1 /*
2 Unix SMB/CIFS implementation.
3 test suite for various RAP operations
4 Copyright (C) Volker Lendecke 2004
5 Copyright (C) Tim Potter 2005
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 */
21
22 #include "includes.h"
23 #include "libcli/libcli.h"
24 #include "torture/torture.h"
25 #include "torture/util.h"
26 #include "libcli/rap/rap.h"
27 #include "libcli/raw/libcliraw.h"
28 #include "libcli/libcli.h"
29 #include "librpc/ndr/libndr.h"
30
31 struct rap_call {
32 uint16_t callno;
33 char *paramdesc;
34 const char *datadesc;
35
36 uint16_t status;
37 uint16_t convert;
38
39 uint16_t rcv_paramlen, rcv_datalen;
40
41 struct ndr_push *ndr_push_param;
42 struct ndr_push *ndr_push_data;
43 struct ndr_pull *ndr_pull_param;
44 struct ndr_pull *ndr_pull_data;
45 };
46
47 #define RAPNDR_FLAGS (LIBNDR_FLAG_NOALIGN|LIBNDR_FLAG_STR_ASCII|LIBNDR_FLAG_STR_NULLTERM);
48
new_rap_cli_call(TALLOC_CTX * mem_ctx,uint16_t callno)49 static struct rap_call *new_rap_cli_call(TALLOC_CTX *mem_ctx, uint16_t callno)
50 {
51 struct rap_call *call;
52
53 call = talloc(mem_ctx, struct rap_call);
54
55 if (call == NULL)
56 return NULL;
57
58 call->callno = callno;
59 call->rcv_paramlen = 4;
60
61 call->paramdesc = NULL;
62 call->datadesc = NULL;
63
64 call->ndr_push_param = ndr_push_init_ctx(mem_ctx);
65 call->ndr_push_param->flags = RAPNDR_FLAGS;
66
67 call->ndr_push_data = ndr_push_init_ctx(mem_ctx);
68 call->ndr_push_data->flags = RAPNDR_FLAGS;
69
70 return call;
71 }
72
rap_cli_push_paramdesc(struct rap_call * call,char desc)73 static void rap_cli_push_paramdesc(struct rap_call *call, char desc)
74 {
75 int len = 0;
76
77 if (call->paramdesc != NULL)
78 len = strlen(call->paramdesc);
79
80 call->paramdesc = talloc_realloc(call,
81 call->paramdesc,
82 char,
83 len+2);
84
85 call->paramdesc[len] = desc;
86 call->paramdesc[len+1] = '\0';
87 }
88
rap_cli_push_word(struct rap_call * call,uint16_t val)89 static void rap_cli_push_word(struct rap_call *call, uint16_t val)
90 {
91 rap_cli_push_paramdesc(call, 'W');
92 ndr_push_uint16(call->ndr_push_param, NDR_SCALARS, val);
93 }
94
rap_cli_push_dword(struct rap_call * call,uint32_t val)95 static void rap_cli_push_dword(struct rap_call *call, uint32_t val)
96 {
97 rap_cli_push_paramdesc(call, 'D');
98 ndr_push_uint32(call->ndr_push_param, NDR_SCALARS, val);
99 }
100
rap_cli_push_rcvbuf(struct rap_call * call,int len)101 static void rap_cli_push_rcvbuf(struct rap_call *call, int len)
102 {
103 rap_cli_push_paramdesc(call, 'r');
104 rap_cli_push_paramdesc(call, 'L');
105 ndr_push_uint16(call->ndr_push_param, NDR_SCALARS, len);
106 call->rcv_datalen = len;
107 }
108
rap_cli_expect_multiple_entries(struct rap_call * call)109 static void rap_cli_expect_multiple_entries(struct rap_call *call)
110 {
111 rap_cli_push_paramdesc(call, 'e');
112 rap_cli_push_paramdesc(call, 'h');
113 call->rcv_paramlen += 4; /* uint16_t entry count, uint16_t total */
114 }
115
rap_cli_expect_word(struct rap_call * call)116 static void rap_cli_expect_word(struct rap_call *call)
117 {
118 rap_cli_push_paramdesc(call, 'h');
119 call->rcv_paramlen += 2;
120 }
121
rap_cli_push_string(struct rap_call * call,const char * str)122 static void rap_cli_push_string(struct rap_call *call, const char *str)
123 {
124 if (str == NULL) {
125 rap_cli_push_paramdesc(call, 'O');
126 return;
127 }
128 rap_cli_push_paramdesc(call, 'z');
129 ndr_push_string(call->ndr_push_param, NDR_SCALARS, str);
130 }
131
rap_cli_expect_format(struct rap_call * call,const char * format)132 static void rap_cli_expect_format(struct rap_call *call, const char *format)
133 {
134 call->datadesc = format;
135 }
136
rap_pull_string(TALLOC_CTX * mem_ctx,struct ndr_pull * ndr,uint16_t convert,char ** dest)137 static NTSTATUS rap_pull_string(TALLOC_CTX *mem_ctx, struct ndr_pull *ndr,
138 uint16_t convert, char **dest)
139 {
140 uint16_t string_offset;
141 uint16_t ignore;
142 const char *p;
143 size_t len;
144
145 NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &string_offset));
146 NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &ignore));
147
148 string_offset -= convert;
149
150 if (string_offset+1 > ndr->data_size)
151 return NT_STATUS_INVALID_PARAMETER;
152
153 p = (const char *)(ndr->data + string_offset);
154 len = strnlen(p, ndr->data_size-string_offset);
155
156 if ( string_offset + len + 1 > ndr->data_size )
157 return NT_STATUS_INVALID_PARAMETER;
158
159 *dest = talloc_zero_size(mem_ctx, len+1);
160 pull_string(*dest, p, len+1, len, STR_ASCII);
161
162 return NT_STATUS_OK;
163 }
164
rap_cli_do_call(struct smbcli_tree * tree,struct rap_call * call)165 static NTSTATUS rap_cli_do_call(struct smbcli_tree *tree, struct rap_call *call)
166 {
167 NTSTATUS result;
168 DATA_BLOB param_blob;
169 struct ndr_push *params;
170 struct smb_trans2 trans;
171
172 params = ndr_push_init_ctx(call);
173
174 if (params == NULL)
175 return NT_STATUS_NO_MEMORY;
176
177 params->flags = RAPNDR_FLAGS;
178
179 trans.in.max_param = call->rcv_paramlen;
180 trans.in.max_data = smb_raw_max_trans_data(tree, call->rcv_paramlen);
181 trans.in.max_setup = 0;
182 trans.in.flags = 0;
183 trans.in.timeout = 0;
184 trans.in.setup_count = 0;
185 trans.in.setup = NULL;
186 trans.in.trans_name = "\\PIPE\\LANMAN";
187
188 NDR_CHECK(ndr_push_uint16(params, NDR_SCALARS, call->callno));
189 if (call->paramdesc)
190 NDR_CHECK(ndr_push_string(params, NDR_SCALARS, call->paramdesc));
191 if (call->datadesc)
192 NDR_CHECK(ndr_push_string(params, NDR_SCALARS, call->datadesc));
193
194 param_blob = ndr_push_blob(call->ndr_push_param);
195 NDR_CHECK(ndr_push_bytes(params, param_blob.data,
196 param_blob.length));
197
198 trans.in.params = ndr_push_blob(params);
199 trans.in.data = data_blob(NULL, 0);
200
201 result = smb_raw_trans(tree, call, &trans);
202
203 if (!NT_STATUS_IS_OK(result))
204 return result;
205
206 call->ndr_pull_param = ndr_pull_init_blob(&trans.out.params, call);
207 call->ndr_pull_param->flags = RAPNDR_FLAGS;
208
209 call->ndr_pull_data = ndr_pull_init_blob(&trans.out.data, call);
210 call->ndr_pull_data->flags = RAPNDR_FLAGS;
211
212 return result;
213 }
214
215 #define NDR_OK(call) do { NTSTATUS _status; \
216 _status = call; \
217 if (!NT_STATUS_IS_OK(_status)) \
218 goto done; \
219 } while (0)
220
smbcli_rap_netshareenum(struct smbcli_tree * tree,TALLOC_CTX * mem_ctx,struct rap_NetShareEnum * r)221 static NTSTATUS smbcli_rap_netshareenum(struct smbcli_tree *tree,
222 TALLOC_CTX *mem_ctx,
223 struct rap_NetShareEnum *r)
224 {
225 struct rap_call *call;
226 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
227 int i;
228
229 call = new_rap_cli_call(tree, RAP_WshareEnum);
230
231 if (call == NULL)
232 return NT_STATUS_NO_MEMORY;
233
234 rap_cli_push_word(call, r->in.level); /* Level */
235 rap_cli_push_rcvbuf(call, r->in.bufsize);
236 rap_cli_expect_multiple_entries(call);
237
238 switch(r->in.level) {
239 case 0:
240 rap_cli_expect_format(call, "B13");
241 break;
242 case 1:
243 rap_cli_expect_format(call, "B13BWz");
244 break;
245 }
246
247 result = rap_cli_do_call(tree, call);
248
249 if (!NT_STATUS_IS_OK(result))
250 goto done;
251
252 NDR_OK(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.status));
253 NDR_OK(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.convert));
254 NDR_OK(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.count));
255 NDR_OK(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.available));
256
257 r->out.info = talloc_array(mem_ctx, union rap_shareenum_info, r->out.count);
258
259 if (r->out.info == NULL) {
260 result = NT_STATUS_NO_MEMORY;
261 goto done;
262 }
263
264 for (i=0; i<r->out.count; i++) {
265 switch(r->in.level) {
266 case 0:
267 NDR_OK(ndr_pull_bytes(call->ndr_pull_data,
268 (uint8_t *)r->out.info[i].info0.name, 13));
269 break;
270 case 1:
271 NDR_OK(ndr_pull_bytes(call->ndr_pull_data,
272 (uint8_t *)r->out.info[i].info1.name, 13));
273 NDR_OK(ndr_pull_bytes(call->ndr_pull_data,
274 (uint8_t *)&r->out.info[i].info1.pad, 1));
275 NDR_OK(ndr_pull_uint16(call->ndr_pull_data,
276 NDR_SCALARS, &r->out.info[i].info1.type));
277 NDR_OK(rap_pull_string(mem_ctx, call->ndr_pull_data,
278 r->out.convert,
279 &r->out.info[i].info1.comment));
280 break;
281 }
282 }
283
284 result = NT_STATUS_OK;
285
286 done:
287 talloc_free(call);
288 return result;
289 }
290
test_netshareenum(struct smbcli_tree * tree)291 static BOOL test_netshareenum(struct smbcli_tree *tree)
292 {
293 struct rap_NetShareEnum r;
294 int i;
295 TALLOC_CTX *tmp_ctx = talloc_new(tree);
296
297 r.in.level = 1;
298 r.in.bufsize = 8192;
299
300 if (!NT_STATUS_IS_OK(smbcli_rap_netshareenum(tree, tmp_ctx, &r)))
301 return False;
302
303 for (i=0; i<r.out.count; i++) {
304 printf("%s %d %s\n", r.out.info[i].info1.name,
305 r.out.info[i].info1.type,
306 r.out.info[i].info1.comment);
307 }
308
309 talloc_free(tmp_ctx);
310
311 return True;
312 }
313
smbcli_rap_netserverenum2(struct smbcli_tree * tree,TALLOC_CTX * mem_ctx,struct rap_NetServerEnum2 * r)314 static NTSTATUS smbcli_rap_netserverenum2(struct smbcli_tree *tree,
315 TALLOC_CTX *mem_ctx,
316 struct rap_NetServerEnum2 *r)
317 {
318 struct rap_call *call;
319 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
320 int i;
321
322 call = new_rap_cli_call(mem_ctx, RAP_NetServerEnum2);
323
324 if (call == NULL)
325 return NT_STATUS_NO_MEMORY;
326
327 rap_cli_push_word(call, r->in.level);
328 rap_cli_push_rcvbuf(call, r->in.bufsize);
329 rap_cli_expect_multiple_entries(call);
330 rap_cli_push_dword(call, r->in.servertype);
331 rap_cli_push_string(call, r->in.domain);
332
333 switch(r->in.level) {
334 case 0:
335 rap_cli_expect_format(call, "B16");
336 break;
337 case 1:
338 rap_cli_expect_format(call, "B16BBDz");
339 break;
340 }
341
342 result = rap_cli_do_call(tree, call);
343
344 if (!NT_STATUS_IS_OK(result))
345 goto done;
346
347 result = NT_STATUS_INVALID_PARAMETER;
348
349 NDR_OK(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.status));
350 NDR_OK(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.convert));
351 NDR_OK(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.count));
352 NDR_OK(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.available));
353
354 r->out.info = talloc_array(mem_ctx, union rap_server_info, r->out.count);
355
356 if (r->out.info == NULL) {
357 result = NT_STATUS_NO_MEMORY;
358 goto done;
359 }
360
361 for (i=0; i<r->out.count; i++) {
362 switch(r->in.level) {
363 case 0:
364 NDR_OK(ndr_pull_bytes(call->ndr_pull_data,
365 (uint8_t *)r->out.info[i].info0.name, 16));
366 break;
367 case 1:
368 NDR_OK(ndr_pull_bytes(call->ndr_pull_data,
369 (uint8_t *)r->out.info[i].info1.name, 16));
370 NDR_OK(ndr_pull_bytes(call->ndr_pull_data,
371 &r->out.info[i].info1.version_major, 1));
372 NDR_OK(ndr_pull_bytes(call->ndr_pull_data,
373 &r->out.info[i].info1.version_minor, 1));
374 NDR_OK(ndr_pull_uint32(call->ndr_pull_data,
375 NDR_SCALARS, &r->out.info[i].info1.servertype));
376 NDR_OK(rap_pull_string(mem_ctx, call->ndr_pull_data,
377 r->out.convert,
378 &r->out.info[i].info1.comment));
379 }
380 }
381
382 result = NT_STATUS_OK;
383
384 done:
385 talloc_free(call);
386 return result;
387 }
388
test_netserverenum(struct smbcli_tree * tree)389 static BOOL test_netserverenum(struct smbcli_tree *tree)
390 {
391 struct rap_NetServerEnum2 r;
392 int i;
393 TALLOC_CTX *tmp_ctx = talloc_new(tree);
394
395 r.in.level = 0;
396 r.in.bufsize = 8192;
397 r.in.servertype = 0xffffffff;
398 r.in.servertype = 0x80000000;
399 r.in.domain = NULL;
400
401 if (!NT_STATUS_IS_OK(smbcli_rap_netserverenum2(tree, tmp_ctx, &r)))
402 return False;
403
404 for (i=0; i<r.out.count; i++) {
405 switch (r.in.level) {
406 case 0:
407 printf("%s\n", r.out.info[i].info0.name);
408 break;
409 case 1:
410 printf("%s %x %s\n", r.out.info[i].info1.name,
411 r.out.info[i].info1.servertype,
412 r.out.info[i].info1.comment);
413 break;
414 }
415 }
416
417 talloc_free(tmp_ctx);
418
419 return True;
420 }
421
smbcli_rap_netservergetinfo(struct smbcli_tree * tree,TALLOC_CTX * mem_ctx,struct rap_WserverGetInfo * r)422 _PUBLIC_ NTSTATUS smbcli_rap_netservergetinfo(struct smbcli_tree *tree,
423 TALLOC_CTX *mem_ctx,
424 struct rap_WserverGetInfo *r)
425 {
426 struct rap_call *call;
427 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
428
429 if (!(call = new_rap_cli_call(mem_ctx, RAP_WserverGetInfo))) {
430 return NT_STATUS_NO_MEMORY;
431 }
432
433 rap_cli_push_word(call, r->in.level);
434 rap_cli_push_rcvbuf(call, r->in.bufsize);
435 rap_cli_expect_word(call);
436
437 switch(r->in.level) {
438 case 0:
439 rap_cli_expect_format(call, "B16");
440 break;
441 case 1:
442 rap_cli_expect_format(call, "B16BBDz");
443 break;
444 default:
445 result = NT_STATUS_INVALID_PARAMETER;
446 goto done;
447 }
448
449 result = rap_cli_do_call(tree, call);
450
451 if (!NT_STATUS_IS_OK(result))
452 goto done;
453
454 NDR_OK(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.status));
455 NDR_OK(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.convert));
456 NDR_OK(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.available));
457
458 switch(r->in.level) {
459 case 0:
460 NDR_OK(ndr_pull_bytes(call->ndr_pull_data,
461 (uint8_t *)r->out.info.info0.name, 16));
462 break;
463 case 1:
464 NDR_OK(ndr_pull_bytes(call->ndr_pull_data,
465 (uint8_t *)r->out.info.info1.name, 16));
466 NDR_OK(ndr_pull_bytes(call->ndr_pull_data,
467 &r->out.info.info1.version_major, 1));
468 NDR_OK(ndr_pull_bytes(call->ndr_pull_data,
469 &r->out.info.info1.version_minor, 1));
470 NDR_OK(ndr_pull_uint32(call->ndr_pull_data,
471 NDR_SCALARS, &r->out.info.info1.servertype));
472 NDR_OK(rap_pull_string(mem_ctx, call->ndr_pull_data,
473 r->out.convert,
474 &r->out.info.info1.comment));
475 }
476 done:
477 talloc_free(call);
478 return result;
479 }
480
test_netservergetinfo(struct smbcli_tree * tree)481 static BOOL test_netservergetinfo(struct smbcli_tree *tree)
482 {
483 struct rap_WserverGetInfo r;
484 BOOL res = True;
485 TALLOC_CTX *mem_ctx;
486
487 if (!(mem_ctx = talloc_new(tree))) {
488 return False;
489 }
490
491 r.in.bufsize = 0xffff;
492
493 r.in.level = 0;
494 res &= NT_STATUS_IS_OK(smbcli_rap_netservergetinfo(tree, mem_ctx, &r));
495 r.in.level = 1;
496 res &= NT_STATUS_IS_OK(smbcli_rap_netservergetinfo(tree, mem_ctx, &r));
497
498 talloc_free(mem_ctx);
499 return res;
500 }
501
test_rap(struct smbcli_tree * tree)502 static BOOL test_rap(struct smbcli_tree *tree)
503 {
504 BOOL res = True;
505
506 res &= test_netserverenum(tree);
507 res &= test_netshareenum(tree);
508 res &= test_netservergetinfo(tree);
509
510 return res;
511 }
512
torture_rap_basic(struct torture_context * torture)513 BOOL torture_rap_basic(struct torture_context *torture)
514 {
515 struct smbcli_state *cli;
516 BOOL ret = True;
517 TALLOC_CTX *mem_ctx;
518
519 if (!torture_open_connection(&cli, 0)) {
520 return False;
521 }
522
523 mem_ctx = talloc_init("torture_rap_basic");
524
525 if (!test_rap(cli->tree)) {
526 ret = False;
527 }
528
529 torture_close_connection(cli);
530 talloc_free(mem_ctx);
531
532 return ret;
533 }
534
torture_rap_scan(struct torture_context * torture)535 BOOL torture_rap_scan(struct torture_context *torture)
536 {
537 TALLOC_CTX *mem_ctx;
538 struct smbcli_state *cli;
539 int callno;
540
541 mem_ctx = talloc_init("torture_rap_scan");
542
543 if (!torture_open_connection(&cli, 0)) {
544 return False;
545 }
546
547 for (callno = 0; callno < 0xffff; callno++) {
548 struct rap_call *call = new_rap_cli_call(mem_ctx, callno);
549 NTSTATUS result;
550
551 result = rap_cli_do_call(cli->tree, call);
552
553 if (!NT_STATUS_EQUAL(result, NT_STATUS_INVALID_PARAMETER))
554 continue;
555
556 printf("callno %d is RAP call\n", callno);
557 }
558
559 torture_close_connection(cli);
560
561 return True;
562 }
563
torture_rap_init(void)564 NTSTATUS torture_rap_init(void)
565 {
566 struct torture_suite *suite = torture_suite_create(
567 talloc_autofree_context(),
568 "RAP");
569
570 torture_suite_add_simple_test(suite, "BASIC", torture_rap_basic);
571 torture_suite_add_simple_test(suite, "SCAN", torture_rap_scan);
572
573 suite->description = talloc_strdup(suite,
574 "Remote Administration Protocol tests");
575
576 torture_register_suite(suite);
577
578 return NT_STATUS_OK;
579 }
580