Adding upstream version 2:4.17.12+dfsg.upstream/2%4.17.12+dfsgupstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

3 files changed, 976 insertions, 0 deletions

diff --git a/source4/torture/unix/unix.c b/source4/torture/unix/unix.c
new file mode 100644
index 0000000..8ee3d8d
--- /dev/null
+++ b/source4/torture/unix/unix.c
@@ -0,0 +1,40 @@
+/*
+   UNIX Extensions test registration.
+
+   Copyright (C) 2007 James Peach
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "torture/smbtorture.h"
+#include "torture/unix/proto.h"
+
+NTSTATUS torture_unix_init(TALLOC_CTX *ctx)
+{
+        struct torture_suite *suite =
+                torture_suite_create(ctx, "unix");
+
+        suite->description =
+                talloc_strdup(suite, "CIFS UNIX extensions tests");
+
+	torture_suite_add_simple_test(suite,
+                        "whoami", torture_unix_whoami);
+	torture_suite_add_simple_test(suite,
+			"info2", unix_torture_unix_info2);
+
+        return (torture_register_suite(ctx, suite)) ? NT_STATUS_OK
+                                        : NT_STATUS_UNSUCCESSFUL;
+
+}
diff --git a/source4/torture/unix/unix_info2.c b/source4/torture/unix/unix_info2.c
new file mode 100644
index 0000000..cf3ea37
--- /dev/null
+++ b/source4/torture/unix/unix_info2.c
@@ -0,0 +1,503 @@
+/*
+   Test the SMB_QUERY_FILE_UNIX_INFO2 Unix extension.
+
+   Copyright (C) 2007 James Peach
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/libcli.h"
+#include "libcli/raw/raw_proto.h"
+#include "torture/util.h"
+#include "torture/unix/proto.h"
+#include "lib/cmdline/cmdline.h"
+#include "libcli/resolve/resolve.h"
+#include "param/param.h"
+
+struct unix_info2 {
+	uint64_t end_of_file;
+	uint64_t num_bytes;
+	NTTIME status_change_time;
+	NTTIME access_time;
+	NTTIME change_time;
+	uint64_t uid;
+	uint64_t gid;
+	uint32_t file_type;
+	uint64_t dev_major;
+	uint64_t dev_minor;
+	uint64_t unique_id;
+	uint64_t permissions;
+	uint64_t nlink;
+	NTTIME create_time;
+	uint32_t file_flags;
+	uint32_t flags_mask;
+};
+
+static struct smbcli_state *connect_to_server(struct torture_context *tctx)
+{
+	NTSTATUS status;
+	struct smbcli_state *cli;
+
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	const char *share = torture_setting_string(tctx, "share", NULL);
+	struct smbcli_options options;
+	struct smbcli_session_options session_options;
+	struct smb_trans2 tp;
+	uint16_t setup;
+	uint8_t data[12];
+	uint8_t params[4];
+
+	lpcfg_smbcli_options(tctx->lp_ctx, &options);
+	lpcfg_smbcli_session_options(tctx->lp_ctx, &session_options);
+
+	status = smbcli_full_connection(tctx, &cli, host, 
+					lpcfg_smb_ports(tctx->lp_ctx),
+					share, NULL, lpcfg_socket_options(tctx->lp_ctx),
+					samba_cmdline_get_creds(),
+					lpcfg_resolve_context(tctx->lp_ctx),
+					tctx->ev, &options, &session_options,
+					lpcfg_gensec_settings(tctx, tctx->lp_ctx));
+
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx, "failed to connect to //%s/%s: %s\n",
+			       host, share, nt_errstr(status));
+		torture_result(tctx, TORTURE_FAIL, "Failed to connect to server");
+		return NULL;
+	}
+
+	/* Setup POSIX on the server. */
+	SSVAL(data, 0, CIFS_UNIX_MAJOR_VERSION);
+	SSVAL(data, 2, CIFS_UNIX_MINOR_VERSION);
+	SBVAL(data,4,((uint64_t)(
+		CIFS_UNIX_POSIX_ACLS_CAP|
+		CIFS_UNIX_POSIX_PATHNAMES_CAP|
+		CIFS_UNIX_FCNTL_LOCKS_CAP|
+		CIFS_UNIX_EXTATTR_CAP|
+		CIFS_UNIX_POSIX_PATH_OPERATIONS_CAP)));
+	setup = TRANSACT2_SETFSINFO;
+	tp.in.max_setup = 0;
+	tp.in.flags = 0;
+	tp.in.timeout = 0;
+	tp.in.setup_count = 1;
+	tp.in.max_param = 0;
+	tp.in.max_data = 0;
+	tp.in.setup = &setup;
+	tp.in.trans_name = NULL;
+	SSVAL(params, 0, 0);
+	SSVAL(params, 2, SMB_SET_CIFS_UNIX_INFO);
+	tp.in.params = data_blob_talloc(tctx, params, 4);
+	tp.in.data = data_blob_talloc(tctx, data, 12);
+
+	status = smb_raw_trans2(cli->tree, tctx, &tp);
+	torture_assert_ntstatus_equal(tctx, status, NT_STATUS_OK,
+		"doing SMB_SET_CIFS_UNIX_INFO");
+
+	return cli;
+}
+
+static bool check_unix_info2(struct torture_context *torture,
+			struct unix_info2 *info2)
+{
+	printf("\tcreate_time=0x%016llu flags=0x%08x mask=0x%08x\n",
+			(unsigned long long)info2->create_time,
+			info2->file_flags, info2->flags_mask);
+
+	if (info2->file_flags == 0) {
+		return true;
+	}
+
+	/* If we have any file_flags set, they must be within the range
+	 * defined by flags_mask.
+	 */
+	if ((info2->flags_mask & info2->file_flags) == 0) {
+		torture_result(torture, TORTURE_FAIL,
+			__location__": UNIX_INFO2 flags field 0x%08x, "
+			"does not match mask 0x%08x\n",
+			info2->file_flags, info2->flags_mask);
+	}
+
+	return true;
+}
+
+static NTSTATUS set_path_info2(void *mem_ctx,
+				struct smbcli_state *cli,
+				const char *fname,
+				struct unix_info2 *info2)
+{
+	union smb_setfileinfo sfinfo;
+
+	ZERO_STRUCT(sfinfo.basic_info.in);
+	sfinfo.generic.level = RAW_SFILEINFO_UNIX_INFO2;
+	sfinfo.generic.in.file.path = fname;
+
+	sfinfo.unix_info2.in.end_of_file = info2->end_of_file;
+	sfinfo.unix_info2.in.num_bytes = info2->num_bytes;
+	sfinfo.unix_info2.in.status_change_time = info2->status_change_time;
+	sfinfo.unix_info2.in.access_time = info2->access_time;
+	sfinfo.unix_info2.in.change_time = info2->change_time;
+	sfinfo.unix_info2.in.uid = info2->uid;
+	sfinfo.unix_info2.in.gid = info2->gid;
+	sfinfo.unix_info2.in.file_type = info2->file_type;
+	sfinfo.unix_info2.in.dev_major = info2->dev_major;
+	sfinfo.unix_info2.in.dev_minor = info2->dev_minor;
+	sfinfo.unix_info2.in.unique_id = info2->unique_id;
+	sfinfo.unix_info2.in.permissions = info2->permissions;
+	sfinfo.unix_info2.in.nlink = info2->nlink;
+	sfinfo.unix_info2.in.create_time = info2->create_time;
+	sfinfo.unix_info2.in.file_flags = info2->file_flags;
+	sfinfo.unix_info2.in.flags_mask = info2->flags_mask;
+
+	return smb_raw_setpathinfo(cli->tree, &sfinfo);
+}
+
+static bool query_file_path_info2(void *mem_ctx,
+			struct torture_context *torture,
+			struct smbcli_state *cli,
+			int fnum,
+			const char *fname,
+			struct unix_info2 *info2)
+{
+	NTSTATUS result;
+	union smb_fileinfo finfo;
+
+	finfo.generic.level = RAW_FILEINFO_UNIX_INFO2;
+
+	if (fname) {
+		finfo.generic.in.file.path = fname;
+		result = smb_raw_pathinfo(cli->tree, mem_ctx, &finfo);
+	} else {
+		finfo.generic.in.file.fnum = fnum;
+		result = smb_raw_fileinfo(cli->tree, mem_ctx, &finfo);
+	}
+
+	torture_assert_ntstatus_equal(torture, result, NT_STATUS_OK,
+			smbcli_errstr(cli->tree));
+
+	info2->end_of_file = finfo.unix_info2.out.end_of_file;
+	info2->num_bytes = finfo.unix_info2.out.num_bytes;
+	info2->status_change_time = finfo.unix_info2.out.status_change_time;
+	info2->access_time = finfo.unix_info2.out.access_time;
+	info2->change_time = finfo.unix_info2.out.change_time;
+	info2->uid = finfo.unix_info2.out.uid;
+	info2->gid = finfo.unix_info2.out.gid;
+	info2->file_type = finfo.unix_info2.out.file_type;
+	info2->dev_major = finfo.unix_info2.out.dev_major;
+	info2->dev_minor = finfo.unix_info2.out.dev_minor;
+	info2->unique_id = finfo.unix_info2.out.unique_id;
+	info2->permissions = finfo.unix_info2.out.permissions;
+	info2->nlink = finfo.unix_info2.out.nlink;
+	info2->create_time = finfo.unix_info2.out.create_time;
+	info2->file_flags = finfo.unix_info2.out.file_flags;
+	info2->flags_mask = finfo.unix_info2.out.flags_mask;
+
+	if (!check_unix_info2(torture, info2)) {
+		return false;
+	}
+
+	return true;
+}
+
+static bool query_file_info2(void *mem_ctx,
+			struct torture_context *torture,
+			struct smbcli_state *cli,
+			int fnum,
+			struct unix_info2 *info2)
+{
+	return query_file_path_info2(mem_ctx, torture, cli, 
+			fnum, NULL, info2);
+}
+
+static bool query_path_info2(void *mem_ctx,
+			struct torture_context *torture,
+			struct smbcli_state *cli,
+			const char *fname,
+			struct unix_info2 *info2)
+{
+	return query_file_path_info2(mem_ctx, torture, cli, 
+			-1, fname, info2);
+}
+
+static bool search_callback(void *private_data, const union smb_search_data *fdata)
+{
+	struct unix_info2 *info2 = (struct unix_info2 *)private_data;
+
+	info2->end_of_file = fdata->unix_info2.end_of_file;
+	info2->num_bytes = fdata->unix_info2.num_bytes;
+	info2->status_change_time = fdata->unix_info2.status_change_time;
+	info2->access_time = fdata->unix_info2.access_time;
+	info2->change_time = fdata->unix_info2.change_time;
+	info2->uid = fdata->unix_info2.uid;
+	info2->gid = fdata->unix_info2.gid;
+	info2->file_type = fdata->unix_info2.file_type;
+	info2->dev_major = fdata->unix_info2.dev_major;
+	info2->dev_minor = fdata->unix_info2.dev_minor;
+	info2->unique_id = fdata->unix_info2.unique_id;
+	info2->permissions = fdata->unix_info2.permissions;
+	info2->nlink = fdata->unix_info2.nlink;
+	info2->create_time = fdata->unix_info2.create_time;
+	info2->file_flags = fdata->unix_info2.file_flags;
+	info2->flags_mask = fdata->unix_info2.flags_mask;
+
+	return true;
+}
+
+static bool find_single_info2(void *mem_ctx,
+			struct torture_context *torture,
+			struct smbcli_state *cli,
+			const char *fname,
+			struct unix_info2 *info2)
+{
+	union smb_search_first search;
+	NTSTATUS status;
+
+	/* Set up a new search for a single item, not using resume keys. */
+	ZERO_STRUCT(search);
+	search.t2ffirst.level = RAW_SEARCH_TRANS2;
+	search.t2ffirst.data_level = SMB_FIND_UNIX_INFO2;
+	search.t2ffirst.in.max_count = 1;
+	search.t2ffirst.in.flags = FLAG_TRANS2_FIND_CLOSE;
+	search.t2ffirst.in.pattern = fname;
+
+	status = smb_raw_search_first(cli->tree, mem_ctx,
+				      &search, info2, search_callback);
+	torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK,
+			smbcli_errstr(cli->tree));
+
+	torture_assert_int_equal(torture, search.t2ffirst.out.count, 1,
+			"expected exactly one result");
+	/*
+	 * In smbd directory listings using POSIX extensions
+	 * always treat the search pathname as a wildcard,
+	 * so don't expect end_of_search to be set here. Wildcard
+	 * searches always need a findnext to end the search.
+	 */
+	torture_assert_int_equal(torture, search.t2ffirst.out.end_of_search, 0,
+			"expected end_of_search to be false");
+
+	return check_unix_info2(torture, info2);
+}
+
+#define ASSERT_FLAGS_MATCH(info2, expected) \
+	if ((info2)->file_flags != (1 << i)) { \
+		torture_result(torture, TORTURE_FAIL, \
+			__location__": INFO2 flags field was 0x%08x, "\
+				"expected 0x%08x\n",\
+				(info2)->file_flags, expected); \
+	}
+
+static void set_no_metadata_change(struct unix_info2 *info2)
+{
+	info2->uid = SMB_UID_NO_CHANGE;
+	info2->gid = SMB_GID_NO_CHANGE;
+	info2->permissions = SMB_MODE_NO_CHANGE;
+
+	info2->end_of_file =
+		((uint64_t)SMB_SIZE_NO_CHANGE_HI << 32) | SMB_SIZE_NO_CHANGE_LO;
+
+	info2->status_change_time =
+		info2->access_time =
+		info2->change_time =
+		info2->create_time =
+		((uint64_t)SMB_SIZE_NO_CHANGE_HI << 32) | SMB_SIZE_NO_CHANGE_LO;
+}
+
+static bool verify_setinfo_flags(void *mem_ctx,
+			struct torture_context *torture,
+			struct smbcli_state *cli,
+			const char *fname)
+{
+	struct unix_info2 info2;
+	uint32_t smb_fmask;
+	int i;
+
+	bool ret = true;
+	NTSTATUS status;
+
+	if (!query_path_info2(mem_ctx, torture, cli, fname, &info2)) {
+		return false;
+	}
+
+	smb_fmask = info2.flags_mask;
+
+	/* For each possible flag, ask to set exactly 1 flag, making sure
+	 * that flag is in our requested mask.
+	 */
+	for (i = 0; i < 32; ++i) {
+		info2.file_flags = ((uint32_t)1 << i);
+		info2.flags_mask = smb_fmask | info2.file_flags;
+
+		set_no_metadata_change(&info2);
+		status = set_path_info2(mem_ctx, cli, fname, &info2);
+
+		if (info2.file_flags & smb_fmask) {
+			torture_assert_ntstatus_equal(torture,
+					status, NT_STATUS_OK,
+					"setting valid UNIX_INFO2 flag");
+
+			if (!query_path_info2(mem_ctx, torture, cli,
+						fname, &info2)) {
+				return false;
+			}
+
+			ASSERT_FLAGS_MATCH(&info2, 1 << i);
+
+
+		} else {
+			/* We tried to set a flag the server doesn't
+			 * understand.
+			 */
+			torture_assert_ntstatus_equal(torture,
+					status, NT_STATUS_INVALID_PARAMETER,
+					"setting invalid UNIX_INFO2 flag");
+		}
+	}
+
+	/* Make sure that a zero flags field does nothing. */
+	set_no_metadata_change(&info2);
+	info2.file_flags = 0xFFFFFFFF;
+	info2.flags_mask = 0;
+	status = set_path_info2(mem_ctx, cli, fname, &info2);
+	torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK,
+			"setting empty flags mask");
+
+	return ret;
+
+}
+
+static int create_file(struct smbcli_state *cli, const char * fname)
+{
+
+	return smbcli_nt_create_full(cli->tree, fname, 0,
+		SEC_FILE_READ_DATA|SEC_FILE_WRITE_DATA, FILE_ATTRIBUTE_NORMAL,
+		NTCREATEX_SHARE_ACCESS_NONE, NTCREATEX_DISP_OPEN_IF,
+		0, 0);
+}
+
+static bool match_info2(struct torture_context *torture,
+		const struct unix_info2 *pinfo,
+		const struct unix_info2 *finfo)
+{
+	printf("checking results match\n");
+
+	torture_assert_u64_equal(torture, finfo->end_of_file, 0,
+			"end_of_file should be 0");
+	torture_assert_u64_equal(torture, finfo->num_bytes, 0,
+			"num_bytes should be 0");
+
+	torture_assert_u64_equal(torture, finfo->end_of_file,
+			pinfo->end_of_file, "end_of_file mismatch");
+	torture_assert_u64_equal(torture, finfo->num_bytes, pinfo->num_bytes,
+			"num_bytes mismatch");
+
+	/* Don't match access_time. */
+
+	torture_assert_u64_equal(torture, finfo->status_change_time,
+			pinfo->status_change_time,
+			"status_change_time mismatch");
+	torture_assert_u64_equal(torture, finfo->change_time,
+			pinfo->change_time, "change_time mismatch");
+
+	torture_assert_u64_equal(torture, finfo->uid, pinfo->uid,
+			"UID mismatch");
+	torture_assert_u64_equal(torture, finfo->gid, pinfo->gid,
+			"GID mismatch");
+	torture_assert_int_equal(torture, finfo->file_type, pinfo->file_type,
+			"file_type mismatch");
+	torture_assert_u64_equal(torture, finfo->dev_major, pinfo->dev_major,
+			"dev_major mismatch");
+	torture_assert_u64_equal(torture, finfo->dev_minor, pinfo->dev_minor,
+			"dev_minor mismatch");
+	torture_assert_u64_equal(torture, finfo->unique_id, pinfo->unique_id,
+			"unique_id mismatch");
+	torture_assert_u64_equal(torture, finfo->permissions,
+			pinfo->permissions, "permissions mismatch");
+	torture_assert_u64_equal(torture, finfo->nlink, pinfo->nlink,
+			"nlink mismatch");
+	torture_assert_u64_equal(torture, finfo->create_time, pinfo->create_time,
+			"create_time mismatch");
+
+	return true;
+}
+
+
+#define FILENAME "\\smb_unix_info2.txt"
+
+bool unix_torture_unix_info2(struct torture_context *torture)
+{
+	void *mem_ctx;
+	struct smbcli_state *cli;
+	int fnum;
+
+	struct unix_info2 pinfo, finfo;
+
+	mem_ctx = talloc_init("smb_query_unix_info2");
+	torture_assert(torture, mem_ctx != NULL, "out of memory");
+
+	if (!(cli = connect_to_server(torture))) {
+		talloc_free(mem_ctx);
+		return false;
+	}
+
+	smbcli_unlink(cli->tree, FILENAME);
+
+	fnum = create_file(cli, FILENAME);
+	torture_assert(torture, fnum != -1, smbcli_errstr(cli->tree));
+
+	printf("checking SMB_QFILEINFO_UNIX_INFO2 for QueryFileInfo\n");
+	if (!query_file_info2(mem_ctx, torture, cli, fnum, &finfo)) {
+		goto fail;
+	}
+
+	printf("checking SMB_QFILEINFO_UNIX_INFO2 for QueryPathInfo\n");
+	if (!query_path_info2(mem_ctx, torture, cli, FILENAME, &pinfo)) {
+		goto fail;
+	}
+
+	if (!match_info2(torture, &pinfo, &finfo)) {
+		goto fail;
+	}
+
+	printf("checking SMB_FIND_UNIX_INFO2 for FindFirst\n");
+	if (!find_single_info2(mem_ctx, torture, cli, FILENAME, &pinfo)) {
+		goto fail;
+	}
+
+	if (!match_info2(torture, &pinfo, &finfo)) {
+		goto fail;
+	}
+
+	/* XXX: should repeat this test with SetFileInfo. */
+	printf("checking SMB_SFILEINFO_UNIX_INFO2 for SetPathInfo\n");
+	if (!verify_setinfo_flags(mem_ctx, torture, cli, FILENAME)) {
+		goto fail;
+	}
+
+	smbcli_close(cli->tree, fnum);
+	smbcli_unlink(cli->tree, FILENAME);
+	torture_close_connection(cli);
+	talloc_free(mem_ctx);
+	return true;
+
+fail:
+
+	smbcli_close(cli->tree, fnum);
+	smbcli_unlink(cli->tree, FILENAME);
+	torture_close_connection(cli);
+	talloc_free(mem_ctx);
+	return false;
+
+}
+
+/* vim: set sts=8 sw=8 : */
diff --git a/source4/torture/unix/whoami.c b/source4/torture/unix/whoami.c
new file mode 100644
index 0000000..28b1f87
--- /dev/null
+++ b/source4/torture/unix/whoami.c
@@ -0,0 +1,433 @@
+/*
+   Test the SMB_WHOAMI Unix extension.
+
+   Copyright (C) 2007 James Peach
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libcli/libcli.h"
+#include "libcli/raw/raw_proto.h"
+#include "torture/torture.h"
+#include "torture/unix/proto.h"
+#include "lib/cmdline/cmdline.h"
+#include "auth/credentials/credentials.h"
+#include "param/param.h"
+#include "libcli/resolve/resolve.h"
+#include <ldb.h>
+#include "lib/util/util_ldb.h"
+#include "ldb_wrap.h"
+#include "dsdb/samdb/samdb.h"
+#include "../libcli/security/security.h"
+
+#undef strcasecmp
+
+/* Size (in bytes) of the required fields in the SMBwhoami response. */
+#define WHOAMI_REQUIRED_SIZE	40
+
+/*
+   SMBWhoami - Query the user mapping performed by the server for the
+   connected tree. This is a subcommand of the TRANS2_QFSINFO.
+
+   Returns:
+       4 bytes unsigned -      mapping flags (smb_whoami_flags)
+       4 bytes unsigned -      flags mask
+
+       8 bytes unsigned -      primary UID
+       8 bytes unsigned -      primary GID
+       4 bytes unsigned -      number of supplementary GIDs
+       4 bytes unsigned -      number of SIDs
+       4 bytes unsigned -      SID list byte count
+       4 bytes -               pad / reserved (must be zero)
+
+       8 bytes unsigned[] -    list of GIDs (may be empty)
+       struct dom_sid[] -             list of SIDs (may be empty)
+*/
+
+struct smb_whoami
+{
+	uint32_t	mapping_flags;
+	uint32_t	mapping_mask;
+	uint64_t	server_uid;
+	uint64_t	server_gid;
+	uint32_t	num_gids;
+	uint32_t	num_sids;
+	uint32_t	num_sid_bytes;
+	uint32_t	reserved; /* Must be zero */
+	uint64_t *	gid_list;
+	struct dom_sid ** sid_list;
+};
+
+static struct smbcli_state *connect_to_server(struct torture_context *tctx,
+		struct cli_credentials *creds)
+{
+	NTSTATUS status;
+	struct smbcli_state *cli;
+
+	const char *host = torture_setting_string(tctx, "host", NULL);
+	const char *share = torture_setting_string(tctx, "share", NULL);
+	struct smbcli_options options;
+	struct smbcli_session_options session_options;
+
+	lpcfg_smbcli_options(tctx->lp_ctx, &options);
+	lpcfg_smbcli_session_options(tctx->lp_ctx, &session_options);
+
+	status = smbcli_full_connection(tctx, &cli, host, 
+					lpcfg_smb_ports(tctx->lp_ctx),
+					share, NULL, lpcfg_socket_options(tctx->lp_ctx),
+					creds, lpcfg_resolve_context(tctx->lp_ctx),
+					tctx->ev, &options, &session_options,
+					lpcfg_gensec_settings(tctx, tctx->lp_ctx));
+
+	if (!NT_STATUS_IS_OK(status)) {
+		torture_comment(tctx,
+				"FATAL: Failed to connect to //%s/%s "
+				"with %s - %s\n",
+				host,
+				share,
+				cli_credentials_get_username(creds),
+				nt_errstr(status));
+		return NULL;
+	}
+
+	return cli;
+}
+
+static bool whoami_sid_parse(void *mem_ctx,
+		struct torture_context *torture,
+		DATA_BLOB *data, size_t *offset,
+		struct dom_sid **psid)
+{
+	size_t remain = data->length - *offset;
+	int i;
+
+	*psid = talloc_zero(mem_ctx, struct dom_sid);
+	torture_assert(torture, *psid != NULL, "out of memory");
+
+	torture_assert(torture, remain >= 8,
+			"invalid SID format");
+
+        (*psid)->sid_rev_num = CVAL(data->data, *offset);
+        (*psid)->num_auths = CVAL(data->data, *offset + 1);
+        memcpy((*psid)->id_auth, data->data + *offset + 2, 6);
+
+	(*offset) += 8;
+	remain = data->length - *offset;
+
+	torture_assert(torture, remain >= ((*psid)->num_auths * 4),
+			"invalid sub_auth byte count");
+	torture_assert(torture, (*psid)->num_auths >= 0,
+			"invalid sub_auth value");
+	torture_assert(torture, (*psid)->num_auths <= 15,
+			"invalid sub_auth value");
+
+        for (i = 0; i < (*psid)->num_auths; i++) {
+                (*psid)->sub_auths[i] = IVAL(data->data, *offset);
+		(*offset) += 4;
+	}
+
+	return true;
+}
+
+static bool smb_raw_query_posix_whoami(void *mem_ctx,
+				struct torture_context *torture,
+				struct smbcli_state *cli,
+				struct smb_whoami *whoami,
+				unsigned max_data)
+{
+	struct smb_trans2 tp;
+	NTSTATUS status;
+	size_t offset;
+	int i;
+
+	uint16_t setup = TRANSACT2_QFSINFO;
+	uint16_t info_level;
+
+	ZERO_STRUCTP(whoami);
+
+	tp.in.max_setup = 0;
+	tp.in.flags = 0;
+	tp.in.timeout = 0;
+	tp.in.setup_count = 1;
+	tp.in.max_param = 10;
+	tp.in.max_data = (uint16_t)max_data;
+	tp.in.setup = &setup;
+	tp.in.trans_name = NULL;
+	SSVAL(&info_level, 0, SMB_QFS_POSIX_WHOAMI);
+	tp.in.params = data_blob_talloc(mem_ctx, &info_level, 2);
+	tp.in.data = data_blob_talloc(mem_ctx, NULL, 0);
+
+	status = smb_raw_trans2(cli->tree, mem_ctx, &tp);
+	torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK,
+			"doing SMB_QFS_POSIX_WHOAMI");
+
+	/* Make sure we got back all the required fields. */
+	torture_assert(torture, tp.out.params.length == 0,
+			"trans2 params should be empty");
+	torture_assert(torture, tp.out.data.length >= WHOAMI_REQUIRED_SIZE,
+			"checking for required response fields");
+
+	whoami->mapping_flags = IVAL(tp.out.data.data, 0);
+	whoami->mapping_mask = IVAL(tp.out.data.data, 4);
+	whoami->server_uid = BVAL(tp.out.data.data, 8);
+	whoami->server_gid = BVAL(tp.out.data.data, 16);
+	whoami->num_gids = IVAL(tp.out.data.data, 24);
+	whoami->num_sids = IVAL(tp.out.data.data, 28);
+	whoami->num_sid_bytes = IVAL(tp.out.data.data, 32);
+	whoami->reserved = IVAL(tp.out.data.data, 36);
+
+	/* The GID list and SID list are optional, depending on the count
+	 * and length fields.
+	 */
+	if (whoami->num_sids != 0) {
+		torture_assert(torture, whoami->num_sid_bytes != 0,
+				"SID count does not match byte count");
+	}
+
+	printf("\tmapping_flags=0x%08x mapping_mask=0x%08x\n",
+			whoami->mapping_flags, whoami->mapping_mask);
+	printf("\tserver UID=%llu GID=%llu\n",
+	       (unsigned long long)whoami->server_uid, (unsigned long long)whoami->server_gid);
+	printf("\t%u GIDs, %u SIDs, %u SID bytes\n",
+			whoami->num_gids, whoami->num_sids,
+			whoami->num_sid_bytes);
+
+	offset = WHOAMI_REQUIRED_SIZE;
+
+	torture_assert_int_equal(torture, whoami->reserved, 0,
+			"invalid reserved field");
+
+	if (tp.out.data.length == offset) {
+		/* No SIDs or GIDs returned */
+		torture_assert_int_equal(torture, whoami->num_gids, 0,
+				"invalid GID count");
+		torture_assert_int_equal(torture, whoami->num_sids, 0,
+				"invalid SID count");
+		torture_assert_int_equal(torture, whoami->num_sid_bytes, 0,
+				"invalid SID byte count");
+		return true;
+	}
+
+	if (whoami->num_gids != 0) {
+		int remain = tp.out.data.length - offset;
+		int gid_bytes = whoami->num_gids * 8;
+
+		if (whoami->num_sids == 0) {
+			torture_assert_int_equal(torture, remain, gid_bytes,
+					"GID count does not match data length");
+		} else {
+			torture_assert(torture, remain > gid_bytes,
+						"invalid GID count");
+		}
+
+		whoami->gid_list = talloc_array(mem_ctx, uint64_t, whoami->num_gids);
+		torture_assert(torture, whoami->gid_list != NULL, "out of memory");
+
+		torture_comment(torture, "\tGIDs:\n");
+		
+		for (i = 0; i < whoami->num_gids; ++i) {
+			whoami->gid_list[i] = BVAL(tp.out.data.data, offset);
+			offset += 8;
+			torture_comment(torture, "\t\t%u\n", (unsigned int)whoami->gid_list[i]);
+		}
+	}
+
+	/* Check if there should be data left for the SID list. */
+	if (tp.out.data.length == offset) {
+		torture_assert_int_equal(torture, whoami->num_sids, 0,
+				"invalid SID count");
+		return true;
+	}
+
+	/* All the remaining bytes must be the SID list. */
+	torture_assert_int_equal(torture,
+		whoami->num_sid_bytes, (tp.out.data.length - offset),
+		"invalid SID byte count");
+
+	if (whoami->num_sids != 0) {
+
+		whoami->sid_list = talloc_array(mem_ctx, struct dom_sid *,
+				whoami->num_sids);
+		torture_assert(torture, whoami->sid_list != NULL,
+				"out of memory");
+
+		torture_comment(torture, "\tSIDs:\n");
+
+		for (i = 0; i < whoami->num_sids; ++i) {
+			if (!whoami_sid_parse(mem_ctx, torture,
+					&tp.out.data, &offset,
+					&whoami->sid_list[i])) {
+				return false;
+			}
+
+			torture_comment(torture, "\t\t%s\n",
+					dom_sid_string(torture, whoami->sid_list[i]));
+		}
+	}
+
+	/* We should be at the end of the response now. */
+	torture_assert_int_equal(torture, tp.out.data.length, offset,
+			"trailing garbage bytes");
+
+	return true;
+}
+
+static bool test_against_ldap(struct torture_context *torture, struct ldb_context *ldb, bool is_dc, 
+			      struct smb_whoami *whoami)
+{
+	struct ldb_message *msg;
+	struct ldb_message_element *el;
+
+	const char *attrs[] = { "tokenGroups", NULL };
+	int i;
+
+	torture_assert_int_equal(torture, dsdb_search_one(ldb, torture, &msg, NULL, LDB_SCOPE_BASE, attrs, 0, NULL), LDB_SUCCESS, "searching for tokenGroups");
+	el = ldb_msg_find_element(msg, "tokenGroups");
+	torture_assert(torture, el, "obtaining tokenGroups");
+	torture_assert(torture, el->num_values > 0, "Number of SIDs from LDAP needs to be more than 0");
+	torture_assert(torture, whoami->num_sids > 0, "Number of SIDs from LDAP needs to be more than 0");
+	
+	if (is_dc) {
+		torture_assert_int_equal(torture, el->num_values, whoami->num_sids, "Number of SIDs from LDAP and number of SIDs from CIFS does not match!");
+		
+		for (i = 0; i < el->num_values; i++) {
+			struct dom_sid *sid = talloc(torture, struct dom_sid);
+			ssize_t ret;
+			torture_assert(torture, sid != NULL, "talloc failed");
+
+			ret = sid_parse(el->values[i].data,
+					el->values[i].length, sid);
+			torture_assert(torture,
+				       ret != -1,
+				       "sid parse failed");
+			torture_assert_str_equal(torture, dom_sid_string(sid, sid), dom_sid_string(sid, whoami->sid_list[i]), "SID from LDAP and SID from CIFS does not match!");
+			talloc_free(sid);
+		}
+	} else {
+		unsigned int num_domain_sids_dc = 0, num_domain_sids_member = 0;
+		struct dom_sid *user_sid = talloc(torture, struct dom_sid);
+		struct dom_sid *dom_sid = talloc(torture, struct dom_sid);
+		struct dom_sid *dc_sids = talloc_array(torture, struct dom_sid, el->num_values);
+		struct dom_sid *member_sids = talloc_array(torture, struct dom_sid, whoami->num_sids);
+		ssize_t ret;
+		torture_assert(torture, user_sid != NULL, "talloc failed");
+		ret = sid_parse(el->values[0].data,
+				el->values[0].length,
+				user_sid);
+		torture_assert(torture,
+			       ret != -1,
+			       "sid parse failed");
+		torture_assert_ntstatus_equal(torture, dom_sid_split_rid(torture, user_sid, &dom_sid, NULL), NT_STATUS_OK, "failed to split domain SID from user SID");
+		for (i = 0; i < el->num_values; i++) {
+			struct dom_sid *sid = talloc(dc_sids, struct dom_sid);
+			torture_assert(torture, sid != NULL, "talloc failed");
+
+			ret = sid_parse(el->values[i].data,
+					el->values[i].length,
+					sid);
+			torture_assert(torture,
+				       ret != -1,
+				       "sid parse failed");
+			if (dom_sid_in_domain(dom_sid, sid)) {
+				dc_sids[num_domain_sids_dc] = *sid;
+				num_domain_sids_dc++;
+			}
+			talloc_free(sid);
+		}
+
+		for (i = 0; i < whoami->num_sids; i++) {
+			if (dom_sid_in_domain(dom_sid, whoami->sid_list[i])) {
+				member_sids[num_domain_sids_member] = *whoami->sid_list[i];
+				num_domain_sids_member++;
+			}
+		}
+
+		torture_assert_int_equal(torture, num_domain_sids_dc, num_domain_sids_member, "Number of Domain SIDs from LDAP DC and number of SIDs from CIFS member does not match!");
+		for (i = 0; i < num_domain_sids_dc; i++) {
+			torture_assert_str_equal(torture, dom_sid_string(dc_sids, &dc_sids[i]), dom_sid_string(member_sids, &member_sids[i]), "Domain SID from LDAP DC and SID from CIFS member server does not match!");
+		}
+		talloc_free(dc_sids);
+		talloc_free(member_sids);
+	}
+	return true;
+}
+
+bool torture_unix_whoami(struct torture_context *torture)
+{
+	struct smbcli_state *cli;
+	struct smb_whoami whoami;
+	bool ret = false;
+	struct ldb_context *ldb;
+	const char *addc, *host;
+
+	cli = connect_to_server(torture, samba_cmdline_get_creds());
+	torture_assert(torture, cli, "connecting to server with authenticated credentials");
+
+	/* Test basic authenticated mapping. */
+	torture_assert_goto(torture, smb_raw_query_posix_whoami(torture, torture,
+						       cli, &whoami, 0xFFFF), ret, fail,
+			    "calling SMB_QFS_POSIX_WHOAMI on an authenticated connection");
+
+	/* Check that our anonymous login mapped us to guest on the server, but
+	 * only if the server supports this.
+	 */
+	if (whoami.mapping_mask & SMB_WHOAMI_GUEST) {
+		bool guest = whoami.mapping_flags & SMB_WHOAMI_GUEST;
+		torture_comment(torture, "checking whether we were logged in as guest... %s\n",
+			guest ? "YES" : "NO");
+		torture_assert(torture,
+			cli_credentials_is_anonymous(
+				samba_cmdline_get_creds()) == guest,
+			       "login did not credentials map to guest");
+	} else {
+		torture_comment(torture, "server does not support SMB_WHOAMI_GUEST flag\n");
+	}
+
+	addc = torture_setting_string(torture, "addc", NULL);
+	host = torture_setting_string(torture, "host", NULL);
+	
+ 	if (addc) {
+		ldb = ldb_wrap_connect(torture, torture->ev, torture->lp_ctx, talloc_asprintf(torture, "ldap://%s", addc),
+				       NULL, samba_cmdline_get_creds(), 0);
+		torture_assert(torture, ldb, "ldb connect failed");
+
+		/* We skip this testing if we could not contact the LDAP server */
+		if (!test_against_ldap(torture, ldb, strcasecmp(addc, host) == 0, &whoami)) {
+			goto fail;
+		}
+	}
+
+	/* Test that the server drops the UID and GID list. */
+	torture_assert_goto(torture, smb_raw_query_posix_whoami(torture, torture,
+						  cli, &whoami, 0x40), ret, fail,
+		       "calling SMB_QFS_POSIX_WHOAMI with a small buffer\n");
+
+	torture_assert_int_equal(torture, whoami.num_gids, 0,
+			"invalid GID count");
+	torture_assert_int_equal(torture, whoami.num_sids, 0,
+			"invalid SID count");
+	torture_assert_int_equal(torture, whoami.num_sid_bytes, 0,
+			"invalid SID bytes count");
+
+	smbcli_tdis(cli);
+
+	return true;
+fail:
+
+	smbcli_tdis(cli);
+	return ret;
+}
+
+/* vim: set sts=8 sw=8 : */