2 Unix SMB/CIFS implementation.
4 helper functions for SMB2 test suite
6 Copyright (C) Andrew Tridgell 2005
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "libcli/security/security_descriptor.h"
24 #include "libcli/smb2/smb2.h"
25 #include "libcli/smb2/smb2_calls.h"
26 #include "../libcli/smb/smbXcli_base.h"
27 #include "lib/cmdline/cmdline.h"
28 #include "system/time.h"
29 #include "librpc/gen_ndr/ndr_security.h"
30 #include "param/param.h"
31 #include "libcli/resolve/resolve.h"
32 #include "lib/util/tevent_ntstatus.h"
34 #include "torture/torture.h"
35 #include "torture/smb2/proto.h"
36 #include "source4/torture/util.h"
37 #include "libcli/security/dom_sid.h"
38 #include "librpc/gen_ndr/lsa.h"
39 #include "libcli/util/clilsa.h"
43 write to a file on SMB2
45 NTSTATUS smb2_util_write(struct smb2_tree *tree,
46 struct smb2_handle handle,
47 const void *buf, off_t offset, size_t size)
52 w.in.file.handle = handle;
54 w.in.data = data_blob_const(buf, size);
56 return smb2_write(tree, &w);
60 create a complex file/dir using the SMB2 protocol
62 static NTSTATUS smb2_create_complex(struct torture_context *tctx,
63 struct smb2_tree *tree,
65 struct smb2_handle *handle,
68 TALLOC_CTX *tmp_ctx = talloc_new(tree);
70 struct smb2_create io;
71 union smb_setfileinfo setfile;
72 union smb_fileinfo fileinfo;
73 time_t t = (time(NULL) & ~1);
76 smb2_util_unlink(tree, fname);
78 io.in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED;
79 io.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
80 io.in.create_disposition = NTCREATEX_DISP_OVERWRITE_IF;
82 NTCREATEX_SHARE_ACCESS_DELETE|
83 NTCREATEX_SHARE_ACCESS_READ|
84 NTCREATEX_SHARE_ACCESS_WRITE;
85 io.in.create_options = 0;
88 io.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
89 io.in.share_access &= ~NTCREATEX_SHARE_ACCESS_DELETE;
90 io.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY;
91 io.in.create_disposition = NTCREATEX_DISP_CREATE;
94 /* it seems vista is now fussier about alignment? */
95 if (strchr(fname, ':') == NULL) {
97 io.in.eas.num_eas = 2;
98 io.in.eas.eas = talloc_array(tmp_ctx, struct ea_struct, 2);
99 io.in.eas.eas[0].flags = 0;
100 io.in.eas.eas[0].name.s = "EAONE";
101 io.in.eas.eas[0].value = data_blob_talloc(tmp_ctx, "VALUE1", 6);
102 io.in.eas.eas[1].flags = 0;
103 io.in.eas.eas[1].name.s = "SECONDEA";
104 io.in.eas.eas[1].value = data_blob_talloc(tmp_ctx, "ValueTwo", 8);
107 status = smb2_create(tree, tmp_ctx, &io);
108 if (NT_STATUS_EQUAL(status, NT_STATUS_EAS_NOT_SUPPORTED)) {
110 tctx, "EAs not supported, creating: %s\n", fname);
111 io.in.eas.num_eas = 0;
112 status = smb2_create(tree, tmp_ctx, &io);
115 talloc_free(tmp_ctx);
116 NT_STATUS_NOT_OK_RETURN(status);
118 *handle = io.out.file.handle;
121 status = smb2_util_write(tree, *handle, buf, 0, sizeof(buf));
122 NT_STATUS_NOT_OK_RETURN(status);
125 /* make sure all the timestamps aren't the same, and are also
126 in different DST zones*/
127 setfile.generic.level = RAW_SFILEINFO_BASIC_INFORMATION;
128 setfile.generic.in.file.handle = *handle;
130 unix_to_nt_time(&setfile.basic_info.in.create_time, t + 9*30*24*60*60);
131 unix_to_nt_time(&setfile.basic_info.in.access_time, t + 6*30*24*60*60);
132 unix_to_nt_time(&setfile.basic_info.in.write_time, t + 3*30*24*60*60);
133 unix_to_nt_time(&setfile.basic_info.in.change_time, t + 1*30*24*60*60);
134 setfile.basic_info.in.attrib = FILE_ATTRIBUTE_NORMAL;
136 status = smb2_setinfo_file(tree, &setfile);
137 if (!NT_STATUS_IS_OK(status)) {
138 torture_comment(tctx, "Failed to setup file times - %s\n", nt_errstr(status));
142 /* make sure all the timestamps aren't the same */
143 fileinfo.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION;
144 fileinfo.generic.in.file.handle = *handle;
146 status = smb2_getinfo_file(tree, tree, &fileinfo);
147 if (!NT_STATUS_IS_OK(status)) {
148 torture_comment(tctx, "Failed to query file times - %s\n", nt_errstr(status));
153 #define CHECK_TIME(field) do {\
154 if (setfile.basic_info.in.field != fileinfo.all_info2.out.field) { \
155 torture_comment(tctx, "(%s) " #field " not setup correctly: %s(%llu) => %s(%llu)\n", \
157 nt_time_string(tree, setfile.basic_info.in.field), \
158 (unsigned long long)setfile.basic_info.in.field, \
159 nt_time_string(tree, fileinfo.basic_info.out.field), \
160 (unsigned long long)fileinfo.basic_info.out.field); \
161 status = NT_STATUS_INVALID_PARAMETER; \
165 CHECK_TIME(create_time);
166 CHECK_TIME(access_time);
167 CHECK_TIME(write_time);
168 CHECK_TIME(change_time);
174 create a complex file using the SMB2 protocol
176 NTSTATUS smb2_create_complex_file(struct torture_context *tctx,
177 struct smb2_tree *tree, const char *fname,
178 struct smb2_handle *handle)
180 return smb2_create_complex(tctx, tree, fname, handle, false);
184 create a complex dir using the SMB2 protocol
186 NTSTATUS smb2_create_complex_dir(struct torture_context *tctx,
187 struct smb2_tree *tree, const char *fname,
188 struct smb2_handle *handle)
190 return smb2_create_complex(tctx, tree, fname, handle, true);
194 show lots of information about a file
196 void torture_smb2_all_info(struct torture_context *tctx,
197 struct smb2_tree *tree, struct smb2_handle handle)
200 TALLOC_CTX *tmp_ctx = talloc_new(tree);
201 union smb_fileinfo io;
203 io.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION;
204 io.generic.in.file.handle = handle;
206 status = smb2_getinfo_file(tree, tmp_ctx, &io);
207 if (!NT_STATUS_IS_OK(status)) {
208 DEBUG(0,("getinfo failed - %s\n", nt_errstr(status)));
209 talloc_free(tmp_ctx);
213 torture_comment(tctx, "all_info for '%s'\n", io.all_info2.out.fname.s);
214 torture_comment(tctx, "\tcreate_time: %s\n", nt_time_string(tmp_ctx, io.all_info2.out.create_time));
215 torture_comment(tctx, "\taccess_time: %s\n", nt_time_string(tmp_ctx, io.all_info2.out.access_time));
216 torture_comment(tctx, "\twrite_time: %s\n", nt_time_string(tmp_ctx, io.all_info2.out.write_time));
217 torture_comment(tctx, "\tchange_time: %s\n", nt_time_string(tmp_ctx, io.all_info2.out.change_time));
218 torture_comment(tctx, "\tattrib: 0x%x\n", io.all_info2.out.attrib);
219 torture_comment(tctx, "\tunknown1: 0x%x\n", io.all_info2.out.unknown1);
220 torture_comment(tctx, "\talloc_size: %llu\n", (long long)io.all_info2.out.alloc_size);
221 torture_comment(tctx, "\tsize: %llu\n", (long long)io.all_info2.out.size);
222 torture_comment(tctx, "\tnlink: %u\n", io.all_info2.out.nlink);
223 torture_comment(tctx, "\tdelete_pending: %u\n", io.all_info2.out.delete_pending);
224 torture_comment(tctx, "\tdirectory: %u\n", io.all_info2.out.directory);
225 torture_comment(tctx, "\tfile_id: %llu\n", (long long)io.all_info2.out.file_id);
226 torture_comment(tctx, "\tea_size: %u\n", io.all_info2.out.ea_size);
227 torture_comment(tctx, "\taccess_mask: 0x%08x\n", io.all_info2.out.access_mask);
228 torture_comment(tctx, "\tposition: 0x%llx\n", (long long)io.all_info2.out.position);
229 torture_comment(tctx, "\tmode: 0x%llx\n", (long long)io.all_info2.out.mode);
231 /* short name, if any */
232 io.generic.level = RAW_FILEINFO_ALT_NAME_INFORMATION;
233 status = smb2_getinfo_file(tree, tmp_ctx, &io);
234 if (NT_STATUS_IS_OK(status)) {
235 torture_comment(tctx, "\tshort name: '%s'\n", io.alt_name_info.out.fname.s);
238 /* the EAs, if any */
239 io.generic.level = RAW_FILEINFO_SMB2_ALL_EAS;
240 status = smb2_getinfo_file(tree, tmp_ctx, &io);
241 if (NT_STATUS_IS_OK(status)) {
243 for (i=0;i<io.all_eas.out.num_eas;i++) {
244 torture_comment(tctx, "\tEA[%d] flags=%d len=%d '%s'\n", i,
245 io.all_eas.out.eas[i].flags,
246 (int)io.all_eas.out.eas[i].value.length,
247 io.all_eas.out.eas[i].name.s);
251 /* streams, if available */
252 io.generic.level = RAW_FILEINFO_STREAM_INFORMATION;
253 status = smb2_getinfo_file(tree, tmp_ctx, &io);
254 if (NT_STATUS_IS_OK(status)) {
256 for (i=0;i<io.stream_info.out.num_streams;i++) {
257 torture_comment(tctx, "\tstream %d:\n", i);
258 torture_comment(tctx, "\t\tsize %ld\n",
259 (long)io.stream_info.out.streams[i].size);
260 torture_comment(tctx, "\t\talloc size %ld\n",
261 (long)io.stream_info.out.streams[i].alloc_size);
262 torture_comment(tctx, "\t\tname %s\n", io.stream_info.out.streams[i].stream_name.s);
267 /* the security descriptor */
268 io.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
269 io.query_secdesc.in.secinfo_flags =
270 SECINFO_OWNER|SECINFO_GROUP|
272 status = smb2_getinfo_file(tree, tmp_ctx, &io);
273 if (NT_STATUS_IS_OK(status)) {
274 NDR_PRINT_DEBUG(security_descriptor, io.query_secdesc.out.sd);
278 talloc_free(tmp_ctx);
282 get granted access of a file handle
284 NTSTATUS torture_smb2_get_allinfo_access(struct smb2_tree *tree,
285 struct smb2_handle handle,
286 uint32_t *granted_access)
289 TALLOC_CTX *tmp_ctx = talloc_new(tree);
290 union smb_fileinfo io;
292 io.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION;
293 io.generic.in.file.handle = handle;
295 status = smb2_getinfo_file(tree, tmp_ctx, &io);
296 if (!NT_STATUS_IS_OK(status)) {
297 DEBUG(0, ("getinfo failed - %s\n", nt_errstr(status)));
301 *granted_access = io.all_info2.out.access_mask;
304 talloc_free(tmp_ctx);
309 * open a smb2 tree connect
311 bool torture_smb2_tree_connect(struct torture_context *tctx,
312 struct smb2_session *session,
314 struct smb2_tree **_tree)
317 const char *host = torture_setting_string(tctx, "host", NULL);
318 const char *share = torture_setting_string(tctx, "share", NULL);
320 struct smb2_tree *tree;
321 struct tevent_req *subreq;
322 uint32_t timeout_msec;
324 unc = talloc_asprintf(tctx, "\\\\%s\\%s", host, share);
325 torture_assert(tctx, unc != NULL, "talloc_asprintf");
327 tree = smb2_tree_init(session, mem_ctx, false);
328 torture_assert(tctx, tree != NULL, "smb2_tree_init");
330 timeout_msec = session->transport->options.request_timeout * 1000;
332 subreq = smb2cli_tcon_send(tree, tctx->ev,
333 session->transport->conn,
339 torture_assert(tctx, subreq != NULL, "smb2cli_tcon_send");
342 tevent_req_poll_ntstatus(subreq, tctx->ev, &status),
343 "tevent_req_poll_ntstatus");
345 status = smb2cli_tcon_recv(subreq);
347 torture_assert_ntstatus_ok(tctx, status, "smb2cli_tcon_recv");
355 * do a smb2 session setup (without a tree connect)
357 bool torture_smb2_session_setup(struct torture_context *tctx,
358 struct smb2_transport *transport,
359 uint64_t previous_session_id,
361 struct smb2_session **_session)
364 struct smb2_session *session;
366 session = smb2_session_init(transport,
367 lpcfg_gensec_settings(tctx, tctx->lp_ctx),
370 if (session == NULL) {
374 status = smb2_session_setup_spnego(session,
375 samba_cmdline_get_creds(),
376 previous_session_id);
377 if (!NT_STATUS_IS_OK(status)) {
378 torture_comment(tctx, "session setup failed: %s\n", nt_errstr(status));
379 talloc_free(session);
389 open a smb2 connection
391 bool torture_smb2_connection_ext(struct torture_context *tctx,
392 uint64_t previous_session_id,
393 const struct smbcli_options *options,
394 struct smb2_tree **tree)
397 const char *host = torture_setting_string(tctx, "host", NULL);
398 const char *share = torture_setting_string(tctx, "share", NULL);
399 const char *p = torture_setting_string(tctx, "unclist", NULL);
400 TALLOC_CTX *mem_ctx = NULL;
407 mem_ctx = talloc_new(tctx);
408 if (mem_ctx == NULL) {
412 ok = torture_get_conn_index(tctx->conn_index++, mem_ctx, tctx,
415 TALLOC_FREE(mem_ctx);
423 status = smb2_connect_ext(tctx,
425 lpcfg_smb_ports(tctx->lp_ctx),
427 lpcfg_resolve_context(tctx->lp_ctx),
428 samba_cmdline_get_creds(),
429 NULL, /* existing_conn */
434 lpcfg_socket_options(tctx->lp_ctx),
435 lpcfg_gensec_settings(tctx, tctx->lp_ctx)
437 if (!NT_STATUS_IS_OK(status)) {
438 torture_comment(tctx, "Failed to connect to SMB2 share \\\\%s\\%s - %s\n",
439 host, share, nt_errstr(status));
440 TALLOC_FREE(mem_ctx);
444 TALLOC_FREE(mem_ctx);
448 bool torture_smb2_connection(struct torture_context *tctx, struct smb2_tree **tree)
451 struct smbcli_options options;
453 lpcfg_smbcli_options(tctx->lp_ctx, &options);
455 ret = torture_smb2_connection_ext(tctx, 0, &options, tree);
461 * SMB2 connect with share from soption
463 bool torture_smb2_con_share(struct torture_context *tctx,
465 struct smb2_tree **tree)
467 struct smbcli_options options;
469 const char *host = torture_setting_string(tctx, "host", NULL);
471 lpcfg_smbcli_options(tctx->lp_ctx, &options);
473 status = smb2_connect(tctx,
475 lpcfg_smb_ports(tctx->lp_ctx),
477 lpcfg_resolve_context(tctx->lp_ctx),
478 samba_cmdline_get_creds(),
482 lpcfg_socket_options(tctx->lp_ctx),
483 lpcfg_gensec_settings(tctx, tctx->lp_ctx)
485 if (!NT_STATUS_IS_OK(status)) {
486 torture_comment(tctx, "Failed to connect to SMB2 share \\\\%s\\%s - %s\n",
487 host, share, nt_errstr(status));
494 * SMB2 connect with share from soption
496 bool torture_smb2_con_sopt(struct torture_context *tctx,
498 struct smb2_tree **tree)
500 const char *share = torture_setting_string(tctx, soption, NULL);
503 torture_comment(tctx, "No share for option %s\n", soption);
507 return torture_smb2_con_share(tctx, share, tree);
511 create and return a handle to a test file
512 with a specific access mask
514 NTSTATUS torture_smb2_testfile_access(struct smb2_tree *tree, const char *fname,
515 struct smb2_handle *handle,
516 uint32_t desired_access)
518 struct smb2_create io;
522 io.in.oplock_level = 0;
523 io.in.desired_access = desired_access;
524 io.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
525 io.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
527 NTCREATEX_SHARE_ACCESS_DELETE|
528 NTCREATEX_SHARE_ACCESS_READ|
529 NTCREATEX_SHARE_ACCESS_WRITE;
530 io.in.create_options = 0;
533 status = smb2_create(tree, tree, &io);
534 NT_STATUS_NOT_OK_RETURN(status);
536 *handle = io.out.file.handle;
542 create and return a handle to a test file
544 NTSTATUS torture_smb2_testfile(struct smb2_tree *tree, const char *fname,
545 struct smb2_handle *handle)
547 return torture_smb2_testfile_access(tree, fname, handle,
548 SEC_RIGHTS_FILE_ALL);
552 create and return a handle to a test file
553 with a specific access mask
555 NTSTATUS torture_smb2_open(struct smb2_tree *tree,
557 uint32_t desired_access,
558 struct smb2_handle *handle)
560 struct smb2_create io;
563 io = (struct smb2_create) {
565 .in.desired_access = desired_access,
566 .in.file_attributes = FILE_ATTRIBUTE_NORMAL,
567 .in.create_disposition = NTCREATEX_DISP_OPEN,
568 .in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
571 status = smb2_create(tree, tree, &io);
572 if (!NT_STATUS_IS_OK(status)) {
576 *handle = io.out.file.handle;
582 create and return a handle to a test directory
583 with specific desired access
585 NTSTATUS torture_smb2_testdir_access(struct smb2_tree *tree, const char *fname,
586 struct smb2_handle *handle,
587 uint32_t desired_access)
589 struct smb2_create io;
593 io.in.oplock_level = 0;
594 io.in.desired_access = desired_access;
595 io.in.file_attributes = FILE_ATTRIBUTE_DIRECTORY;
596 io.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
597 io.in.share_access = NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE|NTCREATEX_SHARE_ACCESS_DELETE;
598 io.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
601 status = smb2_create(tree, tree, &io);
602 NT_STATUS_NOT_OK_RETURN(status);
604 *handle = io.out.file.handle;
610 create and return a handle to a test directory
612 NTSTATUS torture_smb2_testdir(struct smb2_tree *tree, const char *fname,
613 struct smb2_handle *handle)
615 return torture_smb2_testdir_access(tree, fname, handle,
620 create a simple file using the SMB2 protocol
622 NTSTATUS smb2_create_simple_file(struct torture_context *tctx,
623 struct smb2_tree *tree, const char *fname,
624 struct smb2_handle *handle)
629 smb2_util_unlink(tree, fname);
630 status = torture_smb2_testfile_access(tree,
632 SEC_FLAG_MAXIMUM_ALLOWED);
633 NT_STATUS_NOT_OK_RETURN(status);
635 status = smb2_util_write(tree, *handle, buf, 0, sizeof(buf));
636 NT_STATUS_NOT_OK_RETURN(status);
642 create a simple file using SMB2.
644 NTSTATUS torture_setup_simple_file(struct torture_context *tctx,
645 struct smb2_tree *tree, const char *fname)
647 struct smb2_handle handle;
648 NTSTATUS status = smb2_create_simple_file(tctx, tree, fname, &handle);
649 NT_STATUS_NOT_OK_RETURN(status);
650 return smb2_util_close(tree, handle);
654 create a complex file using SMB2, to make it easier to
655 find fields in SMB2 getinfo levels
657 NTSTATUS torture_setup_complex_file(struct torture_context *tctx,
658 struct smb2_tree *tree, const char *fname)
660 struct smb2_handle handle;
661 NTSTATUS status = smb2_create_complex_file(tctx, tree, fname, &handle);
662 NT_STATUS_NOT_OK_RETURN(status);
663 return smb2_util_close(tree, handle);
668 create a complex dir using SMB2, to make it easier to
669 find fields in SMB2 getinfo levels
671 NTSTATUS torture_setup_complex_dir(struct torture_context *tctx,
672 struct smb2_tree *tree, const char *fname)
674 struct smb2_handle handle;
675 NTSTATUS status = smb2_create_complex_dir(tctx, tree, fname, &handle);
676 NT_STATUS_NOT_OK_RETURN(status);
677 return smb2_util_close(tree, handle);
682 return a handle to the root of the share
684 NTSTATUS smb2_util_roothandle(struct smb2_tree *tree, struct smb2_handle *handle)
686 struct smb2_create io;
690 io.in.oplock_level = 0;
691 io.in.desired_access = SEC_STD_SYNCHRONIZE | SEC_DIR_READ_ATTRIBUTE | SEC_DIR_LIST;
692 io.in.file_attributes = 0;
693 io.in.create_disposition = NTCREATEX_DISP_OPEN;
694 io.in.share_access = NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_DELETE;
695 io.in.create_options = NTCREATEX_OPTIONS_ASYNC_ALERT;
698 status = smb2_create(tree, tree, &io);
699 NT_STATUS_NOT_OK_RETURN(status);
701 *handle = io.out.file.handle;
706 /* Comparable to torture_setup_dir, but for SMB2. */
707 bool smb2_util_setup_dir(struct torture_context *tctx, struct smb2_tree *tree,
712 /* XXX: smb_raw_exit equivalent?
713 smb_raw_exit(cli->session); */
714 if (smb2_deltree(tree, dname) == -1) {
715 torture_result(tctx, TORTURE_ERROR, "Unable to deltree when setting up %s.\n", dname);
719 status = smb2_util_mkdir(tree, dname);
720 if (NT_STATUS_IS_ERR(status)) {
721 torture_result(tctx, TORTURE_ERROR, "Unable to mkdir when setting up %s - %s\n", dname,
729 #define CHECK_STATUS(status, correct) do { \
730 if (!NT_STATUS_EQUAL(status, correct)) { \
731 torture_result(tctx, TORTURE_FAIL, "(%s) Incorrect status %s - should be %s\n", \
732 __location__, nt_errstr(status), nt_errstr(correct)); \
738 * Helper function to verify a security descriptor, by querying
739 * and comparing against the passed in sd.
741 bool smb2_util_verify_sd(TALLOC_CTX *tctx, struct smb2_tree *tree,
742 struct smb2_handle handle, struct security_descriptor *sd)
746 union smb_fileinfo q = {};
748 q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
749 q.query_secdesc.in.file.handle = handle;
750 q.query_secdesc.in.secinfo_flags =
754 status = smb2_getinfo_file(tree, tctx, &q);
755 CHECK_STATUS(status, NT_STATUS_OK);
757 if (!security_acl_equal(
758 q.query_secdesc.out.sd->dacl, sd->dacl)) {
759 torture_warning(tctx, "%s: security descriptors don't match!\n",
761 torture_warning(tctx, "got:\n");
762 NDR_PRINT_DEBUG(security_descriptor,
763 q.query_secdesc.out.sd);
764 torture_warning(tctx, "expected:\n");
765 NDR_PRINT_DEBUG(security_descriptor, sd);
774 * Helper function to verify attributes, by querying
775 * and comparing against the passed in attrib.
777 bool smb2_util_verify_attrib(TALLOC_CTX *tctx, struct smb2_tree *tree,
778 struct smb2_handle handle, uint32_t attrib)
782 union smb_fileinfo q = {};
784 q.standard.level = RAW_FILEINFO_SMB2_ALL_INFORMATION;
785 q.standard.in.file.handle = handle;
786 status = smb2_getinfo_file(tree, tctx, &q);
787 CHECK_STATUS(status, NT_STATUS_OK);
789 q.all_info2.out.attrib &= ~(FILE_ATTRIBUTE_ARCHIVE | FILE_ATTRIBUTE_NONINDEXED);
791 if (q.all_info2.out.attrib != attrib) {
792 torture_warning(tctx, "%s: attributes don't match! "
793 "got %x, expected %x\n", __location__,
794 (uint32_t)q.standard.out.attrib,
804 uint32_t smb2_util_lease_state(const char *ls)
809 for (i = 0; i < strlen(ls); i++) {
812 val |= SMB2_LEASE_READ;
815 val |= SMB2_LEASE_HANDLE;
818 val |= SMB2_LEASE_WRITE;
826 char *smb2_util_lease_state_string(TALLOC_CTX *mem_ctx, uint32_t ls)
828 return talloc_asprintf(mem_ctx, "0x%0x (%s%s%s)",
830 ls & SMB2_LEASE_READ ? "R": "",
831 ls & SMB2_LEASE_HANDLE ? "H": "",
832 ls & SMB2_LEASE_WRITE ? "W": "");
835 uint32_t smb2_util_share_access(const char *sharemode)
837 uint32_t val = NTCREATEX_SHARE_ACCESS_NONE; /* 0 */
840 for (i = 0; i < strlen(sharemode); i++) {
841 switch(sharemode[i]) {
843 val |= NTCREATEX_SHARE_ACCESS_READ;
846 val |= NTCREATEX_SHARE_ACCESS_WRITE;
849 val |= NTCREATEX_SHARE_ACCESS_DELETE;
857 uint8_t smb2_util_oplock_level(const char *op)
859 uint8_t val = SMB2_OPLOCK_LEVEL_NONE;
862 for (i = 0; i < strlen(op); i++) {
865 return SMB2_OPLOCK_LEVEL_II;
867 return SMB2_OPLOCK_LEVEL_EXCLUSIVE;
869 return SMB2_OPLOCK_LEVEL_BATCH;
879 * Helper functions to fill a smb2_create struct for several
882 void smb2_generic_create_share(struct smb2_create *io, struct smb2_lease *ls,
883 bool dir, const char *name, uint32_t disposition,
884 uint32_t share_access,
885 uint8_t oplock, uint64_t leasekey,
889 io->in.security_flags = 0x00;
890 io->in.oplock_level = oplock;
891 io->in.impersonation_level = NTCREATEX_IMPERSONATION_IMPERSONATION;
892 io->in.create_flags = 0x00000000;
893 io->in.reserved = 0x00000000;
894 io->in.desired_access = SEC_RIGHTS_FILE_ALL;
895 io->in.file_attributes = FILE_ATTRIBUTE_NORMAL;
896 io->in.share_access = share_access;
897 io->in.create_disposition = disposition;
898 io->in.create_options = NTCREATEX_OPTIONS_SEQUENTIAL_ONLY |
899 NTCREATEX_OPTIONS_ASYNC_ALERT |
900 NTCREATEX_OPTIONS_NON_DIRECTORY_FILE |
905 io->in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
906 io->in.file_attributes = FILE_ATTRIBUTE_DIRECTORY;
907 io->in.create_disposition = NTCREATEX_DISP_CREATE;
912 ls->lease_key.data[0] = leasekey;
913 ls->lease_key.data[1] = ~leasekey;
914 ls->lease_state = leasestate;
915 io->in.lease_request = ls;
919 void smb2_generic_create(struct smb2_create *io, struct smb2_lease *ls,
920 bool dir, const char *name, uint32_t disposition,
921 uint8_t oplock, uint64_t leasekey,
924 smb2_generic_create_share(io, ls, dir, name, disposition,
925 smb2_util_share_access("RWD"),
927 leasekey, leasestate);
930 void smb2_lease_create_share(struct smb2_create *io, struct smb2_lease *ls,
931 bool dir, const char *name, uint32_t share_access,
932 uint64_t leasekey, uint32_t leasestate)
934 smb2_generic_create_share(io, ls, dir, name, NTCREATEX_DISP_OPEN_IF,
935 share_access, SMB2_OPLOCK_LEVEL_LEASE,
936 leasekey, leasestate);
939 void smb2_lease_create(struct smb2_create *io, struct smb2_lease *ls,
940 bool dir, const char *name, uint64_t leasekey,
943 smb2_lease_create_share(io, ls, dir, name,
944 smb2_util_share_access("RWD"),
945 leasekey, leasestate);
948 void smb2_lease_v2_create_share(struct smb2_create *io,
949 struct smb2_lease *ls,
952 uint32_t share_access,
954 const uint64_t *parentleasekey,
956 uint16_t lease_epoch)
958 smb2_generic_create_share(io, NULL, dir, name, NTCREATEX_DISP_OPEN_IF,
959 share_access, SMB2_OPLOCK_LEVEL_LEASE, 0, 0);
963 ls->lease_key.data[0] = leasekey;
964 ls->lease_key.data[1] = ~leasekey;
965 ls->lease_state = leasestate;
966 if (parentleasekey != NULL) {
967 ls->lease_flags |= SMB2_LEASE_FLAG_PARENT_LEASE_KEY_SET;
968 ls->parent_lease_key.data[0] = *parentleasekey;
969 ls->parent_lease_key.data[1] = ~(*parentleasekey);
971 ls->lease_epoch = lease_epoch;
972 io->in.lease_request_v2 = ls;
976 void smb2_lease_v2_create(struct smb2_create *io,
977 struct smb2_lease *ls,
981 const uint64_t *parentleasekey,
983 uint16_t lease_epoch)
985 smb2_lease_v2_create_share(io, ls, dir, name,
986 smb2_util_share_access("RWD"),
987 leasekey, parentleasekey,
988 leasestate, lease_epoch);
992 void smb2_oplock_create_share(struct smb2_create *io, const char *name,
993 uint32_t share_access, uint8_t oplock)
995 smb2_generic_create_share(io, NULL, false, name, NTCREATEX_DISP_OPEN_IF,
996 share_access, oplock, 0, 0);
998 void smb2_oplock_create(struct smb2_create *io, const char *name, uint8_t oplock)
1000 smb2_oplock_create_share(io, name, smb2_util_share_access("RWD"),
1005 a wrapper around smblsa_sid_check_privilege, that tries to take
1006 account of the fact that the lsa privileges calls don't expand
1007 group memberships, using an explicit check for administrator. There
1008 must be a better way ...
1010 NTSTATUS torture_smb2_check_privilege(struct smb2_tree *tree,
1011 const char *sid_str,
1012 const char *privilege)
1014 struct dom_sid *sid = NULL;
1015 TALLOC_CTX *tmp_ctx = NULL;
1019 tmp_ctx = talloc_new(tree);
1020 if (tmp_ctx == NULL) {
1021 return NT_STATUS_NO_MEMORY;
1024 sid = dom_sid_parse_talloc(tmp_ctx, sid_str);
1026 talloc_free(tmp_ctx);
1027 return NT_STATUS_INVALID_SID;
1030 status = dom_sid_split_rid(tmp_ctx, sid, NULL, &rid);
1031 if (!NT_STATUS_IS_OK(status)) {
1032 TALLOC_FREE(tmp_ctx);
1036 if (rid == DOMAIN_RID_ADMINISTRATOR) {
1037 /* assume the administrator has them all */
1038 TALLOC_FREE(tmp_ctx);
1039 return NT_STATUS_OK;
1042 talloc_free(tmp_ctx);
1044 return smb2lsa_sid_check_privilege(tree, sid_str, privilege);