diff options
Diffstat (limited to 'source3/torture')
| -rw-r--r-- | source3/torture/cmd_vfs.c | 39 | ||||
| -rw-r--r-- | source3/torture/pdbtest.c | 18 | ||||
| -rwxr-xr-x | source3/torture/test_ntlm_auth.py | 218 | ||||
| -rw-r--r-- | source3/torture/torture.c | 211 | ||||
| -rw-r--r-- | source3/torture/vfstest.c | 13 |
5 files changed, 465 insertions, 34 deletions
diff --git a/source3/torture/cmd_vfs.c b/source3/torture/cmd_vfs.c index 02bee835b0..82a28bd868 100644 --- a/source3/torture/cmd_vfs.c +++ b/source3/torture/cmd_vfs.c @@ -279,14 +279,27 @@ static NTSTATUS cmd_open(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int argc, c } fsp = SMB_MALLOC_P(struct files_struct); + if (fsp == NULL) { + return NT_STATUS_NO_MEMORY; + } fsp->fsp_name = SMB_STRDUP(argv[1]); + if (fsp->fsp_name == NULL) { + SAFE_FREE(fsp); + return NT_STATUS_NO_MEMORY; + } fsp->fh = SMB_MALLOC_P(struct fd_handle); + if (fsp->fh == NULL) { + SAFE_FREE(fsp->fsp_name); + SAFE_FREE(fsp); + return NT_STATUS_NO_MEMORY; + } fsp->conn = vfs->conn; fsp->fh->fd = SMB_VFS_OPEN(vfs->conn, argv[1], fsp, flags, mode); if (fsp->fh->fd == -1) { printf("open: error=%d (%s)\n", errno, strerror(errno)); SAFE_FREE(fsp->fh); + SAFE_FREE(fsp->fsp_name); SAFE_FREE(fsp); return NT_STATUS_UNSUCCESSFUL; } @@ -376,7 +389,7 @@ static NTSTATUS cmd_read(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int argc, c } vfs->data_size = size; - rsize = SMB_VFS_READ(vfs->files[fd], fd, vfs->data, size); + rsize = SMB_VFS_READ(vfs->files[fd], vfs->data, size); if (rsize == -1) { printf("read: error=%d (%s)\n", errno, strerror(errno)); return NT_STATUS_UNSUCCESSFUL; @@ -409,7 +422,7 @@ static NTSTATUS cmd_write(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int argc, return NT_STATUS_UNSUCCESSFUL; } - wsize = SMB_VFS_WRITE(vfs->files[fd], fd, vfs->data, size); + wsize = SMB_VFS_WRITE(vfs->files[fd], vfs->data, size); if (wsize == -1) { printf("write: error=%d (%s)\n", errno, strerror(errno)); @@ -440,7 +453,7 @@ static NTSTATUS cmd_lseek(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int argc, default: whence = SEEK_END; } - pos = SMB_VFS_LSEEK(vfs->files[fd], fd, offset, whence); + pos = SMB_VFS_LSEEK(vfs->files[fd], offset, whence); if (pos == (SMB_OFF_T)-1) { printf("lseek: error=%d (%s)\n", errno, strerror(errno)); return NT_STATUS_UNSUCCESSFUL; @@ -479,7 +492,7 @@ static NTSTATUS cmd_fsync(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int argc, } fd = atoi(argv[1]); - ret = SMB_VFS_FSYNC(vfs->files[fd], fd); + ret = SMB_VFS_FSYNC(vfs->files[fd]); if (ret == -1) { printf("fsync: error=%d (%s)\n", errno, strerror(errno)); return NT_STATUS_UNSUCCESSFUL; @@ -562,7 +575,7 @@ static NTSTATUS cmd_fstat(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int argc, } fd = atoi(argv[1]); - if (fd < 0 || fd > 1024) { + if (fd < 0 || fd >= 1024) { printf("fstat: error=%d (file descriptor out of range)\n", EBADF); return NT_STATUS_OK; } @@ -572,7 +585,7 @@ static NTSTATUS cmd_fstat(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int argc, return NT_STATUS_OK; } - if (SMB_VFS_FSTAT(vfs->files[fd], fd, &st) == -1) { + if (SMB_VFS_FSTAT(vfs->files[fd], &st) == -1) { printf("fstat: error=%d (%s)\n", errno, strerror(errno)); return NT_STATUS_UNSUCCESSFUL; } @@ -697,7 +710,7 @@ static NTSTATUS cmd_fchmod(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int argc, fd = atoi(argv[1]); mode = atoi(argv[2]); - if (fd < 0 || fd > 1024) { + if (fd < 0 || fd >= 1024) { printf("fchmod: error=%d (file descriptor out of range)\n", EBADF); return NT_STATUS_OK; } @@ -706,7 +719,7 @@ static NTSTATUS cmd_fchmod(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int argc, return NT_STATUS_OK; } - if (SMB_VFS_FCHMOD(vfs->files[fd], fd, mode) == -1) { + if (SMB_VFS_FCHMOD(vfs->files[fd], mode) == -1) { printf("fchmod: error=%d (%s)\n", errno, strerror(errno)); return NT_STATUS_UNSUCCESSFUL; } @@ -750,7 +763,7 @@ static NTSTATUS cmd_fchown(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int argc, uid = atoi(argv[2]); gid = atoi(argv[3]); fd = atoi(argv[1]); - if (fd < 0 || fd > 1024) { + if (fd < 0 || fd >= 1024) { printf("fchown: faliure=%d (file descriptor out of range)\n", EBADF); return NT_STATUS_OK; } @@ -758,7 +771,7 @@ static NTSTATUS cmd_fchown(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int argc, printf("fchown: error=%d (invalid file descriptor)\n", EBADF); return NT_STATUS_OK; } - if (SMB_VFS_FCHOWN(vfs->files[fd], fd, uid, gid) == -1) { + if (SMB_VFS_FCHOWN(vfs->files[fd], uid, gid) == -1) { printf("fchown error=%d (%s)\n", errno, strerror(errno)); return NT_STATUS_UNSUCCESSFUL; } @@ -809,7 +822,7 @@ static NTSTATUS cmd_ftruncate(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int ar fd = atoi(argv[1]); off = atoi(argv[2]); - if (fd < 0 || fd > 1024) { + if (fd < 0 || fd >= 1024) { printf("ftruncate: error=%d (file descriptor out of range)\n", EBADF); return NT_STATUS_OK; } @@ -818,7 +831,7 @@ static NTSTATUS cmd_ftruncate(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int ar return NT_STATUS_OK; } - if (SMB_VFS_FTRUNCATE(vfs->files[fd], fd, off) == -1) { + if (SMB_VFS_FTRUNCATE(vfs->files[fd], off) == -1) { printf("ftruncate: error=%d (%s)\n", errno, strerror(errno)); return NT_STATUS_UNSUCCESSFUL; } @@ -901,7 +914,7 @@ static NTSTATUS cmd_lock(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int argc, c printf("lock: debug lock(fd=%d, op=%d, offset=%ld, count=%ld, type=%d))\n", fd, op, offset, count, type); - if ((ret = SMB_VFS_LOCK(vfs->files[fd], fd, op, offset, count, type)) == False) { + if ((ret = SMB_VFS_LOCK(vfs->files[fd], op, offset, count, type)) == False) { printf("lock: error=%d (%s)\n", errno, strerror(errno)); return NT_STATUS_UNSUCCESSFUL; } diff --git a/source3/torture/pdbtest.c b/source3/torture/pdbtest.c index 77666bb664..ab7edde85d 100644 --- a/source3/torture/pdbtest.c +++ b/source3/torture/pdbtest.c @@ -364,24 +364,6 @@ int main(int argc, char **argv) get_friendly_nt_error_msg(rv)); } - pdb->setsampwent(pdb, False, 0); - while (NT_STATUS_IS_OK(pdb->getsampwent(pdb, out))) { - if (pdb_get_username(out) == NULL) { - fprintf(stderr, "Got bad username through getsampwent()\n"); - error = True; - break; - } - if (NT_STATUS_IS_ERR(pdb->getsampwnam(pdb, in, pdb_get_username(out)))) { - fprintf(stderr, "Error getting samu through getsampwnam() of an account we got through getsampwent!\n"); - error = True; - continue; - } - if (!samu_correct(out, in)) { - printf("Record gotten through getsampwnam() differs from same record through getsampwent()\n"); - } - } - pdb->endsampwent(pdb); - TALLOC_FREE(ctx); if (error) { diff --git a/source3/torture/test_ntlm_auth.py b/source3/torture/test_ntlm_auth.py new file mode 100755 index 0000000000..12a4dae398 --- /dev/null +++ b/source3/torture/test_ntlm_auth.py @@ -0,0 +1,218 @@ +#!/usr/bin/env python + +# Unix SMB/CIFS implementation. +# A test for the ntlm_auth tool +# Copyright (C) Kai Blin <kai@samba.org> 2008 +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# +"""Test ntlm_auth +This test program will start ntlm_auth with the given command line switches and +see if it will get the expected results. +""" + +import os +import sys +from optparse import OptionParser + +class ReadChildError(Exception): + pass + +class WriteChildError(Exception): + pass + +def readLine(pipe): + """readLine(pipe) -> str + Read a line from the child's pipe, returns the string read. + Throws ReadChildError if the read fails. + """ + buf = os.read(pipe, 2047) + newline = buf.find('\n') + if newline == -1: + raise ReadChildError() + return buf[:newline] + +def writeLine(pipe, buf): + """writeLine(pipe, buf) -> nul + Write a line to the child's pipe. + Raises WriteChildError if the write fails. + """ + written = os.write(pipe, buf) + if written != len(buf): + raise WriteChildError() + os.write(pipe, "\n") + +def parseCommandLine(): + """parseCommandLine() -> (opts, ntlm_auth_path) + Parse the command line. + Return a tuple consisting of the options and the path to ntlm_auth. + """ + usage = "usage: %prog [options] path/to/ntlm_auth" + parser = OptionParser(usage) + + parser.set_defaults(client_username="foo") + parser.set_defaults(client_password="secret") + parser.set_defaults(client_domain="FOO") + parser.set_defaults(client_helper="ntlmssp-client-1") + + parser.set_defaults(server_username="foo") + parser.set_defaults(server_password="secret") + parser.set_defaults(server_domain="FOO") + parser.set_defaults(server_helper="squid-2.5-ntlmssp") + parser.set_defaults(config_file="/etc/samba/smb.conf") + + parser.add_option("--client-username", dest="client_username",\ + help="User name for the client. [default: foo]") + parser.add_option("--client-password", dest="client_password",\ + help="Password the client will send. [default: secret]") + parser.add_option("--client-domain", dest="client_domain",\ + help="Domain the client authenticates for. [default: FOO]") + parser.add_option("--client-helper", dest="client_helper",\ + help="Helper mode for the ntlm_auth client. [default: ntlmssp-client-1]") + + parser.add_option("--server-username", dest="server_username",\ + help="User name server uses for local auth. [default: foo]") + parser.add_option("--server-password", dest="server_password",\ + help="Password server uses for local auth. [default: secret]") + parser.add_option("--server-domain", dest="server_domain",\ + help="Domain server uses for local auth. [default: FOO]") + parser.add_option("--server-helper", dest="server_helper",\ + help="Helper mode for the ntlm_auth server. [default: squid-2.5-server]") + + parser.add_option("-s", "--configfile", dest="config_file",\ + help="Path to smb.conf file. [default:/etc/samba/smb.conf") + + (opts, args) = parser.parse_args() + if len(args) != 1: + parser.error("Invalid number of arguments.") + + if not os.access(args[0], os.X_OK): + parser.error("%s is not executable." % args[0]) + + return (opts, args[0]) + + +def main(): + """main() -> int + Run the test. + Returns 0 if test succeeded, <>0 otherwise. + """ + (opts, ntlm_auth_path) = parseCommandLine() + + (client_in_r, client_in_w) = os.pipe() + (client_out_r, client_out_w) = os.pipe() + + client_pid = os.fork() + + if not client_pid: + # We're in the client child + os.close(0) + os.close(1) + + os.dup2(client_out_r, 0) + os.close(client_out_r) + os.close(client_out_w) + + os.dup2(client_in_w, 1) + os.close(client_in_r) + os.close(client_in_w) + + client_args = [] + client_args.append("--helper-protocol=%s" % opts.client_helper) + client_args.append("--username=%s" % opts.client_username) + client_args.append("--password=%s" % opts.client_password) + client_args.append("--domain=%s" % opts.client_domain) + client_args.append("--configfile=%s" % opts.config_file) + + os.execv(ntlm_auth_path, client_args) + + client_in = client_in_r + os.close(client_in_w) + + client_out = client_out_w + os.close(client_out_r) + + (server_in_r, server_in_w) = os.pipe() + (server_out_r, server_out_w) = os.pipe() + + server_pid = os.fork() + + if not server_pid: + # We're in the server child + os.close(0) + os.close(1) + + os.dup2(server_out_r, 0) + os.close(server_out_r) + os.close(server_out_w) + + os.dup2(server_in_w, 1) + os.close(server_in_r) + os.close(server_in_w) + + server_args = [] + server_args.append("--helper-protocol=%s" % opts.server_helper) + server_args.append("--username=%s" % opts.server_username) + server_args.append("--password=%s" % opts.server_password) + server_args.append("--domain=%s" % opts.server_domain) + server_args.append("--configfile=%s" % opts.config_file) + + os.execv(ntlm_auth_path, server_args) + + server_in = server_in_r + os.close(server_in_w) + + server_out = server_out_w + os.close(server_out_r) + + # We're in the parent + writeLine(client_out, "YR") + buf = readLine(client_in) + + if buf.count("YR ", 0, 3) != 1: + sys.exit(1) + + writeLine(server_out, buf) + buf = readLine(server_in) + + if buf.count("TT ", 0, 3) != 1: + sys.exit(2) + + writeLine(client_out, buf) + buf = readLine(client_in) + + if buf.count("AF ", 0, 3) != 1: + sys.exit(3) + + # Client sends 'AF <base64 blob>' but server expects 'KK <abse64 blob>' + buf = buf.replace("AF", "KK", 1) + + writeLine(server_out, buf) + buf = readLine(server_in) + + if buf.count("AF ", 0, 3) != 1: + sys.exit(4) + + os.close(server_in) + os.close(server_out) + os.close(client_in) + os.close(client_out) + os.waitpid(server_pid, 0) + os.waitpid(client_pid, 0) + sys.exit(0) + +if __name__ == "__main__": + main() + + diff --git a/source3/torture/torture.c b/source3/torture/torture.c index ad57470c61..8d67e512fe 100644 --- a/source3/torture/torture.c +++ b/source3/torture/torture.c @@ -37,6 +37,7 @@ static const char *client_txt = "client_oplocks.txt"; static bool use_kerberos; static fstring multishare_conn_fname; static bool use_multishare_conn = False; +static bool do_encrypt; bool torture_showall = False; @@ -95,6 +96,57 @@ void *shm_setup(int size) return ret; } +/******************************************************************** + Ensure a connection is encrypted. +********************************************************************/ + +static bool force_cli_encryption(struct cli_state *c, + const char *sharename) +{ + uint16 major, minor; + uint32 caplow, caphigh; + NTSTATUS status; + + if (!SERVER_HAS_UNIX_CIFS(c)) { + d_printf("Encryption required and " + "server that doesn't support " + "UNIX extensions - failing connect\n"); + return false; + } + + if (!cli_unix_extensions_version(c, &major, &minor, &caplow, &caphigh)) { + d_printf("Encryption required and " + "can't get UNIX CIFS extensions " + "version from server.\n"); + return false; + } + + if (!(caplow & CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP)) { + d_printf("Encryption required and " + "share %s doesn't support " + "encryption.\n", sharename); + return false; + } + + if (c->use_kerberos) { + status = cli_gss_smb_encryption_start(c); + } else { + status = cli_raw_ntlm_smb_encryption_start(c, + username, + password, + workgroup); + } + + if (!NT_STATUS_IS_OK(status)) { + d_printf("Encryption required and " + "setup failed with error %s.\n", + nt_errstr(status)); + return false; + } + + return true; +} + static struct cli_state *open_nbt_connection(void) { @@ -235,6 +287,10 @@ static bool torture_open_connection_share(struct cli_state **c, if (use_level_II_oplocks) (*c)->use_level_II_oplocks = True; (*c)->timeout = 120000; /* set a really long timeout (2 minutes) */ + if (do_encrypt) { + return force_cli_encryption(*c, + sharename); + } return True; } @@ -834,6 +890,7 @@ static bool run_netbench(int client) } while (fgets(line, sizeof(line)-1, f)) { + char *saveptr; line_count++; line[strlen(line)-1] = 0; @@ -843,9 +900,9 @@ static bool run_netbench(int client) all_string_sub(line,"client1", cname, sizeof(line)); /* parse the command parameters */ - params[0] = strtok(line," "); + params[0] = strtok_r(line, " ", &saveptr); i = 0; - while (params[i]) params[++i] = strtok(NULL," "); + while (params[i]) params[++i] = strtok_r(NULL, " ", &saveptr); params[i] = ""; @@ -5042,6 +5099,149 @@ static bool run_local_rbtree(int dummy) return ret; } +static bool test_stream_name(const char *fname, const char *expected_base, + const char *expected_stream, + NTSTATUS expected_status) +{ + NTSTATUS status; + char *base = NULL; + char *stream = NULL; + + status = split_ntfs_stream_name(talloc_tos(), fname, &base, &stream); + if (!NT_STATUS_EQUAL(status, expected_status)) { + goto error; + } + + if (!NT_STATUS_IS_OK(status)) { + return true; + } + + if (base == NULL) goto error; + + if (strcmp(expected_base, base) != 0) goto error; + + if ((expected_stream != NULL) && (stream == NULL)) goto error; + if ((expected_stream == NULL) && (stream != NULL)) goto error; + + if ((stream != NULL) && (strcmp(expected_stream, stream) != 0)) + goto error; + + TALLOC_FREE(base); + TALLOC_FREE(stream); + return true; + + error: + d_fprintf(stderr, "test_stream(%s, %s, %s, %s)\n", + fname, expected_base ? expected_base : "<NULL>", + expected_stream ? expected_stream : "<NULL>", + nt_errstr(expected_status)); + d_fprintf(stderr, "-> base=%s, stream=%s, status=%s\n", + base ? base : "<NULL>", stream ? stream : "<NULL>", + nt_errstr(status)); + TALLOC_FREE(base); + TALLOC_FREE(stream); + return false; +} + +static bool run_local_stream_name(int dummy) +{ + bool ret = true; + + ret &= test_stream_name( + "bla", "bla", NULL, NT_STATUS_OK); + ret &= test_stream_name( + "bla::$DATA", "bla", NULL, NT_STATUS_OK); + ret &= test_stream_name( + "bla:blub:", "bla", NULL, NT_STATUS_OBJECT_NAME_INVALID); + ret &= test_stream_name( + "bla::", NULL, NULL, NT_STATUS_OBJECT_NAME_INVALID); + ret &= test_stream_name( + "bla::123", "bla", NULL, NT_STATUS_OBJECT_NAME_INVALID); + ret &= test_stream_name( + "bla:$DATA", "bla", "$DATA:$DATA", NT_STATUS_OK); + ret &= test_stream_name( + "bla:x:$DATA", "bla", "x:$DATA", NT_STATUS_OK); + ret &= test_stream_name( + "bla:x", "bla", "x:$DATA", NT_STATUS_OK); + + return ret; +} + +static bool data_blob_equal(DATA_BLOB a, DATA_BLOB b) +{ + if (a.length != b.length) { + printf("a.length=%d != b.length=%d\n", + (int)a.length, (int)b.length); + return false; + } + if (memcmp(a.data, b.data, a.length) != 0) { + printf("a.data and b.data differ\n"); + return false; + } + return true; +} + +static bool run_local_memcache(int dummy) +{ + struct memcache *cache; + DATA_BLOB k1, k2; + DATA_BLOB d1, d2, d3; + DATA_BLOB v1, v2, v3; + + cache = memcache_init(NULL, 100); + + if (cache == NULL) { + printf("memcache_init failed\n"); + return false; + } + + d1 = data_blob_const("d1", 2); + d2 = data_blob_const("d2", 2); + d3 = data_blob_const("d3", 2); + + k1 = data_blob_const("d1", 2); + k2 = data_blob_const("d2", 2); + + memcache_add(cache, STAT_CACHE, k1, d1); + memcache_add(cache, GETWD_CACHE, k2, d2); + + if (!memcache_lookup(cache, STAT_CACHE, k1, &v1)) { + printf("could not find k1\n"); + return false; + } + if (!data_blob_equal(d1, v1)) { + return false; + } + + if (!memcache_lookup(cache, GETWD_CACHE, k2, &v2)) { + printf("could not find k2\n"); + return false; + } + if (!data_blob_equal(d2, v2)) { + return false; + } + + memcache_add(cache, STAT_CACHE, k1, d3); + + if (!memcache_lookup(cache, STAT_CACHE, k1, &v3)) { + printf("could not find replaced k1\n"); + return false; + } + if (!data_blob_equal(d3, v3)) { + return false; + } + + memcache_add(cache, GETWD_CACHE, k1, d1); + + if (memcache_lookup(cache, GETWD_CACHE, k2, &v2)) { + printf("Did find k2, should have been purged\n"); + return false; + } + + TALLOC_FREE(cache); + return true; +} + static double create_procs(bool (*fn)(int), bool *result) { int i, status; @@ -5196,6 +5396,8 @@ static struct { { "LOCAL-SUBSTITUTE", run_local_substitute, 0}, { "LOCAL-GENCACHE", run_local_gencache, 0}, { "LOCAL-RBTREE", run_local_rbtree, 0}, + { "LOCAL-MEMCACHE", run_local_memcache, 0}, + { "LOCAL-STREAM-NAME", run_local_stream_name, 0}, {NULL, NULL, 0}}; @@ -5349,7 +5551,7 @@ static void usage(void) fstrcpy(workgroup, lp_workgroup()); - while ((opt = getopt(argc, argv, "p:hW:U:n:N:O:o:m:Ld:Ac:ks:b:")) != EOF) { + while ((opt = getopt(argc, argv, "p:hW:U:n:N:O:o:m:Ld:Aec:ks:b:")) != EOF) { switch (opt) { case 'p': port_to_use = atoi(optarg); @@ -5387,6 +5589,9 @@ static void usage(void) case 'c': client_txt = optarg; break; + case 'e': + do_encrypt = true; + break; case 'k': #ifdef HAVE_KRB5 use_kerberos = True; diff --git a/source3/torture/vfstest.c b/source3/torture/vfstest.c index 1436ecc022..7e4ee624a1 100644 --- a/source3/torture/vfstest.c +++ b/source3/torture/vfstest.c @@ -495,6 +495,19 @@ struct messaging_context *smbd_messaging_context(void) return ctx; } +struct memcache *smbd_memcache(void) +{ + static struct memcache *cache; + + if (!cache + && !(cache = memcache_init(NULL, + lp_max_stat_cache_size()*1024))) { + + smb_panic("Could not init smbd memcache"); + } + return cache; +} + /* Main function */ int main(int argc, char *argv[]) |