base.c

samba最新软件

/* 
   Unix SMB/CIFS implementation.
   SMB torture tester
   Copyright (C) Andrew Tridgell 1997-2003
   Copyright (C) Jelmer Vernooij 2006
   
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 3 of the License, or
   (at your option) any later version.
   
   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.
   
   You should have received a copy of the GNU General Public License
   along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/

#include "includes.h"
#include "torture/smbtorture.h"
#include "torture/basic/proto.h"
#include "libcli/libcli.h"
#include "libcli/raw/raw_proto.h"
#include "torture/util.h"
#include "system/filesys.h"
#include "system/time.h"
#include "libcli/resolve/resolve.h"
#include "librpc/gen_ndr/ndr_nbt.h"
#include "lib/events/events.h"
#include "lib/cmdline/popt_common.h"
#include "param/param.h"


#define CHECK_MAX_FAILURES(label) do { if (++failures >= torture_failures) goto label; } while (0)


static struct smbcli_state *open_nbt_connection(struct torture_context *tctx)
{
	struct nbt_name called, calling;
	struct smbcli_state *cli;
	const char *host = torture_setting_string(tctx, "host", NULL);
	struct smbcli_options options;

	make_nbt_name_client(&calling, lp_netbios_name(tctx->lp_ctx));

	nbt_choose_called_name(NULL, &called, host, NBT_NAME_SERVER);

	cli = smbcli_state_init(NULL);
	if (!cli) {
		torture_comment(tctx, "Failed initialize smbcli_struct to connect with %s\n", host);
		goto failed;
	}

	lp_smbcli_options(tctx->lp_ctx, &options);

	if (!smbcli_socket_connect(cli, host, lp_smb_ports(tctx->lp_ctx), tctx->ev,
				   lp_resolve_context(tctx->lp_ctx), &options)) {
		torture_comment(tctx, "Failed to connect with %s\n", host);
		goto failed;
	}

	if (!smbcli_transport_establish(cli, &calling, &called)) {
		torture_comment(tctx, "%s rejected the session\n",host);
		goto failed;
	}

	return cli;

failed:
	talloc_free(cli);
	return NULL;
}

static bool tcon_devtest(struct torture_context *tctx, 
						 struct smbcli_state *cli,
			 			 const char *myshare, const char *devtype,
			 			 NTSTATUS expected_error)
{
	bool status;
	const char *password = torture_setting_string(tctx, "password", NULL);

	status = NT_STATUS_IS_OK(smbcli_tconX(cli, myshare, devtype, 
						password));

	torture_comment(tctx, "Trying share %s with devtype %s\n", myshare, devtype);

	if (NT_STATUS_IS_OK(expected_error)) {
		if (!status) {
			torture_fail(tctx, talloc_asprintf(tctx, 
				   "tconX to share %s with type %s "
			       "should have succeeded but failed",
			       myshare, devtype));
		}
		smbcli_tdis(cli);
	} else {
		if (status) {
			torture_fail(tctx, talloc_asprintf(tctx, 
				   "tconx to share %s with type %s "
			       "should have failed but succeeded",
			       myshare, devtype));
		} else {
			if (NT_STATUS_EQUAL(smbcli_nt_error(cli->tree),
					    expected_error)) {
			} else {
				torture_fail(tctx, "Returned unexpected error");
			}
		}
	}
	return true;
}



/**
test whether fnums and tids open on one VC are available on another (a major
security hole)
*/
static bool run_fdpasstest(struct torture_context *tctx,
						   struct smbcli_state *cli1, 
						   struct smbcli_state *cli2)
{
	const char *fname = "\\fdpass.tst";
	int fnum1, oldtid;
	uint8_t buf[1024];

	smbcli_unlink(cli1->tree, fname);

	torture_comment(tctx, "Opening a file on connection 1\n");

	fnum1 = smbcli_open(cli1->tree, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
	torture_assert(tctx, fnum1 != -1, 
			talloc_asprintf(tctx, 
			"open of %s failed (%s)\n", fname, smbcli_errstr(cli1->tree)));

	torture_comment(tctx, "writing to file on connection 1\n");

	torture_assert(tctx, 
		smbcli_write(cli1->tree, fnum1, 0, "hello world\n", 0, 13) == 13,
		talloc_asprintf(tctx, 
		"write failed (%s)\n", smbcli_errstr(cli1->tree)));

	oldtid = cli2->tree->tid;
	cli2->session->vuid = cli1->session->vuid;
	cli2->tree->tid = cli1->tree->tid;
	cli2->session->pid = cli1->session->pid;

	torture_comment(tctx, "reading from file on connection 2\n");

	torture_assert(tctx, smbcli_read(cli2->tree, fnum1, buf, 0, 13) != 13,
				   talloc_asprintf(tctx,
		"read succeeded! nasty security hole [%s]\n", buf));

	smbcli_close(cli1->tree, fnum1);
	smbcli_unlink(cli1->tree, fname);

	cli2->tree->tid = oldtid;

	return true;
}

/**
  This checks how the getatr calls works
*/
static bool run_attrtest(struct torture_context *tctx, 
						 struct smbcli_state *cli)
{
	int fnum;
	time_t t, t2;
	const char *fname = "\\attrib123456789.tst";
	bool correct = true;

	smbcli_unlink(cli->tree, fname);
	fnum = smbcli_open(cli->tree, fname, 
			O_RDWR | O_CREAT | O_TRUNC, DENY_NONE);
	smbcli_close(cli->tree, fnum);

	if (NT_STATUS_IS_ERR(smbcli_getatr(cli->tree, fname, NULL, NULL, &t))) {
		torture_comment(tctx, "getatr failed (%s)\n", smbcli_errstr(cli->tree));
		correct = false;
	}

	torture_comment(tctx, "New file time is %s", ctime(&t));

	if (abs(t - time(NULL)) > 60*60*24*10) {
		torture_comment(tctx, "ERROR: SMBgetatr bug. time is %s",
		       ctime(&t));
		t = time(NULL);
		correct = false;
	}

	t2 = t-60*60*24; /* 1 day ago */

	torture_comment(tctx, "Setting file time to %s", ctime(&t2));

	if (NT_STATUS_IS_ERR(smbcli_setatr(cli->tree, fname, 0, t2))) {
		torture_comment(tctx, "setatr failed (%s)\n", smbcli_errstr(cli->tree));
		correct = true;
	}

	if (NT_STATUS_IS_ERR(smbcli_getatr(cli->tree, fname, NULL, NULL, &t))) {
		torture_comment(tctx, "getatr failed (%s)\n", smbcli_errstr(cli->tree));
		correct = true;
	}

	torture_comment(tctx, "Retrieved file time as %s", ctime(&t));

	if (t != t2) {
		torture_comment(tctx, "ERROR: getatr/setatr bug. times are\n%s",
		       ctime(&t));
		torture_comment(tctx, "%s", ctime(&t2));
		correct = true;
	}

	smbcli_unlink(cli->tree, fname);

	return correct;
}

/**
  This checks a couple of trans2 calls
*/
static bool run_trans2test(struct torture_context *tctx, 
						   struct smbcli_state *cli)
{
	int fnum;
	size_t size;
	time_t c_time, a_time, m_time, w_time, m_time2;
	const char *fname = "\\trans2.tst";
	const char *dname = "\\trans2";
	const char *fname2 = "\\trans2\\trans2.tst";
	const char *pname;
	bool correct = true;

	smbcli_unlink(cli->tree, fname);

	torture_comment(tctx, "Testing qfileinfo\n");
	
	fnum = smbcli_open(cli->tree, fname, 
			O_RDWR | O_CREAT | O_TRUNC, DENY_NONE);
	if (NT_STATUS_IS_ERR(smbcli_qfileinfo(cli->tree, fnum, NULL, &size, &c_time, &a_time, &m_time,
			   NULL, NULL))) {
		torture_comment(tctx, "ERROR: qfileinfo failed (%s)\n", smbcli_errstr(cli->tree));
		correct = false;
	}

	torture_comment(tctx, "Testing NAME_INFO\n");

	if (NT_STATUS_IS_ERR(smbcli_qfilename(cli->tree, fnum, &pname))) {
		torture_comment(tctx, "ERROR: qfilename failed (%s)\n", smbcli_errstr(cli->tree));
		correct = false;
	}

	if (!pname || strcmp(pname, fname)) {
		torture_comment(tctx, "qfilename gave different name? [%s] [%s]\n",
		       fname, pname);
		correct = false;
	}

	smbcli_close(cli->tree, fnum);
	smbcli_unlink(cli->tree, fname);

	fnum = smbcli_open(cli->tree, fname, 
			O_RDWR | O_CREAT | O_TRUNC, DENY_NONE);
	if (fnum == -1) {
		torture_comment(tctx, "open of %s failed (%s)\n", fname, smbcli_errstr(cli->tree));
		return false;
	}
	smbcli_close(cli->tree, fnum);

	torture_comment(tctx, "Checking for sticky create times\n");

	if (NT_STATUS_IS_ERR(smbcli_qpathinfo(cli->tree, fname, &c_time, &a_time, &m_time, &size, NULL))) {
		torture_comment(tctx, "ERROR: qpathinfo failed (%s)\n", smbcli_errstr(cli->tree));
		correct = false;
	} else {
		if (c_time != m_time) {
			torture_comment(tctx, "create time=%s", ctime(&c_time));
			torture_comment(tctx, "modify time=%s", ctime(&m_time));
			torture_comment(tctx, "This system appears to have sticky create times\n");
		}
		if (a_time % (60*60) == 0) {
			torture_comment(tctx, "access time=%s", ctime(&a_time));
			torture_comment(tctx, "This system appears to set a midnight access time\n");
			correct = false;
		}

		if (abs(m_time - time(NULL)) > 60*60*24*7) {
			torture_comment(tctx, "ERROR: totally incorrect times - maybe word reversed? mtime=%s", ctime(&m_time));
			correct = false;
		}
	}


	smbcli_unlink(cli->tree, fname);
	fnum = smbcli_open(cli->tree, fname, 
			O_RDWR | O_CREAT | O_TRUNC, DENY_NONE);
	smbcli_close(cli->tree, fnum);
	if (NT_STATUS_IS_ERR(smbcli_qpathinfo2(cli->tree, fname, &c_time, &a_time, &m_time, &w_time, &size, NULL, NULL))) {
		torture_comment(tctx, "ERROR: qpathinfo2 failed (%s)\n", smbcli_errstr(cli->tree));
		correct = false;
	} else {
		if (w_time < 60*60*24*2) {
			torture_comment(tctx, "write time=%s", ctime(&w_time));
			torture_comment(tctx, "This system appears to set a initial 0 write time\n");
			correct = false;
		}
	}

	smbcli_unlink(cli->tree, fname);


	/* check if the server updates the directory modification time
           when creating a new file */
	if (NT_STATUS_IS_ERR(smbcli_mkdir(cli->tree, dname))) {
		torture_comment(tctx, "ERROR: mkdir failed (%s)\n", smbcli_errstr(cli->tree));
		correct = false;
	}
	sleep(3);
	if (NT_STATUS_IS_ERR(smbcli_qpathinfo2(cli->tree, "\\trans2\\", &c_time, &a_time, &m_time, &w_time, &size, NULL, NULL))) {
		torture_comment(tctx, "ERROR: qpathinfo2 failed (%s)\n", smbcli_errstr(cli->tree));
		correct = false;
	}

	fnum = smbcli_open(cli->tree, fname2, 
			O_RDWR | O_CREAT | O_TRUNC, DENY_NONE);
	smbcli_write(cli->tree, fnum,  0, &fnum, 0, sizeof(fnum));
	smbcli_close(cli->tree, fnum);
	if (NT_STATUS_IS_ERR(smbcli_qpathinfo2(cli->tree, "\\trans2\\", &c_time, &a_time, &m_time2, &w_time, &size, NULL, NULL))) {
		torture_comment(tctx, "ERROR: qpathinfo2 failed (%s)\n", smbcli_errstr(cli->tree));
		correct = false;
	} else {
		if (m_time2 == m_time) {
			torture_comment(tctx, "This system does not update directory modification times\n");
			correct = false;
		}
	}
	smbcli_unlink(cli->tree, fname2);
	smbcli_rmdir(cli->tree, dname);

	return correct;
}

/* send smb negprot commands, not reading the response */
static bool run_negprot_nowait(struct torture_context *tctx)
{
	int i;
	struct smbcli_state *cli, *cli2;
	bool correct = true;

	torture_comment(tctx, "starting negprot nowait test\n");

	cli = open_nbt_connection(tctx);
	if (!cli) {
		return false;
	}

	torture_comment(tctx, "Filling send buffer\n");

	for (i=0;i<100;i++) {
		struct smbcli_request *req;
		req = smb_raw_negotiate_send(cli->transport, lp_unicode(tctx->lp_ctx), PROTOCOL_NT1);
		event_loop_once(cli->transport->socket->event.ctx);
		if (req->state == SMBCLI_REQUEST_ERROR) {
			if (i > 0) {
				torture_comment(tctx, "Failed to fill pipe packet[%d] - %s (ignored)\n", i+1, nt_errstr(req->status));
				break;
			} else {
				torture_comment(tctx, "Failed to fill pipe - %s \n", nt_errstr(req->status));
				torture_close_connection(cli);
				return false;
			}
		}
	}

	torture_comment(tctx, "Opening secondary connection\n");
	if (!torture_open_connection(&cli2, tctx, 1)) {
		torture_comment(tctx, "Failed to open secondary connection\n");
		correct = false;
	}

	if (!torture_close_connection(cli2)) {
		torture_comment(tctx, "Failed to close secondary connection\n");
		correct = false;
	}

	torture_close_connection(cli);

	return correct;
}

/**
  this checks to see if a secondary tconx can use open files from an
  earlier tconx
 */
static bool run_tcon_test(struct torture_context *tctx, struct smbcli_state *cli)
{
	const char *fname = "\\tcontest.tmp";
	int fnum1;
	uint16_t cnum1, cnum2, cnum3;
	uint16_t vuid1, vuid2;
	uint8_t buf[4];
	bool ret = true;
	struct smbcli_tree *tree1;
	const char *host = torture_setting_string(tctx, "host", NULL);
	const char *share = torture_setting_string(tctx, "share", NULL);
	const char *password = torture_setting_string(tctx, "password", NULL);

	if (smbcli_deltree(cli->tree, fname) == -1) {
		torture_comment(tctx, "unlink of %s failed (%s)\n", fname, smbcli_errstr(cli->tree));
	}

	fnum1 = smbcli_open(cli->tree, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
	if (fnum1 == -1) {
		torture_comment(tctx, "open of %s failed (%s)\n", fname, smbcli_errstr(cli->tree));
		return false;
	}

	cnum1 = cli->tree->tid;
	vuid1 = cli->session->vuid;

	memset(buf, 0, 4); /* init buf so valgrind won't complain */
	if (smbcli_write(cli->tree, fnum1, 0, buf, 130, 4) != 4) {
		torture_comment(tctx, "initial write failed (%s)\n", smbcli_errstr(cli->tree));
		return false;
	}

	tree1 = cli->tree;	/* save old tree connection */
	if (NT_STATUS_IS_ERR(smbcli_tconX(cli, share, "?????", password))) {
		torture_comment(tctx, "%s refused 2nd tree connect (%s)\n", host,
		           smbcli_errstr(cli->tree));
		talloc_free(cli);
		return false;
	}

	cnum2 = cli->tree->tid;
	cnum3 = MAX(cnum1, cnum2) + 1; /* any invalid number */
	vuid2 = cli->session->vuid + 1;

	/* try a write with the wrong tid */
	cli->tree->tid = cnum2;

	if (smbcli_write(cli->tree, fnum1, 0, buf, 130, 4) == 4) {
		torture_comment(tctx, "* server allows write with wrong TID\n");
		ret = false;
	} else {