1/* 2 Unix SMB/CIFS implementation. 3 test suite for various RAP operations 4 Copyright (C) Volker Lendecke 2004 5 Copyright (C) Tim Potter 2005 6 Copyright (C) Jelmer Vernooij 2007 7 8 This program is free software; you can redistribute it and/or modify 9 it under the terms of the GNU General Public License as published by 10 the Free Software Foundation; either version 3 of the License, or 11 (at your option) any later version. 12 13 This program is distributed in the hope that it will be useful, 14 but WITHOUT ANY WARRANTY; without even the implied warranty of 15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 GNU General Public License for more details. 17 18 You should have received a copy of the GNU General Public License 19 along with this program. If not, see <http://www.gnu.org/licenses/>. 20*/ 21 22#include "includes.h" 23#include "libcli/libcli.h" 24#include "torture/smbtorture.h" 25#include "torture/util.h" 26#include "libcli/rap/rap.h" 27#include "libcli/raw/libcliraw.h" 28#include "libcli/libcli.h" 29#include "librpc/ndr/libndr.h" 30#include "param/param.h" 31 32#define RAP_GOTO(call) do { \ 33 NTSTATUS _status; \ 34 _status = call; \ 35 if (!NT_STATUS_IS_OK(_status)) { \ 36 result = _status; \ 37 goto done; \ 38 } \ 39} while (0) 40 41#define NDR_GOTO(call) do { \ 42 enum ndr_err_code _ndr_err; \ 43 _ndr_err = call; \ 44 if (!NDR_ERR_CODE_IS_SUCCESS(_ndr_err)) { \ 45 result = ndr_map_error2ntstatus(_ndr_err); \ 46 goto done; \ 47 } \ 48} while (0) 49 50#define NDR_RETURN(call) do { \ 51 enum ndr_err_code _ndr_err; \ 52 _ndr_err = call; \ 53 if (!NDR_ERR_CODE_IS_SUCCESS(_ndr_err)) { \ 54 return ndr_map_error2ntstatus(_ndr_err); \ 55 } \ 56} while (0) 57 58struct rap_call { 59 uint16_t callno; 60 char *paramdesc; 61 const char *datadesc; 62 63 uint16_t status; 64 uint16_t convert; 65 66 uint16_t rcv_paramlen, rcv_datalen; 67 68 struct ndr_push *ndr_push_param; 69 struct ndr_push *ndr_push_data; 70 struct ndr_pull *ndr_pull_param; 71 struct ndr_pull *ndr_pull_data; 72}; 73 74#define RAPNDR_FLAGS (LIBNDR_FLAG_NOALIGN|LIBNDR_FLAG_STR_ASCII|LIBNDR_FLAG_STR_NULLTERM); 75 76static struct rap_call *new_rap_cli_call(TALLOC_CTX *mem_ctx, struct smb_iconv_convenience *iconv_convenience, uint16_t callno) 77{ 78 struct rap_call *call; 79 80 call = talloc(mem_ctx, struct rap_call); 81 82 if (call == NULL) 83 return NULL; 84 85 call->callno = callno; 86 call->rcv_paramlen = 4; 87 88 call->paramdesc = NULL; 89 call->datadesc = NULL; 90 91 call->ndr_push_param = ndr_push_init_ctx(mem_ctx, iconv_convenience); 92 call->ndr_push_param->flags = RAPNDR_FLAGS; 93 94 call->ndr_push_data = ndr_push_init_ctx(mem_ctx, iconv_convenience); 95 call->ndr_push_data->flags = RAPNDR_FLAGS; 96 97 return call; 98} 99 100static void rap_cli_push_paramdesc(struct rap_call *call, char desc) 101{ 102 int len = 0; 103 104 if (call->paramdesc != NULL) 105 len = strlen(call->paramdesc); 106 107 call->paramdesc = talloc_realloc(call, 108 call->paramdesc, 109 char, 110 len+2); 111 112 call->paramdesc[len] = desc; 113 call->paramdesc[len+1] = '\0'; 114} 115 116static void rap_cli_push_word(struct rap_call *call, uint16_t val) 117{ 118 rap_cli_push_paramdesc(call, 'W'); 119 ndr_push_uint16(call->ndr_push_param, NDR_SCALARS, val); 120} 121 122static void rap_cli_push_dword(struct rap_call *call, uint32_t val) 123{ 124 rap_cli_push_paramdesc(call, 'D'); 125 ndr_push_uint32(call->ndr_push_param, NDR_SCALARS, val); 126} 127 128static void rap_cli_push_rcvbuf(struct rap_call *call, int len) 129{ 130 rap_cli_push_paramdesc(call, 'r'); 131 rap_cli_push_paramdesc(call, 'L'); 132 ndr_push_uint16(call->ndr_push_param, NDR_SCALARS, len); 133 call->rcv_datalen = len; 134} 135 136static void rap_cli_expect_multiple_entries(struct rap_call *call) 137{ 138 rap_cli_push_paramdesc(call, 'e'); 139 rap_cli_push_paramdesc(call, 'h'); 140 call->rcv_paramlen += 4; /* uint16_t entry count, uint16_t total */ 141} 142 143static void rap_cli_expect_word(struct rap_call *call) 144{ 145 rap_cli_push_paramdesc(call, 'h'); 146 call->rcv_paramlen += 2; 147} 148 149static void rap_cli_push_string(struct rap_call *call, const char *str) 150{ 151 if (str == NULL) { 152 rap_cli_push_paramdesc(call, 'O'); 153 return; 154 } 155 rap_cli_push_paramdesc(call, 'z'); 156 ndr_push_string(call->ndr_push_param, NDR_SCALARS, str); 157} 158 159static void rap_cli_expect_format(struct rap_call *call, const char *format) 160{ 161 call->datadesc = format; 162} 163 164static NTSTATUS rap_pull_string(TALLOC_CTX *mem_ctx, struct ndr_pull *ndr, 165 uint16_t convert, char **dest) 166{ 167 uint16_t string_offset; 168 uint16_t ignore; 169 const char *p; 170 size_t len; 171 172 NDR_RETURN(ndr_pull_uint16(ndr, NDR_SCALARS, &string_offset)); 173 NDR_RETURN(ndr_pull_uint16(ndr, NDR_SCALARS, &ignore)); 174 175 string_offset -= convert; 176 177 if (string_offset+1 > ndr->data_size) 178 return NT_STATUS_INVALID_PARAMETER; 179 180 p = (const char *)(ndr->data + string_offset); 181 len = strnlen(p, ndr->data_size-string_offset); 182 183 if ( string_offset + len + 1 > ndr->data_size ) 184 return NT_STATUS_INVALID_PARAMETER; 185 186 *dest = talloc_zero_array(mem_ctx, char, len+1); 187 pull_string(*dest, p, len+1, len, STR_ASCII); 188 189 return NT_STATUS_OK; 190} 191 192static NTSTATUS rap_cli_do_call(struct smbcli_tree *tree, 193 struct smb_iconv_convenience *iconv_convenience, 194 struct rap_call *call) 195{ 196 NTSTATUS result; 197 DATA_BLOB param_blob; 198 struct ndr_push *params; 199 struct smb_trans2 trans; 200 201 params = ndr_push_init_ctx(call, iconv_convenience); 202 203 if (params == NULL) 204 return NT_STATUS_NO_MEMORY; 205 206 params->flags = RAPNDR_FLAGS; 207 208 trans.in.max_param = call->rcv_paramlen; 209 trans.in.max_data = call->rcv_datalen; 210 trans.in.max_setup = 0; 211 trans.in.flags = 0; 212 trans.in.timeout = 0; 213 trans.in.setup_count = 0; 214 trans.in.setup = NULL; 215 trans.in.trans_name = "\\PIPE\\LANMAN"; 216 217 NDR_RETURN(ndr_push_uint16(params, NDR_SCALARS, call->callno)); 218 if (call->paramdesc) 219 NDR_RETURN(ndr_push_string(params, NDR_SCALARS, call->paramdesc)); 220 if (call->datadesc) 221 NDR_RETURN(ndr_push_string(params, NDR_SCALARS, call->datadesc)); 222 223 param_blob = ndr_push_blob(call->ndr_push_param); 224 NDR_RETURN(ndr_push_bytes(params, param_blob.data, 225 param_blob.length)); 226 227 trans.in.params = ndr_push_blob(params); 228 trans.in.data = data_blob(NULL, 0); 229 230 result = smb_raw_trans(tree, call, &trans); 231 232 if (!NT_STATUS_IS_OK(result)) 233 return result; 234 235 call->ndr_pull_param = ndr_pull_init_blob(&trans.out.params, call, 236 iconv_convenience); 237 call->ndr_pull_param->flags = RAPNDR_FLAGS; 238 239 call->ndr_pull_data = ndr_pull_init_blob(&trans.out.data, call, 240 iconv_convenience); 241 call->ndr_pull_data->flags = RAPNDR_FLAGS; 242 243 return result; 244} 245 246 247static NTSTATUS smbcli_rap_netshareenum(struct smbcli_tree *tree, 248 struct smb_iconv_convenience *iconv_convenience, 249 TALLOC_CTX *mem_ctx, 250 struct rap_NetShareEnum *r) 251{ 252 struct rap_call *call; 253 NTSTATUS result = NT_STATUS_UNSUCCESSFUL; 254 int i; 255 256 call = new_rap_cli_call(tree, iconv_convenience, RAP_WshareEnum); 257 258 if (call == NULL) 259 return NT_STATUS_NO_MEMORY; 260 261 rap_cli_push_word(call, r->in.level); /* Level */ 262 rap_cli_push_rcvbuf(call, r->in.bufsize); 263 rap_cli_expect_multiple_entries(call); 264 265 switch(r->in.level) { 266 case 0: 267 rap_cli_expect_format(call, "B13"); 268 break; 269 case 1: 270 rap_cli_expect_format(call, "B13BWz"); 271 break; 272 } 273 274 result = rap_cli_do_call(tree, iconv_convenience, call); 275 276 if (!NT_STATUS_IS_OK(result)) 277 goto done; 278 279 NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.status)); 280 NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.convert)); 281 NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.count)); 282 NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.available)); 283 284 r->out.info = talloc_array(mem_ctx, union rap_shareenum_info, r->out.count); 285 286 if (r->out.info == NULL) { 287 result = NT_STATUS_NO_MEMORY; 288 goto done; 289 } 290 291 for (i=0; i<r->out.count; i++) { 292 switch(r->in.level) { 293 case 0: 294 NDR_GOTO(ndr_pull_bytes(call->ndr_pull_data, 295 (uint8_t *)r->out.info[i].info0.name, 13)); 296 break; 297 case 1: 298 NDR_GOTO(ndr_pull_bytes(call->ndr_pull_data, 299 (uint8_t *)r->out.info[i].info1.name, 13)); 300 NDR_GOTO(ndr_pull_bytes(call->ndr_pull_data, 301 (uint8_t *)&r->out.info[i].info1.pad, 1)); 302 NDR_GOTO(ndr_pull_uint16(call->ndr_pull_data, 303 NDR_SCALARS, &r->out.info[i].info1.type)); 304 RAP_GOTO(rap_pull_string(mem_ctx, call->ndr_pull_data, 305 r->out.convert, 306 &r->out.info[i].info1.comment)); 307 break; 308 } 309 } 310 311 result = NT_STATUS_OK; 312 313 done: 314 talloc_free(call); 315 return result; 316} 317 318static bool test_netshareenum(struct torture_context *tctx, 319 struct smbcli_state *cli) 320{ 321 struct rap_NetShareEnum r; 322 int i; 323 324 r.in.level = 1; 325 r.in.bufsize = 8192; 326 327 torture_assert_ntstatus_ok(tctx, 328 smbcli_rap_netshareenum(cli->tree, lp_iconv_convenience(tctx->lp_ctx), tctx, &r), ""); 329 330 for (i=0; i<r.out.count; i++) { 331 printf("%s %d %s\n", r.out.info[i].info1.name, 332 r.out.info[i].info1.type, 333 r.out.info[i].info1.comment); 334 } 335 336 return true; 337} 338 339static NTSTATUS smbcli_rap_netserverenum2(struct smbcli_tree *tree, 340 struct smb_iconv_convenience *iconv_convenience, 341 TALLOC_CTX *mem_ctx, 342 struct rap_NetServerEnum2 *r) 343{ 344 struct rap_call *call; 345 NTSTATUS result = NT_STATUS_UNSUCCESSFUL; 346 int i; 347 348 call = new_rap_cli_call(mem_ctx, iconv_convenience, RAP_NetServerEnum2); 349 350 if (call == NULL) 351 return NT_STATUS_NO_MEMORY; 352 353 rap_cli_push_word(call, r->in.level); 354 rap_cli_push_rcvbuf(call, r->in.bufsize); 355 rap_cli_expect_multiple_entries(call); 356 rap_cli_push_dword(call, r->in.servertype); 357 rap_cli_push_string(call, r->in.domain); 358 359 switch(r->in.level) { 360 case 0: 361 rap_cli_expect_format(call, "B16"); 362 break; 363 case 1: 364 rap_cli_expect_format(call, "B16BBDz"); 365 break; 366 } 367 368 result = rap_cli_do_call(tree, iconv_convenience, call); 369 370 if (!NT_STATUS_IS_OK(result)) 371 goto done; 372 373 result = NT_STATUS_INVALID_PARAMETER; 374 375 NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.status)); 376 NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.convert)); 377 NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.count)); 378 NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.available)); 379 380 r->out.info = talloc_array(mem_ctx, union rap_server_info, r->out.count); 381 382 if (r->out.info == NULL) { 383 result = NT_STATUS_NO_MEMORY; 384 goto done; 385 } 386 387 for (i=0; i<r->out.count; i++) { 388 switch(r->in.level) { 389 case 0: 390 NDR_GOTO(ndr_pull_bytes(call->ndr_pull_data, 391 (uint8_t *)r->out.info[i].info0.name, 16)); 392 break; 393 case 1: 394 NDR_GOTO(ndr_pull_bytes(call->ndr_pull_data, 395 (uint8_t *)r->out.info[i].info1.name, 16)); 396 NDR_GOTO(ndr_pull_bytes(call->ndr_pull_data, 397 &r->out.info[i].info1.version_major, 1)); 398 NDR_GOTO(ndr_pull_bytes(call->ndr_pull_data, 399 &r->out.info[i].info1.version_minor, 1)); 400 NDR_GOTO(ndr_pull_uint32(call->ndr_pull_data, 401 NDR_SCALARS, &r->out.info[i].info1.servertype)); 402 RAP_GOTO(rap_pull_string(mem_ctx, call->ndr_pull_data, 403 r->out.convert, 404 &r->out.info[i].info1.comment)); 405 } 406 } 407 408 result = NT_STATUS_OK; 409 410 done: 411 talloc_free(call); 412 return result; 413} 414 415static bool test_netserverenum(struct torture_context *tctx, 416 struct smbcli_state *cli) 417{ 418 struct rap_NetServerEnum2 r; 419 int i; 420 421 r.in.level = 0; 422 r.in.bufsize = 8192; 423 r.in.servertype = 0xffffffff; 424 r.in.servertype = 0x80000000; 425 r.in.domain = NULL; 426 427 torture_assert_ntstatus_ok(tctx, 428 smbcli_rap_netserverenum2(cli->tree, lp_iconv_convenience(tctx->lp_ctx), tctx, &r), ""); 429 430 for (i=0; i<r.out.count; i++) { 431 switch (r.in.level) { 432 case 0: 433 printf("%s\n", r.out.info[i].info0.name); 434 break; 435 case 1: 436 printf("%s %x %s\n", r.out.info[i].info1.name, 437 r.out.info[i].info1.servertype, 438 r.out.info[i].info1.comment); 439 break; 440 } 441 } 442 443 return true; 444} 445 446NTSTATUS smbcli_rap_netservergetinfo(struct smbcli_tree *tree, 447 struct smb_iconv_convenience *iconv_convenience, 448 TALLOC_CTX *mem_ctx, 449 struct rap_WserverGetInfo *r) 450{ 451 struct rap_call *call; 452 NTSTATUS result = NT_STATUS_UNSUCCESSFUL; 453 454 if (!(call = new_rap_cli_call(mem_ctx, iconv_convenience, RAP_WserverGetInfo))) { 455 return NT_STATUS_NO_MEMORY; 456 } 457 458 rap_cli_push_word(call, r->in.level); 459 rap_cli_push_rcvbuf(call, r->in.bufsize); 460 rap_cli_expect_word(call); 461 462 switch(r->in.level) { 463 case 0: 464 rap_cli_expect_format(call, "B16"); 465 break; 466 case 1: 467 rap_cli_expect_format(call, "B16BBDz"); 468 break; 469 default: 470 result = NT_STATUS_INVALID_PARAMETER; 471 goto done; 472 } 473 474 result = rap_cli_do_call(tree, iconv_convenience, call); 475 476 if (!NT_STATUS_IS_OK(result)) 477 goto done; 478 479 NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.status)); 480 NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.convert)); 481 NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.available)); 482 483 switch(r->in.level) { 484 case 0: 485 NDR_GOTO(ndr_pull_bytes(call->ndr_pull_data, 486 (uint8_t *)r->out.info.info0.name, 16)); 487 break; 488 case 1: 489 NDR_GOTO(ndr_pull_bytes(call->ndr_pull_data, 490 (uint8_t *)r->out.info.info1.name, 16)); 491 NDR_GOTO(ndr_pull_bytes(call->ndr_pull_data, 492 &r->out.info.info1.version_major, 1)); 493 NDR_GOTO(ndr_pull_bytes(call->ndr_pull_data, 494 &r->out.info.info1.version_minor, 1)); 495 NDR_GOTO(ndr_pull_uint32(call->ndr_pull_data, 496 NDR_SCALARS, &r->out.info.info1.servertype)); 497 RAP_GOTO(rap_pull_string(mem_ctx, call->ndr_pull_data, 498 r->out.convert, 499 &r->out.info.info1.comment)); 500 } 501 done: 502 talloc_free(call); 503 return result; 504} 505 506static bool test_netservergetinfo(struct torture_context *tctx, 507 struct smbcli_state *cli) 508{ 509 struct rap_WserverGetInfo r; 510 bool res = true; 511 512 r.in.bufsize = 0xffff; 513 514 r.in.level = 0; 515 torture_assert_ntstatus_ok(tctx, smbcli_rap_netservergetinfo(cli->tree, lp_iconv_convenience(tctx->lp_ctx), tctx, &r), ""); 516 r.in.level = 1; 517 torture_assert_ntstatus_ok(tctx, smbcli_rap_netservergetinfo(cli->tree, lp_iconv_convenience(tctx->lp_ctx), tctx, &r), ""); 518 519 return res; 520} 521 522bool torture_rap_scan(struct torture_context *torture, struct smbcli_state *cli) 523{ 524 int callno; 525 526 for (callno = 0; callno < 0xffff; callno++) { 527 struct rap_call *call = new_rap_cli_call(torture, lp_iconv_convenience(torture->lp_ctx), callno); 528 NTSTATUS result; 529 530 result = rap_cli_do_call(cli->tree, lp_iconv_convenience(torture->lp_ctx), call); 531 532 if (!NT_STATUS_EQUAL(result, NT_STATUS_INVALID_PARAMETER)) 533 continue; 534 535 printf("callno %d is RAP call\n", callno); 536 } 537 538 return true; 539} 540 541NTSTATUS torture_rap_init(void) 542{ 543 struct torture_suite *suite = torture_suite_create(talloc_autofree_context(), "RAP"); 544 struct torture_suite *suite_basic = torture_suite_create(suite, "BASIC"); 545 546 torture_suite_add_suite(suite, suite_basic); 547 548 torture_suite_add_1smb_test(suite_basic, "netserverenum", 549 test_netserverenum); 550 torture_suite_add_1smb_test(suite_basic, "netshareenum", 551 test_netshareenum); 552 torture_suite_add_1smb_test(suite_basic, "netservergetinfo", 553 test_netservergetinfo); 554 555 torture_suite_add_1smb_test(suite, "SCAN", torture_rap_scan); 556 557 suite->description = talloc_strdup(suite, 558 "Remote Administration Protocol tests"); 559 560 torture_register_suite(suite); 561 562 return NT_STATUS_OK; 563} 564