r4973: Add a RAP scanner to smbtorture. win2k has call numbers 0-215 although
[samba.git] / source4 / torture / rap / rap.c
1 /* 
2    Unix SMB/CIFS implementation.
3    test suite for various RAP operations
4    Copyright (C) Volker Lendecke 2004
5    Copyright (C) Tim Potter 2005
6    
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License as published by
9    the Free Software Foundation; either version 2 of the License, or
10    (at your option) any later version.
11    
12    This program is distributed in the hope that it will be useful,
13    but WITHOUT ANY WARRANTY; without even the implied warranty of
14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15    GNU General Public License for more details.
16    
17    You should have received a copy of the GNU General Public License
18    along with this program; if not, write to the Free Software
19    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 */
21
22 #include "includes.h"
23 #include "rap.h"
24
25 struct rap_call {
26         TALLOC_CTX *mem_ctx;
27         uint16 callno;
28         char *paramdesc;
29         const char *datadesc;
30
31         uint16 status;
32         uint16 convert;
33         
34         uint16 rcv_paramlen, rcv_datalen;
35
36         struct ndr_push *ndr_push_param;
37         struct ndr_push *ndr_push_data;
38         struct ndr_pull *ndr_pull_param;
39         struct ndr_pull *ndr_pull_data;
40 };
41
42 #define RAPNDR_FLAGS (LIBNDR_FLAG_NOALIGN|LIBNDR_FLAG_STR_ASCII|LIBNDR_FLAG_STR_NULLTERM);
43
44 static struct rap_call *new_rap_cli_call(uint16 callno)
45 {
46         struct rap_call *call;
47         TALLOC_CTX *mem_ctx = talloc_init("rap_call");
48
49         if (mem_ctx == NULL)
50                 return NULL;
51
52         call = talloc_p(mem_ctx, struct rap_call);
53
54         if (call == NULL)
55                 return NULL;
56
57         ZERO_STRUCTP(call);
58
59         call->callno = callno;
60         call->rcv_paramlen = 4;
61         call->mem_ctx = mem_ctx;
62
63         call->ndr_push_param = ndr_push_init_ctx(mem_ctx);
64         call->ndr_push_param->flags = RAPNDR_FLAGS;
65
66         call->ndr_push_data = ndr_push_init_ctx(mem_ctx);
67         call->ndr_push_data->flags = RAPNDR_FLAGS;
68
69         return call;
70 }
71
72 static void destroy_rap_call(struct rap_call *call)
73 {
74         talloc_destroy(call->mem_ctx);
75 }
76
77 static void rap_cli_push_paramdesc(struct rap_call *call, char desc)
78 {
79         int len = 0;
80
81         if (call->paramdesc != NULL)
82                 len = strlen(call->paramdesc);
83
84         call->paramdesc = talloc_realloc(call->mem_ctx,
85                                          call->paramdesc,
86                                          uint8_t,
87                                          len+2);
88         call->paramdesc[len] = desc;
89         call->paramdesc[len+1] = '\0';
90 }
91
92 static void rap_cli_push_word(struct rap_call *call, uint16 val)
93 {
94         rap_cli_push_paramdesc(call, 'W');
95         ndr_push_uint16(call->ndr_push_param, val);
96 }
97
98 static void rap_cli_push_dword(struct rap_call *call, uint32 val)
99 {
100         rap_cli_push_paramdesc(call, 'D');
101         ndr_push_uint32(call->ndr_push_param, val);
102 }
103
104 static void rap_cli_push_rcvbuf(struct rap_call *call, int len)
105 {
106         rap_cli_push_paramdesc(call, 'r');
107         rap_cli_push_paramdesc(call, 'L');
108         ndr_push_uint16(call->ndr_push_param, len);
109         call->rcv_datalen = len;
110 }
111
112 static void rap_cli_expect_multiple_entries(struct rap_call *call)
113 {
114         rap_cli_push_paramdesc(call, 'e');
115         rap_cli_push_paramdesc(call, 'h');
116         call->rcv_paramlen += 4; /* uint16 entry count, uint16 total */
117 }
118
119 static void rap_cli_push_string(struct rap_call *call, const char *str)
120 {
121         if (str == NULL) {
122                 rap_cli_push_paramdesc(call, 'O');
123                 return;
124         }
125         rap_cli_push_paramdesc(call, 'z');
126         ndr_push_string(call->ndr_push_param, NDR_SCALARS, str);
127 }
128
129 static void rap_cli_expect_format(struct rap_call *call, const char *format)
130 {
131         call->datadesc = format;
132 }
133
134 static NTSTATUS rap_pull_string(TALLOC_CTX *mem_ctx, struct ndr_pull *ndr,
135                                 uint16 convert, char **dest)
136 {
137         uint16 string_offset;
138         uint16 ignore;
139         const char *p;
140         size_t len;
141
142         NDR_CHECK(ndr_pull_uint16(ndr, &string_offset));
143         NDR_CHECK(ndr_pull_uint16(ndr, &ignore));
144
145         string_offset -= convert;
146
147         if (string_offset+1 > ndr->data_size)
148                 return NT_STATUS_INVALID_PARAMETER;
149
150         p = (const char *)(ndr->data + string_offset);
151         len = strnlen(p, ndr->data_size-string_offset);
152
153         if ( string_offset + len + 1 >  ndr->data_size )
154                 return NT_STATUS_INVALID_PARAMETER;
155
156         *dest = talloc_zero_size(mem_ctx, len+1);
157         pull_ascii(*dest, p, len+1, len, 0);
158
159         return NT_STATUS_OK;
160 }
161
162 static NTSTATUS rap_cli_do_call(struct smbcli_state *cli, TALLOC_CTX *mem_ctx,
163                                 struct rap_call *call)
164 {
165         NTSTATUS result;
166         DATA_BLOB param_blob;
167         struct ndr_push *params;
168         struct smb_trans2 trans;
169
170         params = ndr_push_init_ctx(mem_ctx);
171
172         if (params == NULL)
173                 return NT_STATUS_NO_MEMORY;
174
175         params->flags = RAPNDR_FLAGS;
176
177         trans.in.max_param = call->rcv_paramlen;
178         trans.in.max_data = smb_raw_max_trans_data(cli->tree, call->rcv_paramlen);
179         trans.in.max_setup = 0;
180         trans.in.flags = 0;
181         trans.in.timeout = 0;
182         trans.in.setup_count = 0;
183         trans.in.setup = NULL;
184         trans.in.trans_name = "\\PIPE\\LANMAN";
185
186         NDR_CHECK(ndr_push_uint16(params, call->callno));
187         if (call->paramdesc)
188                 NDR_CHECK(ndr_push_string(params, NDR_SCALARS, call->paramdesc));
189         if (call->datadesc)
190                 NDR_CHECK(ndr_push_string(params, NDR_SCALARS, call->datadesc));
191
192         param_blob = ndr_push_blob(call->ndr_push_param);
193         NDR_CHECK(ndr_push_bytes(params, param_blob.data,
194                                  param_blob.length));
195
196         trans.in.params = ndr_push_blob(params);
197         trans.in.data = data_blob(NULL, 0);
198
199         result = smb_raw_trans(cli->tree, call->mem_ctx, &trans);
200
201         if (!NT_STATUS_IS_OK(result))
202                 return result;
203
204         call->ndr_pull_param = ndr_pull_init_blob(&trans.out.params,
205                                                   call->mem_ctx);
206         call->ndr_pull_param->flags = RAPNDR_FLAGS;
207
208         call->ndr_pull_data = ndr_pull_init_blob(&trans.out.data,
209                                                  call->mem_ctx);
210         call->ndr_pull_data->flags = RAPNDR_FLAGS;
211
212         return result;
213 }
214
215 #define NDR_OK(call) do { NTSTATUS _status; \
216                              _status = call; \
217                              if (!NT_STATUS_IS_OK(_status)) \
218                                 goto done; \
219                         } while (0)
220
221 static NTSTATUS smbcli_rap_netshareenum(struct smbcli_state *cli,
222                                      TALLOC_CTX *mem_ctx,
223                                      struct rap_NetShareEnum *r)
224 {
225         struct rap_call *call;
226         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
227         int i;
228
229         call = new_rap_cli_call(0);
230
231         if (call == NULL)
232                 return NT_STATUS_NO_MEMORY;
233
234         rap_cli_push_word(call, r->in.level); /* Level */
235         rap_cli_push_rcvbuf(call, r->in.bufsize);
236         rap_cli_expect_multiple_entries(call);
237
238         switch(r->in.level) {
239         case 0:
240                 rap_cli_expect_format(call, "B13");
241                 break;
242         case 1:
243                 rap_cli_expect_format(call, "B13BWz");
244                 break;
245         }
246
247         result = rap_cli_do_call(cli, mem_ctx, call);
248
249         if (!NT_STATUS_IS_OK(result))
250                 goto done;
251
252         NDR_OK(ndr_pull_uint16(call->ndr_pull_param, &r->out.status));
253         NDR_OK(ndr_pull_uint16(call->ndr_pull_param, &r->out.convert));
254         NDR_OK(ndr_pull_uint16(call->ndr_pull_param, &r->out.count));
255         NDR_OK(ndr_pull_uint16(call->ndr_pull_param, &r->out.available));
256
257         r->out.info = talloc_array_p(mem_ctx, union rap_shareenum_info,
258                                      r->out.count);
259
260         if (r->out.info == NULL)
261                 return NT_STATUS_NO_MEMORY;
262
263         for (i=0; i<r->out.count; i++) {
264                 switch(r->in.level) {
265                 case 0:
266                         NDR_OK(ndr_pull_bytes(call->ndr_pull_data,
267                                               (uint8_t *)r->out.info[i].info0.name, 13));
268                         break;
269                 case 1:
270                         NDR_OK(ndr_pull_bytes(call->ndr_pull_data,
271                                               (uint8_t *)r->out.info[i].info1.name, 13));
272                         NDR_OK(ndr_pull_bytes(call->ndr_pull_data,
273                                               (uint8_t *)&r->out.info[i].info1.pad, 1));
274                         NDR_OK(ndr_pull_uint16(call->ndr_pull_data,
275                                                &r->out.info[i].info1.type));
276                         NDR_OK(rap_pull_string(mem_ctx, call->ndr_pull_data,
277                                                r->out.convert,
278                                                &r->out.info[i].info1.comment));
279                         break;
280                 }
281         }
282
283         result = NT_STATUS_OK;
284
285  done:
286         destroy_rap_call(call);
287
288         return result;
289 }
290
291 static BOOL test_netshareenum(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
292 {
293         struct rap_NetShareEnum r;
294         int i;
295
296         r.in.level = 1;
297         r.in.bufsize = 8192;
298
299         if (!NT_STATUS_IS_OK(smbcli_rap_netshareenum(cli, mem_ctx, &r)))
300                 return False;
301
302         for (i=0; i<r.out.count; i++) {
303                 printf("%s %d %s\n", r.out.info[i].info1.name,
304                        r.out.info[i].info1.type,
305                        r.out.info[i].info1.comment);
306         }
307
308         return True;
309 }
310
311 static NTSTATUS smbcli_rap_netserverenum2(struct smbcli_state *cli,
312                                        TALLOC_CTX *mem_ctx,
313                                        struct rap_NetServerEnum2 *r)
314 {
315         struct rap_call *call;
316         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
317         int i;
318
319         call = new_rap_cli_call(104);
320
321         if (call == NULL)
322                 return NT_STATUS_NO_MEMORY;
323
324         rap_cli_push_word(call, r->in.level);
325         rap_cli_push_rcvbuf(call, r->in.bufsize);
326         rap_cli_expect_multiple_entries(call);
327         rap_cli_push_dword(call, r->in.servertype);
328         rap_cli_push_string(call, r->in.domain);
329
330         switch(r->in.level) {
331         case 0:
332                 rap_cli_expect_format(call, "B16");
333                 break;
334         case 1:
335                 rap_cli_expect_format(call, "B16BBDz");
336                 break;
337         }
338
339         result = rap_cli_do_call(cli, mem_ctx, call);
340
341         if (!NT_STATUS_IS_OK(result))
342                 goto done;
343
344         result = NT_STATUS_INVALID_PARAMETER;
345
346         NDR_OK(ndr_pull_uint16(call->ndr_pull_param, &r->out.status));
347         NDR_OK(ndr_pull_uint16(call->ndr_pull_param, &r->out.convert));
348         NDR_OK(ndr_pull_uint16(call->ndr_pull_param, &r->out.count));
349         NDR_OK(ndr_pull_uint16(call->ndr_pull_param, &r->out.available));
350
351         r->out.info = talloc_array_p(mem_ctx, union rap_server_info,
352                                      r->out.count);
353
354         if (r->out.info == NULL)
355                 return NT_STATUS_NO_MEMORY;
356
357         for (i=0; i<r->out.count; i++) {
358                 switch(r->in.level) {
359                 case 0:
360                         NDR_OK(ndr_pull_bytes(call->ndr_pull_data,
361                                               (uint8_t *)r->out.info[i].info0.name, 16));
362                         break;
363                 case 1:
364                         NDR_OK(ndr_pull_bytes(call->ndr_pull_data,
365                                               (uint8_t *)r->out.info[i].info1.name, 16));
366                         NDR_OK(ndr_pull_bytes(call->ndr_pull_data,
367                                               &r->out.info[i].info1.version_major, 1));
368                         NDR_OK(ndr_pull_bytes(call->ndr_pull_data,
369                                               &r->out.info[i].info1.version_minor, 1));
370                         NDR_OK(ndr_pull_uint32(call->ndr_pull_data,
371                                                &r->out.info[i].info1.servertype));
372                         NDR_OK(rap_pull_string(mem_ctx, call->ndr_pull_data,
373                                                r->out.convert,
374                                                &r->out.info[i].info1.comment));
375                 }
376         }
377
378         result = NT_STATUS_OK;
379
380  done:
381         destroy_rap_call(call);
382
383         return result;
384 }
385
386 static BOOL test_netserverenum(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
387 {
388         struct rap_NetServerEnum2 r;
389         int i;
390
391         r.in.level = 0;
392         r.in.bufsize = 8192;
393         r.in.servertype = 0xffffffff;
394         r.in.servertype = 0x80000000;
395         r.in.domain = NULL;
396
397         if (!NT_STATUS_IS_OK(smbcli_rap_netserverenum2(cli, mem_ctx, &r)))
398                 return False;
399
400         for (i=0; i<r.out.count; i++) {
401                 switch (r.in.level) {
402                 case 0:
403                         printf("%s\n", r.out.info[i].info0.name);
404                         break;
405                 case 1:
406                         printf("%s %x %s\n", r.out.info[i].info1.name,
407                                r.out.info[i].info1.servertype,
408                                r.out.info[i].info1.comment);
409                         break;
410                 }
411         }
412
413         return True;
414 }
415
416
417
418 static BOOL test_rap(struct smbcli_state *cli, TALLOC_CTX *mem_ctx)
419 {
420         BOOL res = True;
421
422         if (!test_netserverenum(cli, mem_ctx))
423                 res = False;
424
425         if (!test_netshareenum(cli, mem_ctx))
426                 res = False;
427
428         return res;
429 }
430
431 BOOL torture_raw_rap(void)
432 {
433         struct smbcli_state *cli;
434         BOOL ret = True;
435         TALLOC_CTX *mem_ctx;
436
437         if (!torture_open_connection(&cli)) {
438                 return False;
439         }
440
441         mem_ctx = talloc_init("torture_raw_rap");
442
443         if (!test_rap(cli, mem_ctx)) {
444                 ret = False;
445         }
446
447         torture_close_connection(cli);
448         talloc_destroy(mem_ctx);
449         return ret;
450 }
451
452 BOOL torture_rap_scan(void)
453 {
454         struct smbcli_state *cli;
455         uint16 callno;
456
457         if (!torture_open_connection(&cli)) {
458                 return False;
459         }
460         
461         for (callno = 0; callno < 0xffff; callno++) {
462                 struct rap_call *call = new_rap_cli_call(callno);
463                 NTSTATUS result;
464
465                 result = rap_cli_do_call(cli, cli, call);
466
467                 if (NT_STATUS_EQUAL(result, NT_STATUS_INVALID_PARAMETER))
468                         printf("callno %d is RAP call\n", callno);
469
470                 destroy_rap_call(call);
471         }
472
473         torture_close_connection(cli);
474         return True;
475 }