#include "libcli/smb2/smb2_calls.h"
#include "librpc/rpc/dcerpc.h"
#include "librpc/rpc/dcerpc_proto.h"
-#include "../source3/libsmb/smb2cli.h"
+#include "libcli/smb/smbXcli_base.h"
+
+/*
+ * open pipe and bind, given an IPC$ context
+ */
+
+static NTSTATUS pipe_bind_smb(struct torture_context *tctx,
+ TALLOC_CTX *mem_ctx,
+ struct smbcli_tree *tree,
+ const char *pipe_name,
+ const struct ndr_interface_table *iface,
+ struct dcerpc_pipe **p)
+{
+ struct dcerpc_pipe *result;
+ NTSTATUS status;
+
+ if (!(result = dcerpc_pipe_init(mem_ctx, tctx->ev))) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ status = dcerpc_pipe_open_smb(result, tree, pipe_name);
+ if (!NT_STATUS_IS_OK(status)) {
+ torture_comment(tctx, "dcerpc_pipe_open_smb failed: %s\n",
+ nt_errstr(status));
+ talloc_free(result);
+ return status;
+ }
+
+ status = dcerpc_bind_auth_none(result, iface);
+ if (!NT_STATUS_IS_OK(status)) {
+ torture_comment(tctx, "dcerpc_bind_auth_none failed: %s\n", nt_errstr(status));
+ talloc_free(result);
+ return status;
+ }
+
+ *p = result;
+ return NT_STATUS_OK;
+}
+
+static NTSTATUS pipe_bind_smb2(struct torture_context *tctx,
+ TALLOC_CTX *mem_ctx,
+ struct smb2_tree *tree,
+ const char *pipe_name,
+ const struct ndr_interface_table *iface,
+ struct dcerpc_pipe **p)
+{
+ struct dcerpc_pipe *result;
+ NTSTATUS status;
+
+ if (!(result = dcerpc_pipe_init(mem_ctx, tctx->ev))) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ status = dcerpc_pipe_open_smb2(result, tree, pipe_name);
+ if (!NT_STATUS_IS_OK(status)) {
+ torture_comment(tctx, "dcerpc_pipe_open_smb2 failed: %s\n",
+ nt_errstr(status));
+ talloc_free(result);
+ return status;
+ }
+
+ status = dcerpc_bind_auth_none(result, iface);
+ if (!NT_STATUS_IS_OK(status)) {
+ torture_comment(tctx, "dcerpc_bind_auth_none failed: %s\n", nt_errstr(status));
+ talloc_free(result);
+ return status;
+ }
+
+ *p = result;
+ return NT_STATUS_OK;
+}
+
+static NTSTATUS pipe_bind_smb_auth(struct torture_context *tctx,
+ TALLOC_CTX *mem_ctx,
+ struct smbcli_tree *tree,
+ struct cli_credentials *creds,
+ uint8_t auth_type,
+ uint8_t auth_level,
+ const char *pipe_name,
+ const struct ndr_interface_table *iface,
+ struct dcerpc_pipe **p)
+{
+ struct dcerpc_pipe *result;
+ NTSTATUS status;
+
+ if (!(result = dcerpc_pipe_init(mem_ctx, tctx->ev))) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ status = dcerpc_pipe_open_smb(result, tree, pipe_name);
+ if (!NT_STATUS_IS_OK(status)) {
+ torture_comment(tctx, "dcerpc_pipe_open_smb failed: %s\n",
+ nt_errstr(status));
+ talloc_free(result);
+ return status;
+ }
+
+ status = dcerpc_bind_auth(result, iface, creds,
+ lpcfg_gensec_settings(tctx->lp_ctx, tctx->lp_ctx),
+ auth_type, auth_level, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ torture_comment(tctx, "dcerpc_bind_auth failed: %s\n", nt_errstr(status));
+ talloc_free(result);
+ return status;
+ }
+
+ *p = result;
+ return NT_STATUS_OK;
+}
/*
* This tests a RPC call using an invalid vuid
struct policy_handle handle;
struct lsa_Close close_handle;
struct smbcli_session *tmp;
+ uint16_t tmp_vuid;
struct smbcli_session *session2;
struct smbcli_state *cli;
struct dcerpc_pipe *lsa_pipe;
goto done;
}
- lsa_pipe = dcerpc_pipe_init(mem_ctx, torture->ev);
- if (lsa_pipe == NULL) {
- torture_comment(torture, "dcerpc_pipe_init failed\n");
- goto done;
- }
+ status = pipe_bind_smb(torture, mem_ctx, cli->tree, "\\lsarpc",
+ &ndr_table_lsarpc, &lsa_pipe);
+ torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+ "pipe_bind_smb failed");
lsa_handle = lsa_pipe->binding_handle;
- status = dcerpc_pipe_open_smb(lsa_pipe, cli->tree, "\\lsarpc");
- if (!NT_STATUS_IS_OK(status)) {
- torture_comment(torture, "dcerpc_pipe_open_smb failed: %s\n",
- nt_errstr(status));
- goto done;
- }
-
- status = dcerpc_bind_auth_none(lsa_pipe, &ndr_table_lsarpc);
- if (!NT_STATUS_IS_OK(status)) {
- torture_comment(torture, "dcerpc_bind_auth_none failed: %s\n",
- nt_errstr(status));
- goto done;
- }
-
openpolicy.in.system_name =talloc_asprintf(
mem_ctx, "\\\\%s", dcerpc_server_name(lsa_pipe));
ZERO_STRUCT(objectattr);
session2->vuid = setup.out.vuid;
tmp = cli->tree->session;
+ tmp_vuid = smb1cli_session_current_id(tmp->smbXcli);
+ smb1cli_session_set_id(tmp->smbXcli, session2->vuid);
cli->tree->session = session2;
status = dcerpc_lsa_OpenPolicy2_r(lsa_handle, mem_ctx, &openpolicy);
- cli->tree->session = tmp;
- talloc_free(lsa_pipe);
- lsa_pipe = NULL;
+ torture_assert(torture, smbXcli_conn_is_connected(cli->transport->conn),
+ "smb still connected");
+ torture_assert(torture, !dcerpc_binding_handle_is_connected(lsa_handle),
+ "dcerpc disonnected");
- if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_HANDLE)) {
+ if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_HANDLE)) {
torture_comment(torture, "dcerpc_lsa_OpenPolicy2 with wrong vuid gave %s, "
- "expected NT_STATUS_INVALID_HANDLE\n",
+ "expected NT_STATUS_CONNECTION_DISCONNECTED\n",
nt_errstr(status));
- goto done;
+ status = NT_STATUS_CONNECTION_DISCONNECTED;
+ }
+ if (NT_STATUS_EQUAL(status, NT_STATUS_IO_DEVICE_ERROR)) {
+ torture_comment(torture, "dcerpc_lsa_OpenPolicy2 with wrong vuid gave %s, "
+ "expected NT_STATUS_CONNECTION_DISCONNECTED\n",
+ nt_errstr(status));
+ status = NT_STATUS_CONNECTION_DISCONNECTED;
}
+ torture_assert_ntstatus_equal(torture, status, NT_STATUS_CONNECTION_DISCONNECTED,
+ "lsa connection disconnected");
+
+ smb1cli_session_set_id(tmp->smbXcli, tmp_vuid);
+ cli->tree->session = tmp;
+ talloc_free(lsa_pipe);
+ lsa_pipe = NULL;
+
ret = true;
done:
talloc_free(mem_ctx);
return false;
}
- lsa_pipe = dcerpc_pipe_init(mem_ctx, tctx->ev);
- if (lsa_pipe == NULL) {
- torture_comment(tctx, "dcerpc_pipe_init failed\n");
- goto done;
- }
+ status = pipe_bind_smb_auth(tctx, mem_ctx, cli->tree,
+ credentials, auth_type, auth_level,
+ "\\lsarpc", &ndr_table_lsarpc, &lsa_pipe);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "pipe_bind_smb_auth failed");
lsa_handle = lsa_pipe->binding_handle;
- status = dcerpc_pipe_open_smb(lsa_pipe, cli->tree, "\\lsarpc");
- if (!NT_STATUS_IS_OK(status)) {
- torture_comment(tctx, "dcerpc_pipe_open_smb failed: %s\n",
- nt_errstr(status));
- goto done;
- }
-
- status = dcerpc_bind_auth(lsa_pipe, &ndr_table_lsarpc,
- credentials, lpcfg_gensec_settings(tctx->lp_ctx, tctx->lp_ctx), auth_type, auth_level,
- NULL);
- if (!NT_STATUS_IS_OK(status)) {
- torture_comment(tctx, "dcerpc_bind_auth failed: %s\n", nt_errstr(status));
- goto done;
- }
-
openpolicy.in.system_name =talloc_asprintf(
mem_ctx, "\\\\%s", dcerpc_server_name(lsa_pipe));
ZERO_STRUCT(objectattr);
struct samr_CreateUser2 c;
uint32_t user_rid,access_granted;
- samr_pipe = dcerpc_pipe_init(mem_ctx, tctx->ev);
- torture_assert(tctx, samr_pipe, "dcerpc_pipe_init failed");
-
- samr_handle = samr_pipe->binding_handle;
-
- torture_assert_ntstatus_ok(tctx,
- dcerpc_pipe_open_smb(samr_pipe, cli->tree, "\\samr"),
- "dcerpc_pipe_open_smb failed");
-
if (admin_creds != NULL) {
- torture_assert_ntstatus_ok(tctx,
- dcerpc_bind_auth(samr_pipe, &ndr_table_samr,
- admin_creds, lpcfg_gensec_settings(tctx->lp_ctx, tctx->lp_ctx), auth_type, auth_level,
- NULL),
- "dcerpc_bind_auth failed");
+ status = pipe_bind_smb_auth(tctx, mem_ctx, cli->tree,
+ admin_creds, auth_type, auth_level,
+ "\\samr", &ndr_table_samr, &samr_pipe);
+ torture_assert_ntstatus_ok(tctx, status, "pipe_bind_smb_auth failed");
} else {
/* We must have an authenticated SMB connection */
- torture_assert_ntstatus_ok(tctx,
- dcerpc_bind_auth_none(samr_pipe, &ndr_table_samr),
- "dcerpc_bind_auth_none failed");
+ status = pipe_bind_smb(tctx, mem_ctx, cli->tree,
+ "\\samr", &ndr_table_samr, &samr_pipe);
+ torture_assert_ntstatus_ok(tctx, status, "pipe_bind_smb_auth failed");
}
+#if 0
+ samr_pipe->conn->flags |= DCERPC_DEBUG_PRINT_IN | DCERPC_DEBUG_PRINT_OUT;
+#endif
+ samr_handle = samr_pipe->binding_handle;
conn.in.system_name = talloc_asprintf(
mem_ctx, "\\\\%s", dcerpc_server_name(samr_pipe));
goto done;
}
samr_handle = samr_pipe->binding_handle;
-
+ ret = false;
{
struct samr_QueryUserInfo q;
union samr_UserInfo *info;
DATA_BLOB session_key;
DATA_BLOB confounded_session_key = data_blob_talloc(
mem_ctx, NULL, 16);
- struct MD5Context ctx;
+ MD5_CTX ctx;
uint8_t confounder[16];
ZERO_STRUCT(u_info);
return false;
}
- net_pipe = dcerpc_pipe_init(mem_ctx, tctx->ev);
- if (net_pipe == NULL) {
- torture_comment(tctx, "dcerpc_pipe_init failed\n");
- goto done;
- }
+ status = pipe_bind_smb(tctx, mem_ctx, cli->tree, "\\netlogon",
+ &ndr_table_netlogon, &net_pipe);
+ torture_assert_ntstatus_ok_goto(tctx, status, result, done,
+ "pipe_bind_smb failed");
net_handle = net_pipe->binding_handle;
- status = dcerpc_pipe_open_smb(net_pipe, cli->tree, "\\netlogon");
- if (!NT_STATUS_IS_OK(status)) {
- torture_comment(tctx, "dcerpc_pipe_open_smb failed: %s\n",
- nt_errstr(status));
- goto done;
- }
-
- status = dcerpc_bind_auth_none(net_pipe, &ndr_table_netlogon);
- if (!NT_STATUS_IS_OK(status)) {
- torture_comment(tctx, "dcerpc_bind_auth_none failed: %s\n",
- nt_errstr(status));
- goto done;
- }
-
r.in.computer_name = cli_credentials_get_workstation(wks_cred);
r.in.server_name = talloc_asprintf(
mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe));
creds_state = netlogon_creds_client_init(mem_ctx,
a.in.account_name,
a.in.computer_name,
+ a.in.secure_channel_type,
r.in.credentials,
r.out.return_credentials, &mach_pw,
&netr_cred, negotiate_flags);
return false;
}
- net_pipe = dcerpc_pipe_init(mem_ctx, tctx->ev);
- if (net_pipe == NULL) {
- torture_comment(tctx, "dcerpc_pipe_init failed\n");
- goto done;
- }
- net_handle = net_pipe->binding_handle;
-
- status = dcerpc_pipe_open_smb(net_pipe, cli->tree, "\\netlogon");
- if (!NT_STATUS_IS_OK(status)) {
- torture_comment(tctx, "dcerpc_pipe_open_smb failed: %s\n",
- nt_errstr(status));
- goto done;
- }
-
-#if 0
- net_pipe->conn->flags |= DCERPC_DEBUG_PRINT_IN |
- DCERPC_DEBUG_PRINT_OUT;
-#endif
#if 1
+ status = pipe_bind_smb_auth(tctx, mem_ctx, cli->tree,
+ wks_creds,
+ DCERPC_AUTH_TYPE_SCHANNEL,
+ DCERPC_AUTH_LEVEL_PRIVACY,
+ "\\netlogon", &ndr_table_netlogon, &net_pipe);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "pipe_bind_smb_auth failed");
net_pipe->conn->flags |= (DCERPC_SIGN | DCERPC_SEAL);
- status = dcerpc_bind_auth(net_pipe, &ndr_table_netlogon,
- wks_creds, lpcfg_gensec_settings(tctx->lp_ctx, tctx->lp_ctx), DCERPC_AUTH_TYPE_SCHANNEL,
- DCERPC_AUTH_LEVEL_PRIVACY,
- NULL);
#else
- status = dcerpc_bind_auth_none(net_pipe, &ndr_table_netlogon);
+ status = pipe_bind_smb(tctx, mem_ctx, cli->tree,
+ "\\netlogon", &ndr_table_netlogon, &net_pipe);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "pipe_bind_smb failed");
#endif
- if (!NT_STATUS_IS_OK(status)) {
- torture_comment(tctx, "schannel bind failed: %s\n", nt_errstr(status));
- goto done;
- }
+#if 0
+ net_pipe->conn->flags |= DCERPC_DEBUG_PRINT_IN |
+ DCERPC_DEBUG_PRINT_OUT;
+#endif
+ net_handle = net_pipe->binding_handle;
for (i=2; i<4; i++) {
int flags;
- DATA_BLOB chal, nt_resp, lm_resp, names_blob, session_key;
+ DATA_BLOB chal, nt_resp, lm_resp, names_blob;
struct netlogon_creds_CredentialState *creds_state;
struct netr_Authenticator netr_auth, netr_auth2;
struct netr_NetworkInfo ninfo;
cli_credentials_get_workstation(wks_creds);
r.in.credential = &netr_auth;
r.in.return_authenticator = &netr_auth2;
- r.in.logon_level = 2;
+ r.in.logon_level = NetlogonNetworkInformation;
r.in.validation_level = i;
r.in.logon = &logon;
r.out.validation = &validation;
ZERO_STRUCT(pinfo.lmpassword.hash);
E_md4hash(cli_credentials_get_password(user_creds),
pinfo.ntpassword.hash);
- session_key = data_blob_talloc(mem_ctx,
- creds_state->session_key, 16);
- arcfour_crypt_blob(pinfo.ntpassword.hash,
- sizeof(pinfo.ntpassword.hash),
- &session_key);
+
+ netlogon_creds_arcfour_crypt(creds_state, pinfo.ntpassword.hash, 16);
logon.password = &pinfo;
- r.in.logon_level = 1;
+ r.in.logon_level = NetlogonInteractiveInformation;
r.in.logon = &logon;
r.out.return_authenticator = &return_authenticator;
{
NTSTATUS status;
struct smbcli_state *cli;
- struct cli_credentials *anon_creds;
struct cli_credentials *wks_creds;
const char *wks_name;
int i;
wks_name = get_myname(torture);
}
- if (!(anon_creds = cli_credentials_init_anon(torture))) {
- torture_fail(torture, "create_anon_creds failed\n");
- }
-
lpcfg_smbcli_options(torture->lp_ctx, &options);
lpcfg_smbcli_session_options(torture->lp_ctx, &session_options);
lpcfg_smb_ports(torture->lp_ctx),
"IPC$", NULL,
lpcfg_socket_options(torture->lp_ctx),
- anon_creds,
+ cmdline_credentials,
lpcfg_resolve_context(torture->lp_ctx),
torture->ev, &options, &session_options,
lpcfg_gensec_settings(torture, torture->lp_ctx));
CRED_SPECIFIED);
torture_assert(torture,
- join3(torture, cli, false, cmdline_credentials, wks_creds),
+ join3(torture, cli, false, NULL, wks_creds),
"join failed");
cli_credentials_set_domain(
}
torture_assert(torture,
- leave(torture, cli, cmdline_credentials, wks_creds),
+ leave(torture, cli, NULL, wks_creds),
"leave failed");
return true;
}
}
- torture_assert(torture,
- test_join3(torture, false, anon_creds, cmdline_credentials, wks_name),
- "join using ntlmssp bind on an anonymous smb connection failed");
-
torture_assert(torture,
test_join3(torture, false, cmdline_credentials, NULL, wks_name),
"join using anonymous bind on an authenticated smb connection failed");
- torture_assert(torture,
- test_join3(torture, false, cmdline_credentials, cmdline_credentials, wks_name),
- "join using ntlmssp bind on an authenticated smb connection failed");
-
/*
* The following two are tests for setuserinfolevel 25
*/
- torture_assert(torture,
- test_join3(torture, true, anon_creds, cmdline_credentials, wks_name),
- "join using ntlmssp bind on an anonymous smb connection failed");
-
torture_assert(torture,
test_join3(torture, true, cmdline_credentials, NULL, wks_name),
"join using anonymous bind on an authenticated smb connection failed");
return true;
}
-/*
- * open pipe and bind, given an IPC$ context
- */
-
-static NTSTATUS pipe_bind_smb(struct torture_context *tctx,
- TALLOC_CTX *mem_ctx,
- struct smbcli_tree *tree,
- const char *pipe_name,
- const struct ndr_interface_table *iface,
- struct dcerpc_pipe **p)
-{
- struct dcerpc_pipe *result;
- NTSTATUS status;
-
- if (!(result = dcerpc_pipe_init(mem_ctx, tctx->ev))) {
- return NT_STATUS_NO_MEMORY;
- }
-
- status = dcerpc_pipe_open_smb(result, tree, pipe_name);
- if (!NT_STATUS_IS_OK(status)) {
- torture_comment(tctx, "dcerpc_pipe_open_smb failed: %s\n",
- nt_errstr(status));
- talloc_free(result);
- return status;
- }
-
- status = dcerpc_bind_auth_none(result, iface);
- if (!NT_STATUS_IS_OK(status)) {
- torture_comment(tctx, "schannel bind failed: %s\n", nt_errstr(status));
- talloc_free(result);
- return status;
- }
-
- *p = result;
- return NT_STATUS_OK;
-}
-
/*
* Sane wrapper around lsa_LookupNames
*/
}
tcon.generic.level = RAW_TCON_TCONX;
- tcon.tconx.in.flags = 0;
+ tcon.tconx.in.flags = TCONX_FLAG_EXTENDED_RESPONSE;
+ tcon.tconx.in.flags |= TCONX_FLAG_EXTENDED_SIGNATURES;
tcon.tconx.in.password = data_blob(NULL, 0);
tcon.tconx.in.path = sharename;
tcon.tconx.in.device = "?????";
}
result->tid = tcon.tconx.out.tid;
+
+ if (tcon.tconx.out.options & SMB_EXTENDED_SIGNATURES) {
+ smb1cli_session_protect_session_key(result->session->smbXcli);
+ }
+
result = talloc_steal(mem_ctx, result);
talloc_set_destructor(result, destroy_tree);
talloc_free(tmp_ctx);
lpcfg_smbcli_options(torture->lp_ctx, &options);
lpcfg_smbcli_session_options(torture->lp_ctx, &session_options);
- status = smbcli_full_connection(
- torture, &cli, torture_setting_string(torture, "host", NULL),
- lpcfg_smb_ports(torture->lp_ctx),
- "IPC$", NULL, lpcfg_socket_options(torture->lp_ctx), cmdline_credentials,
- lpcfg_resolve_context(torture->lp_ctx), torture->ev, &options,
- &session_options, lpcfg_gensec_settings(torture, torture->lp_ctx));
- torture_assert_ntstatus_ok(torture, status, "smbcli_full_connection failed\n");
-
- if (!(user_sid = whoami(torture, torture, cli->tree))) {
- torture_fail(torture, "whoami on auth'ed connection failed\n");
- }
-
- talloc_free(cli);
-
if (!(anon_creds = cli_credentials_init_anon(torture))) {
torture_fail(torture, "create_anon_creds failed\n");
}
torture_assert_sid_equal(torture, user_sid, dom_sid_parse_talloc(torture, "s-1-5-7"),
"Anon lsa_GetUserName returned unexpected SID");
+ talloc_free(cli);
+
+ status = smbcli_full_connection(
+ torture, &cli, torture_setting_string(torture, "host", NULL),
+ lpcfg_smb_ports(torture->lp_ctx),
+ "IPC$", NULL, lpcfg_socket_options(torture->lp_ctx), cmdline_credentials,
+ lpcfg_resolve_context(torture->lp_ctx), torture->ev, &options,
+ &session_options, lpcfg_gensec_settings(torture, torture->lp_ctx));
+ torture_assert_ntstatus_ok(torture, status, "smbcli_full_connection failed\n");
+
+ if (!(user_sid = whoami(torture, torture, cli->tree))) {
+ torture_fail(torture, "whoami on auth'ed connection failed\n");
+ }
+
if (!(user_creds = cli_credentials_init(torture))) {
torture_fail(torture, "cli_credentials_init failed\n");
}
generate_random_password(user_creds, 8, 255),
CRED_SPECIFIED);
- if (!create_user(torture, torture, cli, cmdline_credentials,
+ if (!create_user(torture, torture, cli, NULL,
cli_credentials_get_username(user_creds),
cli_credentials_get_password(user_creds),
&domain_name, &created_sid)) {
del:
if (!delete_user(torture, cli,
- cmdline_credentials,
+ NULL,
cli_credentials_get_username(user_creds))) {
torture_fail(torture, "delete_user failed\n");
}
goto done;
}
- if (!(net_pipe = dcerpc_pipe_init(mem_ctx, torture->ev))) {
- torture_comment(torture, "dcerpc_pipe_init failed\n");
- goto done;
- }
+ status = pipe_bind_smb(torture, mem_ctx, cli->tree, "\\netlogon",
+ &ndr_table_netlogon, &net_pipe);
+ torture_assert_ntstatus_ok_goto(torture, status, result, done,
+ "pipe_bind_smb failed");
net_handle = net_pipe->binding_handle;
- status = dcerpc_pipe_open_smb(net_pipe, cli->tree, "\\netlogon");
- if (!NT_STATUS_IS_OK(status)) {
- torture_comment(torture, "dcerpc_pipe_open_smb failed: %s\n",
- nt_errstr(status));
- goto done;
- }
-
- status = dcerpc_bind_auth_none(net_pipe, &ndr_table_netlogon);
- if (!NT_STATUS_IS_OK(status)) {
- torture_comment(torture, "dcerpc_bind_auth_none failed: %s\n",
- nt_errstr(status));
- goto done;
- }
-
r.in.computer_name = wksname;
r.in.server_name = talloc_asprintf(
mem_ctx, "\\\\%s", dcerpc_server_name(net_pipe));
creds_state = netlogon_creds_client_init(mem_ctx,
a.in.account_name,
a.in.computer_name,
+ a.in.secure_channel_type,
r.in.credentials,
r.out.return_credentials, &mach_pw,
&netr_cred, negotiate_flags);
static bool torture_samba3_rpc_sharesec(struct torture_context *torture)
{
- struct smbcli_state *cli;
- struct security_descriptor *sd;
- struct dom_sid *user_sid;
+ struct smbcli_state *cli = NULL;
+ struct security_descriptor *sd = NULL;
+ struct dom_sid *user_sid = NULL;
+ const char *testuser_passwd = NULL;
+ struct cli_credentials *test_credentials = NULL;
+ struct smbcli_options options;
+ struct smbcli_session_options session_options;
+ NTSTATUS status;
+ struct test_join *tj = NULL;
+ struct dcerpc_pipe *lsa_pipe = NULL;
+ const char *priv_array[1];
+
+ /* Create a new user. The normal user has SeBackup and SeRestore
+ privs so we can't lock them out with a share security descriptor. */
+ tj = torture_create_testuser(torture,
+ "sharesec_user",
+ torture_setting_string(torture, "workgroup", NULL),
+ ACB_NORMAL,
+ &testuser_passwd);
+ if (!tj) {
+ torture_fail(torture, "Creating sharesec_user failed\n");
+ }
+
+ /* Give them SeDiskOperatorPrivilege but no other privs. */
+ status = torture_rpc_connection(torture, &lsa_pipe, &ndr_table_lsarpc);
+ if (!NT_STATUS_IS_OK(status)) {
+ torture_delete_testuser(torture, tj, "sharesec_user");
+ talloc_free(tj);
+ torture_fail(torture, "Error connecting to LSA pipe");
+ }
+
+ priv_array[0] = "SeDiskOperatorPrivilege";
+ if (!torture_setup_privs(torture,
+ lsa_pipe,
+ 1,
+ priv_array,
+ torture_join_user_sid(tj))) {
+ talloc_free(lsa_pipe);
+ torture_delete_testuser(torture, tj, "sharesec_user");
+ talloc_free(tj);
+ torture_fail(torture, "Failed to setup privs\n");
+ }
+ talloc_free(lsa_pipe);
- if (!(torture_open_connection_share(
- torture, &cli, torture, torture_setting_string(torture, "host", NULL),
- "IPC$", torture->ev))) {
- torture_fail(torture, "IPC$ connection failed\n");
+ test_credentials = cli_credentials_init(torture);
+ cli_credentials_set_workstation(test_credentials, "localhost", CRED_SPECIFIED);
+ cli_credentials_set_domain(test_credentials, lpcfg_workgroup(torture->lp_ctx),
+ CRED_SPECIFIED);
+ cli_credentials_set_username(test_credentials, "sharesec_user", CRED_SPECIFIED);
+ cli_credentials_set_password(test_credentials, testuser_passwd, CRED_SPECIFIED);
+
+ ZERO_STRUCT(options);
+ ZERO_STRUCT(session_options);
+ lpcfg_smbcli_options(torture->lp_ctx, &options);
+ lpcfg_smbcli_session_options(torture->lp_ctx, &session_options);
+
+ status = smbcli_full_connection(torture,
+ &cli,
+ torture_setting_string(torture, "host", NULL),
+ lpcfg_smb_ports(torture->lp_ctx),
+ "IPC$",
+ NULL,
+ lpcfg_socket_options(torture->lp_ctx),
+ test_credentials,
+ lpcfg_resolve_context(torture->lp_ctx),
+ torture->ev,
+ &options,
+ &session_options,
+ lpcfg_gensec_settings(torture, torture->lp_ctx));
+ if (!NT_STATUS_IS_OK(status)) {
+ talloc_free(cli);
+ torture_delete_testuser(torture, tj, "sharesec_user");
+ talloc_free(tj);
+ torture_fail(torture, "Failed to open connection\n");
}
if (!(user_sid = whoami(torture, torture, cli->tree))) {
+ talloc_free(cli);
+ torture_delete_testuser(torture, tj, "sharesec_user");
+ talloc_free(tj);
torture_fail(torture, "whoami failed\n");
}
sd = get_sharesec(torture, torture, cli->session,
torture_setting_string(torture, "share", NULL));
- torture_assert(torture, try_tcon(
- torture, torture, sd, cli->session,
+ if (!try_tcon(torture, torture, sd, cli->session,
torture_setting_string(torture, "share", NULL),
- user_sid, 0, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK),
- "failed to test tcon with 0 access_mask");
+ user_sid, 0, NT_STATUS_ACCESS_DENIED, NT_STATUS_OK)) {
+ talloc_free(cli);
+ torture_delete_testuser(torture, tj, "sharesec_user");
+ talloc_free(tj);
+ torture_fail(torture, "failed to test tcon with 0 access_mask");
+ }
- torture_assert(torture, try_tcon(
- torture, torture, sd, cli->session,
+ if (!try_tcon(torture, torture, sd, cli->session,
torture_setting_string(torture, "share", NULL),
user_sid, SEC_FILE_READ_DATA, NT_STATUS_OK,
- NT_STATUS_MEDIA_WRITE_PROTECTED),
- "failed to test tcon with SEC_FILE_READ_DATA access_mask");
+ NT_STATUS_MEDIA_WRITE_PROTECTED)) {
+ talloc_free(cli);
+ torture_delete_testuser(torture, tj, "sharesec_user");
+ talloc_free(tj);
+ torture_fail(torture, "failed to test tcon with SEC_FILE_READ_DATA access_mask");
+ }
+
+ /* sharesec_user doesn't have any rights on the underlying file system.
+ Go back to the normal user. */
+
+ talloc_free(cli);
+ cli = NULL;
+ torture_delete_testuser(torture, tj, "sharesec_user");
+ talloc_free(tj);
+ tj = NULL;
+
+ if (!(torture_open_connection_share(
+ torture, &cli, torture, torture_setting_string(torture, "host", NULL),
+ "IPC$", torture->ev))) {
+ torture_fail(torture, "IPC$ connection failed\n");
+ }
+ if (!(user_sid = whoami(torture, torture, cli->tree))) {
+ torture_fail(torture, "whoami failed\n");
+ }
torture_assert(torture, try_tcon(
torture, torture, sd, cli->session,
torture_setting_string(torture, "share", NULL),
static bool find_printers(struct torture_context *tctx,
struct dcerpc_pipe *p,
const char ***printers,
- int *num_printers)
+ size_t *num_printers)
{
struct srvsvc_NetShareEnum r;
struct srvsvc_NetShareInfoCtr info_ctr;
struct dcerpc_binding_handle *b;
struct policy_handle server_handle, printer_handle;
const char **printers;
- int num_printers;
+ size_t num_printers;
struct spoolss_UserLevel1 userlevel1;
char *servername;
servername);
r.in.datatype = NULL;
r.in.access_mask = 0;
- r.in.level = 1;
- r.in.userlevel.level1 = &userlevel1;
+ r.in.userlevel_ctr.level = 1;
+ r.in.userlevel_ctr.user_info.level1 = &userlevel1;
r.out.handle = &server_handle;
torture_assert_ntstatus_ok(torture,
torture, "\\\\%s\\%s", servername, printers[0]);
r.in.datatype = NULL;
r.in.access_mask = 0;
- r.in.level = 1;
- r.in.userlevel.level1 = &userlevel1;
+ r.in.userlevel_ctr.level = 1;
+ r.in.userlevel_ctr.user_info.level1 = &userlevel1;
r.out.handle = &printer_handle;
torture_assert_ntstatus_ok(torture,
torture_assert_ntstatus_ok_goto(torture, status, ret, done,
"smbcli_full_connection failed");
- lsa_pipe = dcerpc_pipe_init(mem_ctx, torture->ev);
- torture_assert_goto(torture, (lsa_pipe != NULL), ret, done,
- "dcerpc_pipe_init failed");
- lsa_handle = lsa_pipe->binding_handle;
-
- status = dcerpc_pipe_open_smb(lsa_pipe, cli->tree, "\\lsarpc");
+ status = pipe_bind_smb(torture, mem_ctx, cli->tree, "\\lsarpc",
+ &ndr_table_lsarpc, &lsa_pipe);
torture_assert_ntstatus_ok_goto(torture, status, ret, done,
- "dcerpc_pipe_open failed");
-
- status = dcerpc_bind_auth_none(lsa_pipe, &ndr_table_lsarpc);
- torture_assert_ntstatus_ok_goto(torture, status, ret, done,
- "dcerpc_bind_auth_none failed");
+ "pipe_bind_smb failed");
+ lsa_handle = lsa_pipe->binding_handle;
/* lsa getusername */
/* open the lsa pipe */
- lsa_pipe = dcerpc_pipe_init(mem_ctx, torture->ev);
- torture_assert_goto(torture, (lsa_pipe != NULL), ret, done,
- "dcerpc_pipe_init failed");
- lsa_handle = lsa_pipe->binding_handle;
-
- status = dcerpc_pipe_open_smb(lsa_pipe, cli->tree, "\\lsarpc");
- torture_assert_ntstatus_ok_goto(torture, status, ret, done,
- "dcerpc_pipe_open failed");
-
- status = dcerpc_bind_auth_none(lsa_pipe, &ndr_table_lsarpc);
+ status = pipe_bind_smb(torture, mem_ctx, cli->tree, "\\lsarpc",
+ &ndr_table_lsarpc, &lsa_pipe);
torture_assert_ntstatus_ok_goto(torture, status, ret, done,
- "dcerpc_bind_auth_none failed");
+ "pipe_bind_smb failed");
+ lsa_handle = lsa_pipe->binding_handle;
/* lsa getusername */
torture_assert_ntstatus_ok_goto(torture, status, ret, done,
"smb2_connect failed");
- lsa_pipe = dcerpc_pipe_init(mem_ctx, torture->ev);
- torture_assert_goto(torture, (lsa_pipe != NULL), ret, done,
- "dcerpc_pipe_init failed");
- lsa_handle = lsa_pipe->binding_handle;
-
- status = dcerpc_pipe_open_smb2(lsa_pipe, tree, "lsarpc");
- torture_assert_ntstatus_ok_goto(torture, status, ret, done,
- "dcerpc_pipe_open_smb2 failed");
-
- status = dcerpc_bind_auth_none(lsa_pipe, &ndr_table_lsarpc);
+ status = pipe_bind_smb2(torture, mem_ctx, tree, "lsarpc",
+ &ndr_table_lsarpc, &lsa_pipe);
torture_assert_ntstatus_ok_goto(torture, status, ret, done,
- "dcerpc_bind_auth_none failed");
+ "pipe_bind_smb2 failed");
+ lsa_handle = lsa_pipe->binding_handle;
/* lsa getusername */
/* open the lsa pipe */
- lsa_pipe = dcerpc_pipe_init(mem_ctx, torture->ev);
- torture_assert_goto(torture, (lsa_pipe != NULL), ret, done,
- "dcerpc_pipe_init failed");
- lsa_handle = lsa_pipe->binding_handle;
-
- status = dcerpc_pipe_open_smb2(lsa_pipe, tree, "lsarpc");
+ status = pipe_bind_smb2(torture, mem_ctx, tree, "lsarpc",
+ &ndr_table_lsarpc, &lsa_pipe);
torture_assert_ntstatus_ok_goto(torture, status, ret, done,
- "dcerpc_pipe_open_smb2 failed");
-
- status = dcerpc_bind_auth_none(lsa_pipe, &ndr_table_lsarpc);
- torture_assert_ntstatus_ok_goto(torture, status, ret, done,
- "dcerpc_bind_auth_none failed");
+ "pipe_bind_smb2 failed");
+ lsa_handle = lsa_pipe->binding_handle;
/* lsa getusername */
return ret;
}
+static bool torture_rpc_smb1_pipe_name(struct torture_context *torture)
+{
+ TALLOC_CTX *mem_ctx;
+ NTSTATUS status;
+ bool ret = false;
+ struct smbcli_state *cli;
+ struct smbcli_options options;
+ struct smbcli_session_options session_options;
+ union smb_open io;
+ union smb_close cl;
+ uint16_t fnum;
+
+ mem_ctx = talloc_init("torture_samba3_smb1_pipe_name");
+ torture_assert(torture, (mem_ctx != NULL), "talloc_init failed");
+
+ lpcfg_smbcli_options(torture->lp_ctx, &options);
+ lpcfg_smbcli_session_options(torture->lp_ctx, &session_options);
+
+ status = smbcli_full_connection(mem_ctx, &cli,
+ torture_setting_string(torture, "host", NULL),
+ lpcfg_smb_ports(torture->lp_ctx),
+ "IPC$", NULL,
+ lpcfg_socket_options(torture->lp_ctx),
+ cmdline_credentials,
+ lpcfg_resolve_context(torture->lp_ctx),
+ torture->ev, &options, &session_options,
+ lpcfg_gensec_settings(torture, torture->lp_ctx));
+ torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+ "smbcli_full_connection failed");
+
+ ZERO_STRUCT(io);
+ io.generic.level = RAW_OPEN_NTCREATEX;
+ io.ntcreatex.in.access_mask = DESIRED_ACCESS_PIPE;
+ io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+ NTCREATEX_SHARE_ACCESS_WRITE;
+ io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+ io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_IMPERSONATION;
+ io.ntcreatex.in.security_flags = 0;
+
+ io.ntcreatex.in.fname = "__none__";
+ status = smb_raw_open(cli->tree, torture, &io);
+ torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+ ret, done,
+ "smb_raw_open for '__none__'");
+
+ io.ntcreatex.in.fname = "pipe\\srvsvc";
+ status = smb_raw_open(cli->tree, torture, &io);
+ torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+ ret, done,
+ "smb_raw_open for 'pipe\\srvsvc'");
+
+ io.ntcreatex.in.fname = "\\pipe\\srvsvc";
+ status = smb_raw_open(cli->tree, torture, &io);
+ torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+ ret, done,
+ "smb_raw_open for '\\pipe\\srvsvc'");
+
+ io.ntcreatex.in.fname = "srvsvc";
+ status = smb_raw_open(cli->tree, torture, &io);
+ torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+ "smb2_create failed for 'srvsvc'");
+ fnum = io.ntcreatex.out.file.fnum;
+ ZERO_STRUCT(cl);
+ cl.generic.level = RAW_CLOSE_CLOSE;
+ cl.close.in.file.fnum = fnum;
+ status = smb_raw_close(cli->tree, &cl);
+ torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+ "smb_raw_close failed");
+
+ io.ntcreatex.in.fname = "\\srvsvc";
+ status = smb_raw_open(cli->tree, torture, &io);
+ torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+ "smb2_create failed for '\\srvsvc'");
+ fnum = io.ntcreatex.out.file.fnum;
+ ZERO_STRUCT(cl);
+ cl.generic.level = RAW_CLOSE_CLOSE;
+ cl.close.in.file.fnum = fnum;
+ status = smb_raw_close(cli->tree, &cl);
+ torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+ "smb_raw_close failed");
+
+ io.ntcreatex.in.fname = "\\\\\\\\\\srvsvc";
+ status = smb_raw_open(cli->tree, torture, &io);
+ torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+ "smb2_create failed for '\\\\\\\\\\srvsvc'");
+ fnum = io.ntcreatex.out.file.fnum;
+ ZERO_STRUCT(cl);
+ cl.generic.level = RAW_CLOSE_CLOSE;
+ cl.close.in.file.fnum = fnum;
+ status = smb_raw_close(cli->tree, &cl);
+ torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+ "smb_raw_close failed");
+
+ ZERO_STRUCT(io);
+ io.generic.level = RAW_OPEN_NTTRANS_CREATE;
+ io.nttrans.in.access_mask = DESIRED_ACCESS_PIPE;
+ io.nttrans.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+ NTCREATEX_SHARE_ACCESS_WRITE;
+ io.nttrans.in.open_disposition = NTCREATEX_DISP_OPEN;
+ io.nttrans.in.impersonation = NTCREATEX_IMPERSONATION_IMPERSONATION;
+ io.nttrans.in.security_flags = 0;
+
+ io.nttrans.in.fname = "__none__";
+ status = smb_raw_open(cli->tree, torture, &io);
+ torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+ ret, done,
+ "smb_raw_open for '__none__'");
+
+ io.nttrans.in.fname = "pipe\\srvsvc";
+ status = smb_raw_open(cli->tree, torture, &io);
+ torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+ ret, done,
+ "smb_raw_open for 'pipe\\srvsvc'");
+
+ io.nttrans.in.fname = "\\pipe\\srvsvc";
+ status = smb_raw_open(cli->tree, torture, &io);
+ torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+ ret, done,
+ "smb_raw_open for '\\pipe\\srvsvc'");
+
+ io.nttrans.in.fname = "srvsvc";
+ status = smb_raw_open(cli->tree, torture, &io);
+ torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+ "smb2_create failed for 'srvsvc'");
+ fnum = io.nttrans.out.file.fnum;
+ ZERO_STRUCT(cl);
+ cl.generic.level = RAW_CLOSE_CLOSE;
+ cl.close.in.file.fnum = fnum;
+ status = smb_raw_close(cli->tree, &cl);
+ torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+ "smb_raw_close failed");
+
+ io.nttrans.in.fname = "\\srvsvc";
+ status = smb_raw_open(cli->tree, torture, &io);
+ torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+ "smb2_create failed for '\\srvsvc'");
+ fnum = io.nttrans.out.file.fnum;
+ ZERO_STRUCT(cl);
+ cl.generic.level = RAW_CLOSE_CLOSE;
+ cl.close.in.file.fnum = fnum;
+ status = smb_raw_close(cli->tree, &cl);
+ torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+ "smb_raw_close failed");
+
+ io.nttrans.in.fname = "\\\\\\\\\\srvsvc";
+ status = smb_raw_open(cli->tree, torture, &io);
+ torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+ "smb2_create failed for '\\\\\\\\\\srvsvc'");
+ fnum = io.nttrans.out.file.fnum;
+ ZERO_STRUCT(cl);
+ cl.generic.level = RAW_CLOSE_CLOSE;
+ cl.close.in.file.fnum = fnum;
+ status = smb_raw_close(cli->tree, &cl);
+ torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+ "smb_raw_close failed");
+
+ ZERO_STRUCT(io);
+ io.generic.level = RAW_OPEN_OPENX;
+ io.openx.in.open_mode = OPENX_MODE_ACCESS_RDWR;
+ io.openx.in.open_func = OPENX_OPEN_FUNC_OPEN;
+
+ io.openx.in.fname = "__none__";
+ status = smb_raw_open(cli->tree, torture, &io);
+ torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_PATH_SYNTAX_BAD,
+ ret, done,
+ "smb_raw_open for '__none__'");
+
+ io.openx.in.fname = "srvsvc";
+ status = smb_raw_open(cli->tree, torture, &io);
+ torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_PATH_SYNTAX_BAD,
+ ret, done,
+ "smb_raw_open for 'srvsvc'");
+
+ io.openx.in.fname = "\\srvsvc";
+ status = smb_raw_open(cli->tree, torture, &io);
+ torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_PATH_SYNTAX_BAD,
+ ret, done,
+ "smb_raw_open for '\\srvsvc'");
+
+ io.openx.in.fname = "\\pipesrvsvc";
+ status = smb_raw_open(cli->tree, torture, &io);
+ torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_PATH_SYNTAX_BAD,
+ ret, done,
+ "smb_raw_open for '\\pipesrvsvc'");
+
+ io.openx.in.fname = "pipe\\__none__";
+ status = smb_raw_open(cli->tree, torture, &io);
+ torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+ ret, done,
+ "smb_raw_open for 'pipe\\__none__'");
+
+ io.openx.in.fname = "\\pipe\\__none__";
+ status = smb_raw_open(cli->tree, torture, &io);
+ torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+ ret, done,
+ "smb_raw_open for '\\pipe\\__none__'");
+
+ io.openx.in.fname = "pipe\\srvsvc";
+ status = smb_raw_open(cli->tree, torture, &io);
+ torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+ "smb2_create failed for 'pipe\\srvsvc'");
+ fnum = io.openx.out.file.fnum;
+ ZERO_STRUCT(cl);
+ cl.generic.level = RAW_CLOSE_CLOSE;
+ cl.close.in.file.fnum = fnum;
+ status = smb_raw_close(cli->tree, &cl);
+ torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+ "smb_raw_close failed");
+
+ io.openx.in.fname = "\\pipe\\srvsvc";
+ status = smb_raw_open(cli->tree, torture, &io);
+ torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+ "smb2_create failed for '\\pipe\\srvsvc'");
+ fnum = io.openx.out.file.fnum;
+ ZERO_STRUCT(cl);
+ cl.generic.level = RAW_CLOSE_CLOSE;
+ cl.close.in.file.fnum = fnum;
+ status = smb_raw_close(cli->tree, &cl);
+ torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+ "smb_raw_close failed");
+
+ io.openx.in.fname = "\\\\\\\\\\pipe\\srvsvc";
+ status = smb_raw_open(cli->tree, torture, &io);
+ torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+ "smb2_create failed for '\\\\\\\\\\pipe\\srvsvc'");
+ fnum = io.openx.out.file.fnum;
+ ZERO_STRUCT(cl);
+ cl.generic.level = RAW_CLOSE_CLOSE;
+ cl.close.in.file.fnum = fnum;
+ status = smb_raw_close(cli->tree, &cl);
+ torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+ "smb_raw_close failed");
+
+ io.openx.in.fname = "\\\\\\\\\\pipe\\\\\\\\\\srvsvc";
+ status = smb_raw_open(cli->tree, torture, &io);
+ torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+ "smb2_create failed for '\\\\\\\\\\pipe\\\\\\\\\\srvsvc'");
+ fnum = io.openx.out.file.fnum;
+ ZERO_STRUCT(cl);
+ cl.generic.level = RAW_CLOSE_CLOSE;
+ cl.close.in.file.fnum = fnum;
+ status = smb_raw_close(cli->tree, &cl);
+ torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+ "smb_raw_close failed");
+ ret = true;
+
+done:
+ talloc_free(mem_ctx);
+ return ret;
+}
+
+static bool torture_rpc_smb2_pipe_name(struct torture_context *torture)
+{
+ TALLOC_CTX *mem_ctx;
+ NTSTATUS status;
+ bool ret = false;
+ struct smbcli_options options;
+ const char *host = torture_setting_string(torture, "host", NULL);
+ struct smb2_tree *tree;
+ struct smb2_handle h;
+ struct smb2_create io;
+
+ mem_ctx = talloc_init("torture_samba3_smb2_pipe_name");
+ torture_assert(torture, (mem_ctx != NULL), "talloc_init failed");
+
+ lpcfg_smbcli_options(torture->lp_ctx, &options);
+
+ status = smb2_connect(mem_ctx,
+ host,
+ lpcfg_smb_ports(torture->lp_ctx),
+ "IPC$",
+ lpcfg_resolve_context(torture->lp_ctx),
+ cmdline_credentials,
+ &tree,
+ torture->ev,
+ &options,
+ lpcfg_socket_options(torture->lp_ctx),
+ lpcfg_gensec_settings(torture, torture->lp_ctx)
+ );
+ torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+ "smb2_connect failed");
+
+ ZERO_STRUCT(io);
+ io.in.oplock_level = 0;
+ io.in.desired_access = DESIRED_ACCESS_PIPE;
+ io.in.impersonation_level = SMB2_IMPERSONATION_IMPERSONATION;
+ io.in.file_attributes = 0;
+ io.in.create_disposition = NTCREATEX_DISP_OPEN;
+ io.in.share_access =
+ NTCREATEX_SHARE_ACCESS_READ|
+ NTCREATEX_SHARE_ACCESS_WRITE;
+ io.in.create_options = 0;
+
+ io.in.fname = "__none__";
+ status = smb2_create(tree, tree, &io);
+ torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+ ret, done,
+ "smb2_create for '__none__'");
+
+ io.in.fname = "\\srvsvc";
+ status = smb2_create(tree, tree, &io);
+ torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+ ret, done,
+ "smb2_create for '\\srvsvc'");
+
+ io.in.fname = "\\pipe\\srvsvc";
+ status = smb2_create(tree, tree, &io);
+ torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+ ret, done,
+ "smb2_create for '\\pipe\\srvsvc'");
+
+ io.in.fname = "pipe\\srvsvc";
+ status = smb2_create(tree, tree, &io);
+ torture_assert_ntstatus_equal_goto(torture, status, NT_STATUS_OBJECT_NAME_NOT_FOUND,
+ ret, done,
+ "smb2_create for 'pipe\\srvsvc'");
+
+ io.in.fname = "srvsvc";
+ status = smb2_create(tree, tree, &io);
+ torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+ "smb2_create failed for 'srvsvc'");
+
+ h = io.out.file.handle;
+
+ status = smb2_util_close(tree, h);
+ torture_assert_ntstatus_ok_goto(torture, status, ret, done,
+ "smb2_util_close failed");
+
+ ret = true;
+done:
+ talloc_free(mem_ctx);
+ return ret;
+}
+
/**
* Test behaviour of a waiting read call on a pipe when
* the pipe handle is closed:
torture_suite_add_simple_test(suite, "smb-reauth2", torture_rpc_smb_reauth2);
torture_suite_add_simple_test(suite, "smb2-reauth1", torture_rpc_smb2_reauth1);
torture_suite_add_simple_test(suite, "smb2-reauth2", torture_rpc_smb2_reauth2);
+ torture_suite_add_simple_test(suite, "smb1-pipe-name", torture_rpc_smb1_pipe_name);
+ torture_suite_add_simple_test(suite, "smb2-pipe-name", torture_rpc_smb2_pipe_name);
torture_suite_add_simple_test(suite, "smb2-pipe-read-close", torture_rpc_smb2_pipe_read_close);
torture_suite_add_simple_test(suite, "smb2-pipe-read-tdis", torture_rpc_smb2_pipe_read_tdis);
torture_suite_add_simple_test(suite, "smb2-pipe-read-logoff", torture_rpc_smb2_pipe_read_logoff);