source4/torture/rap/rap.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    test suite for various RAP operations
   4    Copyright (C) Volker Lendecke 2004
   5    Copyright (C) Tim Potter 2005
   6
   7    This program is free software; you can redistribute it and/or modify
   8    it under the terms of the GNU General Public License as published by
   9    the Free Software Foundation; either version 2 of the License, or
  10    (at your option) any later version.
  11
  12    This program is distributed in the hope that it will be useful,
  13    but WITHOUT ANY WARRANTY; without even the implied warranty of
  14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15    GNU General Public License for more details.
  16
  17    You should have received a copy of the GNU General Public License
  18    along with this program; if not, write to the Free Software
  19    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  20 */
  21
  22 #include "includes.h"
  23 #include "libcli/libcli.h"
  24 #include "torture/util.h"
  25 #include "libcli/rap/rap.h"
  26 #include "libcli/raw/libcliraw.h"
  27 #include "libcli/libcli.h"
  28
  29 struct rap_call {
  30         uint16_t callno;
  31         char *paramdesc;
  32         const char *datadesc;
  33
  34         uint16_t status;
  35         uint16_t convert;
  36
  37         uint16_t rcv_paramlen, rcv_datalen;
  38
  39         struct ndr_push *ndr_push_param;
  40         struct ndr_push *ndr_push_data;
  41         struct ndr_pull *ndr_pull_param;
  42         struct ndr_pull *ndr_pull_data;
  43 };
  44
  45 #define RAPNDR_FLAGS (LIBNDR_FLAG_NOALIGN|LIBNDR_FLAG_STR_ASCII|LIBNDR_FLAG_STR_NULLTERM);
  46
  47 static struct rap_call *new_rap_cli_call(TALLOC_CTX *mem_ctx, uint16_t callno)
  48 {
  49         struct rap_call *call;
  50
  51         call = talloc(mem_ctx, struct rap_call);
  52
  53         if (call == NULL)
  54                 return NULL;
  55
  56         call->callno = callno;
  57         call->rcv_paramlen = 4;
  58
  59         call->paramdesc = NULL;
  60         call->datadesc = NULL;
  61
  62         call->ndr_push_param = ndr_push_init_ctx(mem_ctx);
  63         call->ndr_push_param->flags = RAPNDR_FLAGS;
  64
  65         call->ndr_push_data = ndr_push_init_ctx(mem_ctx);
  66         call->ndr_push_data->flags = RAPNDR_FLAGS;
  67
  68         return call;
  69 }
  70
  71 static void rap_cli_push_paramdesc(struct rap_call *call, char desc)
  72 {
  73         int len = 0;
  74
  75         if (call->paramdesc != NULL)
  76                 len = strlen(call->paramdesc);
  77
  78         call->paramdesc = talloc_realloc(call,
  79                                          call->paramdesc,
  80                                          uint8_t,
  81                                          len+2);
  82
  83         call->paramdesc[len] = desc;
  84         call->paramdesc[len+1] = '\0';
  85 }
  86
  87 static void rap_cli_push_word(struct rap_call *call, uint16_t val)
  88 {
  89         rap_cli_push_paramdesc(call, 'W');
  90         ndr_push_uint16(call->ndr_push_param, NDR_SCALARS, val);
  91 }
  92
  93 static void rap_cli_push_dword(struct rap_call *call, uint32_t val)
  94 {
  95         rap_cli_push_paramdesc(call, 'D');
  96         ndr_push_uint32(call->ndr_push_param, NDR_SCALARS, val);
  97 }
  98
  99 static void rap_cli_push_rcvbuf(struct rap_call *call, int len)
 100 {
 101         rap_cli_push_paramdesc(call, 'r');
 102         rap_cli_push_paramdesc(call, 'L');
 103         ndr_push_uint16(call->ndr_push_param, NDR_SCALARS, len);
 104         call->rcv_datalen = len;
 105 }
 106
 107 static void rap_cli_expect_multiple_entries(struct rap_call *call)
 108 {
 109         rap_cli_push_paramdesc(call, 'e');
 110         rap_cli_push_paramdesc(call, 'h');
 111         call->rcv_paramlen += 4; /* uint16_t entry count, uint16_t total */
 112 }
 113
 114 static void rap_cli_push_string(struct rap_call *call, const char *str)
 115 {
 116         if (str == NULL) {
 117                 rap_cli_push_paramdesc(call, 'O');
 118                 return;
 119         }
 120         rap_cli_push_paramdesc(call, 'z');
 121         ndr_push_string(call->ndr_push_param, NDR_SCALARS, str);
 122 }
 123
 124 static void rap_cli_expect_format(struct rap_call *call, const char *format)
 125 {
 126         call->datadesc = format;
 127 }
 128
 129 static NTSTATUS rap_pull_string(TALLOC_CTX *mem_ctx, struct ndr_pull *ndr,
 130                                 uint16_t convert, char **dest)
 131 {
 132         uint16_t string_offset;
 133         uint16_t ignore;
 134         const char *p;
 135         size_t len;
 136
 137         NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &string_offset));
 138         NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &ignore));
 139
 140         string_offset -= convert;
 141
 142         if (string_offset+1 > ndr->data_size)
 143                 return NT_STATUS_INVALID_PARAMETER;
 144
 145         p = (const char *)(ndr->data + string_offset);
 146         len = strnlen(p, ndr->data_size-string_offset);
 147
 148         if ( string_offset + len + 1 >  ndr->data_size )
 149                 return NT_STATUS_INVALID_PARAMETER;
 150
 151         *dest = talloc_zero_size(mem_ctx, len+1);
 152         pull_ascii(*dest, p, len+1, len, 0);
 153
 154         return NT_STATUS_OK;
 155 }
 156
 157 static NTSTATUS rap_cli_do_call(struct smbcli_state *cli, struct rap_call *call)
 158 {
 159         NTSTATUS result;
 160         DATA_BLOB param_blob;
 161         struct ndr_push *params;
 162         struct smb_trans2 trans;
 163
 164         params = ndr_push_init_ctx(call);
 165
 166         if (params == NULL)
 167                 return NT_STATUS_NO_MEMORY;
 168
 169         params->flags = RAPNDR_FLAGS;
 170
 171         trans.in.max_param = call->rcv_paramlen;
 172         trans.in.max_data = smb_raw_max_trans_data(cli->tree, call->rcv_paramlen);
 173         trans.in.max_setup = 0;
 174         trans.in.flags = 0;
 175         trans.in.timeout = 0;
 176         trans.in.setup_count = 0;
 177         trans.in.setup = NULL;
 178         trans.in.trans_name = "\\PIPE\\LANMAN";
 179
 180         NDR_CHECK(ndr_push_uint16(params, NDR_SCALARS, call->callno));
 181         if (call->paramdesc)
 182                 NDR_CHECK(ndr_push_string(params, NDR_SCALARS, call->paramdesc));
 183         if (call->datadesc)
 184                 NDR_CHECK(ndr_push_string(params, NDR_SCALARS, call->datadesc));
 185
 186         param_blob = ndr_push_blob(call->ndr_push_param);
 187         NDR_CHECK(ndr_push_bytes(params, param_blob.data,
 188                                  param_blob.length));
 189
 190         trans.in.params = ndr_push_blob(params);
 191         trans.in.data = data_blob(NULL, 0);
 192
 193         result = smb_raw_trans(cli->tree, call, &trans);
 194
 195         if (!NT_STATUS_IS_OK(result))
 196                 return result;
 197
 198         call->ndr_pull_param = ndr_pull_init_blob(&trans.out.params, call);
 199         call->ndr_pull_param->flags = RAPNDR_FLAGS;
 200
 201         call->ndr_pull_data = ndr_pull_init_blob(&trans.out.data, call);
 202         call->ndr_pull_data->flags = RAPNDR_FLAGS;
 203
 204         return result;
 205 }
 206
 207 #define NDR_OK(call) do { NTSTATUS _status; \
 208                              _status = call; \
 209                              if (!NT_STATUS_IS_OK(_status)) \
 210                                 goto done; \
 211                         } while (0)
 212
 213 static NTSTATUS smbcli_rap_netshareenum(struct smbcli_state *cli,
 214                                         TALLOC_CTX *mem_ctx,
 215                                         struct rap_NetShareEnum *r)
 216 {
 217         struct rap_call *call;
 218         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 219         int i;
 220
 221         call = new_rap_cli_call(NULL, RAP_WshareEnum);
 222
 223         if (call == NULL)
 224                 return NT_STATUS_NO_MEMORY;
 225
 226         rap_cli_push_word(call, r->in.level); /* Level */
 227         rap_cli_push_rcvbuf(call, r->in.bufsize);
 228         rap_cli_expect_multiple_entries(call);
 229
 230         switch(r->in.level) {
 231         case 0:
 232                 rap_cli_expect_format(call, "B13");
 233                 break;
 234         case 1:
 235                 rap_cli_expect_format(call, "B13BWz");
 236                 break;
 237         }
 238
 239         result = rap_cli_do_call(cli, call);
 240
 241         if (!NT_STATUS_IS_OK(result))
 242                 goto done;
 243
 244         NDR_OK(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.status));
 245         NDR_OK(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.convert));
 246         NDR_OK(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.count));
 247         NDR_OK(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.available));
 248
 249         r->out.info = talloc_array(mem_ctx, union rap_shareenum_info, r->out.count);
 250
 251         if (r->out.info == NULL) {
 252                 result = NT_STATUS_NO_MEMORY;
 253                 goto done;
 254         }
 255
 256         for (i=0; i<r->out.count; i++) {
 257                 switch(r->in.level) {
 258                 case 0:
 259                         NDR_OK(ndr_pull_bytes(call->ndr_pull_data,
 260                                               (uint8_t *)r->out.info[i].info0.name, 13));
 261                         break;
 262                 case 1:
 263                         NDR_OK(ndr_pull_bytes(call->ndr_pull_data,
 264                                               (uint8_t *)r->out.info[i].info1.name, 13));
 265                         NDR_OK(ndr_pull_bytes(call->ndr_pull_data,
 266                                               (uint8_t *)&r->out.info[i].info1.pad, 1));
 267                         NDR_OK(ndr_pull_uint16(call->ndr_pull_data,
 268                                                NDR_SCALARS, &r->out.info[i].info1.type));
 269                         NDR_OK(rap_pull_string(mem_ctx, call->ndr_pull_data,
 270                                                r->out.convert,
 271                                                &r->out.info[i].info1.comment));
 272                         break;
 273                 }
 274         }
 275
 276         result = NT_STATUS_OK;
 277
 278  done:
 279         talloc_free(call);
 280         return result;
 281 }
 282
 283 static BOOL test_netshareenum(struct smbcli_state *cli)
 284 {
 285         struct rap_NetShareEnum r;
 286         int i;
 287         TALLOC_CTX *tmp_ctx = talloc_new(cli);
 288
 289         r.in.level = 1;
 290         r.in.bufsize = 8192;
 291
 292         if (!NT_STATUS_IS_OK(smbcli_rap_netshareenum(cli, tmp_ctx, &r)))
 293                 return False;
 294
 295         for (i=0; i<r.out.count; i++) {
 296                 printf("%s %d %s\n", r.out.info[i].info1.name,
 297                        r.out.info[i].info1.type,
 298                        r.out.info[i].info1.comment);
 299         }
 300
 301         talloc_free(tmp_ctx);
 302
 303         return True;
 304 }
 305
 306 static NTSTATUS smbcli_rap_netserverenum2(struct smbcli_state *cli,
 307                                           TALLOC_CTX *mem_ctx,
 308                                           struct rap_NetServerEnum2 *r)
 309 {
 310         struct rap_call *call;
 311         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 312         int i;
 313
 314         call = new_rap_cli_call(NULL, RAP_NetServerEnum2);
 315
 316         if (call == NULL)
 317                 return NT_STATUS_NO_MEMORY;
 318
 319         rap_cli_push_word(call, r->in.level);
 320         rap_cli_push_rcvbuf(call, r->in.bufsize);
 321         rap_cli_expect_multiple_entries(call);
 322         rap_cli_push_dword(call, r->in.servertype);
 323         rap_cli_push_string(call, r->in.domain);
 324
 325         switch(r->in.level) {
 326         case 0:
 327                 rap_cli_expect_format(call, "B16");
 328                 break;
 329         case 1:
 330                 rap_cli_expect_format(call, "B16BBDz");
 331                 break;
 332         }
 333
 334         result = rap_cli_do_call(cli, call);
 335
 336         if (!NT_STATUS_IS_OK(result))
 337                 goto done;
 338
 339         result = NT_STATUS_INVALID_PARAMETER;
 340
 341         NDR_OK(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.status));
 342         NDR_OK(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.convert));
 343         NDR_OK(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.count));
 344         NDR_OK(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.available));
 345
 346         r->out.info = talloc_array(mem_ctx, union rap_server_info, r->out.count);
 347
 348         if (r->out.info == NULL) {
 349                 result = NT_STATUS_NO_MEMORY;
 350                 goto done;
 351         }
 352
 353         for (i=0; i<r->out.count; i++) {
 354                 switch(r->in.level) {
 355                 case 0:
 356                         NDR_OK(ndr_pull_bytes(call->ndr_pull_data,
 357                                               (uint8_t *)r->out.info[i].info0.name, 16));
 358                         break;
 359                 case 1:
 360                         NDR_OK(ndr_pull_bytes(call->ndr_pull_data,
 361                                               (uint8_t *)r->out.info[i].info1.name, 16));
 362                         NDR_OK(ndr_pull_bytes(call->ndr_pull_data,
 363                                               &r->out.info[i].info1.version_major, 1));
 364                         NDR_OK(ndr_pull_bytes(call->ndr_pull_data,
 365                                               &r->out.info[i].info1.version_minor, 1));
 366                         NDR_OK(ndr_pull_uint32(call->ndr_pull_data,
 367                                                NDR_SCALARS, &r->out.info[i].info1.servertype));
 368                         NDR_OK(rap_pull_string(mem_ctx, call->ndr_pull_data,
 369                                                r->out.convert,
 370                                                &r->out.info[i].info1.comment));
 371                 }
 372         }
 373
 374         result = NT_STATUS_OK;
 375
 376  done:
 377         talloc_free(call);
 378         return result;
 379 }
 380
 381 static BOOL test_netserverenum(struct smbcli_state *cli)
 382 {
 383         struct rap_NetServerEnum2 r;
 384         int i;
 385         TALLOC_CTX *tmp_ctx = talloc_new(cli);
 386
 387         r.in.level = 0;
 388         r.in.bufsize = 8192;
 389         r.in.servertype = 0xffffffff;
 390         r.in.servertype = 0x80000000;
 391         r.in.domain = NULL;
 392
 393         if (!NT_STATUS_IS_OK(smbcli_rap_netserverenum2(cli, tmp_ctx, &r)))
 394                 return False;
 395
 396         for (i=0; i<r.out.count; i++) {
 397                 switch (r.in.level) {
 398                 case 0:
 399                         printf("%s\n", r.out.info[i].info0.name);
 400                         break;
 401                 case 1:
 402                         printf("%s %x %s\n", r.out.info[i].info1.name,
 403                                r.out.info[i].info1.servertype,
 404                                r.out.info[i].info1.comment);
 405                         break;
 406                 }
 407         }
 408
 409         talloc_free(tmp_ctx);
 410
 411         return True;
 412 }
 413
 414
 415
 416 static BOOL test_rap(struct smbcli_state *cli)
 417 {
 418         BOOL res = True;
 419
 420         if (!test_netserverenum(cli))
 421                 res = False;
 422
 423         if (!test_netshareenum(cli))
 424                 res = False;
 425
 426         return res;
 427 }
 428
 429 BOOL torture_raw_rap(void)
 430 {
 431         struct smbcli_state *cli;
 432         BOOL ret = True;
 433         TALLOC_CTX *mem_ctx;
 434
 435         if (!torture_open_connection(&cli)) {
 436                 return False;
 437         }
 438
 439         mem_ctx = talloc_init("torture_raw_rap");
 440
 441         if (!test_rap(cli)) {
 442                 ret = False;
 443         }
 444
 445         torture_close_connection(cli);
 446         talloc_free(mem_ctx);
 447
 448         return ret;
 449 }
 450
 451 BOOL torture_rap_scan(void)
 452 {
 453         TALLOC_CTX *mem_ctx;
 454         struct smbcli_state *cli;
 455         int callno;
 456
 457         mem_ctx = talloc_init("torture_rap_scan");
 458
 459         if (!torture_open_connection(&cli)) {
 460                 return False;
 461         }
 462
 463         for (callno = 0; callno < 0xffff; callno++) {
 464                 struct rap_call *call = new_rap_cli_call(mem_ctx, callno);
 465                 NTSTATUS result;
 466
 467                 result = rap_cli_do_call(cli, call);
 468
 469                 if (!NT_STATUS_EQUAL(result, NT_STATUS_INVALID_PARAMETER))
 470                         continue;
 471
 472                 printf("callno %d is RAP call\n", callno);
 473         }
 474
 475         torture_close_connection(cli);
 476
 477         return True;
 478 }