source/torture/rap/rap.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    test suite for various RAP operations
   4    Copyright (C) Volker Lendecke 2004
   5    Copyright (C) Tim Potter 2005
   6
   7    This program is free software; you can redistribute it and/or modify
   8    it under the terms of the GNU General Public License as published by
   9    the Free Software Foundation; either version 2 of the License, or
  10    (at your option) any later version.
  11
  12    This program is distributed in the hope that it will be useful,
  13    but WITHOUT ANY WARRANTY; without even the implied warranty of
  14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15    GNU General Public License for more details.
  16
  17    You should have received a copy of the GNU General Public License
  18    along with this program; if not, write to the Free Software
  19    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  20 */
  21
  22 #include "includes.h"
  23 #include "libcli/libcli.h"
  24 #include "torture/torture.h"
  25 #include "torture/util.h"
  26 #include "libcli/rap/rap.h"
  27 #include "libcli/raw/libcliraw.h"
  28 #include "libcli/libcli.h"
  29 #include "librpc/ndr/libndr.h"
  30
  31 struct rap_call {
  32         uint16_t callno;
  33         char *paramdesc;
  34         const char *datadesc;
  35
  36         uint16_t status;
  37         uint16_t convert;
  38
  39         uint16_t rcv_paramlen, rcv_datalen;
  40
  41         struct ndr_push *ndr_push_param;
  42         struct ndr_push *ndr_push_data;
  43         struct ndr_pull *ndr_pull_param;
  44         struct ndr_pull *ndr_pull_data;
  45 };
  46
  47 #define RAPNDR_FLAGS (LIBNDR_FLAG_NOALIGN|LIBNDR_FLAG_STR_ASCII|LIBNDR_FLAG_STR_NULLTERM);
  48
  49 static struct rap_call *new_rap_cli_call(TALLOC_CTX *mem_ctx, uint16_t callno)
  50 {
  51         struct rap_call *call;
  52
  53         call = talloc(mem_ctx, struct rap_call);
  54
  55         if (call == NULL)
  56                 return NULL;
  57
  58         call->callno = callno;
  59         call->rcv_paramlen = 4;
  60
  61         call->paramdesc = NULL;
  62         call->datadesc = NULL;
  63
  64         call->ndr_push_param = ndr_push_init_ctx(mem_ctx);
  65         call->ndr_push_param->flags = RAPNDR_FLAGS;
  66
  67         call->ndr_push_data = ndr_push_init_ctx(mem_ctx);
  68         call->ndr_push_data->flags = RAPNDR_FLAGS;
  69
  70         return call;
  71 }
  72
  73 static void rap_cli_push_paramdesc(struct rap_call *call, char desc)
  74 {
  75         int len = 0;
  76
  77         if (call->paramdesc != NULL)
  78                 len = strlen(call->paramdesc);
  79
  80         call->paramdesc = talloc_realloc(call,
  81                                          call->paramdesc,
  82                                          uint8_t,
  83                                          len+2);
  84
  85         call->paramdesc[len] = desc;
  86         call->paramdesc[len+1] = '\0';
  87 }
  88
  89 static void rap_cli_push_word(struct rap_call *call, uint16_t val)
  90 {
  91         rap_cli_push_paramdesc(call, 'W');
  92         ndr_push_uint16(call->ndr_push_param, NDR_SCALARS, val);
  93 }
  94
  95 static void rap_cli_push_dword(struct rap_call *call, uint32_t val)
  96 {
  97         rap_cli_push_paramdesc(call, 'D');
  98         ndr_push_uint32(call->ndr_push_param, NDR_SCALARS, val);
  99 }
 100
 101 static void rap_cli_push_rcvbuf(struct rap_call *call, int len)
 102 {
 103         rap_cli_push_paramdesc(call, 'r');
 104         rap_cli_push_paramdesc(call, 'L');
 105         ndr_push_uint16(call->ndr_push_param, NDR_SCALARS, len);
 106         call->rcv_datalen = len;
 107 }
 108
 109 static void rap_cli_expect_multiple_entries(struct rap_call *call)
 110 {
 111         rap_cli_push_paramdesc(call, 'e');
 112         rap_cli_push_paramdesc(call, 'h');
 113         call->rcv_paramlen += 4; /* uint16_t entry count, uint16_t total */
 114 }
 115
 116 static void rap_cli_push_string(struct rap_call *call, const char *str)
 117 {
 118         if (str == NULL) {
 119                 rap_cli_push_paramdesc(call, 'O');
 120                 return;
 121         }
 122         rap_cli_push_paramdesc(call, 'z');
 123         ndr_push_string(call->ndr_push_param, NDR_SCALARS, str);
 124 }
 125
 126 static void rap_cli_expect_format(struct rap_call *call, const char *format)
 127 {
 128         call->datadesc = format;
 129 }
 130
 131 static NTSTATUS rap_pull_string(TALLOC_CTX *mem_ctx, struct ndr_pull *ndr,
 132                                 uint16_t convert, char **dest)
 133 {
 134         uint16_t string_offset;
 135         uint16_t ignore;
 136         const char *p;
 137         size_t len;
 138
 139         NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &string_offset));
 140         NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &ignore));
 141
 142         string_offset -= convert;
 143
 144         if (string_offset+1 > ndr->data_size)
 145                 return NT_STATUS_INVALID_PARAMETER;
 146
 147         p = (const char *)(ndr->data + string_offset);
 148         len = strnlen(p, ndr->data_size-string_offset);
 149
 150         if ( string_offset + len + 1 >  ndr->data_size )
 151                 return NT_STATUS_INVALID_PARAMETER;
 152
 153         *dest = talloc_zero_size(mem_ctx, len+1);
 154         pull_ascii(*dest, p, len+1, len, 0);
 155
 156         return NT_STATUS_OK;
 157 }
 158
 159 static NTSTATUS rap_cli_do_call(struct smbcli_state *cli, struct rap_call *call)
 160 {
 161         NTSTATUS result;
 162         DATA_BLOB param_blob;
 163         struct ndr_push *params;
 164         struct smb_trans2 trans;
 165
 166         params = ndr_push_init_ctx(call);
 167
 168         if (params == NULL)
 169                 return NT_STATUS_NO_MEMORY;
 170
 171         params->flags = RAPNDR_FLAGS;
 172
 173         trans.in.max_param = call->rcv_paramlen;
 174         trans.in.max_data = smb_raw_max_trans_data(cli->tree, call->rcv_paramlen);
 175         trans.in.max_setup = 0;
 176         trans.in.flags = 0;
 177         trans.in.timeout = 0;
 178         trans.in.setup_count = 0;
 179         trans.in.setup = NULL;
 180         trans.in.trans_name = "\\PIPE\\LANMAN";
 181
 182         NDR_CHECK(ndr_push_uint16(params, NDR_SCALARS, call->callno));
 183         if (call->paramdesc)
 184                 NDR_CHECK(ndr_push_string(params, NDR_SCALARS, call->paramdesc));
 185         if (call->datadesc)
 186                 NDR_CHECK(ndr_push_string(params, NDR_SCALARS, call->datadesc));
 187
 188         param_blob = ndr_push_blob(call->ndr_push_param);
 189         NDR_CHECK(ndr_push_bytes(params, param_blob.data,
 190                                  param_blob.length));
 191
 192         trans.in.params = ndr_push_blob(params);
 193         trans.in.data = data_blob(NULL, 0);
 194
 195         result = smb_raw_trans(cli->tree, call, &trans);
 196
 197         if (!NT_STATUS_IS_OK(result))
 198                 return result;
 199
 200         call->ndr_pull_param = ndr_pull_init_blob(&trans.out.params, call);
 201         call->ndr_pull_param->flags = RAPNDR_FLAGS;
 202
 203         call->ndr_pull_data = ndr_pull_init_blob(&trans.out.data, call);
 204         call->ndr_pull_data->flags = RAPNDR_FLAGS;
 205
 206         return result;
 207 }
 208
 209 #define NDR_OK(call) do { NTSTATUS _status; \
 210                              _status = call; \
 211                              if (!NT_STATUS_IS_OK(_status)) \
 212                                 goto done; \
 213                         } while (0)
 214
 215 static NTSTATUS smbcli_rap_netshareenum(struct smbcli_state *cli,
 216                                         TALLOC_CTX *mem_ctx,
 217                                         struct rap_NetShareEnum *r)
 218 {
 219         struct rap_call *call;
 220         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 221         int i;
 222
 223         call = new_rap_cli_call(NULL, RAP_WshareEnum);
 224
 225         if (call == NULL)
 226                 return NT_STATUS_NO_MEMORY;
 227
 228         rap_cli_push_word(call, r->in.level); /* Level */
 229         rap_cli_push_rcvbuf(call, r->in.bufsize);
 230         rap_cli_expect_multiple_entries(call);
 231
 232         switch(r->in.level) {
 233         case 0:
 234                 rap_cli_expect_format(call, "B13");
 235                 break;
 236         case 1:
 237                 rap_cli_expect_format(call, "B13BWz");
 238                 break;
 239         }
 240
 241         result = rap_cli_do_call(cli, call);
 242
 243         if (!NT_STATUS_IS_OK(result))
 244                 goto done;
 245
 246         NDR_OK(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.status));
 247         NDR_OK(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.convert));
 248         NDR_OK(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.count));
 249         NDR_OK(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.available));
 250
 251         r->out.info = talloc_array(mem_ctx, union rap_shareenum_info, r->out.count);
 252
 253         if (r->out.info == NULL) {
 254                 result = NT_STATUS_NO_MEMORY;
 255                 goto done;
 256         }
 257
 258         for (i=0; i<r->out.count; i++) {
 259                 switch(r->in.level) {
 260                 case 0:
 261                         NDR_OK(ndr_pull_bytes(call->ndr_pull_data,
 262                                               (uint8_t *)r->out.info[i].info0.name, 13));
 263                         break;
 264                 case 1:
 265                         NDR_OK(ndr_pull_bytes(call->ndr_pull_data,
 266                                               (uint8_t *)r->out.info[i].info1.name, 13));
 267                         NDR_OK(ndr_pull_bytes(call->ndr_pull_data,
 268                                               (uint8_t *)&r->out.info[i].info1.pad, 1));
 269                         NDR_OK(ndr_pull_uint16(call->ndr_pull_data,
 270                                                NDR_SCALARS, &r->out.info[i].info1.type));
 271                         NDR_OK(rap_pull_string(mem_ctx, call->ndr_pull_data,
 272                                                r->out.convert,
 273                                                &r->out.info[i].info1.comment));
 274                         break;
 275                 }
 276         }
 277
 278         result = NT_STATUS_OK;
 279
 280  done:
 281         talloc_free(call);
 282         return result;
 283 }
 284
 285 static BOOL test_netshareenum(struct smbcli_state *cli)
 286 {
 287         struct rap_NetShareEnum r;
 288         int i;
 289         TALLOC_CTX *tmp_ctx = talloc_new(cli);
 290
 291         r.in.level = 1;
 292         r.in.bufsize = 8192;
 293
 294         if (!NT_STATUS_IS_OK(smbcli_rap_netshareenum(cli, tmp_ctx, &r)))
 295                 return False;
 296
 297         for (i=0; i<r.out.count; i++) {
 298                 printf("%s %d %s\n", r.out.info[i].info1.name,
 299                        r.out.info[i].info1.type,
 300                        r.out.info[i].info1.comment);
 301         }
 302
 303         talloc_free(tmp_ctx);
 304
 305         return True;
 306 }
 307
 308 static NTSTATUS smbcli_rap_netserverenum2(struct smbcli_state *cli,
 309                                           TALLOC_CTX *mem_ctx,
 310                                           struct rap_NetServerEnum2 *r)
 311 {
 312         struct rap_call *call;
 313         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 314         int i;
 315
 316         call = new_rap_cli_call(NULL, RAP_NetServerEnum2);
 317
 318         if (call == NULL)
 319                 return NT_STATUS_NO_MEMORY;
 320
 321         rap_cli_push_word(call, r->in.level);
 322         rap_cli_push_rcvbuf(call, r->in.bufsize);
 323         rap_cli_expect_multiple_entries(call);
 324         rap_cli_push_dword(call, r->in.servertype);
 325         rap_cli_push_string(call, r->in.domain);
 326
 327         switch(r->in.level) {
 328         case 0:
 329                 rap_cli_expect_format(call, "B16");
 330                 break;
 331         case 1:
 332                 rap_cli_expect_format(call, "B16BBDz");
 333                 break;
 334         }
 335
 336         result = rap_cli_do_call(cli, call);
 337
 338         if (!NT_STATUS_IS_OK(result))
 339                 goto done;
 340
 341         result = NT_STATUS_INVALID_PARAMETER;
 342
 343         NDR_OK(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.status));
 344         NDR_OK(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.convert));
 345         NDR_OK(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.count));
 346         NDR_OK(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.available));
 347
 348         r->out.info = talloc_array(mem_ctx, union rap_server_info, r->out.count);
 349
 350         if (r->out.info == NULL) {
 351                 result = NT_STATUS_NO_MEMORY;
 352                 goto done;
 353         }
 354
 355         for (i=0; i<r->out.count; i++) {
 356                 switch(r->in.level) {
 357                 case 0:
 358                         NDR_OK(ndr_pull_bytes(call->ndr_pull_data,
 359                                               (uint8_t *)r->out.info[i].info0.name, 16));
 360                         break;
 361                 case 1:
 362                         NDR_OK(ndr_pull_bytes(call->ndr_pull_data,
 363                                               (uint8_t *)r->out.info[i].info1.name, 16));
 364                         NDR_OK(ndr_pull_bytes(call->ndr_pull_data,
 365                                               &r->out.info[i].info1.version_major, 1));
 366                         NDR_OK(ndr_pull_bytes(call->ndr_pull_data,
 367                                               &r->out.info[i].info1.version_minor, 1));
 368                         NDR_OK(ndr_pull_uint32(call->ndr_pull_data,
 369                                                NDR_SCALARS, &r->out.info[i].info1.servertype));
 370                         NDR_OK(rap_pull_string(mem_ctx, call->ndr_pull_data,
 371                                                r->out.convert,
 372                                                &r->out.info[i].info1.comment));
 373                 }
 374         }
 375
 376         result = NT_STATUS_OK;
 377
 378  done:
 379         talloc_free(call);
 380         return result;
 381 }
 382
 383 static BOOL test_netserverenum(struct smbcli_state *cli)
 384 {
 385         struct rap_NetServerEnum2 r;
 386         int i;
 387         TALLOC_CTX *tmp_ctx = talloc_new(cli);
 388
 389         r.in.level = 0;
 390         r.in.bufsize = 8192;
 391         r.in.servertype = 0xffffffff;
 392         r.in.servertype = 0x80000000;
 393         r.in.domain = NULL;
 394
 395         if (!NT_STATUS_IS_OK(smbcli_rap_netserverenum2(cli, tmp_ctx, &r)))
 396                 return False;
 397
 398         for (i=0; i<r.out.count; i++) {
 399                 switch (r.in.level) {
 400                 case 0:
 401                         printf("%s\n", r.out.info[i].info0.name);
 402                         break;
 403                 case 1:
 404                         printf("%s %x %s\n", r.out.info[i].info1.name,
 405                                r.out.info[i].info1.servertype,
 406                                r.out.info[i].info1.comment);
 407                         break;
 408                 }
 409         }
 410
 411         talloc_free(tmp_ctx);
 412
 413         return True;
 414 }
 415
 416
 417
 418 static BOOL test_rap(struct smbcli_state *cli)
 419 {
 420         BOOL res = True;
 421
 422         if (!test_netserverenum(cli))
 423                 res = False;
 424
 425         if (!test_netshareenum(cli))
 426                 res = False;
 427
 428         return res;
 429 }
 430
 431 BOOL torture_rap_basic(struct torture_context *torture)
 432 {
 433         struct smbcli_state *cli;
 434         BOOL ret = True;
 435         TALLOC_CTX *mem_ctx;
 436
 437         if (!torture_open_connection(&cli)) {
 438                 return False;
 439         }
 440
 441         mem_ctx = talloc_init("torture_rap_basic");
 442
 443         if (!test_rap(cli)) {
 444                 ret = False;
 445         }
 446
 447         torture_close_connection(cli);
 448         talloc_free(mem_ctx);
 449
 450         return ret;
 451 }
 452
 453 BOOL torture_rap_scan(struct torture_context *torture)
 454 {
 455         TALLOC_CTX *mem_ctx;
 456         struct smbcli_state *cli;
 457         int callno;
 458
 459         mem_ctx = talloc_init("torture_rap_scan");
 460
 461         if (!torture_open_connection(&cli)) {
 462                 return False;
 463         }
 464
 465         for (callno = 0; callno < 0xffff; callno++) {
 466                 struct rap_call *call = new_rap_cli_call(mem_ctx, callno);
 467                 NTSTATUS result;
 468
 469                 result = rap_cli_do_call(cli, call);
 470
 471                 if (!NT_STATUS_EQUAL(result, NT_STATUS_INVALID_PARAMETER))
 472                         continue;
 473
 474                 printf("callno %d is RAP call\n", callno);
 475         }
 476
 477         torture_close_connection(cli);
 478
 479         return True;
 480 }