s level=%d data_len=%d rparam_len=%d rdata_len=%d \n " ,
format , level , * data_len , * rparam_len , * rdata_len ) ;
} else {
trans2_check_hit ( format , op , level , ret ) ;
}
return ret ;
}
/****************************************************************************
check whether a trans2 opnum exists at all
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-10-07 02:28:14 +04:00
static bool trans2_op_exists ( struct smbcli_state * cli , int op )
2003-08-13 05:53:07 +04:00
{
2007-12-16 01:16:43 +03:00
int data_len = PARAM_SIZE ;
int param_len = PARAM_SIZE ;
2003-08-13 05:53:07 +04:00
int rparam_len , rdata_len ;
2007-12-16 01:16:43 +03:00
uint8_t * param , * data ;
2003-08-13 05:53:07 +04:00
NTSTATUS status1 , status2 ;
2007-12-16 01:16:43 +03:00
TALLOC_CTX * mem_ctx ;
2003-08-13 05:53:07 +04:00
2007-12-16 01:16:43 +03:00
mem_ctx = talloc_init ( " trans2_op_exists " ) ;
2003-08-13 05:53:07 +04:00
/* try with a info level only */
2007-12-16 01:16:43 +03:00
param = talloc_array ( mem_ctx , uint8_t , param_len ) ;
data = talloc_array ( mem_ctx , uint8_t , data_len ) ;
memset ( param , 0xFF , param_len ) ;
memset ( data , 0xFF , data_len ) ;
status1 = try_trans2 ( cli , 0xFFFF , param , data , param_len , data_len ,
2003-08-13 05:53:07 +04:00
& rparam_len , & rdata_len ) ;
2007-12-16 01:16:43 +03:00
status2 = try_trans2 ( cli , op , param , data , param_len , data_len ,
2003-08-13 05:53:07 +04:00
& rparam_len , & rdata_len ) ;
2007-12-16 01:16:43 +03:00
if ( NT_STATUS_EQUAL ( status1 , status2 ) ) {
talloc_free ( mem_ctx ) ;
return false ;
}
2003-08-13 05:53:07 +04:00
printf ( " Found op %d (status=%s) \n " , op , nt_errstr ( status2 ) ) ;
2007-12-16 01:16:43 +03:00
talloc_free ( mem_ctx ) ;
2007-10-07 02:28:14 +04:00
return true ;
2003-08-13 05:53:07 +04:00
}
/****************************************************************************
check for existance of a trans2 call
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2008-10-24 05:40:09 +04:00
static bool scan_trans2 (
2008-01-04 02:22:08 +03:00
struct smbcli_state * cli , int op , int level ,
2003-08-13 05:53:07 +04:00
int fnum , int dnum , int qfnum , const char * fname )
{
int data_len = 0 ;
int param_len = 0 ;
int rparam_len , rdata_len ;
2007-12-16 01:16:43 +03:00
uint8_t * param , * data ;
2003-08-13 05:53:07 +04:00
NTSTATUS status ;
2007-12-16 01:16:43 +03:00
TALLOC_CTX * mem_ctx ;
mem_ctx = talloc_init ( " scan_trans2 " ) ;
data = talloc_array ( mem_ctx , uint8_t , PARAM_SIZE ) ;
param = talloc_array ( mem_ctx , uint8_t , PARAM_SIZE ) ;
2003-08-13 05:53:07 +04:00
2007-12-16 01:16:43 +03:00
memset ( data , 0 , PARAM_SIZE ) ;
2003-08-13 05:53:07 +04:00
data_len = 4 ;
/* try with a info level only */
param_len = 2 ;
SSVAL ( param , 0 , level ) ;
2007-12-16 01:16:43 +03:00
status = try_trans2_len ( cli , " void " , op , level , param , data , param_len ,
& data_len , & rparam_len , & rdata_len ) ;
if ( NT_STATUS_IS_OK ( status ) ) {
talloc_free ( mem_ctx ) ;
return true ;
}
2003-08-13 05:53:07 +04:00
/* try with a file descriptor */
param_len = 6 ;
SSVAL ( param , 0 , fnum ) ;
SSVAL ( param , 2 , level ) ;
SSVAL ( param , 4 , 0 ) ;
2007-12-16 01:16:43 +03:00
status = try_trans2_len ( cli , " fnum " , op , level , param , data , param_len ,
& data_len , & rparam_len , & rdata_len ) ;
if ( NT_STATUS_IS_OK ( status ) ) {
talloc_free ( mem_ctx ) ;
return true ;
}
2003-08-13 05:53:07 +04:00
/* try with a quota file descriptor */
param_len = 6 ;
SSVAL ( param , 0 , qfnum ) ;
SSVAL ( param , 2 , level ) ;
SSVAL ( param , 4 , 0 ) ;
2007-12-16 01:16:43 +03:00
status = try_trans2_len ( cli , " qfnum " , op , level , param , data , param_len ,
& data_len , & rparam_len , & rdata_len ) ;
if ( NT_STATUS_IS_OK ( status ) ) {
talloc_free ( mem_ctx ) ;
return true ;
}
2003-08-13 05:53:07 +04:00
/* try with a notify style */
param_len = 6 ;
SSVAL ( param , 0 , dnum ) ;
SSVAL ( param , 2 , dnum ) ;
SSVAL ( param , 4 , level ) ;
2007-12-16 01:16:43 +03:00
status = try_trans2_len ( cli , " notify " , op , level , param , data ,
param_len , & data_len , & rparam_len , & rdata_len ) ;
if ( NT_STATUS_IS_OK ( status ) ) {
talloc_free ( mem_ctx ) ;
return true ;
}
2003-08-13 05:53:07 +04:00
/* try with a file name */
param_len = 6 ;
SSVAL ( param , 0 , level ) ;
SSVAL ( param , 2 , 0 ) ;
SSVAL ( param , 4 , 0 ) ;
2008-10-24 05:40:09 +04:00
param_len + = push_string (
2007-12-16 01:16:43 +03:00
& param [ 6 ] , fname , PARAM_SIZE - 7 ,
STR_TERMINATE | STR_UNICODE ) ;
2003-08-13 05:53:07 +04:00
2007-12-16 01:16:43 +03:00
status = try_trans2_len ( cli , " fname " , op , level , param , data , param_len ,
& data_len , & rparam_len , & rdata_len ) ;
if ( NT_STATUS_IS_OK ( status ) ) {
talloc_free ( mem_ctx ) ;
return true ;
}
2003-08-13 05:53:07 +04:00
/* try with a new file name */
param_len = 6 ;
SSVAL ( param , 0 , level ) ;
SSVAL ( param , 2 , 0 ) ;
SSVAL ( param , 4 , 0 ) ;
2008-10-24 05:40:09 +04:00
param_len + = push_string (
2007-12-16 01:16:43 +03:00
& param [ 6 ] , " \\ newfile.dat " , PARAM_SIZE - 7 ,
STR_TERMINATE | STR_UNICODE ) ;
2003-08-13 05:53:07 +04:00
2007-12-16 01:16:43 +03:00
status = try_trans2_len ( cli , " newfile " , op , level , param , data ,
param_len , & data_len , & rparam_len , & rdata_len ) ;
2004-08-04 17:23:35 +04:00
smbcli_unlink ( cli - > tree , " \\ newfile.dat " ) ;
smbcli_rmdir ( cli - > tree , " \\ newfile.dat " ) ;
2007-12-16 01:16:43 +03:00
if ( NT_STATUS_IS_OK ( status ) ) {
talloc_free ( mem_ctx ) ;
return true ;
}
2003-08-13 05:53:07 +04:00
/* try dfs style */
2004-08-04 17:23:35 +04:00
smbcli_mkdir ( cli - > tree , " \\ testdir " ) ;
2003-08-13 05:53:07 +04:00
param_len = 2 ;
SSVAL ( param , 0 , level ) ;
2008-10-24 05:40:09 +04:00
param_len + = push_string (
2007-12-16 01:16:43 +03:00
& param [ 2 ] , " \\ testdir " , PARAM_SIZE - 3 ,
STR_TERMINATE | STR_UNICODE ) ;
2003-08-13 05:53:07 +04:00
2007-12-16 01:16:43 +03:00
status = try_trans2_len ( cli , " dfs " , op , level , param , data , param_len ,
& data_len , & rparam_len , & rdata_len ) ;
2004-08-04 17:23:35 +04:00
smbcli_rmdir ( cli - > tree , " \\ testdir " ) ;
2007-12-16 01:16:43 +03:00
if ( NT_STATUS_IS_OK ( status ) ) {
talloc_free ( mem_ctx ) ;
return true ;
}
2003-08-13 05:53:07 +04:00
2007-12-16 01:16:43 +03:00
talloc_free ( mem_ctx ) ;
2007-10-07 02:28:14 +04:00
return false ;
2003-08-13 05:53:07 +04:00
}
2007-12-16 01:16:43 +03:00
bool torture_trans2_scan ( struct torture_context * torture ,
2006-10-16 17:06:41 +04:00
struct smbcli_state * cli )
2003-08-13 05:53:07 +04:00
{
int op , level ;
const char * fname = " \\ scanner.dat " ;
int fnum , dnum , qfnum ;
2004-08-04 17:23:35 +04:00
fnum = smbcli_open ( cli - > tree , fname , O_RDWR | O_CREAT | O_TRUNC , DENY_NONE ) ;
2003-08-13 05:53:07 +04:00
if ( fnum = = - 1 ) {
2004-08-04 17:23:35 +04:00
printf ( " file open failed - %s \n " , smbcli_errstr ( cli - > tree ) ) ;
2003-08-13 05:53:07 +04:00
}
2004-08-04 17:23:35 +04:00
dnum = smbcli_nt_create_full ( cli - > tree , " \\ " ,
2004-11-30 07:33:27 +03:00
0 ,
SEC_RIGHTS_FILE_READ ,
FILE_ATTRIBUTE_NORMAL ,
NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE ,
NTCREATEX_DISP_OPEN ,
NTCREATEX_OPTIONS_DIRECTORY , 0 ) ;
2003-08-13 05:53:07 +04:00
if ( dnum = = - 1 ) {
2004-08-04 17:23:35 +04:00
printf ( " directory open failed - %s \n " , smbcli_errstr ( cli - > tree ) ) ;
2003-08-13 05:53:07 +04:00
}
2004-08-04 17:23:35 +04:00
qfnum = smbcli_nt_create_full ( cli - > tree , " \\ $Extend \\ $Quota:$Q:$INDEX_ALLOCATION " ,
2003-08-13 05:53:07 +04:00
NTCREATEX_FLAGS_EXTENDED ,
2004-12-02 07:37:36 +03:00
SEC_FLAG_MAXIMUM_ALLOWED ,
2003-08-13 05:53:07 +04:00
0 ,
NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE ,
NTCREATEX_DISP_OPEN ,
0 , 0 ) ;
if ( qfnum = = - 1 ) {
2004-08-04 17:23:35 +04:00
printf ( " quota open failed - %s \n " , smbcli_errstr ( cli - > tree ) ) ;
2003-08-13 05:53:07 +04:00
}
for ( op = OP_MIN ; op < = OP_MAX ; op + + ) {
if ( ! trans2_op_exists ( cli , op ) ) {
continue ;
}
for ( level = 0 ; level < = 50 ; level + + ) {
2008-10-24 05:40:09 +04:00
scan_trans2 ( cli , op , level , fnum , dnum , qfnum , fname ) ;
2003-08-13 05:53:07 +04:00
}
for ( level = 0x100 ; level < = 0x130 ; level + + ) {
2008-10-24 05:40:09 +04:00
scan_trans2 ( cli , op , level , fnum , dnum , qfnum , fname ) ;
2003-08-13 05:53:07 +04:00
}
for ( level = 1000 ; level < 1050 ; level + + ) {
2008-10-24 05:40:09 +04:00
scan_trans2 ( cli , op , level , fnum , dnum , qfnum , fname ) ;
2003-08-13 05:53:07 +04:00
}
}
2007-10-07 02:28:14 +04:00
return true ;
2003-08-13 05:53:07 +04:00
}
/****************************************************************************
look for a partial hit
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static void nttrans_check_hit ( const char * format , int op , int level , NTSTATUS status )
{
2005-07-04 09:05:28 +04:00
if ( NT_STATUS_EQUAL ( status , NT_STATUS_INVALID_LEVEL ) | |
NT_STATUS_EQUAL ( status , NT_STATUS_NOT_IMPLEMENTED ) | |
NT_STATUS_EQUAL ( status , NT_STATUS_NOT_SUPPORTED ) | |
NT_STATUS_EQUAL ( status , NT_STATUS_UNSUCCESSFUL ) | |
NT_STATUS_EQUAL ( status , NT_STATUS_INVALID_INFO_CLASS ) ) {
2003-08-13 05:53:07 +04:00
return ;
}
# if VERBOSE
printf ( " possible %s hit op=%3d level=%5d status=%s \n " ,
format , op , level , nt_errstr ( status ) ) ;
# endif
}
/****************************************************************************
check for existence of a nttrans call
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2004-08-04 17:23:35 +04:00
static NTSTATUS try_nttrans ( struct smbcli_state * cli ,
2003-08-13 05:53:07 +04:00
int op ,
2004-11-25 23:01:47 +03:00
uint8_t * param , uint8_t * data ,
2003-08-13 05:53:07 +04:00
int param_len , int data_len ,
int * rparam_len , int * rdata_len )
{
struct smb_nttrans parms ;
DATA_BLOB ntparam_blob , ntdata_blob ;
TALLOC_CTX * mem_ctx ;
NTSTATUS status ;
mem_ctx = talloc_init ( " try_nttrans " ) ;
ntparam_blob . length = param_len ;
ntparam_blob . data = param ;
ntdata_blob . length = data_len ;
ntdata_blob . data = data ;
2008-07-07 20:07:47 +04:00
parms . in . max_param = UINT32_MAX ;
parms . in . max_data = UINT32_MAX ;
2003-08-13 05:53:07 +04:00
parms . in . max_setup = 0 ;
parms . in . setup_count = 0 ;
parms . in . function = op ;
parms . in . params = ntparam_blob ;
parms . in . data = ntdata_blob ;
status = smb_raw_nttrans ( cli - > tree , mem_ctx , & parms ) ;
if ( NT_STATUS_IS_ERR ( status ) ) {
DEBUG ( 1 , ( " Failed to send NT_TRANS \n " ) ) ;
2005-01-27 10:08:20 +03:00
talloc_free ( mem_ctx ) ;
2003-08-13 05:53:07 +04:00
return status ;
}
* rparam_len = parms . out . params . length ;
* rdata_len = parms . out . data . length ;
2005-01-27 10:08:20 +03:00
talloc_free ( mem_ctx ) ;
2003-08-13 05:53:07 +04:00
return status ;
}
2007-12-16 01:16:43 +03:00
static NTSTATUS try_nttrans_len ( struct smbcli_state * cli ,
2003-08-13 05:53:07 +04:00
const char * format ,
int op , int level ,
2004-11-25 23:01:47 +03:00
uint8_t * param , uint8_t * data ,
2003-08-13 05:53:07 +04:00
int param_len , int * data_len ,
int * rparam_len , int * rdata_len )
{
NTSTATUS ret = NT_STATUS_OK ;
ret = try_nttrans ( cli , op , param , data , param_len ,
2007-12-16 01:16:43 +03:00
PARAM_SIZE , rparam_len , rdata_len ) ;
# if VERBOSE
2003-08-13 05:53:07 +04:00
printf ( " op=%d level=%d ret=%s \n " , op , level , nt_errstr ( ret ) ) ;
# endif
if ( ! NT_STATUS_IS_OK ( ret ) ) return ret ;
* data_len = 0 ;
2007-12-16 01:16:43 +03:00
while ( * data_len < PARAM_SIZE ) {
2003-08-13 05:53:07 +04:00
ret = try_nttrans ( cli , op , param , data , param_len ,
* data_len , rparam_len , rdata_len ) ;
if ( NT_STATUS_IS_OK ( ret ) ) break ;
* data_len + = 2 ;
}
if ( NT_STATUS_IS_OK ( ret ) ) {
printf ( " found %s level=%d data_len=%d rparam_len=%d rdata_len=%d \n " ,
format , level , * data_len , * rparam_len , * rdata_len ) ;
} else {
nttrans_check_hit ( format , op , level , ret ) ;
}
return ret ;
}
/****************************************************************************
check for existance of a nttrans call
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2010-05-09 19:20:01 +04:00
static bool scan_nttrans ( struct smbcli_state * cli , int op , int level ,
2003-08-13 05:53:07 +04:00
int fnum , int dnum , const char * fname )
{
int data_len = 0 ;
int param_len = 0 ;
int rparam_len , rdata_len ;
2007-12-16 01:16:43 +03:00
uint8_t * param , * data ;
2003-08-13 05:53:07 +04:00
NTSTATUS status ;
2007-12-16 01:16:43 +03:00
TALLOC_CTX * mem_ctx ;
2003-08-13 05:53:07 +04:00
2007-12-16 01:16:43 +03:00
mem_ctx = talloc_init ( " scan_nttrans " ) ;
param = talloc_array ( mem_ctx , uint8_t , PARAM_SIZE ) ;
data = talloc_array ( mem_ctx , uint8_t , PARAM_SIZE ) ;
memset ( data , 0 , PARAM_SIZE ) ;
2003-08-13 05:53:07 +04:00
data_len = 4 ;
/* try with a info level only */
param_len = 2 ;
SSVAL ( param , 0 , level ) ;
2007-12-16 01:16:43 +03:00
status = try_nttrans_len ( cli , " void " , op , level , param , data , param_len ,
& data_len , & rparam_len , & rdata_len ) ;
if ( NT_STATUS_IS_OK ( status ) ) {
talloc_free ( mem_ctx ) ;
return true ;
}
2003-08-13 05:53:07 +04:00
/* try with a file descriptor */
param_len = 6 ;
SSVAL ( param , 0 , fnum ) ;
SSVAL ( param , 2 , level ) ;
SSVAL ( param , 4 , 0 ) ;
2007-12-16 01:16:43 +03:00
status = try_nttrans_len ( cli , " fnum " , op , level , param , data , param_len ,
& data_len , & rparam_len , & rdata_len ) ;
if ( NT_STATUS_IS_OK ( status ) ) {
talloc_free ( mem_ctx ) ;
return true ;
}
2003-08-13 05:53:07 +04:00
/* try with a notify style */
param_len = 6 ;
SSVAL ( param , 0 , dnum ) ;
SSVAL ( param , 2 , dnum ) ;
SSVAL ( param , 4 , level ) ;
2007-12-16 01:16:43 +03:00
status = try_nttrans_len ( cli , " notify " , op , level , param , data ,
param_len , & data_len , & rparam_len , & rdata_len ) ;
if ( NT_STATUS_IS_OK ( status ) ) {
talloc_free ( mem_ctx ) ;
return true ;
}
2003-08-13 05:53:07 +04:00
/* try with a file name */
param_len = 6 ;
SSVAL ( param , 0 , level ) ;
SSVAL ( param , 2 , 0 ) ;
SSVAL ( param , 4 , 0 ) ;
2008-10-24 05:40:09 +04:00
param_len + = push_string (
2007-12-16 01:16:43 +03:00
& param [ 6 ] , fname , PARAM_SIZE ,
STR_TERMINATE | STR_UNICODE ) ;
2003-08-13 05:53:07 +04:00
2007-12-16 01:16:43 +03:00
status = try_nttrans_len ( cli , " fname " , op , level , param , data ,
param_len , & data_len , & rparam_len , & rdata_len ) ;
if ( NT_STATUS_IS_OK ( status ) ) {
talloc_free ( mem_ctx ) ;
return true ;
}
2003-08-13 05:53:07 +04:00
/* try with a new file name */
param_len = 6 ;
SSVAL ( param , 0 , level ) ;
SSVAL ( param , 2 , 0 ) ;
SSVAL ( param , 4 , 0 ) ;
2008-10-24 05:40:09 +04:00
param_len + = push_string (
2007-12-16 01:16:43 +03:00
& param [ 6 ] , " \\ newfile.dat " , PARAM_SIZE ,
STR_TERMINATE | STR_UNICODE ) ;
2003-08-13 05:53:07 +04:00
2007-12-16 01:16:43 +03:00
status = try_nttrans_len ( cli , " newfile " , op , level , param , data ,
param_len , & data_len , & rparam_len , & rdata_len ) ;
2004-08-04 17:23:35 +04:00
smbcli_unlink ( cli - > tree , " \\ newfile.dat " ) ;
smbcli_rmdir ( cli - > tree , " \\ newfile.dat " ) ;
2007-12-16 01:16:43 +03:00
if ( NT_STATUS_IS_OK ( status ) ) {
talloc_free ( mem_ctx ) ;
return true ;
}
2003-08-13 05:53:07 +04:00
/* try dfs style */
2004-08-04 17:23:35 +04:00
smbcli_mkdir ( cli - > tree , " \\ testdir " ) ;
2003-08-13 05:53:07 +04:00
param_len = 2 ;
SSVAL ( param , 0 , level ) ;
2008-10-24 05:40:09 +04:00
param_len + = push_string ( & param [ 2 ] , " \\ testdir " , PARAM_SIZE ,
2007-12-16 01:16:43 +03:00
STR_TERMINATE | STR_UNICODE ) ;
2003-08-13 05:53:07 +04:00
2007-12-16 01:16:43 +03:00
status = try_nttrans_len ( cli , " dfs " , op , level , param , data , param_len ,
& data_len , & rparam_len , & rdata_len ) ;
2004-08-04 17:23:35 +04:00
smbcli_rmdir ( cli - > tree , " \\ testdir " ) ;
2007-12-16 01:16:43 +03:00
if ( NT_STATUS_IS_OK ( status ) ) {
talloc_free ( mem_ctx ) ;
return true ;
}
2003-08-13 05:53:07 +04:00
2007-12-16 01:16:43 +03:00
talloc_free ( mem_ctx ) ;
2007-10-07 02:28:14 +04:00
return false ;
2003-08-13 05:53:07 +04:00
}
2007-09-02 03:25:44 +04:00
bool torture_nttrans_scan ( struct torture_context * torture ,
struct smbcli_state * cli )
2003-08-13 05:53:07 +04:00
{
int op , level ;
const char * fname = " \\ scanner.dat " ;
int fnum , dnum ;
2004-08-04 17:23:35 +04:00
fnum = smbcli_open ( cli - > tree , fname , O_RDWR | O_CREAT | O_TRUNC ,
2003-08-13 05:53:07 +04:00
DENY_NONE ) ;
2004-08-04 17:23:35 +04:00
dnum = smbcli_open ( cli - > tree , " \\ " , O_RDONLY , DENY_NONE ) ;
2003-08-13 05:53:07 +04:00
for ( op = OP_MIN ; op < = OP_MAX ; op + + ) {
printf ( " Scanning op=%d \n " , op ) ;
for ( level = 0 ; level < = 50 ; level + + ) {
2010-05-09 19:20:01 +04:00
scan_nttrans ( cli , op , level , fnum , dnum , fname ) ;
2003-08-13 05:53:07 +04:00
}
for ( level = 0x100 ; level < = 0x130 ; level + + ) {
2010-05-09 19:20:01 +04:00
scan_nttrans ( cli , op , level , fnum , dnum , fname ) ;
2003-08-13 05:53:07 +04:00
}
for ( level = 1000 ; level < 1050 ; level + + ) {
2010-05-09 19:20:01 +04:00
scan_nttrans ( cli , op , level , fnum , dnum , fname ) ;
2003-08-13 05:53:07 +04:00
}
}
printf ( " nttrans scan finished \n " ) ;
2007-10-07 02:28:14 +04:00
return true ;
2003-08-13 05:53:07 +04:00
}
2003-08-14 02:23:18 +04:00
/* scan for valid base SMB requests */
2007-10-07 02:28:14 +04:00
bool torture_smb_scan ( struct torture_context * torture )
2003-08-14 02:23:18 +04:00
{
2004-08-04 17:23:35 +04:00
static struct smbcli_state * cli ;
2003-08-14 02:23:18 +04:00
int op ;
2004-08-04 17:23:35 +04:00
struct smbcli_request * req ;
2003-08-14 02:23:18 +04:00
NTSTATUS status ;
for ( op = 0x0 ; op < = 0xFF ; op + + ) {
if ( op = = SMBreadbraw ) continue ;
2007-12-03 17:53:07 +03:00
if ( ! torture_open_connection ( & cli , torture , 0 ) ) {
2007-10-07 02:28:14 +04:00
return false ;
2003-08-14 02:23:18 +04:00
}
2004-08-04 17:23:35 +04:00
req = smbcli_request_setup ( cli - > tree , op , 0 , 0 ) ;
2003-08-14 02:23:18 +04:00
2004-08-04 17:23:35 +04:00
if ( ! smbcli_request_send ( req ) ) {
smbcli_request_destroy ( req ) ;
2003-08-14 02:23:18 +04:00
break ;
}
usleep ( 10000 ) ;
2004-08-04 17:23:35 +04:00
smbcli_transport_process ( cli - > transport ) ;
if ( req - > state > SMBCLI_REQUEST_RECV ) {
status = smbcli_request_simple_recv ( req ) ;
2003-08-14 02:23:18 +04:00
printf ( " op=0x%x status=%s \n " , op , nt_errstr ( status ) ) ;
torture_close_connection ( cli ) ;
continue ;
}
sleep ( 1 ) ;
2004-08-04 17:23:35 +04:00
smbcli_transport_process ( cli - > transport ) ;
if ( req - > state > SMBCLI_REQUEST_RECV ) {
status = smbcli_request_simple_recv ( req ) ;
2003-08-14 02:23:18 +04:00
printf ( " op=0x%x status=%s \n " , op , nt_errstr ( status ) ) ;
} else {
printf ( " op=0x%x no reply \n " , op ) ;
2004-08-04 17:23:35 +04:00
smbcli_request_destroy ( req ) ;
2003-08-14 02:23:18 +04:00
continue ; /* don't attempt close! */
}
torture_close_connection ( cli ) ;
}
printf ( " smb scan finished \n " ) ;
2007-10-07 02:28:14 +04:00
return true ;
2003-08-14 02:23:18 +04:00
}