From 7ec0ead48a6e7b770d04802fb8248c1240cd0787 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Fri, 28 Nov 2003 08:51:09 +0000
Subject: the beginnings of an automated tool for working out IDL properties of
 a pipe. I'm not sure how possible this will be without lots of human
 intervention, but its an interesting thing to try. (This used to be commit
 d5afe7c6a8651457da9438fcf0035c792701ac86)

---
 source4/Makefile.in              |   2 +-
 source4/librpc/idl/w32time.idl   |   1 +
 source4/librpc/rpc/dcerpc_util.c |  14 ++++
 source4/torture/rpc/autoidl.c    | 155 +++++++++++++++++++++++++++++++++++++++
 source4/torture/torture.c        |   1 +
 5 files changed, 172 insertions(+), 1 deletion(-)
 create mode 100644 source4/torture/rpc/autoidl.c

diff --git a/source4/Makefile.in b/source4/Makefile.in
index a7895b24ce..6a9017bbe1 100644
--- a/source4/Makefile.in
+++ b/source4/Makefile.in
@@ -443,7 +443,7 @@ SMBTORTURE_RPC_OBJ = torture/rpc/lsa.o torture/rpc/echo.o torture/rpc/dfs.o \
 		torture/rpc/spoolss.o torture/rpc/samr.o torture/rpc/wkssvc.o \
 		torture/rpc/srvsvc.o torture/rpc/atsvc.o torture/rpc/eventlog.o \
 		torture/rpc/epmapper.o torture/rpc/winreg.o torture/rpc/mgmt.o \
-		torture/rpc/scanner.o
+		torture/rpc/scanner.o torture/rpc/autoidl.o
 
 SMBTORTURE_OBJ1 = torture/torture.o torture/torture_util.o torture/nbio.o torture/scanner.o \
 		torture/utable.o torture/denytest.o torture/mangle_test.o \
diff --git a/source4/librpc/idl/w32time.idl b/source4/librpc/idl/w32time.idl
index cca5cacc3b..bb14bddbfd 100644
--- a/source4/librpc/idl/w32time.idl
+++ b/source4/librpc/idl/w32time.idl
@@ -4,6 +4,7 @@
 
 [
   uuid(8fb6d884-2388-11d0-8c35-00c04fda2795),
+  endpoints(srvsvc atsvc browser keysvc wkssvc),
   version(4.1)
 ]
 interface w32time
diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c
index d439c89e65..ef4af9f661 100644
--- a/source4/librpc/rpc/dcerpc_util.c
+++ b/source4/librpc/rpc/dcerpc_util.c
@@ -187,3 +187,17 @@ int idl_num_calls(const char *uuid, uint32 if_version)
 	return -1;
 }
 
+
+/*
+  find a dcerpc interface by name
+*/
+const struct dcerpc_interface_table *idl_iface_by_name(const char *name)
+{
+	int i;
+	for (i=0;dcerpc_pipes[i];i++) {
+		if (strcasecmp(dcerpc_pipes[i]->name, name) == 0) {
+			return dcerpc_pipes[i];
+		}
+	}
+	return NULL;
+}
diff --git a/source4/torture/rpc/autoidl.c b/source4/torture/rpc/autoidl.c
new file mode 100644
index 0000000000..9e27ca7b58
--- /dev/null
+++ b/source4/torture/rpc/autoidl.c
@@ -0,0 +1,155 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   auto-idl scanner
+
+   Copyright (C) Andrew Tridgell 2003
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+
+static void reopen(struct dcerpc_pipe **p, const struct dcerpc_interface_table *iface)
+{
+	NTSTATUS status;
+
+	if (*p) {
+		dcerpc_pipe_close(*p);
+	}
+
+	status = torture_rpc_connection(p, iface->endpoints->names[0], iface->uuid, iface->if_version);
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("Failed to reopen '%s' - %s\n", iface->name, nt_errstr(status));
+		exit(1);
+	}
+}
+
+
+static void test_ptr_scan(TALLOC_CTX *mem_ctx, const struct dcerpc_interface_table *iface, 
+			  int opnum, int min_in)
+{
+	DATA_BLOB stub_in, stub_out;
+	int ofs;
+	NTSTATUS status;
+	struct dcerpc_pipe *p = NULL;
+
+	reopen(&p, iface);
+
+	stub_in = data_blob(NULL, min_in);
+	data_blob_clear(&stub_in);
+
+	/* work out the minimum amount of input data */
+	for (ofs=0;ofs<min_in;ofs+=4) {
+		SIVAL(stub_in.data, ofs, 1);
+		status = dcerpc_request(p, opnum, mem_ctx, &stub_in, &stub_out);
+		SIVAL(stub_in.data, ofs, 0);
+
+		if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
+			printf("opnum %d ofs %d size %d fault 0x%08x\n", 
+			       opnum, ofs, min_in, p->last_fault_code);
+			if (p->last_fault_code == 5) {
+				reopen(&p, iface);
+			}
+			continue;
+		}
+		printf("opnum %d  ofs %d error %s\n", opnum, ofs, nt_errstr(status));
+	}
+
+	dcerpc_pipe_close(p);	
+}
+	
+
+static void test_scan_call(TALLOC_CTX *mem_ctx, const struct dcerpc_interface_table *iface, int opnum)
+{
+	DATA_BLOB stub_in, stub_out;
+	int i;
+	NTSTATUS status;
+	struct dcerpc_pipe *p = NULL;
+
+	reopen(&p, iface);
+
+	/* work out the minimum amount of input data */
+	for (i=0;i<100;i++) {
+		stub_in = data_blob(NULL, i);
+		data_blob_clear(&stub_in);
+
+		status = dcerpc_request(p, opnum, mem_ctx, &stub_in, &stub_out);
+
+		if (NT_STATUS_IS_OK(status)) {
+			printf("opnum %d   min_input %d - output %d\n", 
+			       opnum, stub_in.length, stub_out.length);
+			dcerpc_pipe_close(p);
+			test_ptr_scan(mem_ctx, iface, opnum, stub_in.length);
+			return;
+		}
+
+		if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
+			printf("opnum %d  size %d fault 0x%08x\n", opnum, i, p->last_fault_code);
+			if (p->last_fault_code == 5) {
+				reopen(&p, iface);
+			}
+			continue;
+		}
+
+		printf("opnum %d  size %d error %s\n", opnum, i, nt_errstr(status));
+	}
+
+	printf("opnum %d minimum not found!?\n", opnum);
+	dcerpc_pipe_close(p);
+}
+
+
+static void test_auto_scan(TALLOC_CTX *mem_ctx, const struct dcerpc_interface_table *iface)
+{
+	int i;
+	for (i=0;i<100;i++) {
+		test_scan_call(mem_ctx, iface, i);
+	}
+}
+
+BOOL torture_rpc_autoidl(int dummy)
+{
+        NTSTATUS status;
+	TALLOC_CTX *mem_ctx;
+	const struct dcerpc_interface_table *iface;
+	char *host = lp_parm_string(-1, "torture", "host");
+	char *transport = lp_parm_string(-1, "torture", "transport");
+		
+	iface = idl_iface_by_name("browser");
+	if (!iface) {
+		printf("Unknown interface!\n");
+		return False;
+	}
+
+	mem_ctx = talloc_init("torture_rpc_autoidl");
+
+	printf("\nProbing pipe '%s'\n", iface->name);
+
+	/* on TCP we need to find the right endpoint */
+	if (strcasecmp(transport, "ncacn_ip_tcp") == 0) {
+		uint32 port;
+		status = dcerpc_epm_map_tcp_port(host, iface->uuid, iface->if_version, &port);
+		if (!NT_STATUS_IS_OK(status)) {
+			return False;
+		}
+		lp_set_cmdline("torture:share", talloc_asprintf(mem_ctx, "%u", port));
+	}
+
+	test_auto_scan(mem_ctx, iface);
+
+	return True;
+}
diff --git a/source4/torture/torture.c b/source4/torture/torture.c
index 0a15620174..5b6566df81 100644
--- a/source4/torture/torture.c
+++ b/source4/torture/torture.c
@@ -4070,6 +4070,7 @@ static struct {
         {"RPC-WINREG", torture_rpc_winreg, 0},
         {"RPC-MGMT", torture_rpc_mgmt, 0},
         {"RPC-SCANNER", torture_rpc_scanner, 0},
+        {"RPC-AUTOIDL", torture_rpc_autoidl, 0},
 	{NULL, NULL, 0}};
 
 
-- 
cgit