2 Unix SMB/Netbios implementation.
4 SMB torture tester - scanning functions
5 Copyright (C) Andrew Tridgell 2001
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
30 /****************************************************************************
31 look for a partial hit
32 ****************************************************************************/
33 static void trans2_check_hit(char *format, int op, int level, NTSTATUS status)
35 if (NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_INVALID_LEVEL) ||
36 NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_NOT_IMPLEMENTED) ||
37 NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_NOT_SUPPORTED) ||
38 NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_UNSUCCESSFUL) ||
39 NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_INVALID_INFO_CLASS)) {
43 printf("possible %s hit op=%3d level=%5d status=%s\n",
44 format, op, level, get_nt_error_msg(status));
48 /****************************************************************************
49 check for existance of a trans2 call
50 ****************************************************************************/
51 static NTSTATUS try_trans2(struct cli_state *cli,
53 char *param, char *data,
54 int param_len, int data_len,
55 int *rparam_len, int *rdata_len)
58 char *rparam=NULL, *rdata=NULL;
60 if (!cli_send_trans(cli, SMBtrans2,
62 -1, 0, /* fid, flags */
63 &setup, 1, 0, /* setup, length, max */
64 param, param_len, 2, /* param, length, max */
65 data, data_len, cli->max_xmit /* data, length, max */
67 return cli_nt_error(cli);
70 cli_receive_trans(cli, SMBtrans2,
74 if (rdata) free(rdata);
75 if (rparam) free(rparam);
77 return cli_nt_error(cli);
81 static NTSTATUS try_trans2_len(struct cli_state *cli,
84 char *param, char *data,
85 int param_len, int *data_len,
86 int *rparam_len, int *rdata_len)
88 NTSTATUS ret=NT_STATUS_OK;
90 ret = try_trans2(cli, op, param, data, param_len,
91 sizeof(pstring), rparam_len, rdata_len);
93 printf("op=%d level=%d ret=%s\n", op, level, get_nt_error_msg(ret));
95 if (!NT_STATUS_IS_OK(ret)) return ret;
98 while (*data_len < sizeof(pstring)) {
99 ret = try_trans2(cli, op, param, data, param_len,
100 *data_len, rparam_len, rdata_len);
101 if (NT_STATUS_IS_OK(ret)) break;
104 if (NT_STATUS_IS_OK(ret)) {
105 printf("found %s level=%d data_len=%d rparam_len=%d rdata_len=%d\n",
106 format, level, *data_len, *rparam_len, *rdata_len);
108 trans2_check_hit(format, op, level, ret);
113 /****************************************************************************
114 check for existance of a trans2 call
115 ****************************************************************************/
116 static BOOL scan_trans2(struct cli_state *cli, int op, int level,
117 int fnum, int dnum, char *fname)
121 int rparam_len, rdata_len;
125 memset(data, 0, sizeof(data));
128 /* try with a info level only */
130 SSVAL(param, 0, level);
131 status = try_trans2_len(cli, "void", op, level, param, data, param_len, &data_len,
132 &rparam_len, &rdata_len);
133 if (NT_STATUS_IS_OK(status)) return True;
135 /* try with a file descriptor */
137 SSVAL(param, 0, fnum);
138 SSVAL(param, 2, level);
140 status = try_trans2_len(cli, "fnum", op, level, param, data, param_len, &data_len,
141 &rparam_len, &rdata_len);
142 if (NT_STATUS_IS_OK(status)) return True;
145 /* try with a notify style */
147 SSVAL(param, 0, dnum);
148 SSVAL(param, 2, dnum);
149 SSVAL(param, 4, level);
150 status = try_trans2_len(cli, "notify", op, level, param, data, param_len, &data_len,
151 &rparam_len, &rdata_len);
152 if (NT_STATUS_IS_OK(status)) return True;
154 /* try with a file name */
156 SSVAL(param, 0, level);
159 param_len += clistr_push(cli, ¶m[6], fname, -1, STR_TERMINATE);
161 status = try_trans2_len(cli, "fname", op, level, param, data, param_len, &data_len,
162 &rparam_len, &rdata_len);
163 if (NT_STATUS_IS_OK(status)) return True;
165 /* try with a new file name */
167 SSVAL(param, 0, level);
170 param_len += clistr_push(cli, ¶m[6], "\\newfile.dat", -1, STR_TERMINATE);
172 status = try_trans2_len(cli, "newfile", op, level, param, data, param_len, &data_len,
173 &rparam_len, &rdata_len);
174 cli_unlink(cli, "\\newfile.dat");
175 cli_rmdir(cli, "\\newfile.dat");
176 if (NT_STATUS_IS_OK(status)) return True;
179 cli_mkdir(cli, "\\testdir");
181 SSVAL(param, 0, level);
182 param_len += clistr_push(cli, ¶m[2], "\\testdir", -1, STR_TERMINATE);
184 status = try_trans2_len(cli, "dfs", op, level, param, data, param_len, &data_len,
185 &rparam_len, &rdata_len);
186 cli_rmdir(cli, "\\testdir");
187 if (NT_STATUS_IS_OK(status)) return True;
193 BOOL torture_trans2_scan(int dummy)
195 static struct cli_state cli;
197 char *fname = "\\scanner.dat";
200 printf("starting trans2 scan test\n");
202 if (!torture_open_connection(&cli)) {
206 fnum = cli_open(&cli, fname, O_RDWR | O_CREAT | O_TRUNC,
208 dnum = cli_open(&cli, "\\", O_RDONLY, DENY_NONE);
210 for (op=OP_MIN; op<=OP_MAX; op++) {
211 printf("Scanning op=%d\n", op);
212 for (level = 0; level <= 50; level++) {
213 scan_trans2(&cli, op, level, fnum, dnum, fname);
216 for (level = 0x100; level <= 0x130; level++) {
217 scan_trans2(&cli, op, level, fnum, dnum, fname);
220 for (level = 1000; level < 1050; level++) {
221 scan_trans2(&cli, op, level, fnum, dnum, fname);
225 torture_close_connection(&cli);
227 printf("trans2 scan finished\n");
234 /****************************************************************************
235 look for a partial hit
236 ****************************************************************************/
237 static void nttrans_check_hit(char *format, int op, int level, NTSTATUS status)
239 if (NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_INVALID_LEVEL) ||
240 NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_NOT_IMPLEMENTED) ||
241 NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_NOT_SUPPORTED) ||
242 NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_UNSUCCESSFUL) ||
243 NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_INVALID_INFO_CLASS)) {
247 printf("possible %s hit op=%3d level=%5d status=%s\n",
248 format, op, level, get_nt_error_msg(status));
252 /****************************************************************************
253 check for existance of a nttrans call
254 ****************************************************************************/
255 static NTSTATUS try_nttrans(struct cli_state *cli,
257 char *param, char *data,
258 int param_len, int data_len,
259 int *rparam_len, int *rdata_len)
261 char *rparam=NULL, *rdata=NULL;
263 if (!cli_send_nt_trans(cli, op,
266 param, param_len, 2, /* param, length, max */
267 data, data_len, cli->max_xmit /* data, length, max */
269 return cli_nt_error(cli);
272 cli_receive_nt_trans(cli,
276 if (rdata) free(rdata);
277 if (rparam) free(rparam);
279 return cli_nt_error(cli);
283 static NTSTATUS try_nttrans_len(struct cli_state *cli,
286 char *param, char *data,
287 int param_len, int *data_len,
288 int *rparam_len, int *rdata_len)
290 NTSTATUS ret=NT_STATUS_OK;
292 ret = try_nttrans(cli, op, param, data, param_len,
293 sizeof(pstring), rparam_len, rdata_len);
295 printf("op=%d level=%d ret=%s\n", op, level, get_nt_error_msg(ret));
297 if (!NT_STATUS_IS_OK(ret)) return ret;
300 while (*data_len < sizeof(pstring)) {
301 ret = try_nttrans(cli, op, param, data, param_len,
302 *data_len, rparam_len, rdata_len);
303 if (NT_STATUS_IS_OK(ret)) break;
306 if (NT_STATUS_IS_OK(ret)) {
307 printf("found %s level=%d data_len=%d rparam_len=%d rdata_len=%d\n",
308 format, level, *data_len, *rparam_len, *rdata_len);
310 nttrans_check_hit(format, op, level, ret);
315 /****************************************************************************
316 check for existance of a nttrans call
317 ****************************************************************************/
318 static BOOL scan_nttrans(struct cli_state *cli, int op, int level,
319 int fnum, int dnum, char *fname)
323 int rparam_len, rdata_len;
327 memset(data, 0, sizeof(data));
330 /* try with a info level only */
332 SSVAL(param, 0, level);
333 status = try_nttrans_len(cli, "void", op, level, param, data, param_len, &data_len,
334 &rparam_len, &rdata_len);
335 if (NT_STATUS_IS_OK(status)) return True;
337 /* try with a file descriptor */
339 SSVAL(param, 0, fnum);
340 SSVAL(param, 2, level);
342 status = try_nttrans_len(cli, "fnum", op, level, param, data, param_len, &data_len,
343 &rparam_len, &rdata_len);
344 if (NT_STATUS_IS_OK(status)) return True;
347 /* try with a notify style */
349 SSVAL(param, 0, dnum);
350 SSVAL(param, 2, dnum);
351 SSVAL(param, 4, level);
352 status = try_nttrans_len(cli, "notify", op, level, param, data, param_len, &data_len,
353 &rparam_len, &rdata_len);
354 if (NT_STATUS_IS_OK(status)) return True;
356 /* try with a file name */
358 SSVAL(param, 0, level);
361 param_len += clistr_push(cli, ¶m[6], fname, -1, STR_TERMINATE);
363 status = try_nttrans_len(cli, "fname", op, level, param, data, param_len, &data_len,
364 &rparam_len, &rdata_len);
365 if (NT_STATUS_IS_OK(status)) return True;
367 /* try with a new file name */
369 SSVAL(param, 0, level);
372 param_len += clistr_push(cli, ¶m[6], "\\newfile.dat", -1, STR_TERMINATE);
374 status = try_nttrans_len(cli, "newfile", op, level, param, data, param_len, &data_len,
375 &rparam_len, &rdata_len);
376 cli_unlink(cli, "\\newfile.dat");
377 cli_rmdir(cli, "\\newfile.dat");
378 if (NT_STATUS_IS_OK(status)) return True;
381 cli_mkdir(cli, "\\testdir");
383 SSVAL(param, 0, level);
384 param_len += clistr_push(cli, ¶m[2], "\\testdir", -1, STR_TERMINATE);
386 status = try_nttrans_len(cli, "dfs", op, level, param, data, param_len, &data_len,
387 &rparam_len, &rdata_len);
388 cli_rmdir(cli, "\\testdir");
389 if (NT_STATUS_IS_OK(status)) return True;
395 BOOL torture_nttrans_scan(int dummy)
397 static struct cli_state cli;
399 char *fname = "\\scanner.dat";
402 printf("starting nttrans scan test\n");
404 if (!torture_open_connection(&cli)) {
408 fnum = cli_open(&cli, fname, O_RDWR | O_CREAT | O_TRUNC,
410 dnum = cli_open(&cli, "\\", O_RDONLY, DENY_NONE);
412 for (op=OP_MIN; op<=OP_MAX; op++) {
413 printf("Scanning op=%d\n", op);
414 for (level = 0; level <= 50; level++) {
415 scan_nttrans(&cli, op, level, fnum, dnum, fname);
418 for (level = 0x100; level <= 0x130; level++) {
419 scan_nttrans(&cli, op, level, fnum, dnum, fname);
422 for (level = 1000; level < 1050; level++) {
423 scan_nttrans(&cli, op, level, fnum, dnum, fname);
427 torture_close_connection(&cli);
429 printf("nttrans scan finished\n");
git.samba.org / kai / samba.git / blob