source4/torture/rap/rap.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    test suite for various RAP operations
   4    Copyright (C) Volker Lendecke 2004
   5    Copyright (C) Tim Potter 2005
   6
   7    This program is free software; you can redistribute it and/or modify
   8    it under the terms of the GNU General Public License as published by
   9    the Free Software Foundation; either version 3 of the License, or
  10    (at your option) any later version.
  11
  12    This program is distributed in the hope that it will be useful,
  13    but WITHOUT ANY WARRANTY; without even the implied warranty of
  14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15    GNU General Public License for more details.
  16
  17    You should have received a copy of the GNU General Public License
  18    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  19 */
  20
  21 #include "includes.h"
  22 #include "libcli/libcli.h"
  23 #include "torture/torture.h"
  24 #include "torture/util.h"
  25 #include "libcli/rap/rap.h"
  26 #include "libcli/raw/libcliraw.h"
  27 #include "libcli/libcli.h"
  28 #include "librpc/ndr/libndr.h"
  29
  30 #define RAP_GOTO(call) do { \
  31         NTSTATUS _status; \
  32         _status = call; \
  33         if (!NT_STATUS_IS_OK(_status)) { \
  34                 result = _status; \
  35                 goto done; \
  36         } \
  37 } while (0)
  38
  39 #define NDR_GOTO(call) do { \
  40         enum ndr_err_code _ndr_err; \
  41         _ndr_err = call; \
  42         if (!NDR_ERR_CODE_IS_SUCCESS(_ndr_err)) { \
  43                 result = ndr_map_error2ntstatus(_ndr_err); \
  44                 goto done; \
  45         } \
  46 } while (0)
  47
  48 #define NDR_RETURN(call) do { \
  49         enum ndr_err_code _ndr_err; \
  50         _ndr_err = call; \
  51         if (!NDR_ERR_CODE_IS_SUCCESS(_ndr_err)) { \
  52                 return ndr_map_error2ntstatus(_ndr_err); \
  53         } \
  54 } while (0)
  55
  56 struct rap_call {
  57         uint16_t callno;
  58         char *paramdesc;
  59         const char *datadesc;
  60
  61         uint16_t status;
  62         uint16_t convert;
  63
  64         uint16_t rcv_paramlen, rcv_datalen;
  65
  66         struct ndr_push *ndr_push_param;
  67         struct ndr_push *ndr_push_data;
  68         struct ndr_pull *ndr_pull_param;
  69         struct ndr_pull *ndr_pull_data;
  70 };
  71
  72 #define RAPNDR_FLAGS (LIBNDR_FLAG_NOALIGN|LIBNDR_FLAG_STR_ASCII|LIBNDR_FLAG_STR_NULLTERM);
  73
  74 static struct rap_call *new_rap_cli_call(TALLOC_CTX *mem_ctx, uint16_t callno)
  75 {
  76         struct rap_call *call;
  77
  78         call = talloc(mem_ctx, struct rap_call);
  79
  80         if (call == NULL)
  81                 return NULL;
  82
  83         call->callno = callno;
  84         call->rcv_paramlen = 4;
  85
  86         call->paramdesc = NULL;
  87         call->datadesc = NULL;
  88
  89         call->ndr_push_param = ndr_push_init_ctx(mem_ctx);
  90         call->ndr_push_param->flags = RAPNDR_FLAGS;
  91
  92         call->ndr_push_data = ndr_push_init_ctx(mem_ctx);
  93         call->ndr_push_data->flags = RAPNDR_FLAGS;
  94
  95         return call;
  96 }
  97
  98 static void rap_cli_push_paramdesc(struct rap_call *call, char desc)
  99 {
 100         int len = 0;
 101
 102         if (call->paramdesc != NULL)
 103                 len = strlen(call->paramdesc);
 104
 105         call->paramdesc = talloc_realloc(call,
 106                                          call->paramdesc,
 107                                          char,
 108                                          len+2);
 109
 110         call->paramdesc[len] = desc;
 111         call->paramdesc[len+1] = '\0';
 112 }
 113
 114 static void rap_cli_push_word(struct rap_call *call, uint16_t val)
 115 {
 116         rap_cli_push_paramdesc(call, 'W');
 117         ndr_push_uint16(call->ndr_push_param, NDR_SCALARS, val);
 118 }
 119
 120 static void rap_cli_push_dword(struct rap_call *call, uint32_t val)
 121 {
 122         rap_cli_push_paramdesc(call, 'D');
 123         ndr_push_uint32(call->ndr_push_param, NDR_SCALARS, val);
 124 }
 125
 126 static void rap_cli_push_rcvbuf(struct rap_call *call, int len)
 127 {
 128         rap_cli_push_paramdesc(call, 'r');
 129         rap_cli_push_paramdesc(call, 'L');
 130         ndr_push_uint16(call->ndr_push_param, NDR_SCALARS, len);
 131         call->rcv_datalen = len;
 132 }
 133
 134 static void rap_cli_expect_multiple_entries(struct rap_call *call)
 135 {
 136         rap_cli_push_paramdesc(call, 'e');
 137         rap_cli_push_paramdesc(call, 'h');
 138         call->rcv_paramlen += 4; /* uint16_t entry count, uint16_t total */
 139 }
 140
 141 static void rap_cli_expect_word(struct rap_call *call)
 142 {
 143         rap_cli_push_paramdesc(call, 'h');
 144         call->rcv_paramlen += 2;
 145 }
 146
 147 static void rap_cli_push_string(struct rap_call *call, const char *str)
 148 {
 149         if (str == NULL) {
 150                 rap_cli_push_paramdesc(call, 'O');
 151                 return;
 152         }
 153         rap_cli_push_paramdesc(call, 'z');
 154         ndr_push_string(call->ndr_push_param, NDR_SCALARS, str);
 155 }
 156
 157 static void rap_cli_expect_format(struct rap_call *call, const char *format)
 158 {
 159         call->datadesc = format;
 160 }
 161
 162 static NTSTATUS rap_pull_string(TALLOC_CTX *mem_ctx, struct ndr_pull *ndr,
 163                                 uint16_t convert, char **dest)
 164 {
 165         uint16_t string_offset;
 166         uint16_t ignore;
 167         const char *p;
 168         size_t len;
 169
 170         NDR_RETURN(ndr_pull_uint16(ndr, NDR_SCALARS, &string_offset));
 171         NDR_RETURN(ndr_pull_uint16(ndr, NDR_SCALARS, &ignore));
 172
 173         string_offset -= convert;
 174
 175         if (string_offset+1 > ndr->data_size)
 176                 return NT_STATUS_INVALID_PARAMETER;
 177
 178         p = (const char *)(ndr->data + string_offset);
 179         len = strnlen(p, ndr->data_size-string_offset);
 180
 181         if ( string_offset + len + 1 >  ndr->data_size )
 182                 return NT_STATUS_INVALID_PARAMETER;
 183
 184         *dest = talloc_zero_array(mem_ctx, char, len+1);
 185         pull_string(*dest, p, len+1, len, STR_ASCII);
 186
 187         return NT_STATUS_OK;
 188 }
 189
 190 static NTSTATUS rap_cli_do_call(struct smbcli_tree *tree, struct rap_call *call)
 191 {
 192         NTSTATUS result;
 193         DATA_BLOB param_blob;
 194         struct ndr_push *params;
 195         struct smb_trans2 trans;
 196
 197         params = ndr_push_init_ctx(call);
 198
 199         if (params == NULL)
 200                 return NT_STATUS_NO_MEMORY;
 201
 202         params->flags = RAPNDR_FLAGS;
 203
 204         trans.in.max_param = call->rcv_paramlen;
 205         trans.in.max_data = smb_raw_max_trans_data(tree, call->rcv_paramlen);
 206         trans.in.max_setup = 0;
 207         trans.in.flags = 0;
 208         trans.in.timeout = 0;
 209         trans.in.setup_count = 0;
 210         trans.in.setup = NULL;
 211         trans.in.trans_name = "\\PIPE\\LANMAN";
 212
 213         NDR_RETURN(ndr_push_uint16(params, NDR_SCALARS, call->callno));
 214         if (call->paramdesc)
 215                 NDR_RETURN(ndr_push_string(params, NDR_SCALARS, call->paramdesc));
 216         if (call->datadesc)
 217                 NDR_RETURN(ndr_push_string(params, NDR_SCALARS, call->datadesc));
 218
 219         param_blob = ndr_push_blob(call->ndr_push_param);
 220         NDR_RETURN(ndr_push_bytes(params, param_blob.data,
 221                                  param_blob.length));
 222
 223         trans.in.params = ndr_push_blob(params);
 224         trans.in.data = data_blob(NULL, 0);
 225
 226         result = smb_raw_trans(tree, call, &trans);
 227
 228         if (!NT_STATUS_IS_OK(result))
 229                 return result;
 230
 231         call->ndr_pull_param = ndr_pull_init_blob(&trans.out.params, call);
 232         call->ndr_pull_param->flags = RAPNDR_FLAGS;
 233
 234         call->ndr_pull_data = ndr_pull_init_blob(&trans.out.data, call);
 235         call->ndr_pull_data->flags = RAPNDR_FLAGS;
 236
 237         return result;
 238 }
 239
 240
 241 static NTSTATUS smbcli_rap_netshareenum(struct smbcli_tree *tree,
 242                                         TALLOC_CTX *mem_ctx,
 243                                         struct rap_NetShareEnum *r)
 244 {
 245         struct rap_call *call;
 246         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 247         int i;
 248
 249         call = new_rap_cli_call(tree, RAP_WshareEnum);
 250
 251         if (call == NULL)
 252                 return NT_STATUS_NO_MEMORY;
 253
 254         rap_cli_push_word(call, r->in.level); /* Level */
 255         rap_cli_push_rcvbuf(call, r->in.bufsize);
 256         rap_cli_expect_multiple_entries(call);
 257
 258         switch(r->in.level) {
 259         case 0:
 260                 rap_cli_expect_format(call, "B13");
 261                 break;
 262         case 1:
 263                 rap_cli_expect_format(call, "B13BWz");
 264                 break;
 265         }
 266
 267         result = rap_cli_do_call(tree, call);
 268
 269         if (!NT_STATUS_IS_OK(result))
 270                 goto done;
 271
 272         NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.status));
 273         NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.convert));
 274         NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.count));
 275         NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.available));
 276
 277         r->out.info = talloc_array(mem_ctx, union rap_shareenum_info, r->out.count);
 278
 279         if (r->out.info == NULL) {
 280                 result = NT_STATUS_NO_MEMORY;
 281                 goto done;
 282         }
 283
 284         for (i=0; i<r->out.count; i++) {
 285                 switch(r->in.level) {
 286                 case 0:
 287                         NDR_GOTO(ndr_pull_bytes(call->ndr_pull_data,
 288                                               (uint8_t *)r->out.info[i].info0.name, 13));
 289                         break;
 290                 case 1:
 291                         NDR_GOTO(ndr_pull_bytes(call->ndr_pull_data,
 292                                               (uint8_t *)r->out.info[i].info1.name, 13));
 293                         NDR_GOTO(ndr_pull_bytes(call->ndr_pull_data,
 294                                               (uint8_t *)&r->out.info[i].info1.pad, 1));
 295                         NDR_GOTO(ndr_pull_uint16(call->ndr_pull_data,
 296                                                NDR_SCALARS, &r->out.info[i].info1.type));
 297                         RAP_GOTO(rap_pull_string(mem_ctx, call->ndr_pull_data,
 298                                                r->out.convert,
 299                                                &r->out.info[i].info1.comment));
 300                         break;
 301                 }
 302         }
 303
 304         result = NT_STATUS_OK;
 305
 306  done:
 307         talloc_free(call);
 308         return result;
 309 }
 310
 311 static bool test_netshareenum(struct smbcli_tree *tree)
 312 {
 313         struct rap_NetShareEnum r;
 314         int i;
 315         TALLOC_CTX *tmp_ctx = talloc_new(tree);
 316
 317         r.in.level = 1;
 318         r.in.bufsize = 8192;
 319
 320         if (!NT_STATUS_IS_OK(smbcli_rap_netshareenum(tree, tmp_ctx, &r)))
 321                 return false;
 322
 323         for (i=0; i<r.out.count; i++) {
 324                 printf("%s %d %s\n", r.out.info[i].info1.name,
 325                        r.out.info[i].info1.type,
 326                        r.out.info[i].info1.comment);
 327         }
 328
 329         talloc_free(tmp_ctx);
 330
 331         return true;
 332 }
 333
 334 static NTSTATUS smbcli_rap_netserverenum2(struct smbcli_tree *tree,
 335                                           TALLOC_CTX *mem_ctx,
 336                                           struct rap_NetServerEnum2 *r)
 337 {
 338         struct rap_call *call;
 339         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 340         int i;
 341
 342         call = new_rap_cli_call(mem_ctx, RAP_NetServerEnum2);
 343
 344         if (call == NULL)
 345                 return NT_STATUS_NO_MEMORY;
 346
 347         rap_cli_push_word(call, r->in.level);
 348         rap_cli_push_rcvbuf(call, r->in.bufsize);
 349         rap_cli_expect_multiple_entries(call);
 350         rap_cli_push_dword(call, r->in.servertype);
 351         rap_cli_push_string(call, r->in.domain);
 352
 353         switch(r->in.level) {
 354         case 0:
 355                 rap_cli_expect_format(call, "B16");
 356                 break;
 357         case 1:
 358                 rap_cli_expect_format(call, "B16BBDz");
 359                 break;
 360         }
 361
 362         result = rap_cli_do_call(tree, call);
 363
 364         if (!NT_STATUS_IS_OK(result))
 365                 goto done;
 366
 367         result = NT_STATUS_INVALID_PARAMETER;
 368
 369         NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.status));
 370         NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.convert));
 371         NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.count));
 372         NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.available));
 373
 374         r->out.info = talloc_array(mem_ctx, union rap_server_info, r->out.count);
 375
 376         if (r->out.info == NULL) {
 377                 result = NT_STATUS_NO_MEMORY;
 378                 goto done;
 379         }
 380
 381         for (i=0; i<r->out.count; i++) {
 382                 switch(r->in.level) {
 383                 case 0:
 384                         NDR_GOTO(ndr_pull_bytes(call->ndr_pull_data,
 385                                               (uint8_t *)r->out.info[i].info0.name, 16));
 386                         break;
 387                 case 1:
 388                         NDR_GOTO(ndr_pull_bytes(call->ndr_pull_data,
 389                                               (uint8_t *)r->out.info[i].info1.name, 16));
 390                         NDR_GOTO(ndr_pull_bytes(call->ndr_pull_data,
 391                                               &r->out.info[i].info1.version_major, 1));
 392                         NDR_GOTO(ndr_pull_bytes(call->ndr_pull_data,
 393                                               &r->out.info[i].info1.version_minor, 1));
 394                         NDR_GOTO(ndr_pull_uint32(call->ndr_pull_data,
 395                                                NDR_SCALARS, &r->out.info[i].info1.servertype));
 396                         RAP_GOTO(rap_pull_string(mem_ctx, call->ndr_pull_data,
 397                                                r->out.convert,
 398                                                &r->out.info[i].info1.comment));
 399                 }
 400         }
 401
 402         result = NT_STATUS_OK;
 403
 404  done:
 405         talloc_free(call);
 406         return result;
 407 }
 408
 409 static bool test_netserverenum(struct smbcli_tree *tree)
 410 {
 411         struct rap_NetServerEnum2 r;
 412         int i;
 413         TALLOC_CTX *tmp_ctx = talloc_new(tree);
 414
 415         r.in.level = 0;
 416         r.in.bufsize = 8192;
 417         r.in.servertype = 0xffffffff;
 418         r.in.servertype = 0x80000000;
 419         r.in.domain = NULL;
 420
 421         if (!NT_STATUS_IS_OK(smbcli_rap_netserverenum2(tree, tmp_ctx, &r)))
 422                 return false;
 423
 424         for (i=0; i<r.out.count; i++) {
 425                 switch (r.in.level) {
 426                 case 0:
 427                         printf("%s\n", r.out.info[i].info0.name);
 428                         break;
 429                 case 1:
 430                         printf("%s %x %s\n", r.out.info[i].info1.name,
 431                                r.out.info[i].info1.servertype,
 432                                r.out.info[i].info1.comment);
 433                         break;
 434                 }
 435         }
 436
 437         talloc_free(tmp_ctx);
 438
 439         return true;
 440 }
 441
 442 _PUBLIC_ NTSTATUS smbcli_rap_netservergetinfo(struct smbcli_tree *tree,
 443                                      TALLOC_CTX *mem_ctx,
 444                                      struct rap_WserverGetInfo *r)
 445 {
 446         struct rap_call *call;
 447         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 448
 449         if (!(call = new_rap_cli_call(mem_ctx, RAP_WserverGetInfo))) {
 450                 return NT_STATUS_NO_MEMORY;
 451         }
 452
 453         rap_cli_push_word(call, r->in.level);
 454         rap_cli_push_rcvbuf(call, r->in.bufsize);
 455         rap_cli_expect_word(call);
 456
 457         switch(r->in.level) {
 458         case 0:
 459                 rap_cli_expect_format(call, "B16");
 460                 break;
 461         case 1:
 462                 rap_cli_expect_format(call, "B16BBDz");
 463                 break;
 464         default:
 465                 result = NT_STATUS_INVALID_PARAMETER;
 466                 goto done;
 467         }
 468
 469         result = rap_cli_do_call(tree, call);
 470
 471         if (!NT_STATUS_IS_OK(result))
 472                 goto done;
 473
 474         NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.status));
 475         NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.convert));
 476         NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.available));
 477
 478         switch(r->in.level) {
 479         case 0:
 480                 NDR_GOTO(ndr_pull_bytes(call->ndr_pull_data,
 481                                       (uint8_t *)r->out.info.info0.name, 16));
 482                 break;
 483         case 1:
 484                 NDR_GOTO(ndr_pull_bytes(call->ndr_pull_data,
 485                                       (uint8_t *)r->out.info.info1.name, 16));
 486                 NDR_GOTO(ndr_pull_bytes(call->ndr_pull_data,
 487                                       &r->out.info.info1.version_major, 1));
 488                 NDR_GOTO(ndr_pull_bytes(call->ndr_pull_data,
 489                                       &r->out.info.info1.version_minor, 1));
 490                 NDR_GOTO(ndr_pull_uint32(call->ndr_pull_data,
 491                                        NDR_SCALARS, &r->out.info.info1.servertype));
 492                 RAP_GOTO(rap_pull_string(mem_ctx, call->ndr_pull_data,
 493                                        r->out.convert,
 494                                        &r->out.info.info1.comment));
 495         }
 496  done:
 497         talloc_free(call);
 498         return result;
 499 }
 500
 501 static bool test_netservergetinfo(struct smbcli_tree *tree)
 502 {
 503         struct rap_WserverGetInfo r;
 504         bool res = true;
 505         TALLOC_CTX *mem_ctx;
 506
 507         if (!(mem_ctx = talloc_new(tree))) {
 508                 return false;
 509         }
 510
 511         r.in.bufsize = 0xffff;
 512
 513         r.in.level = 0;
 514         res &= NT_STATUS_IS_OK(smbcli_rap_netservergetinfo(tree, mem_ctx, &r));
 515         r.in.level = 1;
 516         res &= NT_STATUS_IS_OK(smbcli_rap_netservergetinfo(tree, mem_ctx, &r));
 517
 518         talloc_free(mem_ctx);
 519         return res;
 520 }
 521
 522 static bool test_rap(struct smbcli_tree *tree)
 523 {
 524         bool res = true;
 525
 526         res &= test_netserverenum(tree);
 527         res &= test_netshareenum(tree);
 528         res &= test_netservergetinfo(tree);
 529
 530         return res;
 531 }
 532
 533 bool torture_rap_basic(struct torture_context *torture)
 534 {
 535         struct smbcli_state *cli;
 536         bool ret = true;
 537         TALLOC_CTX *mem_ctx;
 538
 539         if (!torture_open_connection(&cli, 0)) {
 540                 return false;
 541         }
 542
 543         mem_ctx = talloc_init("torture_rap_basic");
 544
 545         if (!test_rap(cli->tree)) {
 546                 ret = false;
 547         }
 548
 549         torture_close_connection(cli);
 550         talloc_free(mem_ctx);
 551
 552         return ret;
 553 }
 554
 555 bool torture_rap_scan(struct torture_context *torture)
 556 {
 557         TALLOC_CTX *mem_ctx;
 558         struct smbcli_state *cli;
 559         int callno;
 560
 561         mem_ctx = talloc_init("torture_rap_scan");
 562
 563         if (!torture_open_connection(&cli, 0)) {
 564                 return false;
 565         }
 566
 567         for (callno = 0; callno < 0xffff; callno++) {
 568                 struct rap_call *call = new_rap_cli_call(mem_ctx, callno);
 569                 NTSTATUS result;
 570
 571                 result = rap_cli_do_call(cli->tree, call);
 572
 573                 if (!NT_STATUS_EQUAL(result, NT_STATUS_INVALID_PARAMETER))
 574                         continue;
 575
 576                 printf("callno %d is RAP call\n", callno);
 577         }
 578
 579         torture_close_connection(cli);
 580
 581         return true;
 582 }
 583
 584 NTSTATUS torture_rap_init(void)
 585 {
 586         struct torture_suite *suite = torture_suite_create(
 587                                                                         talloc_autofree_context(),
 588                                                                         "RAP");
 589
 590         torture_suite_add_simple_test(suite, "BASIC", torture_rap_basic);
 591         torture_suite_add_simple_test(suite, "SCAN", torture_rap_scan);
 592
 593         suite->description = talloc_strdup(suite,
 594                                                 "Remote Administration Protocol tests");
 595
 596         torture_register_suite(suite);
 597
 598         return NT_STATUS_OK;
 599 }