2 Unix SMB/CIFS implementation.
3 SMB torture tester - scanning functions
4 Copyright (C) Andrew Tridgell 2001
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include "system/filesys.h"
22 #include "torture/proto.h"
23 #include "libsmb/libsmb.h"
29 #define DATA_SIZE 1024
30 #define PARAM_SIZE 1024
32 /****************************************************************************
33 look for a partial hit
34 ****************************************************************************/
35 static void trans2_check_hit(const char *format, int op, int level, NTSTATUS status)
37 if (NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_INVALID_LEVEL) ||
38 NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_NOT_IMPLEMENTED) ||
39 NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_NOT_SUPPORTED) ||
40 NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_UNSUCCESSFUL) ||
41 NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_INVALID_INFO_CLASS)) {
45 printf("possible %s hit op=%3d level=%5d status=%s\n",
46 format, op, level, nt_errstr(status));
50 /****************************************************************************
51 check for existance of a trans2 call
52 ****************************************************************************/
53 static NTSTATUS try_trans2(struct cli_state *cli,
55 uint8_t *param, uint8_t *data,
56 uint32_t param_len, uint32_t data_len,
57 uint32_t *rparam_len, uint32_t *rdata_len)
60 uint8_t *rparam=NULL, *rdata=NULL;
63 SSVAL(setup+0, 0, op);
65 status = cli_trans(talloc_tos(), cli, SMBtrans2,
66 NULL, -1, /* name, fid */
68 NULL, 0, 0, /* setup */
70 data, data_len, cli->max_xmit,
71 NULL, /* recv_flags2 */
72 NULL, 0, NULL, /* rsetup */
73 &rparam, 0, rparam_len,
74 &rdata, 0, rdata_len);
83 static NTSTATUS try_trans2_len(struct cli_state *cli,
86 uint8_t *param, uint8_t *data,
87 uint32_t param_len, uint32_t *data_len,
88 uint32_t *rparam_len, uint32_t *rdata_len)
90 NTSTATUS ret=NT_STATUS_OK;
92 ret = try_trans2(cli, op, param, data, param_len,
93 DATA_SIZE, rparam_len, rdata_len);
95 printf("op=%d level=%d ret=%s\n", op, level, nt_errstr(ret));
97 if (!NT_STATUS_IS_OK(ret)) return ret;
100 while (*data_len < DATA_SIZE) {
101 ret = try_trans2(cli, op, param, data, param_len,
102 *data_len, rparam_len, rdata_len);
103 if (NT_STATUS_IS_OK(ret)) break;
106 if (NT_STATUS_IS_OK(ret)) {
107 printf("found %s level=%d data_len=%d rparam_len=%d rdata_len=%d\n",
108 format, level, *data_len, *rparam_len, *rdata_len);
110 trans2_check_hit(format, op, level, ret);
115 /****************************************************************************
116 check for existance of a trans2 call
117 ****************************************************************************/
118 static bool scan_trans2(struct cli_state *cli, int op, int level,
119 int fnum, int dnum, const char *fname)
121 uint32_t data_len = 0;
122 uint32_t param_len = 0;
123 uint32_t rparam_len, rdata_len;
124 uint8_t param[PARAM_SIZE], data[DATA_SIZE];
127 memset(data, 0, sizeof(data));
130 /* try with a info level only */
132 SSVAL(param, 0, level);
133 status = try_trans2_len(cli, "void", op, level, param, data, param_len, &data_len,
134 &rparam_len, &rdata_len);
135 if (NT_STATUS_IS_OK(status)) return True;
137 /* try with a file descriptor */
139 SSVAL(param, 0, fnum);
140 SSVAL(param, 2, level);
142 status = try_trans2_len(cli, "fnum", op, level, param, data, param_len, &data_len,
143 &rparam_len, &rdata_len);
144 if (NT_STATUS_IS_OK(status)) return True;
147 /* try with a notify style */
149 SSVAL(param, 0, dnum);
150 SSVAL(param, 2, dnum);
151 SSVAL(param, 4, level);
152 status = try_trans2_len(cli, "notify", op, level, param, data, param_len, &data_len,
153 &rparam_len, &rdata_len);
154 if (NT_STATUS_IS_OK(status)) return True;
156 /* try with a file name */
158 SSVAL(param, 0, level);
161 param_len += clistr_push(cli, ¶m[6], fname, -1, STR_TERMINATE);
163 status = try_trans2_len(cli, "fname", op, level, param, data, param_len, &data_len,
164 &rparam_len, &rdata_len);
165 if (NT_STATUS_IS_OK(status)) return True;
167 /* try with a new file name */
169 SSVAL(param, 0, level);
172 param_len += clistr_push(cli, ¶m[6], "\\newfile.dat", -1, STR_TERMINATE);
174 status = try_trans2_len(cli, "newfile", op, level, param, data, param_len, &data_len,
175 &rparam_len, &rdata_len);
176 cli_unlink(cli, "\\newfile.dat", FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN);
177 cli_rmdir(cli, "\\newfile.dat");
178 if (NT_STATUS_IS_OK(status)) return True;
181 cli_mkdir(cli, "\\testdir");
183 SSVAL(param, 0, level);
184 param_len += clistr_push(cli, ¶m[2], "\\testdir", -1, STR_TERMINATE);
186 status = try_trans2_len(cli, "dfs", op, level, param, data, param_len, &data_len,
187 &rparam_len, &rdata_len);
188 cli_rmdir(cli, "\\testdir");
189 if (NT_STATUS_IS_OK(status)) return True;
195 bool torture_trans2_scan(int dummy)
197 static struct cli_state *cli;
199 const char *fname = "\\scanner.dat";
202 printf("starting trans2 scan test\n");
204 if (!torture_open_connection(&cli, 0)) {
208 if (!NT_STATUS_IS_OK(cli_open(cli, fname, O_RDWR | O_CREAT | O_TRUNC,
209 DENY_NONE, &fnum))) {
210 printf("open of %s failed\n", fname);
213 if (!NT_STATUS_IS_OK(cli_open(cli, "\\", O_RDONLY, DENY_NONE, &dnum))) {
214 printf("open of \\ failed\n");
218 for (op=OP_MIN; op<=OP_MAX; op++) {
219 printf("Scanning op=%d\n", op);
220 for (level = 0; level <= 50; level++) {
221 scan_trans2(cli, op, level, fnum, dnum, fname);
224 for (level = 0x100; level <= 0x130; level++) {
225 scan_trans2(cli, op, level, fnum, dnum, fname);
228 for (level = 1000; level < 1050; level++) {
229 scan_trans2(cli, op, level, fnum, dnum, fname);
233 torture_close_connection(cli);
235 printf("trans2 scan finished\n");
242 /****************************************************************************
243 look for a partial hit
244 ****************************************************************************/
245 static void nttrans_check_hit(const char *format, int op, int level, NTSTATUS status)
247 if (NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_INVALID_LEVEL) ||
248 NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_NOT_IMPLEMENTED) ||
249 NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_NOT_SUPPORTED) ||
250 NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_UNSUCCESSFUL) ||
251 NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_INVALID_INFO_CLASS)) {
255 printf("possible %s hit op=%3d level=%5d status=%s\n",
256 format, op, level, nt_errstr(status));
260 /****************************************************************************
261 check for existance of a nttrans call
262 ****************************************************************************/
263 static NTSTATUS try_nttrans(struct cli_state *cli,
265 uint8_t *param, uint8_t *data,
266 int32_t param_len, uint32_t data_len,
267 uint32_t *rparam_len,
270 uint8_t *rparam=NULL, *rdata=NULL;
273 status = cli_trans(talloc_tos(), cli, SMBnttrans,
274 NULL, -1, /* name, fid */
276 NULL, 0, 0, /* setup */
278 data, data_len, cli->max_xmit,
279 NULL, /* recv_flags2 */
280 NULL, 0, NULL, /* rsetup */
281 &rparam, 0, rparam_len,
282 &rdata, 0, rdata_len);
290 static NTSTATUS try_nttrans_len(struct cli_state *cli,
293 uint8_t *param, uint8_t *data,
294 int param_len, uint32_t *data_len,
295 uint32_t *rparam_len, uint32_t *rdata_len)
297 NTSTATUS ret=NT_STATUS_OK;
299 ret = try_nttrans(cli, op, param, data, param_len,
300 DATA_SIZE, rparam_len, rdata_len);
302 printf("op=%d level=%d ret=%s\n", op, level, nt_errstr(ret));
304 if (!NT_STATUS_IS_OK(ret)) return ret;
307 while (*data_len < DATA_SIZE) {
308 ret = try_nttrans(cli, op, param, data, param_len,
309 *data_len, rparam_len, rdata_len);
310 if (NT_STATUS_IS_OK(ret)) break;
313 if (NT_STATUS_IS_OK(ret)) {
314 printf("found %s level=%d data_len=%d rparam_len=%d rdata_len=%d\n",
315 format, level, *data_len, *rparam_len, *rdata_len);
317 nttrans_check_hit(format, op, level, ret);
322 /****************************************************************************
323 check for existance of a nttrans call
324 ****************************************************************************/
325 static bool scan_nttrans(struct cli_state *cli, int op, int level,
326 int fnum, int dnum, const char *fname)
328 uint32_t data_len = 0;
329 uint32_t param_len = 0;
330 uint32_t rparam_len, rdata_len;
331 uint8_t param[PARAM_SIZE], data[DATA_SIZE];
334 memset(data, 0, sizeof(data));
337 /* try with a info level only */
339 SSVAL(param, 0, level);
340 status = try_nttrans_len(cli, "void", op, level, param, data, param_len, &data_len,
341 &rparam_len, &rdata_len);
342 if (NT_STATUS_IS_OK(status)) return True;
344 /* try with a file descriptor */
346 SSVAL(param, 0, fnum);
347 SSVAL(param, 2, level);
349 status = try_nttrans_len(cli, "fnum", op, level, param, data, param_len, &data_len,
350 &rparam_len, &rdata_len);
351 if (NT_STATUS_IS_OK(status)) return True;
354 /* try with a notify style */
356 SSVAL(param, 0, dnum);
357 SSVAL(param, 2, dnum);
358 SSVAL(param, 4, level);
359 status = try_nttrans_len(cli, "notify", op, level, param, data, param_len, &data_len,
360 &rparam_len, &rdata_len);
361 if (NT_STATUS_IS_OK(status)) return True;
363 /* try with a file name */
365 SSVAL(param, 0, level);
368 param_len += clistr_push(cli, ¶m[6], fname, -1, STR_TERMINATE);
370 status = try_nttrans_len(cli, "fname", op, level, param, data, param_len, &data_len,
371 &rparam_len, &rdata_len);
372 if (NT_STATUS_IS_OK(status)) return True;
374 /* try with a new file name */
376 SSVAL(param, 0, level);
379 param_len += clistr_push(cli, ¶m[6], "\\newfile.dat", -1, STR_TERMINATE);
381 status = try_nttrans_len(cli, "newfile", op, level, param, data, param_len, &data_len,
382 &rparam_len, &rdata_len);
383 cli_unlink(cli, "\\newfile.dat", FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN);
384 cli_rmdir(cli, "\\newfile.dat");
385 if (NT_STATUS_IS_OK(status)) return True;
388 cli_mkdir(cli, "\\testdir");
390 SSVAL(param, 0, level);
391 param_len += clistr_push(cli, ¶m[2], "\\testdir", -1, STR_TERMINATE);
393 status = try_nttrans_len(cli, "dfs", op, level, param, data, param_len, &data_len,
394 &rparam_len, &rdata_len);
395 cli_rmdir(cli, "\\testdir");
396 if (NT_STATUS_IS_OK(status)) return True;
402 bool torture_nttrans_scan(int dummy)
404 static struct cli_state *cli;
406 const char *fname = "\\scanner.dat";
409 printf("starting nttrans scan test\n");
411 if (!torture_open_connection(&cli, 0)) {
415 cli_open(cli, fname, O_RDWR | O_CREAT | O_TRUNC,
417 cli_open(cli, "\\", O_RDONLY, DENY_NONE, &dnum);
419 for (op=OP_MIN; op<=OP_MAX; op++) {
420 printf("Scanning op=%d\n", op);
421 for (level = 0; level <= 50; level++) {
422 scan_nttrans(cli, op, level, fnum, dnum, fname);
425 for (level = 0x100; level <= 0x130; level++) {
426 scan_nttrans(cli, op, level, fnum, dnum, fname);
429 for (level = 1000; level < 1050; level++) {
430 scan_nttrans(cli, op, level, fnum, dnum, fname);
434 torture_close_connection(cli);
436 printf("nttrans scan finished\n");
git.samba.org / kai / samba.git / blob