2 Unix SMB/CIFS implementation.
3 SMB torture tester - scanning functions
4 Copyright (C) Andrew Tridgell 2001
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 #include "torture/torture.h"
23 #include "libcli/libcli.h"
24 #include "libcli/raw/libcliraw.h"
25 #include "system/filesys.h"
32 /****************************************************************************
33 look for a partial hit
34 ****************************************************************************/
35 static void trans2_check_hit(const char *format, int op, int level, NTSTATUS status)
37 if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_LEVEL) ||
38 NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED) ||
39 NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED) ||
40 NT_STATUS_EQUAL(status, NT_STATUS_UNSUCCESSFUL) ||
41 NT_STATUS_EQUAL(status, NT_STATUS_INVALID_INFO_CLASS)) {
45 printf("possible %s hit op=%3d level=%5d status=%s\n",
46 format, op, level, nt_errstr(status));
50 /****************************************************************************
51 check for existance of a trans2 call
52 ****************************************************************************/
53 static NTSTATUS try_trans2(struct smbcli_state *cli,
55 uint8_t *param, uint8_t *data,
56 int param_len, int data_len,
57 int *rparam_len, int *rdata_len)
64 mem_ctx = talloc_init("try_trans2");
67 t2.in.max_data = smb_raw_max_trans_data(cli->tree, 64);
71 t2.in.setup_count = 1;
73 t2.in.params.data = param;
74 t2.in.params.length = param_len;
75 t2.in.data.data = data;
76 t2.in.data.length = data_len;
78 status = smb_raw_trans2(cli->tree, mem_ctx, &t2);
80 *rparam_len = t2.out.params.length;
81 *rdata_len = t2.out.data.length;
89 static NTSTATUS try_trans2_len(struct smbcli_state *cli,
92 uint8_t *param, uint8_t *data,
93 int param_len, int *data_len,
94 int *rparam_len, int *rdata_len)
96 NTSTATUS ret=NT_STATUS_OK;
98 ret = try_trans2(cli, op, param, data, param_len,
99 sizeof(pstring), rparam_len, rdata_len);
101 printf("op=%d level=%d ret=%s\n", op, level, nt_errstr(ret));
103 if (!NT_STATUS_IS_OK(ret)) return ret;
106 while (*data_len < sizeof(pstring)) {
107 ret = try_trans2(cli, op, param, data, param_len,
108 *data_len, rparam_len, rdata_len);
109 if (NT_STATUS_IS_OK(ret)) break;
112 if (NT_STATUS_IS_OK(ret)) {
113 printf("found %s level=%d data_len=%d rparam_len=%d rdata_len=%d\n",
114 format, level, *data_len, *rparam_len, *rdata_len);
116 trans2_check_hit(format, op, level, ret);
122 /****************************************************************************
123 check whether a trans2 opnum exists at all
124 ****************************************************************************/
125 static BOOL trans2_op_exists(struct smbcli_state *cli, int op)
129 int rparam_len, rdata_len;
130 uint8_t param[1024], data[1024];
131 NTSTATUS status1, status2;
133 memset(data, 0, sizeof(data));
136 /* try with a info level only */
137 param_len = sizeof(param);
138 data_len = sizeof(data);
140 memset(param, 0xFF, sizeof(param));
141 memset(data, 0xFF, sizeof(data));
143 status1 = try_trans2(cli, 0xFFFF, param, data, param_len, data_len,
144 &rparam_len, &rdata_len);
146 status2 = try_trans2(cli, op, param, data, param_len, data_len,
147 &rparam_len, &rdata_len);
149 if (NT_STATUS_EQUAL(status1, status2)) return False;
151 printf("Found op %d (status=%s)\n", op, nt_errstr(status2));
156 /****************************************************************************
157 check for existance of a trans2 call
158 ****************************************************************************/
159 static BOOL scan_trans2(struct smbcli_state *cli, int op, int level,
160 int fnum, int dnum, int qfnum, const char *fname)
164 int rparam_len, rdata_len;
165 uint8_t param[1024], data[1024];
168 memset(data, 0, sizeof(data));
171 /* try with a info level only */
173 SSVAL(param, 0, level);
174 status = try_trans2_len(cli, "void", op, level, param, data, param_len, &data_len,
175 &rparam_len, &rdata_len);
176 if (NT_STATUS_IS_OK(status)) return True;
178 /* try with a file descriptor */
180 SSVAL(param, 0, fnum);
181 SSVAL(param, 2, level);
183 status = try_trans2_len(cli, "fnum", op, level, param, data, param_len, &data_len,
184 &rparam_len, &rdata_len);
185 if (NT_STATUS_IS_OK(status)) return True;
187 /* try with a quota file descriptor */
189 SSVAL(param, 0, qfnum);
190 SSVAL(param, 2, level);
192 status = try_trans2_len(cli, "qfnum", op, level, param, data, param_len, &data_len,
193 &rparam_len, &rdata_len);
194 if (NT_STATUS_IS_OK(status)) return True;
196 /* try with a notify style */
198 SSVAL(param, 0, dnum);
199 SSVAL(param, 2, dnum);
200 SSVAL(param, 4, level);
201 status = try_trans2_len(cli, "notify", op, level, param, data, param_len, &data_len,
202 &rparam_len, &rdata_len);
203 if (NT_STATUS_IS_OK(status)) return True;
205 /* try with a file name */
207 SSVAL(param, 0, level);
210 param_len += push_string(¶m[6], fname, sizeof(pstring)-7, STR_TERMINATE|STR_UNICODE);
212 status = try_trans2_len(cli, "fname", op, level, param, data, param_len, &data_len,
213 &rparam_len, &rdata_len);
214 if (NT_STATUS_IS_OK(status)) return True;
216 /* try with a new file name */
218 SSVAL(param, 0, level);
221 param_len += push_string(¶m[6], "\\newfile.dat", sizeof(pstring)-7, STR_TERMINATE|STR_UNICODE);
223 status = try_trans2_len(cli, "newfile", op, level, param, data, param_len, &data_len,
224 &rparam_len, &rdata_len);
225 smbcli_unlink(cli->tree, "\\newfile.dat");
226 smbcli_rmdir(cli->tree, "\\newfile.dat");
227 if (NT_STATUS_IS_OK(status)) return True;
230 smbcli_mkdir(cli->tree, "\\testdir");
232 SSVAL(param, 0, level);
233 param_len += push_string(¶m[2], "\\testdir", sizeof(pstring)-3, STR_TERMINATE|STR_UNICODE);
235 status = try_trans2_len(cli, "dfs", op, level, param, data, param_len, &data_len,
236 &rparam_len, &rdata_len);
237 smbcli_rmdir(cli->tree, "\\testdir");
238 if (NT_STATUS_IS_OK(status)) return True;
244 BOOL torture_trans2_scan(void)
246 static struct smbcli_state *cli;
248 const char *fname = "\\scanner.dat";
249 int fnum, dnum, qfnum;
251 printf("starting trans2 scan test\n");
253 if (!torture_open_connection(&cli)) {
257 fnum = smbcli_open(cli->tree, fname, O_RDWR | O_CREAT | O_TRUNC, DENY_NONE);
259 printf("file open failed - %s\n", smbcli_errstr(cli->tree));
261 dnum = smbcli_nt_create_full(cli->tree, "\\",
263 SEC_RIGHTS_FILE_READ,
264 FILE_ATTRIBUTE_NORMAL,
265 NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE,
267 NTCREATEX_OPTIONS_DIRECTORY, 0);
269 printf("directory open failed - %s\n", smbcli_errstr(cli->tree));
271 qfnum = smbcli_nt_create_full(cli->tree, "\\$Extend\\$Quota:$Q:$INDEX_ALLOCATION",
272 NTCREATEX_FLAGS_EXTENDED,
273 SEC_FLAG_MAXIMUM_ALLOWED,
275 NTCREATEX_SHARE_ACCESS_READ|NTCREATEX_SHARE_ACCESS_WRITE,
279 printf("quota open failed - %s\n", smbcli_errstr(cli->tree));
282 for (op=OP_MIN; op<=OP_MAX; op++) {
284 if (!trans2_op_exists(cli, op)) {
288 for (level = 0; level <= 50; level++) {
289 scan_trans2(cli, op, level, fnum, dnum, qfnum, fname);
292 for (level = 0x100; level <= 0x130; level++) {
293 scan_trans2(cli, op, level, fnum, dnum, qfnum, fname);
296 for (level = 1000; level < 1050; level++) {
297 scan_trans2(cli, op, level, fnum, dnum, qfnum, fname);
301 torture_close_connection(cli);
303 printf("trans2 scan finished\n");
310 /****************************************************************************
311 look for a partial hit
312 ****************************************************************************/
313 static void nttrans_check_hit(const char *format, int op, int level, NTSTATUS status)
315 if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_LEVEL) ||
316 NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED) ||
317 NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED) ||
318 NT_STATUS_EQUAL(status, NT_STATUS_UNSUCCESSFUL) ||
319 NT_STATUS_EQUAL(status, NT_STATUS_INVALID_INFO_CLASS)) {
323 printf("possible %s hit op=%3d level=%5d status=%s\n",
324 format, op, level, nt_errstr(status));
328 /****************************************************************************
329 check for existence of a nttrans call
330 ****************************************************************************/
331 static NTSTATUS try_nttrans(struct smbcli_state *cli,
333 uint8_t *param, uint8_t *data,
334 int param_len, int data_len,
335 int *rparam_len, int *rdata_len)
337 struct smb_nttrans parms;
338 DATA_BLOB ntparam_blob, ntdata_blob;
342 mem_ctx = talloc_init("try_nttrans");
344 ntparam_blob.length = param_len;
345 ntparam_blob.data = param;
346 ntdata_blob.length = data_len;
347 ntdata_blob.data = data;
349 parms.in.max_param = 64;
350 parms.in.max_data = smb_raw_max_trans_data(cli->tree, 64);
351 parms.in.max_setup = 0;
352 parms.in.setup_count = 0;
353 parms.in.function = op;
354 parms.in.params = ntparam_blob;
355 parms.in.data = ntdata_blob;
357 status = smb_raw_nttrans(cli->tree, mem_ctx, &parms);
359 if (NT_STATUS_IS_ERR(status)) {
360 DEBUG(1,("Failed to send NT_TRANS\n"));
361 talloc_free(mem_ctx);
364 *rparam_len = parms.out.params.length;
365 *rdata_len = parms.out.data.length;
367 talloc_free(mem_ctx);
373 static NTSTATUS try_nttrans_len(struct smbcli_state *cli,
376 uint8_t *param, uint8_t *data,
377 int param_len, int *data_len,
378 int *rparam_len, int *rdata_len)
380 NTSTATUS ret=NT_STATUS_OK;
382 ret = try_nttrans(cli, op, param, data, param_len,
383 sizeof(pstring), rparam_len, rdata_len);
385 printf("op=%d level=%d ret=%s\n", op, level, nt_errstr(ret));
387 if (!NT_STATUS_IS_OK(ret)) return ret;
390 while (*data_len < sizeof(pstring)) {
391 ret = try_nttrans(cli, op, param, data, param_len,
392 *data_len, rparam_len, rdata_len);
393 if (NT_STATUS_IS_OK(ret)) break;
396 if (NT_STATUS_IS_OK(ret)) {
397 printf("found %s level=%d data_len=%d rparam_len=%d rdata_len=%d\n",
398 format, level, *data_len, *rparam_len, *rdata_len);
400 nttrans_check_hit(format, op, level, ret);
405 /****************************************************************************
406 check for existance of a nttrans call
407 ****************************************************************************/
408 static BOOL scan_nttrans(struct smbcli_state *cli, int op, int level,
409 int fnum, int dnum, const char *fname)
413 int rparam_len, rdata_len;
414 uint8_t param[1024], data[1024];
417 memset(data, 0, sizeof(data));
420 /* try with a info level only */
422 SSVAL(param, 0, level);
423 status = try_nttrans_len(cli, "void", op, level, param, data, param_len, &data_len,
424 &rparam_len, &rdata_len);
425 if (NT_STATUS_IS_OK(status)) return True;
427 /* try with a file descriptor */
429 SSVAL(param, 0, fnum);
430 SSVAL(param, 2, level);
432 status = try_nttrans_len(cli, "fnum", op, level, param, data, param_len, &data_len,
433 &rparam_len, &rdata_len);
434 if (NT_STATUS_IS_OK(status)) return True;
437 /* try with a notify style */
439 SSVAL(param, 0, dnum);
440 SSVAL(param, 2, dnum);
441 SSVAL(param, 4, level);
442 status = try_nttrans_len(cli, "notify", op, level, param, data, param_len, &data_len,
443 &rparam_len, &rdata_len);
444 if (NT_STATUS_IS_OK(status)) return True;
446 /* try with a file name */
448 SSVAL(param, 0, level);
451 param_len += push_string(¶m[6], fname, sizeof(pstring), STR_TERMINATE | STR_UNICODE);
453 status = try_nttrans_len(cli, "fname", op, level, param, data, param_len, &data_len,
454 &rparam_len, &rdata_len);
455 if (NT_STATUS_IS_OK(status)) return True;
457 /* try with a new file name */
459 SSVAL(param, 0, level);
462 param_len += push_string(¶m[6], "\\newfile.dat", sizeof(pstring), STR_TERMINATE | STR_UNICODE);
464 status = try_nttrans_len(cli, "newfile", op, level, param, data, param_len, &data_len,
465 &rparam_len, &rdata_len);
466 smbcli_unlink(cli->tree, "\\newfile.dat");
467 smbcli_rmdir(cli->tree, "\\newfile.dat");
468 if (NT_STATUS_IS_OK(status)) return True;
471 smbcli_mkdir(cli->tree, "\\testdir");
473 SSVAL(param, 0, level);
474 param_len += push_string(¶m[2], "\\testdir", sizeof(pstring), STR_TERMINATE | STR_UNICODE);
476 status = try_nttrans_len(cli, "dfs", op, level, param, data, param_len, &data_len,
477 &rparam_len, &rdata_len);
478 smbcli_rmdir(cli->tree, "\\testdir");
479 if (NT_STATUS_IS_OK(status)) return True;
485 BOOL torture_nttrans_scan(void)
487 static struct smbcli_state *cli;
489 const char *fname = "\\scanner.dat";
492 printf("starting nttrans scan test\n");
494 if (!torture_open_connection(&cli)) {
498 fnum = smbcli_open(cli->tree, fname, O_RDWR | O_CREAT | O_TRUNC,
500 dnum = smbcli_open(cli->tree, "\\", O_RDONLY, DENY_NONE);
502 for (op=OP_MIN; op<=OP_MAX; op++) {
503 printf("Scanning op=%d\n", op);
504 for (level = 0; level <= 50; level++) {
505 scan_nttrans(cli, op, level, fnum, dnum, fname);
508 for (level = 0x100; level <= 0x130; level++) {
509 scan_nttrans(cli, op, level, fnum, dnum, fname);
512 for (level = 1000; level < 1050; level++) {
513 scan_nttrans(cli, op, level, fnum, dnum, fname);
517 torture_close_connection(cli);
519 printf("nttrans scan finished\n");
524 /* scan for valid base SMB requests */
525 BOOL torture_smb_scan(void)
527 static struct smbcli_state *cli;
529 struct smbcli_request *req;
532 for (op=0x0;op<=0xFF;op++) {
533 if (op == SMBreadbraw) continue;
535 if (!torture_open_connection(&cli)) {
539 req = smbcli_request_setup(cli->tree, op, 0, 0);
541 if (!smbcli_request_send(req)) {
542 smbcli_request_destroy(req);
547 smbcli_transport_process(cli->transport);
548 if (req->state > SMBCLI_REQUEST_RECV) {
549 status = smbcli_request_simple_recv(req);
550 printf("op=0x%x status=%s\n", op, nt_errstr(status));
551 torture_close_connection(cli);
556 smbcli_transport_process(cli->transport);
557 if (req->state > SMBCLI_REQUEST_RECV) {
558 status = smbcli_request_simple_recv(req);
559 printf("op=0x%x status=%s\n", op, nt_errstr(status));
561 printf("op=0x%x no reply\n", op);
562 smbcli_request_destroy(req);
563 continue; /* don't attempt close! */
566 torture_close_connection(cli);
570 printf("smb scan finished\n");
git.samba.org / ira / wip.git / blob