torture.c

samba-3.0.22.tar.gz 编译smb服务器的源码

	}

	/* Check for NT bug... */
	ret = cli_lock(cli1, fnum1, 0, 8, 0, READ_LOCK) &&
		  cli_lock(cli1, fnum3, 0, 1, 0, READ_LOCK);
	cli_close(cli1, fnum1);
	fnum1 = cli_open(cli1, fname, O_RDWR, DENY_NONE);
	ret = cli_lock(cli1, fnum1, 7, 1, 0, WRITE_LOCK);
	EXPECTED(ret, True);
	printf("this server %s the NT locking bug\n", ret ? "doesn't have" : "has");
	cli_close(cli1, fnum1);
	fnum1 = cli_open(cli1, fname, O_RDWR, DENY_NONE);
	cli_unlock(cli1, fnum3, 0, 1);

	ret = cli_lock(cli1, fnum1, 0, 4, 0, WRITE_LOCK) &&
	      cli_lock(cli1, fnum1, 1, 1, 0, READ_LOCK);
	EXPECTED(ret, True);
	printf("the same process %s overlay a write with a read lock\n", ret?"can":"cannot");

	ret = cli_lock(cli2, fnum2, 0, 4, 0, READ_LOCK);
	EXPECTED(ret, False);

	printf("a different processs %s get a read lock on the first process lock stack\n", ret?"can":"cannot");

	/* Unlock the process 2 lock. */
	cli_unlock(cli2, fnum2, 0, 4);

	ret = cli_lock(cli1, fnum3, 0, 4, 0, READ_LOCK);
	EXPECTED(ret, False);

	printf("the same processs on a different fnum %s get a read lock\n", ret?"can":"cannot");

	/* Unlock the process 1 fnum3 lock. */
	cli_unlock(cli1, fnum3, 0, 4);

	/* Stack 2 more locks here. */
	ret = cli_lock(cli1, fnum1, 0, 4, 0, READ_LOCK) &&
		  cli_lock(cli1, fnum1, 0, 4, 0, READ_LOCK);

	EXPECTED(ret, True);
	printf("the same process %s stack read locks\n", ret?"can":"cannot");

	/* Unlock the first process lock, then check this was the WRITE lock that was
		removed. */

	ret = cli_unlock(cli1, fnum1, 0, 4) &&
			cli_lock(cli2, fnum2, 0, 4, 0, READ_LOCK);

	EXPECTED(ret, True);
	printf("the first unlock removes the %s lock\n", ret?"WRITE":"READ");

	/* Unlock the process 2 lock. */
	cli_unlock(cli2, fnum2, 0, 4);

	/* We should have 3 stacked locks here. Ensure we need to do 3 unlocks. */

	ret = cli_unlock(cli1, fnum1, 1, 1) &&
		  cli_unlock(cli1, fnum1, 0, 4) &&
		  cli_unlock(cli1, fnum1, 0, 4);

	EXPECTED(ret, True);
	printf("the same process %s unlock the stack of 4 locks\n", ret?"can":"cannot"); 

	/* Ensure the next unlock fails. */
	ret = cli_unlock(cli1, fnum1, 0, 4);
	EXPECTED(ret, False);
	printf("the same process %s count the lock stack\n", !ret?"can":"cannot"); 

	/* Ensure connection 2 can get a write lock. */
	ret = cli_lock(cli2, fnum2, 0, 4, 0, WRITE_LOCK);
	EXPECTED(ret, True);

	printf("a different processs %s get a write lock on the unlocked stack\n", ret?"can":"cannot");


 fail:
	cli_close(cli1, fnum1);
	cli_close(cli2, fnum2);
	cli_unlink(cli1, fname);
	if (!torture_close_connection(cli1)) {
		correct = False;
	}
	if (!torture_close_connection(cli2)) {
		correct = False;
	}

	printf("finished locktest5\n");
       
	return correct;
}

/*
  tries the unusual lockingX locktype bits
*/
static BOOL run_locktest6(int dummy)
{
	static struct cli_state *cli;
	const char *fname[1] = { "\\lock6.txt" };
	int i;
	int fnum;
	NTSTATUS status;

	if (!torture_open_connection(&cli)) {
		return False;
	}

	cli_sockopt(cli, sockops);

	printf("starting locktest6\n");

	for (i=0;i<1;i++) {
		printf("Testing %s\n", fname[i]);

		cli_unlink(cli, fname[i]);

		fnum = cli_open(cli, fname[i], O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
		status = cli_locktype(cli, fnum, 0, 8, 0, LOCKING_ANDX_CHANGE_LOCKTYPE);
		cli_close(cli, fnum);
		printf("CHANGE_LOCKTYPE gave %s\n", nt_errstr(status));

		fnum = cli_open(cli, fname[i], O_RDWR, DENY_NONE);
		status = cli_locktype(cli, fnum, 0, 8, 0, LOCKING_ANDX_CANCEL_LOCK);
		cli_close(cli, fnum);
		printf("CANCEL_LOCK gave %s\n", nt_errstr(status));

		cli_unlink(cli, fname[i]);
	}

	torture_close_connection(cli);

	printf("finished locktest6\n");
	return True;
}

static BOOL run_locktest7(int dummy)
{
	struct cli_state *cli1;
	const char *fname = "\\lockt7.lck";
	int fnum1;
	char buf[200];
	BOOL correct = False;

	if (!torture_open_connection(&cli1)) {
		return False;
	}

	cli_sockopt(cli1, sockops);

	printf("starting locktest7\n");

	cli_unlink(cli1, fname);

	fnum1 = cli_open(cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);

	memset(buf, 0, sizeof(buf));

	if (cli_write(cli1, fnum1, 0, buf, 0, sizeof(buf)) != sizeof(buf)) {
		printf("Failed to create file\n");
		goto fail;
	}

	cli_setpid(cli1, 1);

	if (!cli_lock(cli1, fnum1, 130, 4, 0, READ_LOCK)) {
		printf("Unable to apply read lock on range 130:4, error was %s\n", cli_errstr(cli1));
		goto fail;
	} else {
		printf("pid1 successfully locked range 130:4 for READ\n");
	}

	if (cli_read(cli1, fnum1, buf, 130, 4) != 4) {
		printf("pid1 unable to read the range 130:4, error was %s\n", cli_errstr(cli1));
		goto fail;
	} else {
		printf("pid1 successfully read the range 130:4\n");
	}

	if (cli_write(cli1, fnum1, 0, buf, 130, 4) != 4) {
		printf("pid1 unable to write to the range 130:4, error was %s\n", cli_errstr(cli1));
		if (NT_STATUS_V(cli_nt_error(cli1)) != NT_STATUS_V(NT_STATUS_FILE_LOCK_CONFLICT)) {
			printf("Incorrect error (should be NT_STATUS_FILE_LOCK_CONFLICT)\n");
			goto fail;
		}
	} else {
		printf("pid1 successfully wrote to the range 130:4 (should be denied)\n");
		goto fail;
	}

	cli_setpid(cli1, 2);

	if (cli_read(cli1, fnum1, buf, 130, 4) != 4) {
		printf("pid2 unable to read the range 130:4, error was %s\n", cli_errstr(cli1));
	} else {
		printf("pid2 successfully read the range 130:4\n");
	}

	if (cli_write(cli1, fnum1, 0, buf, 130, 4) != 4) {
		printf("pid2 unable to write to the range 130:4, error was %s\n", cli_errstr(cli1));
		if (NT_STATUS_V(cli_nt_error(cli1)) != NT_STATUS_V(NT_STATUS_FILE_LOCK_CONFLICT)) {
			printf("Incorrect error (should be NT_STATUS_FILE_LOCK_CONFLICT)\n");
			goto fail;
		}
	} else {
		printf("pid2 successfully wrote to the range 130:4 (should be denied)\n");
		goto fail;
	}

	cli_setpid(cli1, 1);
	cli_unlock(cli1, fnum1, 130, 4);

	if (!cli_lock(cli1, fnum1, 130, 4, 0, WRITE_LOCK)) {
		printf("Unable to apply write lock on range 130:4, error was %s\n", cli_errstr(cli1));
		goto fail;
	} else {
		printf("pid1 successfully locked range 130:4 for WRITE\n");
	}

	if (cli_read(cli1, fnum1, buf, 130, 4) != 4) {
		printf("pid1 unable to read the range 130:4, error was %s\n", cli_errstr(cli1));
		goto fail;
	} else {
		printf("pid1 successfully read the range 130:4\n");
	}

	if (cli_write(cli1, fnum1, 0, buf, 130, 4) != 4) {
		printf("pid1 unable to write to the range 130:4, error was %s\n", cli_errstr(cli1));
		goto fail;
	} else {
		printf("pid1 successfully wrote to the range 130:4\n");
	}

	cli_setpid(cli1, 2);

	if (cli_read(cli1, fnum1, buf, 130, 4) != 4) {
		printf("pid2 unable to read the range 130:4, error was %s\n", cli_errstr(cli1));
		if (NT_STATUS_V(cli_nt_error(cli1)) != NT_STATUS_V(NT_STATUS_FILE_LOCK_CONFLICT)) {
			printf("Incorrect error (should be NT_STATUS_FILE_LOCK_CONFLICT)\n");
			goto fail;
		}
	} else {
		printf("pid2 successfully read the range 130:4 (should be denied)\n");
		goto fail;
	}

	if (cli_write(cli1, fnum1, 0, buf, 130, 4) != 4) {
		printf("pid2 unable to write to the range 130:4, error was %s\n", cli_errstr(cli1));
		if (NT_STATUS_V(cli_nt_error(cli1)) != NT_STATUS_V(NT_STATUS_FILE_LOCK_CONFLICT)) {
			printf("Incorrect error (should be NT_STATUS_FILE_LOCK_CONFLICT)\n");
			goto fail;
		}
	} else {
		printf("pid2 successfully wrote to the range 130:4 (should be denied)\n");
		goto fail;
	}

	cli_unlock(cli1, fnum1, 130, 0);
	correct = True;

fail:
	cli_close(cli1, fnum1);
	cli_unlink(cli1, fname);
	torture_close_connection(cli1);

	printf("finished locktest7\n");
	return correct;
}

/*
test whether fnums and tids open on one VC are available on another (a major
security hole)
*/
static BOOL run_fdpasstest(int dummy)
{
	struct cli_state *cli1, *cli2;
	const char *fname = "\\fdpass.tst";
	int fnum1;
	pstring buf;

	if (!torture_open_connection(&cli1) || !torture_open_connection(&cli2)) {
		return False;
	}
	cli_sockopt(cli1, sockops);
	cli_sockopt(cli2, sockops);

	printf("starting fdpasstest\n");

	cli_unlink(cli1, fname);

	fnum1 = cli_open(cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
	if (fnum1 == -1) {
		printf("open of %s failed (%s)\n", fname, cli_errstr(cli1));
		return False;
	}

	if (cli_write(cli1, fnum1, 0, "hello world\n", 0, 13) != 13) {
		printf("write failed (%s)\n", cli_errstr(cli1));
		return False;
	}

	cli2->vuid = cli1->vuid;
	cli2->cnum = cli1->cnum;
	cli2->pid = cli1->pid;

	if (cli_read(cli2, fnum1, buf, 0, 13) == 13) {
		printf("read succeeded! nasty security hole [%s]\n",
		       buf);
		return False;
	}

	cli_close(cli1, fnum1);
	cli_unlink(cli1, fname);

	torture_close_connection(cli1);
	torture_close_connection(cli2);

	printf("finished fdpasstest\n");
	return True;
}

static BOOL run_fdsesstest(int dummy)
{
	struct cli_state *cli;
	uint16 new_vuid;
	uint16 saved_vuid;
	uint16 new_cnum;
	uint16 saved_cnum;
	const char *fname = "\\fdsess.tst";
	const char *fname1 = "\\fdsess1.tst";
	int fnum1;
	int fnum2;
	pstring buf;
	BOOL ret = True;

	if (!torture_open_connection(&cli))
		return False;
	cli_sockopt(cli, sockops);

	if (!torture_cli_session_setup2(cli, &new_vuid))
		return False;

	saved_cnum = cli->cnum;
	if (!cli_send_tconX(cli, share, "?????", "", 1))
		return False;
	new_cnum = cli->cnum;
	cli->cnum = saved_cnum;

	printf("starting fdsesstest\n");

	cli_unlink(cli, fname);
	cli_unlink(cli, fname1);

	fnum1 = cli_open(cli, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
	if (fnum1 == -1) {
		printf("open of %s failed (%s)\n", fname, cli_errstr(cli));
		return False;
	}

	if (cli_write(cli, fnum1, 0, "hello world\n", 0, 13) != 13) {
		printf("write failed (%s)\n", cli_errstr(cli));
		return False;
	}

	saved_vuid = cli->vuid;
	cli->vuid = new_vuid;

	if (cli_read(cli, fnum1, buf, 0, 13) == 13) {
		printf("read succeeded with different vuid! nasty security hole [%s]\n",
		       buf);
		ret = False;
	}
	/* Try to open a file with different vuid, samba cnum. */
	fnum2 = cli_open(cli, fname1, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
	if (fnum2 != -1) {
		printf("create with different vuid, same cnum succeeded.\n");
		cli_close(cli, fnum2);
		cli_unlink(cli, fname1);
	} else {
		printf("create with different vuid, same cnum failed.\n");
		printf("This will cause problems with service clients.\n");
		ret = False;
	}

	cli->vuid = saved_vuid;

	/* Try with same vuid, different cnum. */
	cli->cnum = new_cnum;

	if (cli_read(cli, fnum1, buf, 0, 13) == 13) {
		printf("read succeeded with different cnum![%s]\n",
		       buf);
		ret = False;
	}

	cli->cnum = saved_cnum;
	cli_close(cli, fnum1);
	cli_unlink(cli, fname);

	torture_close_connection(cli);

	printf("finished fdsesstest\n");
	return ret;
}

/*
  This test checks that 

  1) the server does not allow an unlink on a file that is open
*/
static BOOL run_unlinktest(int dummy)
{
	struct cli_state *cli;
	const char *fname = "\\unlink.tst";
	int fnum;
	BOOL correct = True;

	if (!torture_open_connection(&cli)) {
		return False;
	}

	cli_sockopt(cli, sockops);

	printf("starting unlink test\n");

	cli_unlink(cli, fname);

	cli_setpid(cli, 1);

	fnum = cli_open(cli, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
	if (fnum == -1) {
		printf("open of %s failed (%s)\n", fname, cli_errstr(cli));
		return False;
	}

	if (cli_unlink(cli, fname)) {
		printf("error: server allowed unlink on an open file\n");
		correct = False;
	} else {
		correct = check_error(__LINE__, cli, ERRDOS, ERRbadshare, 
				      NT_STATUS_SHARING_VIOLATION);
	}

	cli_close(cli, fnum);
	cli_unlink(cli, fname);

	if (!torture_close_connection(cli)) {
		correct = False;
	}

	printf("unlink test finished\n");
	
	return correct;
}


/*
test how many open files this server supports on the one socket
*/
static BOOL run_maxfidtest(int dummy)
{
	struct cli_state *cli;
	const char *ftemplate = "\\maxfid.%d.%d";
	fstring fname;
	int fnums[0x11000], i;
	int retries=4;
	BOOL correct = True;

	cli = current_cli;

	if (retries <= 0) {
		printf("failed to connect\n");
		return False;
	}

	cli_sockopt(cli, sockops);

	for (i=0; i<0x11000; i++) {
		slprintf(fname,sizeof(fname)-1,ftemplate, i,(int)getpid());
		if ((fnums[i] = cli_open(cli, fname, 
					O_RDWR|O_CREAT|O_TRUNC, DENY_NONE)) ==
		    -1) {
			printf("open of %s failed (%s)\n", 
			       fname, cli_errstr(cli));
			printf("maximum fnum is %d\n", i);
			break;
		}
		printf("%6d\r", i);
	}
	printf("%6d\n", i);
	i--;

	printf("cleaning up\n");
	for (;i>=0;i--) {
		slprintf(fname,sizeof(fname)-1,ftemplate, i,(int)getpid());
		cli_close(cli, fnums[i]);
		if (!cli_unlink(cli, fname)) {
			printf("unlink of %s failed (%s)\n", 
			       fname, cli_errstr(cli));
			correct = False;
		}
		printf("%6d\r", i);
	}
	printf("%6d\n", 0);

	printf("maxfid test finished\n");
	if (!torture_close_connection(cli)) {
		correct = False;
	}
	return correct;
}

/* generate a random buffer */
static void rand_buf(char *buf, int len)
{
	while (len--) {
		*buf = (char)sys_random();
		buf++;
	}
}

/* send smb negprot commands, not reading the response */
static BOOL run_negprot_nowait(int dummy)
{
	int i;
	static struct cli_state cli;
	BOOL correct = True;

	printf("starting negprot nowait test\n");

	if (!open_nbt_connection(&cli)) {
		return False;
	}

	for (i=0;i<50000;i++) {
		cli_negprot_send(&cli);
	}

	if (!torture_close_connection(&cli)) {
		correct = False;
	}

	printf("finished negprot nowait test\n");

	return correct;
}


/* send random IPC commands */
static BOOL run_randomipc(int dummy)
{
	char *rparam = NULL;
	char *rdata = NULL;