summaryrefslogtreecommitdiffstats
path: root/source3/torture/test_smb2.c
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-05 17:47:29 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-05 17:47:29 +0000
commit4f5791ebd03eaec1c7da0865a383175b05102712 (patch)
tree8ce7b00f7a76baa386372422adebbe64510812d4 /source3/torture/test_smb2.c
parentInitial commit. (diff)
downloadsamba-upstream.tar.xz
samba-upstream.zip
Adding upstream version 2:4.17.12+dfsg.upstream/2%4.17.12+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'source3/torture/test_smb2.c')
-rw-r--r--source3/torture/test_smb2.c3715
1 files changed, 3715 insertions, 0 deletions
diff --git a/source3/torture/test_smb2.c b/source3/torture/test_smb2.c
new file mode 100644
index 0000000..f6afdf0
--- /dev/null
+++ b/source3/torture/test_smb2.c
@@ -0,0 +1,3715 @@
+/*
+ Unix SMB/CIFS implementation.
+ Initial test for the smb2 client lib
+ Copyright (C) Volker Lendecke 2011
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/proto.h"
+#include "client.h"
+#include "trans2.h"
+#include "../libcli/smb/smbXcli_base.h"
+#include "libcli/security/security.h"
+#include "libsmb/proto.h"
+#include "auth/credentials/credentials.h"
+#include "auth/gensec/gensec.h"
+#include "auth_generic.h"
+#include "../librpc/ndr/libndr.h"
+#include "libsmb/clirap.h"
+#include "libsmb/cli_smb2_fnum.h"
+
+extern fstring host, workgroup, share, password, username, myname;
+extern struct cli_credentials *torture_creds;
+
+bool run_smb2_basic(int dummy)
+{
+ struct cli_state *cli;
+ NTSTATUS status;
+ uint64_t fid_persistent, fid_volatile;
+ const char *hello = "Hello, world\n";
+ uint8_t *result;
+ uint32_t nread;
+ uint8_t *dir_data;
+ uint32_t dir_data_length;
+ uint32_t saved_tid = 0;
+ struct smbXcli_tcon *saved_tcon = NULL;
+ uint64_t saved_uid = 0;
+
+ printf("Starting SMB2-BASIC\n");
+
+ if (!torture_init_connection(&cli)) {
+ return false;
+ }
+
+ status = smbXcli_negprot(cli->conn, cli->timeout,
+ PROTOCOL_SMB2_02, PROTOCOL_SMB2_02);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smbXcli_negprot returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = cli_session_setup_creds(cli, torture_creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_session_setup returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = cli_tree_connect(cli, share, "?????", NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_tree_connect returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_create(cli->conn, cli->timeout, cli->smb2.session,
+ cli->smb2.tcon, "smb2-basic.txt",
+ SMB2_OPLOCK_LEVEL_NONE, /* oplock_level, */
+ SMB2_IMPERSONATION_IMPERSONATION, /* impersonation_level, */
+ SEC_STD_ALL | SEC_FILE_ALL, /* desired_access, */
+ FILE_ATTRIBUTE_NORMAL, /* file_attributes, */
+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, /* share_access, */
+ FILE_CREATE, /* create_disposition, */
+ FILE_DELETE_ON_CLOSE, /* create_options, */
+ NULL, /* smb2_create_blobs *blobs */
+ &fid_persistent,
+ &fid_volatile,
+ NULL, NULL, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_create returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_write(cli->conn, cli->timeout, cli->smb2.session,
+ cli->smb2.tcon, strlen(hello), 0, fid_persistent,
+ fid_volatile, 0, 0, (const uint8_t *)hello, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_write returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_flush(cli->conn, cli->timeout, cli->smb2.session,
+ cli->smb2.tcon, fid_persistent, fid_volatile);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_flush returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_read(cli->conn, cli->timeout, cli->smb2.session,
+ cli->smb2.tcon, 0x10000, 0, fid_persistent,
+ fid_volatile, 2, 0,
+ talloc_tos(), &result, &nread);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_read returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ if (nread != strlen(hello)) {
+ printf("smb2cli_read returned %d bytes, expected %d\n",
+ (int)nread, (int)strlen(hello));
+ return false;
+ }
+
+ if (memcmp(hello, result, nread) != 0) {
+ printf("smb2cli_read returned '%s', expected '%s'\n",
+ result, hello);
+ return false;
+ }
+
+ status = smb2cli_close(cli->conn, cli->timeout, cli->smb2.session,
+ cli->smb2.tcon, 0, fid_persistent, fid_volatile);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_close returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_create(cli->conn, cli->timeout, cli->smb2.session,
+ cli->smb2.tcon, "",
+ SMB2_OPLOCK_LEVEL_NONE, /* oplock_level, */
+ SMB2_IMPERSONATION_IMPERSONATION, /* impersonation_level, */
+ SEC_STD_SYNCHRONIZE|
+ SEC_DIR_LIST|
+ SEC_DIR_READ_ATTRIBUTE, /* desired_access, */
+ 0, /* file_attributes, */
+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, /* share_access, */
+ FILE_OPEN, /* create_disposition, */
+ FILE_SYNCHRONOUS_IO_NONALERT|FILE_DIRECTORY_FILE, /* create_options, */
+ NULL, /* smb2_create_blobs *blobs */
+ &fid_persistent,
+ &fid_volatile,
+ NULL, NULL, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_create returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_query_directory(
+ cli->conn, cli->timeout, cli->smb2.session, cli->smb2.tcon,
+ 1, 0, 0, fid_persistent, fid_volatile, "*", 0xffff,
+ talloc_tos(), &dir_data, &dir_data_length);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_query_directory returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_close(cli->conn, cli->timeout, cli->smb2.session,
+ cli->smb2.tcon, 0, fid_persistent, fid_volatile);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_close returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ saved_tid = smb2cli_tcon_current_id(cli->smb2.tcon);
+ saved_tcon = cli_state_save_tcon(cli);
+ if (saved_tcon == NULL) {
+ return false;
+ }
+ cli->smb2.tcon = smbXcli_tcon_create(cli);
+ smb2cli_tcon_set_values(cli->smb2.tcon,
+ NULL, /* session */
+ saved_tid,
+ 0, /* type */
+ 0, /* flags */
+ 0, /* capabilities */
+ 0 /* maximal_access */);
+ status = smb2cli_tdis(cli->conn,
+ cli->timeout,
+ cli->smb2.session,
+ cli->smb2.tcon);
+ cli_state_restore_tcon(cli, saved_tcon);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_tdis returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_tdis(cli->conn,
+ cli->timeout,
+ cli->smb2.session,
+ cli->smb2.tcon);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_NAME_DELETED)) {
+ printf("2nd smb2cli_tdis returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ saved_uid = smb2cli_session_current_id(cli->smb2.session);
+ status = smb2cli_logoff(cli->conn, cli->timeout, cli->smb2.session);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_logoff returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ cli->smb2.session = smbXcli_session_create(cli, cli->conn);
+ if (cli->smb2.session == NULL) {
+ printf("smbXcli_session_create() returned NULL\n");
+ return false;
+ }
+
+ smb2cli_session_set_id_and_flags(cli->smb2.session, saved_uid, 0);
+
+ status = smb2cli_logoff(cli->conn, cli->timeout, cli->smb2.session);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_USER_SESSION_DELETED)) {
+ printf("2nd smb2cli_logoff returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ return true;
+}
+
+bool run_smb2_negprot(int dummy)
+{
+ struct cli_state *cli;
+ NTSTATUS status;
+ enum protocol_types protocol;
+ const char *name = NULL;
+
+ printf("Starting SMB2-NEGPROT\n");
+
+ if (!torture_init_connection(&cli)) {
+ return false;
+ }
+
+ status = smbXcli_negprot(cli->conn, cli->timeout,
+ PROTOCOL_CORE, PROTOCOL_LATEST);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smbXcli_negprot returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ protocol = smbXcli_conn_protocol(cli->conn);
+ name = smb_protocol_types_string(protocol);
+
+ if (protocol >= PROTOCOL_SMB2_02) {
+ printf("Server supports %s\n", name);
+ } else {
+ printf("Server DOES NOT support SMB2, only %s\n", name);
+ return false;
+ }
+
+ status = smbXcli_negprot(cli->conn, cli->timeout,
+ protocol, protocol);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_CONNECTION_RESET) &&
+ !NT_STATUS_EQUAL(status, NT_STATUS_CONNECTION_DISCONNECTED) &&
+ !NT_STATUS_EQUAL(status, NT_STATUS_CONNECTION_ABORTED)) {
+ printf("2nd smbXcli_negprot should disconnect - returned %s\n",
+ nt_errstr(status));
+ return false;
+ }
+
+ if (smbXcli_conn_is_connected(cli->conn)) {
+ printf("2nd smbXcli_negprot should disconnect "
+ "- still connected\n");
+ return false;
+ }
+
+ return true;
+}
+
+bool run_smb2_anonymous(int dummy)
+{
+ struct cli_state *cli = NULL;
+ NTSTATUS status;
+ struct cli_credentials *anon_creds = NULL;
+ bool guest = false;
+
+ printf("Starting SMB2-ANONYMOUS\n");
+
+ if (!torture_init_connection(&cli)) {
+ return false;
+ }
+
+ status = smbXcli_negprot(cli->conn, cli->timeout,
+ PROTOCOL_SMB2_02, PROTOCOL_LATEST);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smbXcli_negprot returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ anon_creds = cli_credentials_init_anon(talloc_tos());
+ if (anon_creds == NULL) {
+ printf("cli_credentials_init_anon failed\n");
+ return false;
+ }
+
+ status = cli_session_setup_creds(cli, anon_creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_session_setup returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ guest = smbXcli_session_is_guest(cli->smb2.session);
+ if (guest) {
+ printf("anonymous session should not have guest authentication\n");
+ return false;
+ }
+
+ return true;
+}
+
+bool run_smb2_session_reconnect(int dummy)
+{
+ struct cli_state *cli1;
+ struct cli_state *cli2;
+ NTSTATUS status;
+ bool ok;
+ uint64_t fid_persistent, fid_volatile;
+ struct tevent_context *ev;
+ struct tevent_req *subreq;
+ DATA_BLOB in_blob = data_blob_null;
+ DATA_BLOB out_blob;
+ DATA_BLOB session_key;
+ struct auth_generic_state *auth_generic_state;
+ struct iovec *recv_iov;
+ const char *hello = "Hello, world\n";
+ uint8_t *result;
+ uint32_t nread;
+
+ printf("Starting SMB2-SESSION-RECONNECT\n");
+
+ if (!torture_init_connection(&cli1)) {
+ return false;
+ }
+
+ status = smbXcli_negprot(cli1->conn, cli1->timeout,
+ PROTOCOL_SMB2_02, PROTOCOL_LATEST);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smbXcli_negprot returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = cli_session_setup_creds(cli1, torture_creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_session_setup returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = cli_tree_connect(cli1, share, "?????", NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_tree_connect returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_create(cli1->conn, cli1->timeout, cli1->smb2.session,
+ cli1->smb2.tcon, "session-reconnect.txt",
+ SMB2_OPLOCK_LEVEL_NONE, /* oplock_level, */
+ SMB2_IMPERSONATION_IMPERSONATION, /* impersonation_level, */
+ SEC_STD_ALL | SEC_FILE_ALL, /* desired_access, */
+ FILE_ATTRIBUTE_NORMAL, /* file_attributes, */
+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, /* share_access, */
+ FILE_CREATE, /* create_disposition, */
+ FILE_DELETE_ON_CLOSE, /* create_options, */
+ NULL, /* smb2_create_blobs *blobs */
+ &fid_persistent,
+ &fid_volatile,
+ NULL, NULL, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_create on cli1 %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_write(cli1->conn, cli1->timeout, cli1->smb2.session,
+ cli1->smb2.tcon, strlen(hello), 0, fid_persistent,
+ fid_volatile, 0, 0, (const uint8_t *)hello, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_write returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_flush(cli1->conn, cli1->timeout, cli1->smb2.session,
+ cli1->smb2.tcon, fid_persistent, fid_volatile);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_flush returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_read(cli1->conn, cli1->timeout, cli1->smb2.session,
+ cli1->smb2.tcon, 0x10000, 0, fid_persistent,
+ fid_volatile, 2, 0,
+ talloc_tos(), &result, &nread);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_read returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ if (nread != strlen(hello)) {
+ printf("smb2cli_read returned %d bytes, expected %d\n",
+ (int)nread, (int)strlen(hello));
+ return false;
+ }
+
+ if (memcmp(hello, result, nread) != 0) {
+ printf("smb2cli_read returned '%s', expected '%s'\n",
+ result, hello);
+ return false;
+ }
+
+ /* prepare second session */
+
+ if (!torture_init_connection(&cli2)) {
+ return false;
+ }
+
+ status = smbXcli_negprot(cli2->conn, cli2->timeout,
+ PROTOCOL_SMB2_02, PROTOCOL_LATEST);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smbXcli_negprot returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = auth_generic_client_prepare(talloc_tos(), &auth_generic_state);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("auth_generic_client_prepare returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ gensec_want_feature(auth_generic_state->gensec_security,
+ GENSEC_FEATURE_SESSION_KEY);
+
+ status = auth_generic_set_creds(auth_generic_state, torture_creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("auth_generic_set_creds returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = auth_generic_client_start(auth_generic_state, GENSEC_OID_NTLMSSP);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("auth_generic_client_start returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ ev = samba_tevent_context_init(talloc_tos());
+ if (ev == NULL) {
+ printf("samba_tevent_context_init() returned NULL\n");
+ return false;
+ }
+
+ status = gensec_update(auth_generic_state->gensec_security,
+ talloc_tos(), data_blob_null, &in_blob);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ printf("gensec_update returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ cli2->smb2.session = smbXcli_session_create(cli2, cli2->conn);
+
+ subreq = smb2cli_session_setup_send(talloc_tos(), ev,
+ cli2->conn,
+ cli2->timeout,
+ cli2->smb2.session,
+ 0x0, /* in_flags */
+ SMB2_CAP_DFS, /* in_capabilities */
+ 0, /* in_channel */
+ /* in_previous_session_id: */
+ smb2cli_session_current_id(cli1->smb2.session),
+ &in_blob); /* in_security_buffer */
+ if (subreq == NULL) {
+ printf("smb2cli_session_setup_send() returned NULL\n");
+ return false;
+ }
+
+ ok = tevent_req_poll(subreq, ev);
+ if (!ok) {
+ printf("tevent_req_poll() returned false\n");
+ return false;
+ }
+
+ status = smb2cli_session_setup_recv(subreq, talloc_tos(),
+ NULL, &out_blob);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ printf("smb2cli_session_setup_recv returned %s\n",
+ nt_errstr(status));
+ return false;
+ }
+
+ status = gensec_update(auth_generic_state->gensec_security,
+ talloc_tos(), out_blob, &in_blob);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("auth_generic_update returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ subreq = smb2cli_session_setup_send(talloc_tos(), ev,
+ cli2->conn,
+ cli2->timeout,
+ cli2->smb2.session,
+ 0x0, /* in_flags */
+ SMB2_CAP_DFS, /* in_capabilities */
+ 0, /* in_channel */
+ /* in_previous_session_id: */
+ smb2cli_session_current_id(cli1->smb2.session),
+ &in_blob); /* in_security_buffer */
+ if (subreq == NULL) {
+ printf("smb2cli_session_setup_send() returned NULL\n");
+ return false;
+ }
+
+ ok = tevent_req_poll(subreq, ev);
+ if (!ok) {
+ printf("tevent_req_poll() returned false\n");
+ return false;
+ }
+
+ status = smb2cli_session_setup_recv(subreq, talloc_tos(),
+ &recv_iov, &out_blob);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_session_setup_recv returned %s\n",
+ nt_errstr(status));
+ return false;
+ }
+
+ status = gensec_session_key(auth_generic_state->gensec_security, talloc_tos(),
+ &session_key);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("gensec_session_key returned %s\n",
+ nt_errstr(status));
+ return false;
+ }
+
+ /* check file operation on the old client */
+
+ status = smb2cli_flush(cli1->conn, cli1->timeout, cli1->smb2.session,
+ cli1->smb2.tcon, fid_persistent, fid_volatile);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_USER_SESSION_DELETED)) {
+ printf("smb2cli_flush returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = cli_tree_connect(cli1, share, "?????", NULL);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_USER_SESSION_DELETED)) {
+ printf("cli_tree_connect returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ /*
+ * checking file operations without signing.
+ * on w2k8r2 at least, flush, read and write also work the same way,
+ * while create gives ACCESS_DENIED without signing
+ */
+ status = smb2cli_flush(cli2->conn, cli2->timeout, cli2->smb2.session,
+ cli2->smb2.tcon, fid_persistent, fid_volatile);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_FILE_CLOSED) &&
+ !NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_NAME_DELETED))
+ {
+ printf("smb2cli_flush returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_write(cli2->conn, cli2->timeout, cli2->smb2.session,
+ cli2->smb2.tcon, strlen(hello), 0, fid_persistent,
+ fid_volatile, 0, 0, (const uint8_t *)hello, NULL);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_FILE_CLOSED) &&
+ !NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_NAME_DELETED))
+ {
+ printf("smb2cli_write returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_read(cli2->conn, cli2->timeout, cli2->smb2.session,
+ cli2->smb2.tcon, 0x10000, 0, fid_persistent,
+ fid_volatile, 2, 0,
+ talloc_tos(), &result, &nread);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_FILE_CLOSED) &&
+ !NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_NAME_DELETED))
+ {
+ printf("smb2cli_read returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_create(cli2->conn, cli2->timeout, cli2->smb2.session,
+ cli2->smb2.tcon, "session-reconnect.txt",
+ SMB2_OPLOCK_LEVEL_NONE, /* oplock_level, */
+ SMB2_IMPERSONATION_IMPERSONATION, /* impersonation_level, */
+ SEC_STD_ALL | SEC_FILE_ALL, /* desired_access, */
+ FILE_ATTRIBUTE_NORMAL, /* file_attributes, */
+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, /* share_access, */
+ FILE_CREATE, /* create_disposition, */
+ FILE_DELETE_ON_CLOSE, /* create_options, */
+ NULL, /* smb2_create_blobs *blobs */
+ &fid_persistent,
+ &fid_volatile,
+ NULL, NULL, NULL);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) &&
+ !NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_NAME_DELETED)) {
+ printf("smb2cli_create on cli2 %s\n", nt_errstr(status));
+ return false;
+ }
+
+ /* now grab the session key and try with signing */
+
+ status = smb2cli_session_set_session_key(cli2->smb2.session,
+ session_key,
+ recv_iov);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_session_set_session_key %s\n", nt_errstr(status));
+ return false;
+ }
+
+ /* the tid seems to be irrelevant at this stage */
+
+ status = smb2cli_flush(cli2->conn, cli2->timeout, cli2->smb2.session,
+ cli1->smb2.tcon, fid_persistent, fid_volatile);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_FILE_CLOSED) &&
+ !NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_NAME_DELETED))
+ {
+ printf("smb2cli_flush returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_write(cli2->conn, cli2->timeout, cli2->smb2.session,
+ cli1->smb2.tcon, strlen(hello), 0, fid_persistent,
+ fid_volatile, 0, 0, (const uint8_t *)hello, NULL);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_FILE_CLOSED) &&
+ !NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_NAME_DELETED))
+ {
+ printf("smb2cli_write returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_read(cli2->conn, cli2->timeout, cli2->smb2.session,
+ cli1->smb2.tcon, 0x10000, 0, fid_persistent,
+ fid_volatile, 2, 0,
+ talloc_tos(), &result, &nread);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_FILE_CLOSED) &&
+ !NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_NAME_DELETED))
+ {
+ printf("smb2cli_read returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_create(cli2->conn, cli2->timeout, cli2->smb2.session,
+ cli1->smb2.tcon, "session-reconnect.txt",
+ SMB2_OPLOCK_LEVEL_NONE, /* oplock_level, */
+ SMB2_IMPERSONATION_IMPERSONATION, /* impersonation_level, */
+ SEC_STD_ALL | SEC_FILE_ALL, /* desired_access, */
+ FILE_ATTRIBUTE_NORMAL, /* file_attributes, */
+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, /* share_access, */
+ FILE_CREATE, /* create_disposition, */
+ FILE_DELETE_ON_CLOSE, /* create_options, */
+ NULL, /* smb2_create_blobs *blobs */
+ &fid_persistent,
+ &fid_volatile,
+ NULL, NULL, NULL);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_NAME_DELETED) &&
+ !NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_NAME_DELETED))
+ {
+ printf("smb2cli_create on cli2 %s\n", nt_errstr(status));
+ return false;
+ }
+
+ /* now do a new tcon and test file calls again */
+
+ status = cli_tree_connect(cli2, share, "?????", NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_tree_connect returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_create(cli2->conn, cli2->timeout, cli2->smb2.session,
+ cli2->smb2.tcon, "session-reconnect.txt",
+ SMB2_OPLOCK_LEVEL_NONE, /* oplock_level, */
+ SMB2_IMPERSONATION_IMPERSONATION, /* impersonation_level, */
+ SEC_STD_ALL | SEC_FILE_ALL, /* desired_access, */
+ FILE_ATTRIBUTE_NORMAL, /* file_attributes, */
+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, /* share_access, */
+ FILE_CREATE, /* create_disposition, */
+ FILE_DELETE_ON_CLOSE, /* create_options, */
+ NULL, /* smb2_create_blobs *blobs */
+ &fid_persistent,
+ &fid_volatile,
+ NULL, NULL, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_create on cli2 %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_write(cli2->conn, cli2->timeout, cli2->smb2.session,
+ cli2->smb2.tcon, strlen(hello), 0, fid_persistent,
+ fid_volatile, 0, 0, (const uint8_t *)hello, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_write returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_flush(cli2->conn, cli2->timeout, cli2->smb2.session,
+ cli2->smb2.tcon, fid_persistent, fid_volatile);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_flush returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_read(cli2->conn, cli2->timeout, cli2->smb2.session,
+ cli2->smb2.tcon, 0x10000, 0, fid_persistent,
+ fid_volatile, 2, 0,
+ talloc_tos(), &result, &nread);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_read returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ if (nread != strlen(hello)) {
+ printf("smb2cli_read returned %d bytes, expected %d\n",
+ (int)nread, (int)strlen(hello));
+ return false;
+ }
+
+ if (memcmp(hello, result, nread) != 0) {
+ printf("smb2cli_read returned '%s', expected '%s'\n",
+ result, hello);
+ return false;
+ }
+
+ return true;
+}
+
+bool run_smb2_tcon_dependence(int dummy)
+{
+ struct cli_state *cli;
+ NTSTATUS status;
+ uint64_t fid_persistent, fid_volatile;
+ const char *hello = "Hello, world\n";
+ uint8_t *result;
+ uint32_t nread;
+ struct smbXcli_tcon *tcon2;
+ uint32_t tcon2_id;
+
+ printf("Starting SMB2-TCON-DEPENDENCE\n");
+
+ if (!torture_init_connection(&cli)) {
+ return false;
+ }
+
+ status = smbXcli_negprot(cli->conn, cli->timeout,
+ PROTOCOL_SMB2_02, PROTOCOL_LATEST);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smbXcli_negprot returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = cli_session_setup_creds(cli, torture_creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_session_setup returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = cli_tree_connect(cli, share, "?????", NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_tree_connect returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_create(cli->conn, cli->timeout, cli->smb2.session,
+ cli->smb2.tcon, "tcon_depedence.txt",
+ SMB2_OPLOCK_LEVEL_NONE, /* oplock_level, */
+ SMB2_IMPERSONATION_IMPERSONATION, /* impersonation_level, */
+ SEC_STD_ALL | SEC_FILE_ALL, /* desired_access, */
+ FILE_ATTRIBUTE_NORMAL, /* file_attributes, */
+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, /* share_access, */
+ FILE_CREATE, /* create_disposition, */
+ FILE_DELETE_ON_CLOSE, /* create_options, */
+ NULL, /* smb2_create_blobs *blobs */
+ &fid_persistent,
+ &fid_volatile,
+ NULL, NULL, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_create on cli %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_write(cli->conn, cli->timeout, cli->smb2.session,
+ cli->smb2.tcon, strlen(hello), 0, fid_persistent,
+ fid_volatile, 0, 0, (const uint8_t *)hello, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_write returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_flush(cli->conn, cli->timeout, cli->smb2.session,
+ cli->smb2.tcon, fid_persistent, fid_volatile);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_flush returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_read(cli->conn, cli->timeout, cli->smb2.session,
+ cli->smb2.tcon, 0x10000, 0, fid_persistent,
+ fid_volatile, 2, 0,
+ talloc_tos(), &result, &nread);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_read returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ if (nread != strlen(hello)) {
+ printf("smb2cli_read returned %d bytes, expected %d\n",
+ (int)nread, (int)strlen(hello));
+ return false;
+ }
+
+ if (memcmp(hello, result, nread) != 0) {
+ printf("smb2cli_read returned '%s', expected '%s'\n",
+ result, hello);
+ return false;
+ }
+
+ /* check behaviour with wrong tid... */
+
+ tcon2 = smbXcli_tcon_create(cli);
+ tcon2_id = smb2cli_tcon_current_id(cli->smb2.tcon);
+ tcon2_id++;
+ smb2cli_tcon_set_values(tcon2,
+ NULL, /* session */
+ tcon2_id,
+ 0, /* type */
+ 0, /* flags */
+ 0, /* capabilities */
+ 0 /* maximal_access */);
+
+ status = smb2cli_read(cli->conn, cli->timeout, cli->smb2.session,
+ tcon2, 0x10000, 0, fid_persistent,
+ fid_volatile, 2, 0,
+ talloc_tos(), &result, &nread);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_NAME_DELETED)) {
+ printf("smb2cli_read returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ talloc_free(tcon2);
+
+ return true;
+}
+
+bool run_smb2_multi_channel(int dummy)
+{
+ struct cli_state *cli1;
+ struct cli_state *cli2;
+ struct cli_state *cli3;
+ NTSTATUS status;
+ bool ok;
+ uint64_t fid_persistent, fid_volatile;
+ struct tevent_context *ev;
+ struct tevent_req *subreq;
+ DATA_BLOB in_blob = data_blob_null;
+ DATA_BLOB out_blob;
+ DATA_BLOB channel_session_key;
+ struct auth_generic_state *auth_generic_state;
+ struct iovec *recv_iov;
+ const char *hello = "Hello, world\n";
+ uint8_t *result;
+ uint32_t nread;
+ struct GUID saved_guid = cli_state_client_guid;
+
+ printf("Starting SMB2-MULTI-CHANNEL\n");
+
+ cli_state_client_guid = GUID_random();
+
+ if (!torture_init_connection(&cli1)) {
+ return false;
+ }
+
+ if (!torture_init_connection(&cli2)) {
+ return false;
+ }
+
+ if (!torture_init_connection(&cli3)) {
+ return false;
+ }
+
+ cli_state_client_guid = saved_guid;
+
+ status = smbXcli_negprot(cli1->conn, cli1->timeout,
+ PROTOCOL_SMB3_00, PROTOCOL_LATEST);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smbXcli_negprot returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smbXcli_negprot(cli2->conn, cli2->timeout,
+ PROTOCOL_SMB3_00, PROTOCOL_LATEST);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smbXcli_negprot returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smbXcli_negprot(cli3->conn, cli3->timeout,
+ PROTOCOL_SMB3_00, PROTOCOL_LATEST);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smbXcli_negprot returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = cli_session_setup_creds(cli1, torture_creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_sesssetup returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = cli_tree_connect(cli1, share, "?????", NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_tree_connect returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_session_create_channel(cli2,
+ cli1->smb2.session,
+ cli2->conn,
+ &cli2->smb2.session);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_session_create_channel returned %s\n",
+ nt_errstr(status));
+ return false;
+ }
+
+ status = auth_generic_client_prepare(talloc_tos(), &auth_generic_state);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("auth_generic_client_prepare returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ gensec_want_feature(auth_generic_state->gensec_security,
+ GENSEC_FEATURE_SESSION_KEY);
+
+ status = auth_generic_set_creds(auth_generic_state, torture_creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("auth_generic_set_creds returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = auth_generic_client_start(auth_generic_state, GENSEC_OID_NTLMSSP);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("auth_generic_client_start returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ ev = samba_tevent_context_init(talloc_tos());
+ if (ev == NULL) {
+ printf("samba_tevent_context_init() returned NULL\n");
+ return false;
+ }
+
+ status = gensec_update(auth_generic_state->gensec_security,
+ talloc_tos(), data_blob_null, &in_blob);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ printf("gensec_update returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ subreq = smb2cli_session_setup_send(talloc_tos(), ev,
+ cli2->conn,
+ cli2->timeout,
+ cli2->smb2.session,
+ 0x01, /* in_flags */
+ SMB2_CAP_DFS, /* in_capabilities */
+ 0, /* in_channel */
+ 0, /* in_previous_session_id */
+ &in_blob); /* in_security_buffer */
+ if (subreq == NULL) {
+ printf("smb2cli_session_setup_send() returned NULL\n");
+ return false;
+ }
+
+ ok = tevent_req_poll(subreq, ev);
+ if (!ok) {
+ printf("tevent_req_poll() returned false\n");
+ return false;
+ }
+
+ status = smb2cli_session_setup_recv(subreq, talloc_tos(),
+ NULL, &out_blob);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ printf("smb2cli_session_setup_recv returned %s\n",
+ nt_errstr(status));
+ return false;
+ }
+
+ status = gensec_update(auth_generic_state->gensec_security,
+ talloc_tos(), out_blob, &in_blob);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("auth_generic_update returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ subreq = smb2cli_session_setup_send(talloc_tos(), ev,
+ cli2->conn,
+ cli2->timeout,
+ cli2->smb2.session,
+ 0x01, /* in_flags */
+ SMB2_CAP_DFS, /* in_capabilities */
+ 0, /* in_channel */
+ 0, /* in_previous_session_id */
+ &in_blob); /* in_security_buffer */
+ if (subreq == NULL) {
+ printf("smb2cli_session_setup_send() returned NULL\n");
+ return false;
+ }
+
+ ok = tevent_req_poll(subreq, ev);
+ if (!ok) {
+ printf("tevent_req_poll() returned false\n");
+ return false;
+ }
+
+ status = smb2cli_session_setup_recv(subreq, talloc_tos(),
+ &recv_iov, &out_blob);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_session_setup_recv returned %s\n",
+ nt_errstr(status));
+ return false;
+ }
+
+ status = gensec_session_key(auth_generic_state->gensec_security, talloc_tos(),
+ &channel_session_key);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("gensec_session_key returned %s\n",
+ nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_session_set_channel_key(cli2->smb2.session,
+ channel_session_key,
+ recv_iov);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_session_set_channel_key %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_session_create_channel(cli3,
+ cli1->smb2.session,
+ cli3->conn,
+ &cli3->smb2.session);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_session_create_channel returned %s\n",
+ nt_errstr(status));
+ return false;
+ }
+
+ status = auth_generic_client_prepare(talloc_tos(), &auth_generic_state);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("auth_generic_client_prepare returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ gensec_want_feature(auth_generic_state->gensec_security,
+ GENSEC_FEATURE_SESSION_KEY);
+
+ status = auth_generic_set_creds(auth_generic_state, torture_creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("auth_generic_set_creds returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = auth_generic_client_start(auth_generic_state, GENSEC_OID_NTLMSSP);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("auth_generic_client_start returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = gensec_update(auth_generic_state->gensec_security,
+ talloc_tos(), data_blob_null, &in_blob);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ printf("gensec_update returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ subreq = smb2cli_session_setup_send(talloc_tos(), ev,
+ cli3->conn,
+ cli3->timeout,
+ cli3->smb2.session,
+ 0x01, /* in_flags */
+ SMB2_CAP_DFS, /* in_capabilities */
+ 0, /* in_channel */
+ 0, /* in_previous_session_id */
+ &in_blob); /* in_security_buffer */
+ if (subreq == NULL) {
+ printf("smb2cli_session_setup_send() returned NULL\n");
+ return false;
+ }
+
+ ok = tevent_req_poll(subreq, ev);
+ if (!ok) {
+ printf("tevent_req_poll() returned false\n");
+ return false;
+ }
+
+ status = smb2cli_session_setup_recv(subreq, talloc_tos(),
+ NULL, &out_blob);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ printf("smb2cli_session_setup_recv returned %s\n",
+ nt_errstr(status));
+ return false;
+ }
+
+ status = gensec_update(auth_generic_state->gensec_security,
+ talloc_tos(), out_blob, &in_blob);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("auth_generic_update returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ subreq = smb2cli_session_setup_send(talloc_tos(), ev,
+ cli3->conn,
+ cli3->timeout,
+ cli3->smb2.session,
+ 0x01, /* in_flags */
+ SMB2_CAP_DFS, /* in_capabilities */
+ 0, /* in_channel */
+ 0, /* in_previous_session_id */
+ &in_blob); /* in_security_buffer */
+ if (subreq == NULL) {
+ printf("smb2cli_session_setup_send() returned NULL\n");
+ return false;
+ }
+
+ ok = tevent_req_poll(subreq, ev);
+ if (!ok) {
+ printf("tevent_req_poll() returned false\n");
+ return false;
+ }
+
+ status = smb2cli_session_setup_recv(subreq, talloc_tos(),
+ &recv_iov, &out_blob);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_session_setup_recv returned %s\n",
+ nt_errstr(status));
+ return false;
+ }
+
+ status = gensec_session_key(auth_generic_state->gensec_security, talloc_tos(),
+ &channel_session_key);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("gensec_session_key returned %s\n",
+ nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_session_set_channel_key(cli3->smb2.session,
+ channel_session_key,
+ recv_iov);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_session_set_channel_key %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_create(cli2->conn, cli2->timeout, cli2->smb2.session,
+ cli1->smb2.tcon, "multi-channel.txt",
+ SMB2_OPLOCK_LEVEL_NONE, /* oplock_level, */
+ SMB2_IMPERSONATION_IMPERSONATION, /* impersonation_level, */
+ SEC_STD_ALL | SEC_FILE_ALL, /* desired_access, */
+ FILE_ATTRIBUTE_NORMAL, /* file_attributes, */
+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, /* share_access, */
+ FILE_CREATE, /* create_disposition, */
+ FILE_DELETE_ON_CLOSE, /* create_options, */
+ NULL, /* smb2_create_blobs *blobs */
+ &fid_persistent,
+ &fid_volatile,
+ NULL, NULL, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_create on cli2 %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_write(cli1->conn, cli1->timeout, cli1->smb2.session,
+ cli1->smb2.tcon, strlen(hello), 0, fid_persistent,
+ fid_volatile, 0, 0, (const uint8_t *)hello, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_write returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_flush(cli2->conn, cli2->timeout, cli2->smb2.session,
+ cli1->smb2.tcon, fid_persistent, fid_volatile);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_flush returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_flush(cli1->conn, cli1->timeout, cli1->smb2.session,
+ cli1->smb2.tcon, fid_persistent, fid_volatile);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_flush returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_flush(cli3->conn, cli3->timeout, cli3->smb2.session,
+ cli1->smb2.tcon, fid_persistent, fid_volatile);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_flush returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_read(cli2->conn, cli2->timeout, cli2->smb2.session,
+ cli1->smb2.tcon, 0x10000, 0, fid_persistent,
+ fid_volatile, 2, 0,
+ talloc_tos(), &result, &nread);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_read returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ if (nread != strlen(hello)) {
+ printf("smb2cli_read returned %d bytes, expected %d\n",
+ (int)nread, (int)strlen(hello));
+ return false;
+ }
+
+ if (memcmp(hello, result, nread) != 0) {
+ printf("smb2cli_read returned '%s', expected '%s'\n",
+ result, hello);
+ return false;
+ }
+
+ status = auth_generic_client_prepare(talloc_tos(), &auth_generic_state);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("auth_generic_client_prepare returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ gensec_want_feature(auth_generic_state->gensec_security,
+ GENSEC_FEATURE_SESSION_KEY);
+
+ status = auth_generic_set_creds(auth_generic_state, torture_creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("auth_generic_set_creds returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = auth_generic_client_start(auth_generic_state, GENSEC_OID_NTLMSSP);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("auth_generic_client_start returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = gensec_update(auth_generic_state->gensec_security,
+ talloc_tos(), data_blob_null, &in_blob);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ printf("gensec_update returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ subreq = smb2cli_session_setup_send(talloc_tos(), ev,
+ cli3->conn,
+ cli3->timeout,
+ cli3->smb2.session,
+ 0x0, /* in_flags */
+ SMB2_CAP_DFS, /* in_capabilities */
+ 0, /* in_channel */
+ 0, /* in_previous_session_id */
+ &in_blob); /* in_security_buffer */
+ if (subreq == NULL) {
+ printf("smb2cli_session_setup_send() returned NULL\n");
+ return false;
+ }
+
+ ok = tevent_req_poll(subreq, ev);
+ if (!ok) {
+ printf("tevent_req_poll() returned false\n");
+ return false;
+ }
+
+ status = smb2cli_session_setup_recv(subreq, talloc_tos(),
+ NULL, &out_blob);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ printf("smb2cli_session_setup_recv returned %s\n",
+ nt_errstr(status));
+ return false;
+ }
+
+ status = gensec_update(auth_generic_state->gensec_security,
+ talloc_tos(), out_blob, &in_blob);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("auth_generic_update returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_flush(cli1->conn, cli1->timeout, cli1->smb2.session,
+ cli1->smb2.tcon, fid_persistent, fid_volatile);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_flush returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_flush(cli2->conn, cli2->timeout, cli2->smb2.session,
+ cli1->smb2.tcon, fid_persistent, fid_volatile);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_flush returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_flush(cli3->conn, cli3->timeout, cli3->smb2.session,
+ cli1->smb2.tcon, fid_persistent, fid_volatile);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_flush returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_create(cli1->conn, cli1->timeout, cli1->smb2.session,
+ cli1->smb2.tcon, "multi-channel-invalid.txt",
+ SMB2_OPLOCK_LEVEL_NONE, /* oplock_level, */
+ SMB2_IMPERSONATION_IMPERSONATION, /* impersonation_level, */
+ SEC_STD_ALL | SEC_FILE_ALL, /* desired_access, */
+ FILE_ATTRIBUTE_NORMAL, /* file_attributes, */
+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, /* share_access, */
+ FILE_CREATE, /* create_disposition, */
+ FILE_DELETE_ON_CLOSE, /* create_options, */
+ NULL, /* smb2_create_blobs *blobs */
+ &fid_persistent,
+ &fid_volatile,
+ NULL, NULL, NULL);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_HANDLE)) {
+ printf("smb2cli_create %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_create(cli2->conn, cli2->timeout, cli2->smb2.session,
+ cli1->smb2.tcon, "multi-channel-invalid.txt",
+ SMB2_OPLOCK_LEVEL_NONE, /* oplock_level, */
+ SMB2_IMPERSONATION_IMPERSONATION, /* impersonation_level, */
+ SEC_STD_ALL | SEC_FILE_ALL, /* desired_access, */
+ FILE_ATTRIBUTE_NORMAL, /* file_attributes, */
+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, /* share_access, */
+ FILE_CREATE, /* create_disposition, */
+ FILE_DELETE_ON_CLOSE, /* create_options, */
+ NULL, /* smb2_create_blobs *blobs */
+ &fid_persistent,
+ &fid_volatile,
+ NULL, NULL, NULL);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_HANDLE)) {
+ printf("smb2cli_create %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_create(cli3->conn, cli3->timeout, cli3->smb2.session,
+ cli1->smb2.tcon, "multi-channel-invalid.txt",
+ SMB2_OPLOCK_LEVEL_NONE, /* oplock_level, */
+ SMB2_IMPERSONATION_IMPERSONATION, /* impersonation_level, */
+ SEC_STD_ALL | SEC_FILE_ALL, /* desired_access, */
+ FILE_ATTRIBUTE_NORMAL, /* file_attributes, */
+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, /* share_access, */
+ FILE_CREATE, /* create_disposition, */
+ FILE_DELETE_ON_CLOSE, /* create_options, */
+ NULL, /* smb2_create_blobs *blobs */
+ &fid_persistent,
+ &fid_volatile,
+ NULL, NULL, NULL);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_HANDLE)) {
+ printf("smb2cli_create %s\n", nt_errstr(status));
+ return false;
+ }
+
+ subreq = smb2cli_session_setup_send(talloc_tos(), ev,
+ cli2->conn,
+ cli2->timeout,
+ cli2->smb2.session,
+ 0x0, /* in_flags */
+ SMB2_CAP_DFS, /* in_capabilities */
+ 0, /* in_channel */
+ 0, /* in_previous_session_id */
+ &in_blob); /* in_security_buffer */
+ if (subreq == NULL) {
+ printf("smb2cli_session_setup_send() returned NULL\n");
+ return false;
+ }
+
+ ok = tevent_req_poll(subreq, ev);
+ if (!ok) {
+ printf("tevent_req_poll() returned false\n");
+ return false;
+ }
+
+ status = smb2cli_session_setup_recv(subreq, talloc_tos(),
+ &recv_iov, &out_blob);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_session_setup_recv returned %s\n",
+ nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_close(cli3->conn, cli3->timeout, cli3->smb2.session,
+ cli1->smb2.tcon, 0, fid_persistent, fid_volatile);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_close returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_flush(cli3->conn, cli3->timeout, cli3->smb2.session,
+ cli1->smb2.tcon, fid_persistent, fid_volatile);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_FILE_CLOSED)) {
+ printf("smb2cli_flush returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_flush(cli2->conn, cli2->timeout, cli2->smb2.session,
+ cli1->smb2.tcon, fid_persistent, fid_volatile);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_FILE_CLOSED)) {
+ printf("smb2cli_flush returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_flush(cli1->conn, cli1->timeout, cli1->smb2.session,
+ cli1->smb2.tcon, fid_persistent, fid_volatile);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_FILE_CLOSED)) {
+ printf("smb2cli_flush returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ return true;
+}
+
+bool run_smb2_session_reauth(int dummy)
+{
+ struct cli_state *cli;
+ NTSTATUS status;
+ bool ok;
+ uint64_t fid_persistent, fid_volatile;
+ uint64_t dir_persistent, dir_volatile;
+ uint8_t *dir_data;
+ uint32_t dir_data_length;
+ struct tevent_context *ev;
+ struct tevent_req *subreq;
+ DATA_BLOB in_blob = data_blob_null;
+ DATA_BLOB out_blob;
+ DATA_BLOB in_input_buffer;
+ DATA_BLOB out_output_buffer;
+ uint8_t in_file_info_class;
+ struct auth_generic_state *auth_generic_state;
+ struct iovec *recv_iov;
+ uint32_t saved_tid;
+ struct smbXcli_tcon *saved_tcon;
+
+ printf("Starting SMB2-SESSION_REAUTH\n");
+
+ if (!torture_init_connection(&cli)) {
+ return false;
+ }
+
+ /*
+ * PROTOCOL_SMB2_22 has a bug in win8pre0
+ * it behaves like PROTOCOL_SMB2_02
+ * and returns NT_STATUS_REQUEST_NOT_ACCEPTED,
+ * while it allows it on PROTOCOL_SMB2_10.
+ */
+ status = smbXcli_negprot(cli->conn, cli->timeout,
+ PROTOCOL_SMB2_10, PROTOCOL_SMB2_10);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smbXcli_negprot returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = cli_session_setup_creds(cli, torture_creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_sesssetup returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = cli_tree_connect(cli, share, "?????", NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_tree_connect returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_create(cli->conn, cli->timeout, cli->smb2.session,
+ cli->smb2.tcon, "session-reauth.txt",
+ SMB2_OPLOCK_LEVEL_NONE, /* oplock_level, */
+ SMB2_IMPERSONATION_IMPERSONATION, /* impersonation_level, */
+ SEC_STD_ALL | SEC_FILE_ALL, /* desired_access, */
+ FILE_ATTRIBUTE_NORMAL, /* file_attributes, */
+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, /* share_access, */
+ FILE_CREATE, /* create_disposition, */
+ FILE_DELETE_ON_CLOSE, /* create_options, */
+ NULL, /* smb2_create_blobs *blobs */
+ &fid_persistent,
+ &fid_volatile,
+ NULL, NULL, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_create %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_create(cli->conn, cli->timeout, cli->smb2.session,
+ cli->smb2.tcon, "",
+ SMB2_OPLOCK_LEVEL_NONE, /* oplock_level, */
+ SMB2_IMPERSONATION_IMPERSONATION, /* impersonation_level, */
+ SEC_STD_SYNCHRONIZE|
+ SEC_DIR_LIST|
+ SEC_DIR_READ_ATTRIBUTE, /* desired_access, */
+ 0, /* file_attributes, */
+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, /* share_access, */
+ FILE_OPEN, /* create_disposition, */
+ FILE_SYNCHRONOUS_IO_NONALERT|FILE_DIRECTORY_FILE, /* create_options, */
+ NULL, /* smb2_create_blobs *blobs */
+ &dir_persistent,
+ &dir_volatile,
+ NULL, NULL, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_create returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_query_directory(
+ cli->conn, cli->timeout, cli->smb2.session, cli->smb2.tcon,
+ 1, 0x3, 0, dir_persistent, dir_volatile,
+ "session-reauth.txt", 0xffff,
+ talloc_tos(), &dir_data, &dir_data_length);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_query_directory returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = auth_generic_client_prepare(talloc_tos(), &auth_generic_state);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("auth_generic_client_prepare returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ gensec_want_feature(auth_generic_state->gensec_security,
+ GENSEC_FEATURE_SESSION_KEY);
+
+ status = auth_generic_set_creds(auth_generic_state, torture_creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("auth_generic_set_creds returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = auth_generic_client_start(auth_generic_state, GENSEC_OID_NTLMSSP);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("auth_generic_client_start returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ ev = samba_tevent_context_init(talloc_tos());
+ if (ev == NULL) {
+ printf("samba_tevent_context_init() returned NULL\n");
+ return false;
+ }
+
+ status = gensec_update(auth_generic_state->gensec_security,
+ talloc_tos(), data_blob_null, &in_blob);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ printf("gensec_update returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ subreq = smb2cli_session_setup_send(talloc_tos(), ev,
+ cli->conn,
+ cli->timeout,
+ cli->smb2.session,
+ 0x0, /* in_flags */
+ SMB2_CAP_DFS, /* in_capabilities */
+ 0, /* in_channel */
+ 0, /* in_previous_session_id */
+ &in_blob); /* in_security_buffer */
+ if (subreq == NULL) {
+ printf("smb2cli_session_setup_send() returned NULL\n");
+ return false;
+ }
+
+ ok = tevent_req_poll(subreq, ev);
+ if (!ok) {
+ printf("tevent_req_poll() returned false\n");
+ return false;
+ }
+
+ status = smb2cli_session_setup_recv(subreq, talloc_tos(),
+ NULL, &out_blob);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ printf("smb2cli_session_setup_recv returned %s\n",
+ nt_errstr(status));
+ return false;
+ }
+
+ status = gensec_update(auth_generic_state->gensec_security,
+ talloc_tos(), out_blob, &in_blob);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("auth_generic_update returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_flush(cli->conn, cli->timeout, cli->smb2.session,
+ cli->smb2.tcon, fid_persistent, fid_volatile);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_flush returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_query_directory(
+ cli->conn, cli->timeout, cli->smb2.session, cli->smb2.tcon,
+ 1, 0x3, 0, dir_persistent, dir_volatile,
+ "session-reauth.txt", 0xffff,
+ talloc_tos(), &dir_data, &dir_data_length);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_query_directory returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ /*
+ * query_info seems to be a path based operation on Windows...
+ */
+ status = smb2cli_query_info(cli->conn,
+ cli->timeout,
+ cli->smb2.session,
+ cli->smb2.tcon,
+ SMB2_0_INFO_SECURITY,
+ 0, /* in_file_info_class */
+ 1024, /* in_max_output_length */
+ NULL, /* in_input_buffer */
+ SECINFO_OWNER, /* in_additional_info */
+ 0, /* in_flags */
+ fid_persistent,
+ fid_volatile,
+ talloc_tos(),
+ &out_output_buffer);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_HANDLE)) {
+ printf("smb2cli_query_info (security) returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ in_file_info_class = SMB_FILE_POSITION_INFORMATION - 1000;
+ status = smb2cli_query_info(cli->conn,
+ cli->timeout,
+ cli->smb2.session,
+ cli->smb2.tcon,
+ SMB2_0_INFO_FILE,
+ in_file_info_class,
+ 1024, /* in_max_output_length */
+ NULL, /* in_input_buffer */
+ 0, /* in_additional_info */
+ 0, /* in_flags */
+ fid_persistent,
+ fid_volatile,
+ talloc_tos(),
+ &out_output_buffer);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_HANDLE)) {
+ printf("smb2cli_query_info (position) returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ in_input_buffer = data_blob_talloc(talloc_tos(), NULL, 8);
+ SBVAL(in_input_buffer.data, 0, 512);
+
+ in_file_info_class = SMB_FILE_POSITION_INFORMATION - 1000;
+ status = smb2cli_set_info(cli->conn,
+ cli->timeout,
+ cli->smb2.session,
+ cli->smb2.tcon,
+ SMB2_0_INFO_FILE,
+ in_file_info_class,
+ &in_input_buffer,
+ 0, /* in_additional_info */
+ fid_persistent,
+ fid_volatile);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_HANDLE)) {
+ printf("smb2cli_set_info (position) returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_create(cli->conn, cli->timeout, cli->smb2.session,
+ cli->smb2.tcon, "session-reauth-invalid.txt",
+ SMB2_OPLOCK_LEVEL_NONE, /* oplock_level, */
+ SMB2_IMPERSONATION_IMPERSONATION, /* impersonation_level, */
+ SEC_STD_ALL | SEC_FILE_ALL, /* desired_access, */
+ FILE_ATTRIBUTE_NORMAL, /* file_attributes, */
+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, /* share_access, */
+ FILE_CREATE, /* create_disposition, */
+ FILE_DELETE_ON_CLOSE, /* create_options, */
+ NULL, /* smb2_create_blobs *blobs */
+ &fid_persistent,
+ &fid_volatile,
+ NULL, NULL, NULL);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_HANDLE)) {
+ printf("smb2cli_create %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_create(cli->conn, cli->timeout, cli->smb2.session,
+ cli->smb2.tcon, "",
+ SMB2_OPLOCK_LEVEL_NONE, /* oplock_level, */
+ SMB2_IMPERSONATION_IMPERSONATION, /* impersonation_level, */
+ SEC_STD_SYNCHRONIZE|
+ SEC_DIR_LIST|
+ SEC_DIR_READ_ATTRIBUTE, /* desired_access, */
+ 0, /* file_attributes, */
+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, /* share_access, */
+ FILE_OPEN, /* create_disposition, */
+ FILE_SYNCHRONOUS_IO_NONALERT|FILE_DIRECTORY_FILE, /* create_options, */
+ NULL, /* smb2_create_blobs *blobs */
+ &dir_persistent,
+ &dir_volatile,
+ NULL, NULL, NULL);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_HANDLE)) {
+ printf("smb2cli_create returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ saved_tid = smb2cli_tcon_current_id(cli->smb2.tcon);
+ saved_tcon = cli->smb2.tcon;
+ cli->smb2.tcon = smbXcli_tcon_create(cli);
+ smb2cli_tcon_set_values(cli->smb2.tcon,
+ NULL, /* session */
+ saved_tid,
+ 0, /* type */
+ 0, /* flags */
+ 0, /* capabilities */
+ 0 /* maximal_access */);
+ status = cli_tree_connect(cli, share, "?????", NULL);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_HANDLE)) {
+ printf("cli_tree_connect returned %s\n", nt_errstr(status));
+ return false;
+ }
+ talloc_free(cli->smb2.tcon);
+ cli->smb2.tcon = saved_tcon;
+
+ subreq = smb2cli_session_setup_send(talloc_tos(), ev,
+ cli->conn,
+ cli->timeout,
+ cli->smb2.session,
+ 0x0, /* in_flags */
+ SMB2_CAP_DFS, /* in_capabilities */
+ 0, /* in_channel */
+ 0, /* in_previous_session_id */
+ &in_blob); /* in_security_buffer */
+ if (subreq == NULL) {
+ printf("smb2cli_session_setup_send() returned NULL\n");
+ return false;
+ }
+
+ ok = tevent_req_poll(subreq, ev);
+ if (!ok) {
+ printf("tevent_req_poll() returned false\n");
+ return false;
+ }
+
+ status = smb2cli_session_setup_recv(subreq, talloc_tos(),
+ &recv_iov, &out_blob);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_session_setup_recv returned %s\n",
+ nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_flush(cli->conn, cli->timeout, cli->smb2.session,
+ cli->smb2.tcon, fid_persistent, fid_volatile);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_flush returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_query_info(cli->conn,
+ cli->timeout,
+ cli->smb2.session,
+ cli->smb2.tcon,
+ SMB2_0_INFO_SECURITY,
+ 0, /* in_file_info_class */
+ 1024, /* in_max_output_length */
+ NULL, /* in_input_buffer */
+ SECINFO_OWNER, /* in_additional_info */
+ 0, /* in_flags */
+ fid_persistent,
+ fid_volatile,
+ talloc_tos(),
+ &out_output_buffer);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_query_info (security) returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ in_file_info_class = SMB_FILE_POSITION_INFORMATION - 1000;
+ status = smb2cli_query_info(cli->conn,
+ cli->timeout,
+ cli->smb2.session,
+ cli->smb2.tcon,
+ SMB2_0_INFO_FILE,
+ in_file_info_class,
+ 1024, /* in_max_output_length */
+ NULL, /* in_input_buffer */
+ 0, /* in_additional_info */
+ 0, /* in_flags */
+ fid_persistent,
+ fid_volatile,
+ talloc_tos(),
+ &out_output_buffer);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_query_info (position) returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ in_input_buffer = data_blob_talloc(talloc_tos(), NULL, 8);
+ SBVAL(in_input_buffer.data, 0, 512);
+
+ in_file_info_class = SMB_FILE_POSITION_INFORMATION - 1000;
+ status = smb2cli_set_info(cli->conn,
+ cli->timeout,
+ cli->smb2.session,
+ cli->smb2.tcon,
+ SMB2_0_INFO_FILE,
+ in_file_info_class,
+ &in_input_buffer,
+ 0, /* in_additional_info */
+ fid_persistent,
+ fid_volatile);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_set_info (position) returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ in_file_info_class = SMB_FILE_POSITION_INFORMATION - 1000;
+ status = smb2cli_query_info(cli->conn,
+ cli->timeout,
+ cli->smb2.session,
+ cli->smb2.tcon,
+ SMB2_0_INFO_FILE,
+ in_file_info_class,
+ 1024, /* in_max_output_length */
+ NULL, /* in_input_buffer */
+ 0, /* in_additional_info */
+ 0, /* in_flags */
+ fid_persistent,
+ fid_volatile,
+ talloc_tos(),
+ &out_output_buffer);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_query_info (position) returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_close(cli->conn, cli->timeout, cli->smb2.session,
+ cli->smb2.tcon, 0, fid_persistent, fid_volatile);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_close returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_create(cli->conn, cli->timeout, cli->smb2.session,
+ cli->smb2.tcon, "session-reauth.txt",
+ SMB2_OPLOCK_LEVEL_NONE, /* oplock_level, */
+ SMB2_IMPERSONATION_IMPERSONATION, /* impersonation_level, */
+ SEC_STD_ALL | SEC_FILE_ALL, /* desired_access, */
+ FILE_ATTRIBUTE_NORMAL, /* file_attributes, */
+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, /* share_access, */
+ FILE_CREATE, /* create_disposition, */
+ FILE_DELETE_ON_CLOSE, /* create_options, */
+ NULL, /* smb2_create_blobs *blobs */
+ &fid_persistent,
+ &fid_volatile,
+ NULL, NULL, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_create %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_query_directory(
+ cli->conn, cli->timeout, cli->smb2.session, cli->smb2.tcon,
+ 1, 0x3, 0, dir_persistent, dir_volatile,
+ "session-reauth.txt", 0xffff,
+ talloc_tos(), &dir_data, &dir_data_length);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_query_directory returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_close(cli->conn, cli->timeout, cli->smb2.session,
+ cli->smb2.tcon, 0, dir_persistent, dir_volatile);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_close returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_close(cli->conn, cli->timeout, cli->smb2.session,
+ cli->smb2.tcon, 0, fid_persistent, fid_volatile);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_close returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ saved_tid = smb2cli_tcon_current_id(cli->smb2.tcon);
+ saved_tcon = cli->smb2.tcon;
+ cli->smb2.tcon = smbXcli_tcon_create(cli);
+ smb2cli_tcon_set_values(cli->smb2.tcon,
+ NULL, /* session */
+ saved_tid,
+ 0, /* type */
+ 0, /* flags */
+ 0, /* capabilities */
+ 0 /* maximal_access */);
+ status = cli_tree_connect(cli, share, "?????", NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_tree_connect returned %s\n", nt_errstr(status));
+ return false;
+ }
+ talloc_free(cli->smb2.tcon);
+ cli->smb2.tcon = saved_tcon;
+
+ return true;
+}
+
+static NTSTATUS check_size(struct cli_state *cli,
+ uint16_t fnum,
+ const char *fname,
+ size_t size)
+{
+ off_t size_read = 0;
+
+ NTSTATUS status = cli_qfileinfo_basic(cli,
+ fnum,
+ NULL,
+ &size_read,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_qfileinfo_basic of %s failed (%s)\n",
+ fname,
+ nt_errstr(status));
+ return status;
+ }
+
+ if (size != size_read) {
+ printf("size (%u) != size_read(%u) for %s\n",
+ (unsigned int)size,
+ (unsigned int)size_read,
+ fname);
+ /* Use EOF to mean bad size. */
+ return NT_STATUS_END_OF_FILE;
+ }
+ return NT_STATUS_OK;
+}
+
+/* Ensure cli_ftruncate() works for SMB2. */
+
+bool run_smb2_ftruncate(int dummy)
+{
+ struct cli_state *cli = NULL;
+ const char *fname = "smb2_ftruncate.txt";
+ uint16_t fnum = (uint16_t)-1;
+ bool correct = false;
+ size_t buflen = 1024*1024;
+ uint8_t *buf = NULL;
+ unsigned int i;
+ NTSTATUS status;
+
+ printf("Starting SMB2-FTRUNCATE\n");
+
+ if (!torture_init_connection(&cli)) {
+ goto fail;
+ }
+
+ status = smbXcli_negprot(cli->conn, cli->timeout,
+ PROTOCOL_SMB2_02, PROTOCOL_SMB2_02);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smbXcli_negprot returned %s\n", nt_errstr(status));
+ goto fail;
+ }
+
+ status = cli_session_setup_creds(cli, torture_creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_session_setup returned %s\n", nt_errstr(status));
+ goto fail;
+ }
+
+ status = cli_tree_connect(cli, share, "?????", NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_tree_connect returned %s\n", nt_errstr(status));
+ goto fail;
+ }
+
+ cli_setatr(cli, fname, 0, 0);
+ cli_unlink(cli, fname, FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN);
+
+ status = cli_ntcreate(cli,
+ fname,
+ 0,
+ GENERIC_ALL_ACCESS,
+ FILE_ATTRIBUTE_NORMAL,
+ FILE_SHARE_NONE,
+ FILE_CREATE,
+ 0,
+ 0,
+ &fnum,
+ NULL);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("open of %s failed (%s)\n", fname, nt_errstr(status));
+ goto fail;
+ }
+
+ buf = talloc_zero_array(cli, uint8_t, buflen);
+ if (buf == NULL) {
+ goto fail;
+ }
+
+ /* Write 1MB. */
+ status = cli_writeall(cli,
+ fnum,
+ 0,
+ buf,
+ 0,
+ buflen,
+ NULL);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("write of %u to %s failed (%s)\n",
+ (unsigned int)buflen,
+ fname,
+ nt_errstr(status));
+ goto fail;
+ }
+
+ status = check_size(cli, fnum, fname, buflen);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+
+ /* Now ftruncate. */
+ for ( i = 0; i < 10; i++) {
+ status = cli_ftruncate(cli, fnum, i*1024);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_ftruncate %u of %s failed (%s)\n",
+ (unsigned int)i*1024,
+ fname,
+ nt_errstr(status));
+ goto fail;
+ }
+ status = check_size(cli, fnum, fname, i*1024);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+ }
+
+ correct = true;
+
+ fail:
+
+ if (cli == NULL) {
+ return false;
+ }
+
+ if (fnum != (uint16_t)-1) {
+ cli_close(cli, fnum);
+ }
+ cli_setatr(cli, fname, 0, 0);
+ cli_unlink(cli, fname, FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN);
+
+ if (!torture_close_connection(cli)) {
+ correct = false;
+ }
+ return correct;
+}
+
+/* Ensure SMB2 flush on directories behaves correctly. */
+
+static bool test_dir_fsync(struct cli_state *cli, const char *path)
+{
+ NTSTATUS status;
+ uint64_t fid_persistent, fid_volatile;
+ uint8_t *dir_data = NULL;
+ uint32_t dir_data_length = 0;
+
+ /* Open directory - no write abilities. */
+ status = smb2cli_create(cli->conn, cli->timeout, cli->smb2.session,
+ cli->smb2.tcon, path,
+ SMB2_OPLOCK_LEVEL_NONE, /* oplock_level, */
+ SMB2_IMPERSONATION_IMPERSONATION, /* impersonation_level, */
+ SEC_STD_SYNCHRONIZE|
+ SEC_DIR_LIST|
+ SEC_DIR_READ_ATTRIBUTE, /* desired_access, */
+ 0, /* file_attributes, */
+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, /* share_access, */
+ FILE_OPEN, /* create_disposition, */
+ FILE_SYNCHRONOUS_IO_NONALERT|FILE_DIRECTORY_FILE, /* create_options, */
+ NULL, /* smb2_create_blobs *blobs */
+ &fid_persistent,
+ &fid_volatile,
+ NULL, NULL, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_create '%s' (readonly) returned %s\n",
+ path,
+ nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_query_directory(
+ cli->conn, cli->timeout, cli->smb2.session, cli->smb2.tcon,
+ 1, 0, 0, fid_persistent, fid_volatile, "*", 0xffff,
+ talloc_tos(), &dir_data, &dir_data_length);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_query_directory returned %s\n",
+ nt_errstr(status));
+ return false;
+ }
+
+ /* Open directory no write access. Flush should fail. */
+
+ status = smb2cli_flush(cli->conn, cli->timeout, cli->smb2.session,
+ cli->smb2.tcon, fid_persistent, fid_volatile);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
+ printf("smb2cli_flush on a read-only directory returned %s\n",
+ nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_close(cli->conn, cli->timeout, cli->smb2.session,
+ cli->smb2.tcon, 0, fid_persistent, fid_volatile);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_close returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ /* Open directory write-attributes only. Flush should still fail. */
+
+ status = smb2cli_create(cli->conn, cli->timeout, cli->smb2.session,
+ cli->smb2.tcon, path,
+ SMB2_OPLOCK_LEVEL_NONE, /* oplock_level, */
+ SMB2_IMPERSONATION_IMPERSONATION, /* impersonation_level, */
+ SEC_STD_SYNCHRONIZE|
+ SEC_DIR_LIST|
+ SEC_DIR_WRITE_ATTRIBUTE|
+ SEC_DIR_READ_ATTRIBUTE, /* desired_access, */
+ 0, /* file_attributes, */
+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, /* share_access, */
+ FILE_OPEN, /* create_disposition, */
+ FILE_SYNCHRONOUS_IO_NONALERT|FILE_DIRECTORY_FILE, /* create_options, */
+ NULL, /* smb2_create_blobs *blobs */
+ &fid_persistent,
+ &fid_volatile,
+ NULL, NULL, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_create '%s' (write attr) returned %s\n",
+ path,
+ nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_query_directory(
+ cli->conn, cli->timeout, cli->smb2.session, cli->smb2.tcon,
+ 1, 0, 0, fid_persistent, fid_volatile, "*", 0xffff,
+ talloc_tos(), &dir_data, &dir_data_length);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_query_directory returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_flush(cli->conn, cli->timeout, cli->smb2.session,
+ cli->smb2.tcon, fid_persistent, fid_volatile);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
+ printf("smb2cli_flush on a write-attributes directory "
+ "returned %s\n",
+ nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_close(cli->conn, cli->timeout, cli->smb2.session,
+ cli->smb2.tcon, 0, fid_persistent, fid_volatile);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_close returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ /* Open directory with SEC_DIR_ADD_FILE access. Flush should now succeed. */
+
+ status = smb2cli_create(cli->conn, cli->timeout, cli->smb2.session,
+ cli->smb2.tcon, path,
+ SMB2_OPLOCK_LEVEL_NONE, /* oplock_level, */
+ SMB2_IMPERSONATION_IMPERSONATION, /* impersonation_level, */
+ SEC_STD_SYNCHRONIZE|
+ SEC_DIR_LIST|
+ SEC_DIR_ADD_FILE, /* desired_access, */
+ 0, /* file_attributes, */
+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, /* share_access, */
+ FILE_OPEN, /* create_disposition, */
+ FILE_SYNCHRONOUS_IO_NONALERT|FILE_DIRECTORY_FILE, /* create_options, */
+ NULL, /* smb2_create_blobs *blobs */
+ &fid_persistent,
+ &fid_volatile,
+ NULL, NULL, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_create '%s' (write FILE access) returned %s\n",
+ path,
+ nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_query_directory(
+ cli->conn, cli->timeout, cli->smb2.session, cli->smb2.tcon,
+ 1, 0, 0, fid_persistent, fid_volatile, "*", 0xffff,
+ talloc_tos(), &dir_data, &dir_data_length);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_query_directory returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_flush(cli->conn, cli->timeout, cli->smb2.session,
+ cli->smb2.tcon, fid_persistent, fid_volatile);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_flush on a directory returned %s\n",
+ nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_close(cli->conn, cli->timeout, cli->smb2.session,
+ cli->smb2.tcon, 0, fid_persistent, fid_volatile);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_close returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ /* Open directory with SEC_DIR_ADD_FILE access. Flush should now succeed. */
+
+ status = smb2cli_create(cli->conn, cli->timeout, cli->smb2.session,
+ cli->smb2.tcon, path,
+ SMB2_OPLOCK_LEVEL_NONE, /* oplock_level, */
+ SMB2_IMPERSONATION_IMPERSONATION, /* impersonation_level, */
+ SEC_STD_SYNCHRONIZE|
+ SEC_DIR_LIST|
+ SEC_DIR_ADD_SUBDIR, /* desired_access, */
+ 0, /* file_attributes, */
+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, /* share_access, */
+ FILE_OPEN, /* create_disposition, */
+ FILE_SYNCHRONOUS_IO_NONALERT|FILE_DIRECTORY_FILE, /* create_options, */
+ NULL, /* smb2_create_blobs *blobs */
+ &fid_persistent,
+ &fid_volatile,
+ NULL, NULL, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_create '%s' (write DIR access) returned %s\n",
+ path,
+ nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_query_directory(
+ cli->conn, cli->timeout, cli->smb2.session, cli->smb2.tcon,
+ 1, 0, 0, fid_persistent, fid_volatile, "*", 0xffff,
+ talloc_tos(), &dir_data, &dir_data_length);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_query_directory returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_flush(cli->conn, cli->timeout, cli->smb2.session,
+ cli->smb2.tcon, fid_persistent, fid_volatile);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_flush on a directory returned %s\n",
+ nt_errstr(status));
+ return false;
+ }
+
+ status = smb2cli_close(cli->conn, cli->timeout, cli->smb2.session,
+ cli->smb2.tcon, 0, fid_persistent, fid_volatile);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_close returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+
+ return true;
+}
+
+bool run_smb2_dir_fsync(int dummy)
+{
+ struct cli_state *cli = NULL;
+ NTSTATUS status;
+ bool bret = false;
+ const char *dname = "fsync_test_dir";
+
+ printf("Starting SMB2-DIR-FSYNC\n");
+
+ if (!torture_init_connection(&cli)) {
+ return false;
+ }
+
+ status = smbXcli_negprot(cli->conn, cli->timeout,
+ PROTOCOL_SMB2_02, PROTOCOL_SMB2_02);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smbXcli_negprot returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = cli_session_setup_creds(cli, torture_creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_session_setup returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = cli_tree_connect(cli, share, "?????", NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_tree_connect returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ (void)cli_rmdir(cli, dname);
+ status = cli_mkdir(cli, dname);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_mkdir(%s) returned %s\n",
+ dname,
+ nt_errstr(status));
+ return false;
+ }
+
+ /* Test on a subdirectory. */
+ bret = test_dir_fsync(cli, dname);
+ if (bret == false) {
+ (void)cli_rmdir(cli, dname);
+ return false;
+ }
+ (void)cli_rmdir(cli, dname);
+
+ /* Test on the root handle of a share. */
+ bret = test_dir_fsync(cli, "");
+ if (bret == false) {
+ return false;
+ }
+ return true;
+}
+
+bool run_smb2_path_slash(int dummy)
+{
+ struct cli_state *cli = NULL;
+ NTSTATUS status;
+ uint64_t fid_persistent;
+ uint64_t fid_volatile;
+ const char *dname_noslash = "smb2_dir_slash";
+ const char *dname_backslash = "smb2_dir_slash\\";
+ const char *dname_slash = "smb2_dir_slash/";
+ const char *fname_noslash = "smb2_file_slash";
+ const char *fname_backslash = "smb2_file_slash\\";
+ const char *fname_slash = "smb2_file_slash/";
+
+ printf("Starting SMB2-PATH-SLASH\n");
+
+ if (!torture_init_connection(&cli)) {
+ return false;
+ }
+
+ status = smbXcli_negprot(cli->conn, cli->timeout,
+ PROTOCOL_SMB2_02, PROTOCOL_SMB2_02);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smbXcli_negprot returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = cli_session_setup_creds(cli, torture_creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_session_setup returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = cli_tree_connect(cli, share, "?????", NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_tree_connect returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ (void)cli_unlink(cli, dname_noslash, 0);
+ (void)cli_rmdir(cli, dname_noslash);
+ (void)cli_unlink(cli, fname_noslash, 0);
+ (void)cli_rmdir(cli, fname_noslash);
+
+ /* Try to create a directory with the backslash name. */
+ status = smb2cli_create(cli->conn,
+ cli->timeout,
+ cli->smb2.session,
+ cli->smb2.tcon,
+ dname_backslash,
+ SMB2_OPLOCK_LEVEL_NONE, /* oplock_level, */
+ SMB2_IMPERSONATION_IMPERSONATION, /* impersonation_level, */
+ FILE_READ_DATA|FILE_READ_ATTRIBUTES, /* desired_access, */
+ 0, /* file_attributes, */
+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, /* share_access, */
+ FILE_CREATE, /* create_disposition, */
+ FILE_DIRECTORY_FILE, /* create_options, */
+ NULL, /* smb2_create_blobs *blobs */
+ &fid_persistent,
+ &fid_volatile,
+ NULL, NULL, NULL);
+
+ /* directory ending in '\\' should be success. */
+
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_create '%s' returned %s - "
+ "should be NT_STATUS_OK\n",
+ dname_backslash,
+ nt_errstr(status));
+ return false;
+ }
+ status = smb2cli_close(cli->conn,
+ cli->timeout,
+ cli->smb2.session,
+ cli->smb2.tcon,
+ 0,
+ fid_persistent,
+ fid_volatile);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smb2cli_close returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ (void)cli_rmdir(cli, dname_noslash);
+
+ /* Try to create a directory with the slash name. */
+ status = smb2cli_create(cli->conn,
+ cli->timeout,
+ cli->smb2.session,
+ cli->smb2.tcon,
+ dname_slash,
+ SMB2_OPLOCK_LEVEL_NONE, /* oplock_level, */
+ SMB2_IMPERSONATION_IMPERSONATION, /* impersonation_level, */
+ FILE_READ_DATA|FILE_READ_ATTRIBUTES, /* desired_access, */
+ 0, /* file_attributes, */
+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, /* share_access, */
+ FILE_CREATE, /* create_disposition, */
+ FILE_DIRECTORY_FILE, /* create_options, */
+ NULL, /* smb2_create_blobs *blobs */
+ &fid_persistent,
+ &fid_volatile,
+ NULL, NULL, NULL);
+
+ /* directory ending in '/' is an error. */
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_INVALID)) {
+ printf("smb2cli_create '%s' returned %s - "
+ "should be NT_STATUS_OBJECT_NAME_INVALID\n",
+ dname_slash,
+ nt_errstr(status));
+ if (NT_STATUS_IS_OK(status)) {
+ (void)smb2cli_close(cli->conn,
+ cli->timeout,
+ cli->smb2.session,
+ cli->smb2.tcon,
+ 0,
+ fid_persistent,
+ fid_volatile);
+ }
+ (void)cli_rmdir(cli, dname_noslash);
+ return false;
+ }
+
+ (void)cli_rmdir(cli, dname_noslash);
+
+ /* Try to create a file with the backslash name. */
+ status = smb2cli_create(cli->conn,
+ cli->timeout,
+ cli->smb2.session,
+ cli->smb2.tcon,
+ fname_backslash,
+ SMB2_OPLOCK_LEVEL_NONE, /* oplock_level, */
+ SMB2_IMPERSONATION_IMPERSONATION, /* impersonation_level, */
+ FILE_READ_DATA|FILE_READ_ATTRIBUTES, /* desired_access, */
+ 0, /* file_attributes, */
+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, /* share_access, */
+ FILE_CREATE, /* create_disposition, */
+ FILE_NON_DIRECTORY_FILE, /* create_options, */
+ NULL, /* smb2_create_blobs *blobs */
+ &fid_persistent,
+ &fid_volatile,
+ NULL, NULL, NULL);
+
+ /* file ending in '\\' should be error. */
+
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_INVALID)) {
+ printf("smb2cli_create '%s' returned %s - "
+ "should be NT_STATUS_OBJECT_NAME_INVALID\n",
+ fname_backslash,
+ nt_errstr(status));
+ if (NT_STATUS_IS_OK(status)) {
+ (void)smb2cli_close(cli->conn,
+ cli->timeout,
+ cli->smb2.session,
+ cli->smb2.tcon,
+ 0,
+ fid_persistent,
+ fid_volatile);
+ }
+ (void)cli_unlink(cli, fname_noslash, 0);
+ return false;
+ }
+
+ (void)cli_unlink(cli, fname_noslash, 0);
+
+ /* Try to create a file with the slash name. */
+ status = smb2cli_create(cli->conn,
+ cli->timeout,
+ cli->smb2.session,
+ cli->smb2.tcon,
+ fname_slash,
+ SMB2_OPLOCK_LEVEL_NONE, /* oplock_level, */
+ SMB2_IMPERSONATION_IMPERSONATION, /* impersonation_level, */
+ FILE_READ_DATA|FILE_READ_ATTRIBUTES, /* desired_access, */
+ 0, /* file_attributes, */
+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, /* share_access, */
+ FILE_CREATE, /* create_disposition, */
+ FILE_NON_DIRECTORY_FILE, /* create_options, */
+ NULL, /* smb2_create_blobs *blobs */
+ &fid_persistent,
+ &fid_volatile,
+ NULL, NULL, NULL);
+
+ /* file ending in '/' should be error. */
+
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_INVALID)) {
+ printf("smb2cli_create '%s' returned %s - "
+ "should be NT_STATUS_OBJECT_NAME_INVALID\n",
+ fname_slash,
+ nt_errstr(status));
+ if (NT_STATUS_IS_OK(status)) {
+ (void)smb2cli_close(cli->conn,
+ cli->timeout,
+ cli->smb2.session,
+ cli->smb2.tcon,
+ 0,
+ fid_persistent,
+ fid_volatile);
+ }
+ (void)cli_unlink(cli, fname_noslash, 0);
+ return false;
+ }
+
+ (void)cli_unlink(cli, fname_noslash, 0);
+ return true;
+}
+
+/*
+ * NB. This can only work against a server where
+ * the connecting user has been granted SeSecurityPrivilege.
+ *
+ * 1). Create a test file.
+ * 2). Open with SEC_FLAG_SYSTEM_SECURITY *only*. ACCESS_DENIED -
+ * NB. SMB2-only behavior.
+ * 3). Open with SEC_FLAG_SYSTEM_SECURITY|FILE_WRITE_ATTRIBUTES.
+ * 4). Write SACL. Should fail with ACCESS_DENIED (seems to need WRITE_DAC).
+ * 5). Close (3).
+ * 6). Open with SEC_FLAG_SYSTEM_SECURITY|SEC_STD_WRITE_DAC.
+ * 7). Write SACL. Success.
+ * 8). Close (4).
+ * 9). Open with SEC_FLAG_SYSTEM_SECURITY|READ_ATTRIBUTES.
+ * 10). Read SACL. Success.
+ * 11). Read DACL. Should fail with ACCESS_DENIED (no READ_CONTROL).
+ * 12). Close (9).
+ */
+
+bool run_smb2_sacl(int dummy)
+{
+ struct cli_state *cli = NULL;
+ NTSTATUS status;
+ struct security_descriptor *sd_dacl = NULL;
+ struct security_descriptor *sd_sacl = NULL;
+ const char *fname = "sacl_test_file";
+ uint16_t fnum = (uint16_t)-1;
+
+ printf("Starting SMB2-SACL\n");
+
+ if (!torture_init_connection(&cli)) {
+ return false;
+ }
+
+ status = smbXcli_negprot(cli->conn,
+ cli->timeout,
+ PROTOCOL_SMB2_02,
+ PROTOCOL_SMB3_11);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smbXcli_negprot returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = cli_session_setup_creds(cli, torture_creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_session_setup returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = cli_tree_connect(cli, share, "?????", NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_tree_connect returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ (void)cli_unlink(cli, fname, 0);
+
+ /* First create a file. */
+ status = cli_ntcreate(cli,
+ fname,
+ 0,
+ GENERIC_ALL_ACCESS,
+ FILE_ATTRIBUTE_NORMAL,
+ FILE_SHARE_NONE,
+ FILE_CREATE,
+ 0,
+ 0,
+ &fnum,
+ NULL);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("Create of %s failed (%s)\n",
+ fname,
+ nt_errstr(status));
+ goto fail;
+ }
+
+ cli_close(cli, fnum);
+ fnum = (uint16_t)-1;
+
+ /*
+ * Now try to open with *only* SEC_FLAG_SYSTEM_SECURITY.
+ * This should fail with NT_STATUS_ACCESS_DENIED - but
+ * only against an SMB2 server. SMB1 allows this as tested
+ * in SMB1-SYSTEM-SECURITY.
+ */
+
+ status = cli_smb2_create_fnum(cli,
+ fname,
+ SMB2_OPLOCK_LEVEL_NONE,
+ SMB2_IMPERSONATION_IMPERSONATION,
+ SEC_FLAG_SYSTEM_SECURITY, /* desired access */
+ 0, /* file_attributes, */
+ FILE_SHARE_READ|
+ FILE_SHARE_WRITE|
+ FILE_SHARE_DELETE, /* share_access, */
+ FILE_OPEN, /* create_disposition, */
+ FILE_NON_DIRECTORY_FILE, /* create_options, */
+ NULL, /* in_cblobs. */
+ &fnum, /* fnum */
+ NULL, /* smb_create_returns */
+ talloc_tos(), /* mem_ctx */
+ NULL); /* out_cblobs */
+
+ if (NT_STATUS_EQUAL(status, NT_STATUS_PRIVILEGE_NOT_HELD)) {
+ printf("SMB2-SACL-TEST can only work with a user "
+ "who has been granted SeSecurityPrivilege.\n"
+ "This is the "
+ "\"Manage auditing and security log\""
+ "privilege setting on Windows\n");
+ goto fail;
+ }
+
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
+ printf("open file %s with SEC_FLAG_SYSTEM_SECURITY only: "
+ "got %s - should fail with ACCESS_DENIED\n",
+ fname,
+ nt_errstr(status));
+ goto fail;
+ }
+
+ /*
+ * Open with SEC_FLAG_SYSTEM_SECURITY|FILE_WRITE_ATTRIBUTES.
+ */
+
+ status = cli_smb2_create_fnum(cli,
+ fname,
+ SMB2_OPLOCK_LEVEL_NONE,
+ SMB2_IMPERSONATION_IMPERSONATION,
+ SEC_FLAG_SYSTEM_SECURITY|
+ FILE_WRITE_ATTRIBUTES, /* desired access */
+ 0, /* file_attributes, */
+ FILE_SHARE_READ|
+ FILE_SHARE_WRITE|
+ FILE_SHARE_DELETE, /* share_access, */
+ FILE_OPEN, /* create_disposition, */
+ FILE_NON_DIRECTORY_FILE, /* create_options, */
+ NULL, /* in_cblobs. */
+ &fnum, /* fnum */
+ NULL, /* smb_create_returns */
+ talloc_tos(), /* mem_ctx */
+ NULL); /* out_cblobs */
+
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("Open of %s with (SEC_FLAG_SYSTEM_SECURITY|"
+ "FILE_WRITE_ATTRIBUTES) failed (%s)\n",
+ fname,
+ nt_errstr(status));
+ goto fail;
+ }
+
+ /* Create an SD with a SACL. */
+ sd_sacl = security_descriptor_sacl_create(talloc_tos(),
+ 0,
+ NULL, /* owner. */
+ NULL, /* group. */
+ /* first ACE. */
+ SID_WORLD,
+ SEC_ACE_TYPE_SYSTEM_AUDIT,
+ SEC_GENERIC_ALL,
+ SEC_ACE_FLAG_FAILED_ACCESS,
+ NULL);
+
+ if (sd_sacl == NULL) {
+ printf("Out of memory creating SACL\n");
+ goto fail;
+ }
+
+ /*
+ * Write the SACL SD. This should fail
+ * even though we have SEC_FLAG_SYSTEM_SECURITY,
+ * as it seems to also need WRITE_DAC access.
+ */
+ status = cli_set_security_descriptor(cli,
+ fnum,
+ SECINFO_DACL|SECINFO_SACL,
+ sd_sacl);
+
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
+ printf("Writing SACL on file %s got (%s) "
+ "should have failed with ACCESS_DENIED.\n",
+ fname,
+ nt_errstr(status));
+ goto fail;
+ }
+
+ /* And close. */
+ cli_smb2_close_fnum(cli, fnum);
+ fnum = (uint16_t)-1;
+
+ /*
+ * Open with SEC_FLAG_SYSTEM_SECURITY|SEC_STD_WRITE_DAC.
+ */
+
+ status = cli_smb2_create_fnum(cli,
+ fname,
+ SMB2_OPLOCK_LEVEL_NONE,
+ SMB2_IMPERSONATION_IMPERSONATION,
+ SEC_FLAG_SYSTEM_SECURITY|
+ SEC_STD_WRITE_DAC, /* desired access */
+ 0, /* file_attributes, */
+ FILE_SHARE_READ|
+ FILE_SHARE_WRITE|
+ FILE_SHARE_DELETE, /* share_access, */
+ FILE_OPEN, /* create_disposition, */
+ FILE_NON_DIRECTORY_FILE, /* create_options, */
+ NULL, /* in_cblobs. */
+ &fnum, /* fnum */
+ NULL, /* smb_create_returns */
+ talloc_tos(), /* mem_ctx */
+ NULL); /* out_cblobs */
+
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("Open of %s with (SEC_FLAG_SYSTEM_SECURITY|"
+ "FILE_WRITE_ATTRIBUTES) failed (%s)\n",
+ fname,
+ nt_errstr(status));
+ goto fail;
+ }
+
+ /*
+ * Write the SACL SD. This should now succeed
+ * as we have both SEC_FLAG_SYSTEM_SECURITY
+ * and WRITE_DAC access.
+ */
+ status = cli_set_security_descriptor(cli,
+ fnum,
+ SECINFO_DACL|SECINFO_SACL,
+ sd_sacl);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_set_security_descriptor SACL "
+ "on file %s failed (%s)\n",
+ fname,
+ nt_errstr(status));
+ goto fail;
+ }
+
+ /* And close. */
+ cli_smb2_close_fnum(cli, fnum);
+ fnum = (uint16_t)-1;
+
+ /* We're done with the sacl we made. */
+ TALLOC_FREE(sd_sacl);
+
+ /*
+ * Now try to open with SEC_FLAG_SYSTEM_SECURITY|READ_ATTRIBUTES.
+ * This gives us access to the SACL.
+ */
+
+ status = cli_smb2_create_fnum(cli,
+ fname,
+ SMB2_OPLOCK_LEVEL_NONE,
+ SMB2_IMPERSONATION_IMPERSONATION,
+ SEC_FLAG_SYSTEM_SECURITY|
+ FILE_READ_ATTRIBUTES, /* desired access */
+ 0, /* file_attributes, */
+ FILE_SHARE_READ|
+ FILE_SHARE_WRITE|
+ FILE_SHARE_DELETE, /* share_access, */
+ FILE_OPEN, /* create_disposition, */
+ FILE_NON_DIRECTORY_FILE, /* create_options, */
+ NULL, /* in_cblobs. */
+ &fnum, /* fnum */
+ NULL, /* smb_create_returns */
+ talloc_tos(), /* mem_ctx */
+ NULL); /* out_cblobs */
+
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("Open of %s with (SEC_FLAG_SYSTEM_SECURITY|"
+ "FILE_READ_ATTRIBUTES) failed (%s)\n",
+ fname,
+ nt_errstr(status));
+ goto fail;
+ }
+
+ /* Try and read the SACL - should succeed. */
+ status = cli_query_security_descriptor(
+ cli, fnum, SECINFO_SACL, talloc_tos(), &sd_sacl);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("Read SACL from file %s failed (%s)\n",
+ fname,
+ nt_errstr(status));
+ goto fail;
+ }
+
+ TALLOC_FREE(sd_sacl);
+
+ /*
+ * Try and read the DACL - should fail as we have
+ * no READ_DAC access.
+ */
+ status = cli_query_security_descriptor(
+ cli, fnum, SECINFO_DACL, talloc_tos(), &sd_sacl);
+
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
+ printf("Reading DACL on file %s got (%s) "
+ "should have failed with ACCESS_DENIED.\n",
+ fname,
+ nt_errstr(status));
+ goto fail;
+ }
+
+ if (fnum != (uint16_t)-1) {
+ cli_smb2_close_fnum(cli, fnum);
+ fnum = (uint16_t)-1;
+ }
+
+ TALLOC_FREE(sd_dacl);
+ TALLOC_FREE(sd_sacl);
+
+ (void)cli_unlink(cli, fname, 0);
+ return true;
+
+ fail:
+
+ TALLOC_FREE(sd_dacl);
+ TALLOC_FREE(sd_sacl);
+
+ if (fnum != (uint16_t)-1) {
+ cli_smb2_close_fnum(cli, fnum);
+ fnum = (uint16_t)-1;
+ }
+
+ (void)cli_unlink(cli, fname, 0);
+ return false;
+}
+
+bool run_smb2_quota1(int dummy)
+{
+ struct cli_state *cli = NULL;
+ NTSTATUS status;
+ uint16_t fnum = (uint16_t)-1;
+ SMB_NTQUOTA_STRUCT qt = {0};
+
+ printf("Starting SMB2-QUOTA1\n");
+
+ if (!torture_init_connection(&cli)) {
+ return false;
+ }
+
+ status = smbXcli_negprot(cli->conn,
+ cli->timeout,
+ PROTOCOL_SMB2_02,
+ PROTOCOL_SMB3_11);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smbXcli_negprot returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = cli_session_setup_creds(cli, torture_creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_session_setup returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = cli_tree_connect(cli, share, "?????", NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_tree_connect returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = cli_smb2_create_fnum(
+ cli,
+ "\\",
+ SMB2_OPLOCK_LEVEL_NONE,
+ SMB2_IMPERSONATION_IMPERSONATION,
+ SEC_GENERIC_READ, /* desired access */
+ 0, /* file_attributes, */
+ FILE_SHARE_READ|
+ FILE_SHARE_WRITE|
+ FILE_SHARE_DELETE, /* share_access, */
+ FILE_OPEN, /* create_disposition, */
+ FILE_DIRECTORY_FILE, /* create_options, */
+ NULL, /* in_cblobs. */
+ &fnum, /* fnum */
+ NULL, /* smb_create_returns */
+ NULL, /* mem_ctx */
+ NULL); /* out_cblobs */
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_smb2_create_fnum failed: %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = cli_smb2_get_user_quota(cli, fnum, &qt);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_HANDLE)) {
+ printf("cli_smb2_get_user_quota returned %s, expected "
+ "NT_STATUS_INVALID_HANDLE\n",
+ nt_errstr(status));
+ return false;
+ }
+
+ return true;
+}
+
+bool run_smb2_stream_acl(int dummy)
+{
+ struct cli_state *cli = NULL;
+ NTSTATUS status;
+ uint16_t fnum = (uint16_t)-1;
+ const char *fname = "stream_acl_test_file";
+ const char *sname = "stream_acl_test_file:streamname";
+ struct security_descriptor *sd_dacl = NULL;
+ bool ret = false;
+
+ printf("SMB2 stream acl\n");
+
+ if (!torture_init_connection(&cli)) {
+ return false;
+ }
+
+ status = smbXcli_negprot(cli->conn,
+ cli->timeout,
+ PROTOCOL_SMB2_02,
+ PROTOCOL_SMB3_11);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smbXcli_negprot returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = cli_session_setup_creds(cli, torture_creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_session_setup returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = cli_tree_connect(cli, share, "?????", NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_tree_connect returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ /* Ensure file doesn't exist. */
+ (void)cli_unlink(cli, fname, 0);
+
+ /* Create the file. */
+ status = cli_ntcreate(cli,
+ fname,
+ 0,
+ GENERIC_ALL_ACCESS,
+ FILE_ATTRIBUTE_NORMAL,
+ FILE_SHARE_NONE,
+ FILE_CREATE,
+ 0,
+ 0,
+ &fnum,
+ NULL);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("Create of %s failed (%s)\n",
+ fname,
+ nt_errstr(status));
+ goto fail;
+ }
+
+ /* Close the handle. */
+ cli_smb2_close_fnum(cli, fnum);
+ fnum = (uint16_t)-1;
+
+ /* Create the stream. */
+ status = cli_ntcreate(cli,
+ sname,
+ 0,
+ FILE_READ_DATA|
+ SEC_STD_READ_CONTROL|
+ SEC_STD_WRITE_DAC,
+ FILE_ATTRIBUTE_NORMAL,
+ FILE_SHARE_NONE,
+ FILE_CREATE,
+ 0,
+ 0,
+ &fnum,
+ NULL);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("Create of %s failed (%s)\n",
+ sname,
+ nt_errstr(status));
+ goto fail;
+ }
+
+ /* Close the handle. */
+ cli_smb2_close_fnum(cli, fnum);
+ fnum = (uint16_t)-1;
+
+ /*
+ * Open the stream - for Samba this ensures
+ * we prove we have a pathref fsp.
+ */
+ status = cli_ntcreate(cli,
+ sname,
+ 0,
+ FILE_READ_DATA|
+ SEC_STD_READ_CONTROL|
+ SEC_STD_WRITE_DAC,
+ FILE_ATTRIBUTE_NORMAL,
+ FILE_SHARE_NONE,
+ FILE_OPEN,
+ 0,
+ 0,
+ &fnum,
+ NULL);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("Open of %s failed (%s)\n",
+ sname,
+ nt_errstr(status));
+ goto fail;
+ }
+
+ /* Read the security descriptor off the stream handle. */
+ status = cli_query_security_descriptor(cli,
+ fnum,
+ SECINFO_DACL,
+ talloc_tos(),
+ &sd_dacl);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("Reading DACL on stream %s got (%s)\n",
+ sname,
+ nt_errstr(status));
+ goto fail;
+ }
+
+ if (sd_dacl == NULL || sd_dacl->dacl == NULL ||
+ sd_dacl->dacl->num_aces < 1) {
+ printf("Invalid DACL returned on stream %s "
+ "(this should not happen)\n",
+ sname);
+ goto fail;
+ }
+
+ /*
+ * Ensure it allows FILE_READ_DATA in the first ace.
+ * It always should.
+ */
+ if ((sd_dacl->dacl->aces[0].access_mask & FILE_READ_DATA) == 0) {
+ printf("DACL->ace[0] returned on stream %s "
+ "doesn't have read access (should not happen)\n",
+ sname);
+ goto fail;
+ }
+
+ /* Remove FILE_READ_DATA from the first ace and set. */
+ sd_dacl->dacl->aces[0].access_mask &= ~FILE_READ_DATA;
+
+ status = cli_set_security_descriptor(cli,
+ fnum,
+ SECINFO_DACL,
+ sd_dacl);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("Setting DACL on stream %s got (%s)\n",
+ sname,
+ nt_errstr(status));
+ goto fail;
+ }
+
+ TALLOC_FREE(sd_dacl);
+
+ /* Read again and check it changed. */
+ status = cli_query_security_descriptor(cli,
+ fnum,
+ SECINFO_DACL,
+ talloc_tos(),
+ &sd_dacl);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("Reading DACL on stream %s got (%s)\n",
+ sname,
+ nt_errstr(status));
+ goto fail;
+ }
+
+ if (sd_dacl == NULL || sd_dacl->dacl == NULL ||
+ sd_dacl->dacl->num_aces < 1) {
+ printf("Invalid DACL (1) returned on stream %s "
+ "(this should not happen)\n",
+ sname);
+ goto fail;
+ }
+
+ /* FILE_READ_DATA should be gone from the first ace. */
+ if ((sd_dacl->dacl->aces[0].access_mask & FILE_READ_DATA) != 0) {
+ printf("DACL on stream %s did not change\n",
+ sname);
+ goto fail;
+ }
+
+ ret = true;
+
+ fail:
+
+ if (fnum != (uint16_t)-1) {
+ cli_smb2_close_fnum(cli, fnum);
+ fnum = (uint16_t)-1;
+ }
+
+ (void)cli_unlink(cli, fname, 0);
+ return ret;
+}
+
+static NTSTATUS list_fn(struct file_info *finfo,
+ const char *name,
+ void *state)
+{
+ bool *matched = (bool *)state;
+ if (finfo->attr & FILE_ATTRIBUTE_DIRECTORY) {
+ *matched = true;
+ }
+ return NT_STATUS_OK;
+}
+
+/*
+ * Must be run against a share with "smbd async dosmode = yes".
+ * Checks we can return DOS attriutes other than "N".
+ * BUG: https://bugzilla.samba.org/show_bug.cgi?id=14758
+ */
+
+bool run_list_dir_async_test(int dummy)
+{
+ struct cli_state *cli = NULL;
+ NTSTATUS status;
+ const char *dname = "ASYNC_DIR";
+ bool ret = false;
+ bool matched = false;
+
+ printf("SMB2 list dir async\n");
+
+ if (!torture_init_connection(&cli)) {
+ return false;
+ }
+
+ status = smbXcli_negprot(cli->conn,
+ cli->timeout,
+ PROTOCOL_SMB2_02,
+ PROTOCOL_SMB3_11);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smbXcli_negprot returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = cli_session_setup_creds(cli, torture_creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_session_setup returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = cli_tree_connect(cli, share, "?????", NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_tree_connect returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ /* Ensure directory doesn't exist. */
+ (void)cli_rmdir(cli, dname);
+
+ status = cli_mkdir(cli, dname);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_mkdir %s returned %s\n", dname, nt_errstr(status));
+ return false;
+ }
+
+ status = cli_list(cli,
+ dname,
+ FILE_ATTRIBUTE_NORMAL|FILE_ATTRIBUTE_DIRECTORY,
+ list_fn,
+ &matched);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_list %s returned %s\n", dname, nt_errstr(status));
+ goto fail;
+ }
+
+ if (!matched) {
+ printf("Failed to find %s\n", dname);
+ goto fail;
+ }
+
+ ret = true;
+
+ fail:
+
+ (void)cli_rmdir(cli, dname);
+ return ret;
+}
+
+/*
+ * Test delete a directory fails if a file is created
+ * in a directory after the delete on close is set.
+ * BUG: https://bugzilla.samba.org/show_bug.cgi?id=14892
+ */
+
+bool run_delete_on_close_non_empty(int dummy)
+{
+ struct cli_state *cli = NULL;
+ NTSTATUS status;
+ const char *dname = "DEL_ON_CLOSE_DIR";
+ const char *fname = "DEL_ON_CLOSE_DIR\\testfile";
+ uint16_t fnum = (uint16_t)-1;
+ uint16_t fnum1 = (uint16_t)-1;
+ bool ret = false;
+
+ printf("SMB2 delete on close nonempty\n");
+
+ if (!torture_init_connection(&cli)) {
+ return false;
+ }
+
+ status = smbXcli_negprot(cli->conn,
+ cli->timeout,
+ PROTOCOL_SMB2_02,
+ PROTOCOL_SMB3_11);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smbXcli_negprot returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = cli_session_setup_creds(cli, torture_creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_session_setup returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = cli_tree_connect(cli, share, "?????", NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_tree_connect returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ /* Ensure directory doesn't exist. */
+ (void)cli_unlink(cli,
+ fname,
+ FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN);
+ (void)cli_rmdir(cli, dname);
+
+ /* Create target directory. */
+ status = cli_ntcreate(cli,
+ dname,
+ 0,
+ DELETE_ACCESS|FILE_READ_DATA,
+ FILE_ATTRIBUTE_DIRECTORY,
+ FILE_SHARE_READ|
+ FILE_SHARE_WRITE|
+ FILE_SHARE_DELETE,
+ FILE_CREATE,
+ FILE_DIRECTORY_FILE,
+ 0,
+ &fnum,
+ NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_ntcreate for directory %s returned %s\n",
+ dname,
+ nt_errstr(status));
+ goto out;
+ }
+
+ /* Now set the delete on close bit. */
+ status = cli_nt_delete_on_close(cli, fnum, 1);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_cli_nt_delete_on_close set for directory "
+ "%s returned %s\n",
+ dname,
+ nt_errstr(status));
+ goto out;
+ }
+
+ /* Create file inside target directory. */
+ /*
+ * NB. On Windows this will return NT_STATUS_DELETE_PENDING. Only on
+ * Samba will this succeed by default (the option "check parent
+ * directory delete on close" configures behaviour), but we're using
+ * this to test a race condition.
+ */
+ status = cli_ntcreate(cli,
+ fname,
+ 0,
+ FILE_READ_DATA,
+ FILE_ATTRIBUTE_NORMAL,
+ FILE_SHARE_READ|
+ FILE_SHARE_WRITE|
+ FILE_SHARE_DELETE,
+ FILE_CREATE,
+ 0,
+ 0,
+ &fnum1,
+ NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_ntcreate for file %s returned %s\n",
+ fname,
+ nt_errstr(status));
+ goto out;
+ }
+ cli_close(cli, fnum1);
+ fnum1 = (uint16_t)-1;
+
+ /* Now the close should fail. */
+ status = cli_close(cli, fnum);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_DIRECTORY_NOT_EMPTY)) {
+ printf("cli_close for directory %s returned %s\n",
+ dname,
+ nt_errstr(status));
+ goto out;
+ }
+
+ ret = true;
+
+ out:
+
+ if (fnum1 != (uint16_t)-1) {
+ cli_close(cli, fnum1);
+ }
+ if (fnum != (uint16_t)-1) {
+ cli_nt_delete_on_close(cli, fnum, 0);
+ cli_close(cli, fnum);
+ }
+ (void)cli_unlink(cli,
+ fname,
+ FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN);
+ (void)cli_rmdir(cli, dname);
+ return ret;
+}
+
+static NTSTATUS check_empty_fn(struct file_info *finfo,
+ const char *mask,
+ void *private_data)
+{
+ unsigned int *pcount = (unsigned int *)private_data;
+
+ if (ISDOT(finfo->name) || ISDOTDOT(finfo->name)) {
+ (*pcount)++;
+ return NT_STATUS_OK;
+ }
+ return NT_STATUS_DIRECTORY_NOT_EMPTY;
+}
+
+/*
+ * Test setting the delete on close bit on a directory
+ * containing an unwritable file fails or succeeds
+ * an a share set with "hide unwritable = yes"
+ * depending on the setting of "delete veto files".
+ * BUG: https://bugzilla.samba.org/show_bug.cgi?id=15023
+ *
+ * First version. With "delete veto files = yes"
+ * setting the delete on close should succeed.
+ */
+
+bool run_delete_on_close_nonwrite_delete_yes_test(int dummy)
+{
+ struct cli_state *cli = NULL;
+ NTSTATUS status;
+ const char *dname = "delete_veto_yes";
+ const char *list_dname = "delete_veto_yes\\*";
+ uint16_t fnum = (uint16_t)-1;
+ bool ret = false;
+ unsigned int list_count = 0;
+
+ printf("SMB2 delete on close nonwrite - delete veto yes\n");
+
+ if (!torture_init_connection(&cli)) {
+ return false;
+ }
+
+ status = smbXcli_negprot(cli->conn,
+ cli->timeout,
+ PROTOCOL_SMB2_02,
+ PROTOCOL_SMB3_11);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smbXcli_negprot returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = cli_session_setup_creds(cli, torture_creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_session_setup returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = cli_tree_connect(cli, share, "?????", NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_tree_connect returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ /* Ensure target directory is seen as empty. */
+ status = cli_list(cli,
+ list_dname,
+ FILE_ATTRIBUTE_DIRECTORY |
+ FILE_ATTRIBUTE_HIDDEN |
+ FILE_ATTRIBUTE_SYSTEM,
+ check_empty_fn,
+ &list_count);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_list of %s returned %s\n",
+ dname,
+ nt_errstr(status));
+ return false;
+ }
+ if (list_count != 2) {
+ printf("cli_list of %s returned a count of %u\n",
+ dname,
+ list_count);
+ return false;
+ }
+
+ /* Open target directory. */
+ status = cli_ntcreate(cli,
+ dname,
+ 0,
+ DELETE_ACCESS|FILE_READ_DATA,
+ FILE_ATTRIBUTE_DIRECTORY,
+ FILE_SHARE_READ|
+ FILE_SHARE_WRITE|
+ FILE_SHARE_DELETE,
+ FILE_OPEN,
+ FILE_DIRECTORY_FILE,
+ 0,
+ &fnum,
+ NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_ntcreate for directory %s returned %s\n",
+ dname,
+ nt_errstr(status));
+ goto out;
+ }
+
+ /* Now set the delete on close bit. */
+ status = cli_nt_delete_on_close(cli, fnum, 1);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_cli_nt_delete_on_close set for directory "
+ "%s returned %s (should have succeeded)\n",
+ dname,
+ nt_errstr(status));
+ goto out;
+ }
+
+ ret = true;
+
+ out:
+
+ if (fnum != (uint16_t)-1) {
+ (void)cli_nt_delete_on_close(cli, fnum, 0);
+ (void)cli_close(cli, fnum);
+ }
+ return ret;
+}
+
+/*
+ * Test setting the delete on close bit on a directory
+ * containing an unwritable file fails or succeeds
+ * an a share set with "hide unwritable = yes"
+ * depending on the setting of "delete veto files".
+ * BUG: https://bugzilla.samba.org/show_bug.cgi?id=15023
+ *
+ * Second version. With "delete veto files = no"
+ * setting the delete on close should fail.
+ */
+
+bool run_delete_on_close_nonwrite_delete_no_test(int dummy)
+{
+ struct cli_state *cli = NULL;
+ NTSTATUS status;
+ const char *dname = "delete_veto_no";
+ const char *list_dname = "delete_veto_no\\*";
+ uint16_t fnum = (uint16_t)-1;
+ bool ret = false;
+ unsigned int list_count = 0;
+
+ printf("SMB2 delete on close nonwrite - delete veto yes\n");
+
+ if (!torture_init_connection(&cli)) {
+ return false;
+ }
+
+ status = smbXcli_negprot(cli->conn,
+ cli->timeout,
+ PROTOCOL_SMB2_02,
+ PROTOCOL_SMB3_11);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smbXcli_negprot returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = cli_session_setup_creds(cli, torture_creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_session_setup returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = cli_tree_connect(cli, share, "?????", NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_tree_connect returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ /* Ensure target directory is seen as empty. */
+ status = cli_list(cli,
+ list_dname,
+ FILE_ATTRIBUTE_DIRECTORY |
+ FILE_ATTRIBUTE_HIDDEN |
+ FILE_ATTRIBUTE_SYSTEM,
+ check_empty_fn,
+ &list_count);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_list of %s returned %s\n",
+ dname,
+ nt_errstr(status));
+ return false;
+ }
+ if (list_count != 2) {
+ printf("cli_list of %s returned a count of %u\n",
+ dname,
+ list_count);
+ return false;
+ }
+
+ /* Open target directory. */
+ status = cli_ntcreate(cli,
+ dname,
+ 0,
+ DELETE_ACCESS|FILE_READ_DATA,
+ FILE_ATTRIBUTE_DIRECTORY,
+ FILE_SHARE_READ|
+ FILE_SHARE_WRITE|
+ FILE_SHARE_DELETE,
+ FILE_OPEN,
+ FILE_DIRECTORY_FILE,
+ 0,
+ &fnum,
+ NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_ntcreate for directory %s returned %s\n",
+ dname,
+ nt_errstr(status));
+ goto out;
+ }
+
+ /* Now set the delete on close bit. */
+ status = cli_nt_delete_on_close(cli, fnum, 1);
+ if (NT_STATUS_IS_OK(status)) {
+ printf("cli_cli_nt_delete_on_close set for directory "
+ "%s returned NT_STATUS_OK "
+ "(should have failed)\n",
+ dname);
+ goto out;
+ }
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_DIRECTORY_NOT_EMPTY)) {
+ printf("cli_cli_nt_delete_on_close set for directory "
+ "%s returned %s "
+ "(should have returned "
+ "NT_STATUS_DIRECTORY_NOT_EMPTY)\n",
+ dname,
+ nt_errstr(status));
+ goto out;
+ }
+
+ ret = true;
+
+ out:
+
+ if (fnum != (uint16_t)-1) {
+ (void)cli_nt_delete_on_close(cli, fnum, 0);
+ (void)cli_close(cli, fnum);
+ }
+ return ret;
+}
+
+bool run_smb2_invalid_pipename(int dummy)
+{
+ struct cli_state *cli = NULL;
+ NTSTATUS status;
+ uint64_t fid_persistent = 0;
+ uint64_t fid_volatile = 0;
+ const char *unknown_pipe = "badpipe";
+ const char *invalid_pipe = "../../../../../../../../../badpipe";
+
+ printf("Starting SMB2-INVALID-PIPENAME\n");
+
+ if (!torture_init_connection(&cli)) {
+ return false;
+ }
+
+ status = smbXcli_negprot(cli->conn,
+ cli->timeout,
+ PROTOCOL_SMB2_02,
+ PROTOCOL_SMB3_11);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("smbXcli_negprot returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = cli_session_setup_creds(cli, torture_creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_session_setup returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ status = cli_tree_connect(cli, "IPC$", "?????", NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("cli_tree_connect returned %s\n", nt_errstr(status));
+ return false;
+ }
+
+ /* Try and connect to an unknown pipename. */
+ status = smb2cli_create(cli->conn,
+ cli->timeout,
+ cli->smb2.session,
+ cli->smb2.tcon,
+ unknown_pipe,
+ SMB2_OPLOCK_LEVEL_NONE, /* oplock_level, */
+ SMB2_IMPERSONATION_IMPERSONATION, /* impersonation_level, */
+ SEC_STD_SYNCHRONIZE|
+ SEC_FILE_READ_DATA|
+ SEC_FILE_WRITE_DATA|
+ SEC_FILE_READ_ATTRIBUTE, /* desired_access, */
+ FILE_ATTRIBUTE_NORMAL, /* file_attributes, */
+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, /* share_access, */
+ FILE_CREATE, /* create_disposition, */
+ 0, /* create_options, */
+ NULL, /* smb2_create_blobs *blobs */
+ &fid_persistent,
+ &fid_volatile,
+ NULL, /* struct smb_create_returns * */
+ talloc_tos(), /* mem_ctx. */
+ NULL); /* struct smb2_create_blobs */
+ /* We should get NT_STATUS_OBJECT_NAME_NOT_FOUND */
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+ printf("%s:%d smb2cli_create on name %s returned %s\n",
+ __FILE__,
+ __LINE__,
+ unknown_pipe,
+ nt_errstr(status));
+ return false;
+ }
+
+ /* Try and connect to an invalid pipename containing unix separators. */
+ status = smb2cli_create(cli->conn,
+ cli->timeout,
+ cli->smb2.session,
+ cli->smb2.tcon,
+ invalid_pipe,
+ SMB2_OPLOCK_LEVEL_NONE, /* oplock_level, */
+ SMB2_IMPERSONATION_IMPERSONATION, /* impersonation_level, */
+ SEC_STD_SYNCHRONIZE|
+ SEC_FILE_READ_DATA|
+ SEC_FILE_WRITE_DATA|
+ SEC_FILE_READ_ATTRIBUTE, /* desired_access, */
+ FILE_ATTRIBUTE_NORMAL, /* file_attributes, */
+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, /* share_access, */
+ FILE_CREATE, /* create_disposition, */
+ 0, /* create_options, */
+ NULL, /* smb2_create_blobs *blobs */
+ &fid_persistent,
+ &fid_volatile,
+ NULL, /* struct smb_create_returns * */
+ talloc_tos(), /* mem_ctx. */
+ NULL); /* struct smb2_create_blobs */
+ /*
+ * We should still get NT_STATUS_OBJECT_NAME_NOT_FOUND
+ * (tested against Windows 2022).
+ */
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+ printf("%s:%d smb2cli_create on name %s returned %s\n",
+ __FILE__,
+ __LINE__,
+ invalid_pipe,
+ nt_errstr(status));
+ return false;
+ }
+ return true;
+}