s4: popt: Global replace of cmdline_credentials -> popt_get_cmdline_credentials().
[gd/samba-autobuild/.git] / source4 / torture / rpc / fsrvp.c
1 /*
2    Unix SMB/CIFS implementation.
3
4    test suite for File Server Remote VSS Protocol operations
5
6    Copyright (C) David Disseldorp 2012-2013
7
8    This program is free software; you can redistribute it and/or modify
9    it under the terms of the GNU General Public License as published by
10    the Free Software Foundation; either version 3 of the License, or
11    (at your option) any later version.
12
13    This program is distributed in the hope that it will be useful,
14    but WITHOUT ANY WARRANTY; without even the implied warranty of
15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16    GNU General Public License for more details.
17
18    You should have received a copy of the GNU General Public License
19    along with this program.  If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 /*
23  * Windows Server "8" Beta is very picky in how it accepts FSRVP requests, the
24  * client must be a member of the same AD domain, ndr64 and signing must be
25  * negotiated for the DCE/RPC bind. E.g.
26  *
27  * smbtorture ncacn_np:LUTZE[/pipe/FssagentRpc,smb2,ndr64,sign] \
28  *            -U 'DOM\user%pw' rpc.fsrvp
29  *
30  * This test suite requires a snapshotable share named FSHARE (see #def below).
31  */
32 #include "includes.h"
33 #include "lib/param/param.h"
34 #include "libcli/smb2/smb2.h"
35 #include "libcli/smb2/smb2_calls.h"
36 #include "libcli/smb_composite/smb_composite.h"
37 #include "libcli/resolve/resolve.h"
38 #include "libcli/util/hresult.h"
39 #include "libcli/security/dom_sid.h"
40 #include "libcli/security/security_descriptor.h"
41 #include "torture/torture.h"
42 #include "torture/smb2/proto.h"
43 #include "torture/rpc/torture_rpc.h"
44 #include "librpc/gen_ndr/ndr_security.h"
45 #include "librpc/gen_ndr/ndr_srvsvc_c.h"
46 #include "librpc/gen_ndr/ndr_fsrvp_c.h"
47 #include "lib/cmdline/popt_common.h"
48
49 #define FSHARE  "fsrvp_share"
50 #define FNAME   "testfss.dat"
51
52 static bool test_fsrvp_is_path_supported(struct torture_context *tctx,
53                                          struct dcerpc_pipe *p)
54 {
55         struct fss_IsPathSupported r;
56         struct dcerpc_binding_handle *b = p->binding_handle;
57         NTSTATUS status;
58
59         ZERO_STRUCT(r);
60         r.in.ShareName = talloc_asprintf(tctx,"\\\\%s\\%s\\",
61                                          dcerpc_server_name(p),
62                                          FSHARE);
63         status = dcerpc_fss_IsPathSupported_r(b, tctx, &r);
64         torture_assert_ntstatus_ok(tctx, status,
65                                    "IsPathSupported failed");
66
67         torture_assert(tctx, *r.out.SupportedByThisProvider,
68                        "path not supported");
69
70         torture_comment(tctx, "path %s is supported by fsrvp server %s\n",
71                         r.in.ShareName, *r.out.OwnerMachineName);
72
73         return true;
74 }
75
76 static bool test_fsrvp_get_version(struct torture_context *tctx,
77                                    struct dcerpc_pipe *p)
78 {
79         struct fss_GetSupportedVersion r;
80         struct dcerpc_binding_handle *b = p->binding_handle;
81         NTSTATUS status;
82
83         ZERO_STRUCT(r);
84         status = dcerpc_fss_GetSupportedVersion_r(b, tctx, &r);
85         torture_assert_ntstatus_ok(tctx, status,
86                                    "GetSupportedVersion failed");
87
88         torture_comment(tctx, "got MinVersion %u\n", *r.out.MinVersion);
89         torture_comment(tctx, "got MaxVersion %u\n", *r.out.MaxVersion);
90
91         return true;
92 }
93
94 static bool test_fsrvp_set_ctx(struct torture_context *tctx,
95                                struct dcerpc_pipe *p)
96 {
97         struct fss_SetContext r;
98         struct dcerpc_binding_handle *b = p->binding_handle;
99         NTSTATUS status;
100
101         ZERO_STRUCT(r);
102         r.in.Context = FSRVP_CTX_BACKUP;
103         status = dcerpc_fss_SetContext_r(b, tctx, &r);
104         torture_assert_ntstatus_ok(tctx, status, "SetContext failed");
105
106         return true;
107 }
108
109 enum test_fsrvp_inject {
110         TEST_FSRVP_TOUT_NONE = 0,
111         TEST_FSRVP_TOUT_SET_CTX,
112         TEST_FSRVP_TOUT_START_SET,
113         TEST_FSRVP_TOUT_ADD_TO_SET,
114         TEST_FSRVP_TOUT_PREPARE,
115         TEST_FSRVP_TOUT_COMMIT,
116
117         TEST_FSRVP_STOP_B4_EXPOSE,
118 };
119
120 static bool test_fsrvp_sc_create(struct torture_context *tctx,
121                                  struct dcerpc_pipe *p,
122                                  const char *share,
123                                  enum test_fsrvp_inject inject,
124                                  struct fssagent_share_mapping_1 **sc_map)
125 {
126         struct fss_IsPathSupported r_pathsupport_get;
127         struct fss_GetSupportedVersion r_version_get;
128         struct fss_SetContext r_context_set;
129         struct fss_StartShadowCopySet r_scset_start;
130         struct fss_AddToShadowCopySet r_scset_add1;
131         struct fss_AddToShadowCopySet r_scset_add2;
132         struct fss_PrepareShadowCopySet r_scset_prep;
133         struct fss_CommitShadowCopySet r_scset_commit;
134         struct fss_ExposeShadowCopySet r_scset_expose;
135         struct fss_GetShareMapping r_sharemap_get;
136         struct dcerpc_binding_handle *b = p->binding_handle;
137         NTSTATUS status;
138         time_t start_time;
139         TALLOC_CTX *tmp_ctx = talloc_new(tctx);
140         struct fssagent_share_mapping_1 *map = NULL;
141         int sleep_time;
142
143         /*
144          * PrepareShadowCopySet & CommitShadowCopySet often exceed the default
145          * 60 second dcerpc request timeout against Windows Server "8" Beta.
146          */
147         dcerpc_binding_handle_set_timeout(b, 240);
148
149         ZERO_STRUCT(r_pathsupport_get);
150         r_pathsupport_get.in.ShareName = share;
151         status = dcerpc_fss_IsPathSupported_r(b, tmp_ctx, &r_pathsupport_get);
152         torture_assert_ntstatus_ok(tctx, status,
153                                    "IsPathSupported failed");
154         torture_assert_int_equal(tctx, r_pathsupport_get.out.result, 0,
155                                  "failed IsPathSupported response");
156         torture_assert(tctx, r_pathsupport_get.out.SupportedByThisProvider,
157                        "path not supported");
158
159         ZERO_STRUCT(r_version_get);
160         status = dcerpc_fss_GetSupportedVersion_r(b, tmp_ctx, &r_version_get);
161         torture_assert_ntstatus_ok(tctx, status,
162                                    "GetSupportedVersion failed");
163         torture_assert_int_equal(tctx, r_version_get.out.result, 0,
164                                  "failed GetSupportedVersion response");
165
166         ZERO_STRUCT(r_context_set);
167         r_context_set.in.Context = FSRVP_CTX_BACKUP;
168         status = dcerpc_fss_SetContext_r(b, tmp_ctx, &r_context_set);
169         torture_assert_ntstatus_ok(tctx, status, "SetContext failed");
170         torture_assert_int_equal(tctx, r_context_set.out.result, 0,
171                                  "failed SetContext response");
172
173         if (inject == TEST_FSRVP_TOUT_SET_CTX) {
174                 sleep_time = lpcfg_parm_int(tctx->lp_ctx, NULL, "fss",
175                                             "sequence timeout", 180);
176                 torture_comment(tctx, "sleeping for %d\n", sleep_time);
177                 smb_msleep((sleep_time * 1000) + 500);
178         }
179
180         ZERO_STRUCT(r_scset_start);
181         r_scset_start.in.ClientShadowCopySetId = GUID_random();
182         status = dcerpc_fss_StartShadowCopySet_r(b, tmp_ctx, &r_scset_start);
183         torture_assert_ntstatus_ok(tctx, status,
184                                    "StartShadowCopySet failed");
185         if (inject == TEST_FSRVP_TOUT_SET_CTX) {
186                 /* expect error due to message sequence timeout after set_ctx */
187                 torture_assert_int_equal(tctx, r_scset_start.out.result,
188                                          FSRVP_E_BAD_STATE,
189                                          "StartShadowCopySet timeout response");
190                 goto done;
191         }
192         torture_assert_int_equal(tctx, r_scset_start.out.result, 0,
193                                  "failed StartShadowCopySet response");
194         torture_comment(tctx, "%s: shadow-copy set created\n",
195                         GUID_string(tmp_ctx, r_scset_start.out.pShadowCopySetId));
196
197         if (inject == TEST_FSRVP_TOUT_START_SET) {
198                 sleep_time = lpcfg_parm_int(tctx->lp_ctx, NULL, "fss",
199                                             "sequence timeout", 180);
200                 torture_comment(tctx, "sleeping for %d\n", sleep_time);
201                 smb_msleep((sleep_time * 1000) + 500);
202         }
203
204         ZERO_STRUCT(r_scset_add1);
205         r_scset_add1.in.ClientShadowCopyId = GUID_random();
206         r_scset_add1.in.ShadowCopySetId = *r_scset_start.out.pShadowCopySetId;
207         r_scset_add1.in.ShareName = share;
208         status = dcerpc_fss_AddToShadowCopySet_r(b, tmp_ctx, &r_scset_add1);
209         torture_assert_ntstatus_ok(tctx, status,
210                                    "AddToShadowCopySet failed");
211         if (inject == TEST_FSRVP_TOUT_START_SET) {
212                 torture_assert_int_equal(tctx, r_scset_add1.out.result,
213                                          HRES_ERROR_V(HRES_E_INVALIDARG),
214                                          "AddToShadowCopySet timeout response");
215                 goto done;
216         }
217         torture_assert_int_equal(tctx, r_scset_add1.out.result, 0,
218                                  "failed AddToShadowCopySet response");
219         torture_comment(tctx, "%s(%s): %s added to shadow-copy set\n",
220                         GUID_string(tmp_ctx, r_scset_start.out.pShadowCopySetId),
221                         GUID_string(tmp_ctx, r_scset_add1.out.pShadowCopyId),
222                         r_scset_add1.in.ShareName);
223
224         /* attempts to add the same share twice should fail */
225         ZERO_STRUCT(r_scset_add2);
226         r_scset_add2.in.ClientShadowCopyId = GUID_random();
227         r_scset_add2.in.ShadowCopySetId = *r_scset_start.out.pShadowCopySetId;
228         r_scset_add2.in.ShareName = share;
229         status = dcerpc_fss_AddToShadowCopySet_r(b, tmp_ctx, &r_scset_add2);
230         torture_assert_ntstatus_ok(tctx, status,
231                                    "AddToShadowCopySet failed");
232         torture_assert_int_equal(tctx, r_scset_add2.out.result,
233                                  FSRVP_E_OBJECT_ALREADY_EXISTS,
234                                  "failed AddToShadowCopySet response");
235
236         if (inject == TEST_FSRVP_TOUT_ADD_TO_SET) {
237                 sleep_time = lpcfg_parm_int(tctx->lp_ctx, NULL, "fss",
238                                             "sequence timeout", 1800);
239                 torture_comment(tctx, "sleeping for %d\n", sleep_time);
240                 smb_msleep((sleep_time * 1000) + 500);
241         }
242
243         start_time = time_mono(NULL);
244         ZERO_STRUCT(r_scset_prep);
245         r_scset_prep.in.ShadowCopySetId = *r_scset_start.out.pShadowCopySetId;
246 //      r_scset_prep.in.TimeOutInMilliseconds = (1800 * 1000);  /* win8 */
247         r_scset_prep.in.TimeOutInMilliseconds = (240 * 1000);
248         status = dcerpc_fss_PrepareShadowCopySet_r(b, tmp_ctx, &r_scset_prep);
249         torture_assert_ntstatus_ok(tctx, status,
250                                    "PrepareShadowCopySet failed");
251         if (inject == TEST_FSRVP_TOUT_ADD_TO_SET) {
252                 torture_assert_int_equal(tctx, r_scset_prep.out.result,
253                                          HRES_ERROR_V(HRES_E_INVALIDARG),
254                                          "PrepareShadowCopySet tout response");
255                 goto done;
256         }
257         torture_assert_int_equal(tctx, r_scset_prep.out.result, 0,
258                                  "failed PrepareShadowCopySet response");
259         torture_comment(tctx, "%s: prepare completed in %llu secs\n",
260                         GUID_string(tmp_ctx, r_scset_start.out.pShadowCopySetId),
261                         (unsigned long long)(time_mono(NULL) - start_time));
262
263         if (inject == TEST_FSRVP_TOUT_PREPARE) {
264                 sleep_time = lpcfg_parm_int(tctx->lp_ctx, NULL, "fss",
265                                             "sequence timeout", 1800);
266                 torture_comment(tctx, "sleeping for %d\n", sleep_time);
267                 smb_msleep((sleep_time * 1000) + 500);
268         }
269
270         start_time = time_mono(NULL);
271         ZERO_STRUCT(r_scset_commit);
272         r_scset_commit.in.ShadowCopySetId = *r_scset_start.out.pShadowCopySetId;
273         r_scset_commit.in.TimeOutInMilliseconds = (180 * 1000); /* win8 */
274         status = dcerpc_fss_CommitShadowCopySet_r(b, tmp_ctx, &r_scset_commit);
275         torture_assert_ntstatus_ok(tctx, status,
276                                    "CommitShadowCopySet failed");
277         if (inject == TEST_FSRVP_TOUT_PREPARE) {
278                 torture_assert_int_equal(tctx, r_scset_commit.out.result,
279                                          HRES_ERROR_V(HRES_E_INVALIDARG),
280                                          "CommitShadowCopySet tout response");
281                 goto done;
282         }
283         torture_assert_int_equal(tctx, r_scset_commit.out.result, 0,
284                                  "failed CommitShadowCopySet response");
285         torture_comment(tctx, "%s: commit completed in %llu secs\n",
286                         GUID_string(tmp_ctx, r_scset_start.out.pShadowCopySetId),
287                         (unsigned long long)(time_mono(NULL) - start_time));
288
289         if (inject == TEST_FSRVP_TOUT_COMMIT) {
290                 sleep_time = lpcfg_parm_int(tctx->lp_ctx, NULL, "fss",
291                                             "sequence timeout", 180);
292                 torture_comment(tctx, "sleeping for %d\n", sleep_time);
293                 smb_msleep((sleep_time * 1000) + 500);
294         } else if (inject == TEST_FSRVP_STOP_B4_EXPOSE) {
295                 /* return partial snapshot information */
296                 map = talloc_zero(tctx, struct fssagent_share_mapping_1);
297                 map->ShadowCopySetId = *r_scset_start.out.pShadowCopySetId;
298                 map->ShadowCopyId = *r_scset_add1.out.pShadowCopyId;
299                 goto done;
300         }
301
302         start_time = time_mono(NULL);
303         ZERO_STRUCT(r_scset_expose);
304         r_scset_expose.in.ShadowCopySetId = *r_scset_start.out.pShadowCopySetId;
305         r_scset_expose.in.TimeOutInMilliseconds = (120 * 1000); /* win8 */
306         status = dcerpc_fss_ExposeShadowCopySet_r(b, tmp_ctx, &r_scset_expose);
307         torture_assert_ntstatus_ok(tctx, status,
308                                    "ExposeShadowCopySet failed");
309         if (inject == TEST_FSRVP_TOUT_COMMIT) {
310                 torture_assert_int_equal(tctx, r_scset_expose.out.result,
311                                          HRES_ERROR_V(HRES_E_INVALIDARG),
312                                          "ExposeShadowCopySet tout response");
313                 goto done;
314         }
315         torture_assert_int_equal(tctx, r_scset_expose.out.result, 0,
316                                  "failed ExposeShadowCopySet response");
317         torture_comment(tctx, "%s: expose completed in %llu secs\n",
318                         GUID_string(tmp_ctx, r_scset_start.out.pShadowCopySetId),
319                         (unsigned long long)(time_mono(NULL) - start_time));
320
321         ZERO_STRUCT(r_sharemap_get);
322         r_sharemap_get.in.ShadowCopyId = *r_scset_add1.out.pShadowCopyId;
323         r_sharemap_get.in.ShadowCopySetId = *r_scset_start.out.pShadowCopySetId;
324         r_sharemap_get.in.ShareName = r_scset_add1.in.ShareName;
325         r_sharemap_get.in.Level = 1;
326         status = dcerpc_fss_GetShareMapping_r(b, tmp_ctx, &r_sharemap_get);
327         torture_assert_ntstatus_ok(tctx, status, "GetShareMapping failed");
328         torture_assert_int_equal(tctx, r_sharemap_get.out.result, 0,
329                                  "failed GetShareMapping response");
330         torture_comment(tctx, "%s(%s): %s is a snapshot of %s at %s\n",
331                         GUID_string(tmp_ctx, &r_sharemap_get.out.ShareMapping->ShareMapping1->ShadowCopySetId),
332                         GUID_string(tmp_ctx, &r_sharemap_get.out.ShareMapping->ShareMapping1->ShadowCopyId),
333                         r_sharemap_get.out.ShareMapping->ShareMapping1->ShadowCopyShareName,
334                         r_sharemap_get.out.ShareMapping->ShareMapping1->ShareNameUNC,
335                         nt_time_string(tmp_ctx, r_sharemap_get.out.ShareMapping->ShareMapping1->tstamp));
336
337         map = talloc_zero(tctx, struct fssagent_share_mapping_1);
338         map->ShadowCopySetId = r_sharemap_get.out.ShareMapping->ShareMapping1->ShadowCopySetId;
339         map->ShadowCopyId = r_sharemap_get.out.ShareMapping->ShareMapping1->ShadowCopyId;
340         map->ShadowCopyShareName
341                 = talloc_strdup(tctx, r_sharemap_get.out.ShareMapping->ShareMapping1->ShadowCopyShareName);
342         map->ShareNameUNC
343                 = talloc_strdup(tctx, r_sharemap_get.out.ShareMapping->ShareMapping1->ShareNameUNC);
344         map->tstamp = r_sharemap_get.out.ShareMapping->ShareMapping1->tstamp;
345
346         torture_assert(tctx, !GUID_compare(&r_sharemap_get.in.ShadowCopySetId,
347                                            &map->ShadowCopySetId),
348                        "sc_set GUID missmatch in GetShareMapping");
349         torture_assert(tctx, !GUID_compare(&r_sharemap_get.in.ShadowCopyId,
350                                            &map->ShadowCopyId),
351                        "sc GUID missmatch in GetShareMapping");
352
353 done:
354         talloc_free(tmp_ctx);
355         *sc_map = map;
356
357         return true;
358 }
359
360 static bool test_fsrvp_sc_delete(struct torture_context *tctx,
361                                  struct dcerpc_pipe *p,
362                                  struct fssagent_share_mapping_1 *sc_map)
363 {
364         struct dcerpc_binding_handle *b = p->binding_handle;
365         struct fss_DeleteShareMapping r_sharemap_del;
366         NTSTATUS status;
367
368         ZERO_STRUCT(r_sharemap_del);
369         r_sharemap_del.in.ShadowCopySetId = sc_map->ShadowCopySetId;
370         r_sharemap_del.in.ShadowCopyId = sc_map->ShadowCopyId;
371         r_sharemap_del.in.ShareName = sc_map->ShareNameUNC;
372         status = dcerpc_fss_DeleteShareMapping_r(b, tctx, &r_sharemap_del);
373         torture_assert_ntstatus_ok(tctx, status, "DeleteShareMapping failed");
374         torture_assert_int_equal(tctx, r_sharemap_del.out.result, 0,
375                                  "failed DeleteShareMapping response");
376
377         return true;
378 }
379
380 static bool test_fsrvp_sc_create_simple(struct torture_context *tctx,
381                                          struct dcerpc_pipe *p)
382 {
383         struct fssagent_share_mapping_1 *sc_map;
384         /* no trailing backslash - should work. See note in cmd_fss.c */
385         char *share_unc = talloc_asprintf(tctx, "\\\\%s\\%s",
386                                           dcerpc_server_name(p), FSHARE);
387
388         torture_assert(tctx, test_fsrvp_sc_create(tctx, p, share_unc, TEST_FSRVP_TOUT_NONE, &sc_map),
389                        "sc create");
390
391         torture_assert(tctx, test_fsrvp_sc_delete(tctx, p, sc_map), "sc del");
392
393         return true;
394 }
395
396 static bool test_fsrvp_sc_set_abort(struct torture_context *tctx,
397                                     struct dcerpc_pipe *p)
398 {
399         char *share_unc = talloc_asprintf(tctx, "\\\\%s\\%s\\",
400                                           dcerpc_server_name(p), FSHARE);
401         struct dcerpc_binding_handle *b = p->binding_handle;
402         struct fss_IsPathSupported r_pathsupport_get;
403         struct fss_GetSupportedVersion r_version_get;
404         struct fss_SetContext r_context_set;
405         struct fss_StartShadowCopySet r_scset_start;
406         struct fss_AbortShadowCopySet r_scset_abort;
407         struct fss_AddToShadowCopySet r_scset_add;
408         NTSTATUS status;
409         TALLOC_CTX *tmp_ctx = talloc_new(tctx);
410
411         ZERO_STRUCT(r_pathsupport_get);
412         r_pathsupport_get.in.ShareName = share_unc;
413         status = dcerpc_fss_IsPathSupported_r(b, tmp_ctx, &r_pathsupport_get);
414         torture_assert_ntstatus_ok(tctx, status,
415                                    "IsPathSupported failed");
416         torture_assert(tctx, r_pathsupport_get.out.SupportedByThisProvider,
417                        "path not supported");
418
419         ZERO_STRUCT(r_version_get);
420         status = dcerpc_fss_GetSupportedVersion_r(b, tmp_ctx, &r_version_get);
421         torture_assert_ntstatus_ok(tctx, status,
422                                    "GetSupportedVersion failed");
423
424         ZERO_STRUCT(r_context_set);
425         r_context_set.in.Context = FSRVP_CTX_BACKUP;
426         status = dcerpc_fss_SetContext_r(b, tmp_ctx, &r_context_set);
427         torture_assert_ntstatus_ok(tctx, status, "SetContext failed");
428
429         ZERO_STRUCT(r_scset_start);
430         r_scset_start.in.ClientShadowCopySetId = GUID_random();
431         status = dcerpc_fss_StartShadowCopySet_r(b, tmp_ctx, &r_scset_start);
432         torture_assert_ntstatus_ok(tctx, status,
433                                    "StartShadowCopySet failed");
434
435         ZERO_STRUCT(r_scset_abort);
436         r_scset_abort.in.ShadowCopySetId = *r_scset_start.out.pShadowCopySetId;
437         status = dcerpc_fss_AbortShadowCopySet_r(b, tmp_ctx, &r_scset_abort);
438         torture_assert_ntstatus_ok(tctx, status,
439                                    "AbortShadowCopySet failed");
440
441         ZERO_STRUCT(r_scset_add);
442         r_scset_add.in.ClientShadowCopyId = GUID_random();
443         r_scset_add.in.ShadowCopySetId = *r_scset_start.out.pShadowCopySetId;
444         r_scset_add.in.ShareName = share_unc;
445         status = dcerpc_fss_AddToShadowCopySet_r(b, tmp_ctx, &r_scset_add);
446         torture_assert_ntstatus_ok(tctx, status, "AddToShadowCopySet failed "
447                                    "following abort");
448         /*
449          * XXX Windows 8 server beta returns FSRVP_E_BAD_STATE here rather than
450          * FSRVP_E_BAD_ID / HRES_E_INVALIDARG.
451          */
452         torture_assert(tctx, (r_scset_add.out.result != 0),
453                        "incorrect AddToShadowCopySet response following abort");
454
455         talloc_free(tmp_ctx);
456         return true;
457 }
458
459 static bool test_fsrvp_bad_id(struct torture_context *tctx,
460                               struct dcerpc_pipe *p)
461 {
462         struct fssagent_share_mapping_1 *sc_map;
463         struct dcerpc_binding_handle *b = p->binding_handle;
464         struct fss_DeleteShareMapping r_sharemap_del;
465         NTSTATUS status;
466         TALLOC_CTX *tmp_ctx = talloc_new(tctx);
467         char *share_unc = talloc_asprintf(tmp_ctx, "\\\\%s\\%s\\",
468                                           dcerpc_server_name(p), FSHARE);
469
470         torture_assert(tctx, test_fsrvp_sc_create(tctx, p, share_unc, TEST_FSRVP_TOUT_NONE, &sc_map),
471                        "sc create");
472
473         ZERO_STRUCT(r_sharemap_del);
474         r_sharemap_del.in.ShadowCopySetId = sc_map->ShadowCopySetId;
475         r_sharemap_del.in.ShadowCopySetId.time_low++;   /* bogus */
476         r_sharemap_del.in.ShadowCopyId = sc_map->ShadowCopyId;
477         r_sharemap_del.in.ShareName = sc_map->ShareNameUNC;
478         status = dcerpc_fss_DeleteShareMapping_r(b, tmp_ctx, &r_sharemap_del);
479         torture_assert_ntstatus_ok(tctx, status,
480                                    "DeleteShareMapping failed");
481         torture_assert_int_equal(tctx, r_sharemap_del.out.result,
482                                  FSRVP_E_OBJECT_NOT_FOUND,
483                                  "incorrect DeleteShareMapping response");
484
485         r_sharemap_del.in.ShadowCopySetId = sc_map->ShadowCopySetId;
486         r_sharemap_del.in.ShadowCopyId.time_mid++;      /* bogus */
487         status = dcerpc_fss_DeleteShareMapping_r(b, tmp_ctx, &r_sharemap_del);
488         torture_assert_ntstatus_ok(tctx, status,
489                                    "DeleteShareMapping failed");
490         torture_assert_int_equal(tctx, r_sharemap_del.out.result,
491                                  HRES_ERROR_V(HRES_E_INVALIDARG),
492                                  "incorrect DeleteShareMapping response");
493
494         torture_assert(tctx, test_fsrvp_sc_delete(tctx, p, sc_map), "sc del");
495
496         talloc_free(sc_map);
497         talloc_free(tmp_ctx);
498
499         return true;
500 }
501
502 static bool test_fsrvp_sc_share_io(struct torture_context *tctx,
503                                    struct dcerpc_pipe *p)
504 {
505         struct fssagent_share_mapping_1 *sc_map;
506         NTSTATUS status;
507         TALLOC_CTX *tmp_ctx = talloc_new(tctx);
508         char *share_unc = talloc_asprintf(tmp_ctx, "\\\\%s\\%s",
509                                           dcerpc_server_name(p), FSHARE);
510         struct smb2_tree *tree_base;
511         struct smb2_tree *tree_snap;
512         struct smbcli_options options;
513         struct smb2_handle base_fh;
514         struct smb2_read r;
515         struct smb2_create io;
516         lpcfg_smbcli_options(tctx->lp_ctx, &options);
517
518         status = smb2_connect(tmp_ctx,
519                               dcerpc_server_name(p),
520                               lpcfg_smb_ports(tctx->lp_ctx),
521                               FSHARE,
522                               lpcfg_resolve_context(tctx->lp_ctx),
523                               popt_get_cmdline_credentials(),
524                               &tree_base,
525                               tctx->ev,
526                               &options,
527                               lpcfg_socket_options(tctx->lp_ctx),
528                               lpcfg_gensec_settings(tctx, tctx->lp_ctx));
529         torture_assert_ntstatus_ok(tctx, status,
530                                    "Failed to connect to SMB2 share");
531
532         smb2_util_unlink(tree_base, FNAME);
533         status = torture_smb2_testfile(tree_base, FNAME, &base_fh);
534         torture_assert_ntstatus_ok(tctx, status, "base write open");
535
536         status = smb2_util_write(tree_base, base_fh, "pre-snap", 0,
537                                  sizeof("pre-snap"));
538         torture_assert_ntstatus_ok(tctx, status, "src write");
539
540
541         torture_assert(tctx, test_fsrvp_sc_create(tctx, p, share_unc, TEST_FSRVP_TOUT_NONE, &sc_map),
542                        "sc create");
543
544         status = smb2_util_write(tree_base, base_fh, "post-snap", 0,
545                                  sizeof("post-snap"));
546         torture_assert_ntstatus_ok(tctx, status, "base write");
547
548         /* connect to snapshot share and verify pre-snapshot data */
549         status = smb2_connect(tmp_ctx,
550                               dcerpc_server_name(p),
551                               lpcfg_smb_ports(tctx->lp_ctx),
552                               sc_map->ShadowCopyShareName,
553                               lpcfg_resolve_context(tctx->lp_ctx),
554                               popt_get_cmdline_credentials(),
555                               &tree_snap,
556                               tctx->ev,
557                               &options,
558                               lpcfg_socket_options(tctx->lp_ctx),
559                               lpcfg_gensec_settings(tctx, tctx->lp_ctx));
560         torture_assert_ntstatus_ok(tctx, status,
561                                    "Failed to connect to SMB2 shadow-copy share");
562         /* Windows server 8 allows RW open to succeed here for a ro snapshot */
563         ZERO_STRUCT(io);
564         io.in.desired_access = SEC_RIGHTS_FILE_READ;
565         io.in.file_attributes   = FILE_ATTRIBUTE_NORMAL;
566         io.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
567         io.in.share_access =
568                 NTCREATEX_SHARE_ACCESS_DELETE|
569                 NTCREATEX_SHARE_ACCESS_READ|
570                 NTCREATEX_SHARE_ACCESS_WRITE;
571         io.in.create_options = 0;
572         io.in.fname = FNAME;
573         status = smb2_create(tree_snap, tmp_ctx, &io);
574         torture_assert_ntstatus_ok(tctx, status, "snap read open");
575
576         ZERO_STRUCT(r);
577         r.in.file.handle = io.out.file.handle;
578         r.in.length      = sizeof("pre-snap");
579         status = smb2_read(tree_snap, tmp_ctx, &r);
580         torture_assert_ntstatus_ok(tctx, status, "read");
581         torture_assert_u64_equal(tctx, r.out.data.length, r.in.length,
582                                  "read data len mismatch");
583         torture_assert_str_equal(tctx, (char *)r.out.data.data, "pre-snap",
584                                  "bad snapshot data");
585
586         torture_assert(tctx, test_fsrvp_sc_delete(tctx, p, sc_map), "sc del");
587
588         talloc_free(sc_map);
589         talloc_free(tmp_ctx);
590
591         return true;
592 }
593
594 static bool test_fsrvp_enum_snaps(struct torture_context *tctx,
595                                   TALLOC_CTX *mem_ctx,
596                                   struct smb2_tree *tree,
597                                   struct smb2_handle fh,
598                                   int *_count)
599 {
600         struct smb2_ioctl io;
601         NTSTATUS status;
602
603         ZERO_STRUCT(io);
604         io.level = RAW_IOCTL_SMB2;
605         io.in.file.handle = fh;
606         io.in.function = FSCTL_SRV_ENUM_SNAPS;
607         io.in.max_response_size = 16;
608         io.in.flags = SMB2_IOCTL_FLAG_IS_FSCTL;
609
610         status = smb2_ioctl(tree, mem_ctx, &io);
611         torture_assert_ntstatus_ok(tctx, status, "enum ioctl");
612
613         *_count = IVAL(io.out.out.data, 0);
614
615         /* with max_response_size=16, no labels should be sent */
616         torture_assert_int_equal(tctx, IVAL(io.out.out.data, 4), 0,
617                                  "enum snaps labels");
618
619         /* TODO with 0 snaps, needed_data_count should be 0? */
620         if (*_count != 0) {
621                 torture_assert(tctx, IVAL(io.out.out.data, 8) != 0,
622                                "enum snaps needed non-zero");
623         }
624
625         return true;
626 }
627
628 static bool test_fsrvp_enum_created(struct torture_context *tctx,
629                                     struct dcerpc_pipe *p)
630 {
631         struct fssagent_share_mapping_1 *sc_map;
632         NTSTATUS status;
633         TALLOC_CTX *tmp_ctx = talloc_new(tctx);
634         char *share_unc = talloc_asprintf(tmp_ctx, "\\\\%s\\%s\\",
635                                           dcerpc_server_name(p), FSHARE);
636         struct smb2_tree *tree_base;
637         struct smbcli_options options;
638         struct smb2_handle base_fh;
639         int count;
640         lpcfg_smbcli_options(tctx->lp_ctx, &options);
641
642         status = smb2_connect(tmp_ctx,
643                               dcerpc_server_name(p),
644                               lpcfg_smb_ports(tctx->lp_ctx),
645                               FSHARE,
646                               lpcfg_resolve_context(tctx->lp_ctx),
647                               popt_get_cmdline_credentials(),
648                               &tree_base,
649                               tctx->ev,
650                               &options,
651                               lpcfg_socket_options(tctx->lp_ctx),
652                               lpcfg_gensec_settings(tctx, tctx->lp_ctx));
653         torture_assert_ntstatus_ok(tctx, status,
654                                    "Failed to connect to SMB2 share");
655
656         smb2_util_unlink(tree_base, FNAME);
657         status = torture_smb2_testfile(tree_base, FNAME, &base_fh);
658         torture_assert_ntstatus_ok(tctx, status, "base write open");
659
660         status = smb2_util_write(tree_base, base_fh, "pre-snap", 0,
661                                  sizeof("pre-snap"));
662         torture_assert_ntstatus_ok(tctx, status, "src write");
663
664         torture_assert(tctx,
665                        test_fsrvp_enum_snaps(tctx, tmp_ctx, tree_base, base_fh,
666                                              &count),
667                        "count");
668         torture_assert_int_equal(tctx, count, 0, "num snaps");
669
670         torture_assert(tctx, test_fsrvp_sc_create(tctx, p, share_unc, TEST_FSRVP_TOUT_NONE, &sc_map),
671                        "sc create");
672         talloc_free(sc_map);
673
674         torture_assert(tctx,
675                        test_fsrvp_enum_snaps(tctx, tmp_ctx, tree_base, base_fh,
676                                              &count),
677                        "count");
678         /*
679          * Snapshots created via FSRVP on Windows Server 2012 are not added to
680          * the previous versions list, so it will fail here...
681          */
682         torture_assert_int_equal(tctx, count, 1, "num snaps");
683
684         smb_msleep(1100);       /* @GMT tokens have a 1 second resolution */
685         torture_assert(tctx, test_fsrvp_sc_create(tctx, p, share_unc, TEST_FSRVP_TOUT_NONE, &sc_map),
686                        "sc create");
687         talloc_free(sc_map);
688
689         torture_assert(tctx,
690                        test_fsrvp_enum_snaps(tctx, tmp_ctx, tree_base, base_fh,
691                                              &count),
692                        "count");
693         torture_assert_int_equal(tctx, count, 2, "num snaps");
694
695         talloc_free(tmp_ctx);
696
697         return true;
698 }
699
700 static bool test_fsrvp_seq_timeout(struct torture_context *tctx,
701                                    struct dcerpc_pipe *p)
702 {
703         int i;
704         struct fssagent_share_mapping_1 *sc_map;
705         char *share_unc = talloc_asprintf(tctx, "\\\\%s\\%s",
706                                           dcerpc_server_name(p), FSHARE);
707
708         for (i = TEST_FSRVP_TOUT_NONE; i <= TEST_FSRVP_TOUT_COMMIT; i++) {
709                 torture_assert(tctx, test_fsrvp_sc_create(tctx, p, share_unc,
710                                                           i, &sc_map),
711                                "sc create");
712
713                 /* only need to delete if create process didn't timeout */
714                 if (i == TEST_FSRVP_TOUT_NONE) {
715                         torture_assert(tctx, test_fsrvp_sc_delete(tctx, p, sc_map),
716                                        "sc del");
717                 }
718         }
719
720         return true;
721 }
722
723 static bool test_fsrvp_share_sd(struct torture_context *tctx,
724                                 struct dcerpc_pipe *p)
725 {
726         NTSTATUS status;
727         struct dcerpc_pipe *srvsvc_p;
728         struct srvsvc_NetShareGetInfo q;
729         struct srvsvc_NetShareSetInfo s;
730         struct srvsvc_NetShareInfo502 *info502;
731         struct fssagent_share_mapping_1 *sc_map;
732         struct fss_ExposeShadowCopySet r_scset_expose;
733         struct fss_GetShareMapping r_sharemap_get;
734         struct security_descriptor *sd_old;
735         struct security_descriptor *sd_base;
736         struct security_descriptor *sd_snap;
737         struct security_ace *ace;
738         int i;
739         int aces_found;
740         char *share_unc = talloc_asprintf(tctx, "\\\\%s\\%s",
741                                           dcerpc_server_name(p), FSHARE);
742         ZERO_STRUCT(q);
743         q.in.server_unc = dcerpc_server_name(p);
744         q.in.share_name = FSHARE;
745         q.in.level = 502;
746
747         status = torture_rpc_connection(tctx, &srvsvc_p, &ndr_table_srvsvc);
748         torture_assert_ntstatus_ok(tctx, status, "srvsvc rpc conn failed");
749
750         /* ensure srvsvc out pointers are allocated during unmarshalling */
751         srvsvc_p->conn->flags |= DCERPC_NDR_REF_ALLOC;
752
753         /* obtain the existing DACL for the base share */
754         status = dcerpc_srvsvc_NetShareGetInfo_r(srvsvc_p->binding_handle,
755                                                  tctx, &q);
756         torture_assert_ntstatus_ok(tctx, status, "NetShareGetInfo failed");
757         torture_assert_werr_ok(tctx, q.out.result, "NetShareGetInfo failed");
758
759         info502 = q.out.info->info502;
760
761         /* back up the existing share SD, so it can be restored on completion */
762         sd_old = info502->sd_buf.sd;
763         sd_base = security_descriptor_copy(tctx, info502->sd_buf.sd);
764         torture_assert(tctx, sd_base != NULL, "sd dup");
765         torture_assert(tctx, sd_base->dacl != NULL, "no existing share DACL");
766
767         /* the Builtin_X_Operators placeholder ACEs need to be unique */
768         for (i = 0; i < sd_base->dacl->num_aces; i++) {
769                 ace = &sd_base->dacl->aces[i];
770                 if (dom_sid_equal(&ace->trustee,
771                                   &global_sid_Builtin_Backup_Operators)
772                  || dom_sid_equal(&ace->trustee,
773                                   &global_sid_Builtin_Print_Operators)) {
774                         torture_skip(tctx, "placeholder ACE already exists\n");
775                 }
776         }
777
778         /* add Backup_Operators placeholder ACE and set base share DACL */
779         ace = talloc_zero(tctx, struct security_ace);
780         ace->type = SEC_ACE_TYPE_ACCESS_ALLOWED;
781         ace->access_mask = SEC_STD_SYNCHRONIZE;
782         ace->trustee = global_sid_Builtin_Backup_Operators;
783
784         status = security_descriptor_dacl_add(sd_base, ace);
785         torture_assert_ntstatus_ok(tctx, status,
786                                    "failed to add placeholder ACE to DACL");
787
788         info502->sd_buf.sd = sd_base;
789         info502->sd_buf.sd_size = ndr_size_security_descriptor(sd_base, 0);
790
791         ZERO_STRUCT(s);
792         s.in.server_unc = dcerpc_server_name(p);
793         s.in.share_name = FSHARE;
794         s.in.level = 502;
795         s.in.info = q.out.info;
796
797         status = dcerpc_srvsvc_NetShareSetInfo_r(srvsvc_p->binding_handle,
798                                                  tctx, &s);
799         torture_assert_ntstatus_ok(tctx, status, "NetShareSetInfo failed");
800         torture_assert_werr_ok(tctx, s.out.result, "NetShareSetInfo failed");
801
802         /* create a snapshot, but don't expose yet */
803         torture_assert(tctx,
804                        test_fsrvp_sc_create(tctx, p, share_unc,
805                                             TEST_FSRVP_STOP_B4_EXPOSE, &sc_map),
806                        "sc create");
807
808         /*
809          * Add another unique placeholder ACE.
810          * By changing the share DACL between snapshot creation and exposure we
811          * can determine at which point the server clones the base share DACL.
812          */
813         ace = talloc_zero(tctx, struct security_ace);
814         ace->type = SEC_ACE_TYPE_ACCESS_ALLOWED;
815         ace->access_mask = SEC_STD_SYNCHRONIZE;
816         ace->trustee = global_sid_Builtin_Print_Operators;
817
818         status = security_descriptor_dacl_add(sd_base, ace);
819         torture_assert_ntstatus_ok(tctx, status,
820                                    "failed to add placeholder ACE to DACL");
821
822         info502->sd_buf.sd = sd_base;
823         info502->sd_buf.sd_size = ndr_size_security_descriptor(sd_base, 0);
824
825         ZERO_STRUCT(s);
826         s.in.server_unc = dcerpc_server_name(p);
827         s.in.share_name = FSHARE;
828         s.in.level = 502;
829         s.in.info = q.out.info;
830
831         status = dcerpc_srvsvc_NetShareSetInfo_r(srvsvc_p->binding_handle,
832                                                  tctx, &s);
833         torture_assert_ntstatus_ok(tctx, status, "NetShareSetInfo failed");
834         torture_assert_werr_ok(tctx, s.out.result, "NetShareSetInfo failed");
835
836         /* expose the snapshot share and get the new share details */
837         ZERO_STRUCT(r_scset_expose);
838         r_scset_expose.in.ShadowCopySetId = sc_map->ShadowCopySetId;
839         r_scset_expose.in.TimeOutInMilliseconds = (120 * 1000); /* win8 */
840         status = dcerpc_fss_ExposeShadowCopySet_r(p->binding_handle, tctx,
841                                                   &r_scset_expose);
842         torture_assert_ntstatus_ok(tctx, status,
843                                    "ExposeShadowCopySet failed");
844         torture_assert_int_equal(tctx, r_scset_expose.out.result, 0,
845                                  "failed ExposeShadowCopySet response");
846
847         ZERO_STRUCT(r_sharemap_get);
848         r_sharemap_get.in.ShadowCopyId = sc_map->ShadowCopyId;
849         r_sharemap_get.in.ShadowCopySetId = sc_map->ShadowCopySetId;
850         r_sharemap_get.in.ShareName = share_unc;
851         r_sharemap_get.in.Level = 1;
852         status = dcerpc_fss_GetShareMapping_r(p->binding_handle, tctx,
853                                               &r_sharemap_get);
854         torture_assert_ntstatus_ok(tctx, status, "GetShareMapping failed");
855         torture_assert_int_equal(tctx, r_sharemap_get.out.result, 0,
856                                  "failed GetShareMapping response");
857         talloc_free(sc_map);
858         sc_map = r_sharemap_get.out.ShareMapping->ShareMapping1;
859
860         /* restore the original base share ACL */
861         info502->sd_buf.sd = sd_old;
862         info502->sd_buf.sd_size = ndr_size_security_descriptor(sd_old, 0);
863         status = dcerpc_srvsvc_NetShareSetInfo_r(srvsvc_p->binding_handle,
864                                                  tctx, &s);
865         torture_assert_ntstatus_ok(tctx, status, "NetShareSetInfo failed");
866         torture_assert_werr_ok(tctx, s.out.result, "NetShareSetInfo failed");
867
868         /* check for placeholder ACEs in the snapshot share DACL */
869         ZERO_STRUCT(q);
870         q.in.server_unc = dcerpc_server_name(p);
871         q.in.share_name = sc_map->ShadowCopyShareName;
872         q.in.level = 502;
873         status = dcerpc_srvsvc_NetShareGetInfo_r(srvsvc_p->binding_handle,
874                                                  tctx, &q);
875         torture_assert_ntstatus_ok(tctx, status, "NetShareGetInfo failed");
876         torture_assert_werr_ok(tctx, q.out.result, "NetShareGetInfo failed");
877         info502 = q.out.info->info502;
878
879         sd_snap = info502->sd_buf.sd;
880         torture_assert(tctx, sd_snap != NULL, "sd");
881         torture_assert(tctx, sd_snap->dacl != NULL, "no snap share DACL");
882
883         aces_found = 0;
884         for (i = 0; i < sd_snap->dacl->num_aces; i++) {
885                 ace = &sd_snap->dacl->aces[i];
886                 if (dom_sid_equal(&ace->trustee,
887                                   &global_sid_Builtin_Backup_Operators)) {
888                         torture_comment(tctx,
889                                 "found share ACE added before snapshot\n");
890                         aces_found++;
891                 } else if (dom_sid_equal(&ace->trustee,
892                                          &global_sid_Builtin_Print_Operators)) {
893                         torture_comment(tctx,
894                                 "found share ACE added after snapshot\n");
895                         aces_found++;
896                 }
897         }
898         /*
899          * Expect snapshot share to match the base share DACL at the time of
900          * exposure, not at the time of snapshot creation. This is in line with
901          * Windows Server 2012 behaviour.
902          */
903         torture_assert_int_equal(tctx, aces_found, 2,
904                                 "placeholder ACE missing from snap share DACL");
905
906         torture_assert(tctx, test_fsrvp_sc_delete(tctx, p, sc_map), "sc del");
907
908         return true;
909 }
910
911 static bool fsrvp_rpc_setup(struct torture_context *tctx, void **data)
912 {
913         NTSTATUS status;
914         struct torture_rpc_tcase *tcase = talloc_get_type(
915                                                 tctx->active_tcase, struct torture_rpc_tcase);
916         struct torture_rpc_tcase_data *tcase_data;
917
918         *data = tcase_data = talloc_zero(tctx, struct torture_rpc_tcase_data);
919         tcase_data->credentials = popt_get_cmdline_credentials();
920
921         status = torture_rpc_connection(tctx,
922                                 &(tcase_data->pipe),
923                                 tcase->table);
924
925         torture_assert_ntstatus_ok(tctx, status, "Error connecting to server");
926
927         /* XXX required, otherwise ndr out ptrs are not allocated */
928         tcase_data->pipe->conn->flags |= DCERPC_NDR_REF_ALLOC;
929
930         return true;
931 }
932
933 /*
934    testing of FSRVP (FSS agent)
935 */
936 struct torture_suite *torture_rpc_fsrvp(TALLOC_CTX *mem_ctx)
937 {
938         struct torture_suite *suite = torture_suite_create(mem_ctx, "fsrvp");
939
940         struct torture_rpc_tcase *tcase
941                 = torture_suite_add_rpc_iface_tcase(suite, "fsrvp",
942                                                 &ndr_table_FileServerVssAgent);
943         /* override torture_rpc_setup() to set DCERPC_NDR_REF_ALLOC */
944         tcase->tcase.setup = fsrvp_rpc_setup;
945
946         torture_rpc_tcase_add_test(tcase, "share_sd",
947                                    test_fsrvp_share_sd);
948         torture_rpc_tcase_add_test(tcase, "seq_timeout",
949                                    test_fsrvp_seq_timeout);
950         torture_rpc_tcase_add_test(tcase, "enum_created",
951                                    test_fsrvp_enum_created);
952         torture_rpc_tcase_add_test(tcase, "sc_share_io",
953                                    test_fsrvp_sc_share_io);
954         torture_rpc_tcase_add_test(tcase, "bad_id",
955                                    test_fsrvp_bad_id);
956         torture_rpc_tcase_add_test(tcase, "sc_set_abort",
957                                    test_fsrvp_sc_set_abort);
958         torture_rpc_tcase_add_test(tcase, "create_simple",
959                                    test_fsrvp_sc_create_simple);
960         torture_rpc_tcase_add_test(tcase, "set_ctx",
961                                    test_fsrvp_set_ctx);
962         torture_rpc_tcase_add_test(tcase, "get_version",
963                                    test_fsrvp_get_version);
964         torture_rpc_tcase_add_test(tcase, "is_path_supported",
965                                    test_fsrvp_is_path_supported);
966
967         return suite;
968 }