From 079eb78d845d8a905e09c110527cb00829600977 Mon Sep 17 00:00:00 2001 From: Richard Sharpe Date: Thu, 15 Sep 2011 16:13:54 -0700 Subject: [PATCH] Add a torture test to test existing FSCTL responses --- source3/Makefile.in | 1 + source3/torture/proto.h | 1 + source3/torture/test_nttrans_fsctl.c | 287 ++++++++++++++++++++++++++++++++++ source3/torture/torture.c | 1 + 4 files changed, 290 insertions(+), 0 deletions(-) create mode 100644 source3/torture/test_nttrans_fsctl.c diff --git a/source3/Makefile.in b/source3/Makefile.in index 1b79637..7ae9dea 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -1252,6 +1252,7 @@ SMBTORTURE_OBJ1 = torture/torture.o torture/nbio.o torture/scanner.o torture/uta torture/test_async_echo.o \ torture/test_smbsock_any_connect.o \ torture/test_nttrans_create.o \ + torture/test_nttrans_fsctl.o \ torture/test_notify_online.o \ torture/test_addrchange.o \ torture/test_case_insensitive.o \ diff --git a/source3/torture/proto.h b/source3/torture/proto.h index b119e24..7d6b2ba 100644 --- a/source3/torture/proto.h +++ b/source3/torture/proto.h @@ -92,6 +92,7 @@ bool run_smb_any_connect(int dummy); bool run_addrchange(int dummy); bool run_notify_online(int dummy); bool run_nttrans_create(int dummy); +bool run_nttrans_fsctl(int dummy); bool run_smb2_basic(int dummy); bool run_local_conv_auth_info(int dummy); diff --git a/source3/torture/test_nttrans_fsctl.c b/source3/torture/test_nttrans_fsctl.c new file mode 100644 index 0000000..e60964e --- /dev/null +++ b/source3/torture/test_nttrans_fsctl.c @@ -0,0 +1,287 @@ +/* + Unix SMB/CIFS implementation. + Basic test for NTTRANS FSCTL requests (copied from NTTRANS CREATE) + Copyright (C) Richard Sharpe 2011 + Copyright (C) Volker Lendecke 2011 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "includes.h" +#include "torture/proto.h" +#include "libsmb/libsmb.h" +#include "libcli/security/security.h" +#include "ntioctl.h" + +bool run_nttrans_fsctl(int dummy) +{ + struct cli_state *cli = NULL; + NTSTATUS status; + bool ret = false; + const char *fname = "fsctltest"; + uint16_t fnum; + uint16_t setup[4]; + uint8_t *object_data = NULL; + uint8_t *ranges = NULL; + uint8_t range_data[16]; + uint8_t *param_data = NULL; + uint8_t data[1] = { 0x1 }; + uint32_t rdata_size; + uint32_t rparam_size; + + printf("Starting NTTRANS_FSCTL\n"); + + if (!torture_open_connection(&cli, 0)) { + printf("torture_open_connection failed\n"); + goto fail; + } + + status = cli_nttrans_create( + cli, fname, 0, FILE_READ_DATA|FILE_WRITE_DATA|DELETE_ACCESS| + READ_CONTROL_ACCESS, + FILE_ATTRIBUTE_NORMAL, + FILE_SHARE_READ|FILE_SHARE_WRITE| FILE_SHARE_DELETE, + FILE_CREATE, 0, 0, NULL, NULL, 0, &fnum); + if (!NT_STATUS_IS_OK(status)) { + d_fprintf(stderr, "cli_nttrans_create returned %s\n", + nt_errstr(status)); + goto fail; + } + + status = cli_nt_delete_on_close(cli, fnum, true); + if (!NT_STATUS_IS_OK(status)) { + d_fprintf(stderr, "cli_nt_delete_on_close returned %s\n", + nt_errstr(status)); + goto fail; + } + + /* Fill in for FSCTL_SET_SPARSE and call cli_trans ... */ + SIVAL(setup, 0, FSCTL_SET_SPARSE); /* returns value */ + SSVAL(setup, 4, fnum); + SCVAL(setup, 6, 0x1); /* It is an fsctl */ + SCVAL(setup, 7, 0x0); + + status = cli_trans(talloc_tos(), cli, SMBnttrans, + NULL, fnum, + NT_TRANSACT_IOCTL, 0, + setup, 4, 4, + NULL, 0, 0, /* param, param_num, max_param */ + data, 1, 1, /* data, data_len, max_data */ + NULL, /* recv_flags2 */ + NULL, 0, NULL, /* rsetup, min_rsetup, num_rsetup */ + NULL, 0, NULL, /* rparam, min_rparam, num_rparam */ + NULL, 0, NULL); /* rdata, ... */ + if (!NT_STATUS_IS_OK(status)) { + d_fprintf(stderr, "cli_trans of FSCTL_SET_SPARSE returned %s instead of NT_STATUS_OK\n", + nt_errstr(status)); + goto fail; + } + + printf("FSCTL_SET_SPARSE returned correct status \n"); + + /* Fill in for FSCTL_CREATE_OR_GET_OBJECT_ID and call cli_trans ... */ + SIVAL(setup, 0, FSCTL_CREATE_OR_GET_OBJECT_ID); /* returns value */ + SSVAL(setup, 4, fnum); + SCVAL(setup, 6, 0x1); /* It is an fsctl */ + SCVAL(setup, 7, 0x0); + + status = cli_trans(talloc_tos(), cli, SMBnttrans, + NULL, fnum, + NT_TRANSACT_IOCTL, 0, + setup, 4, 4, + NULL, 0, 0, /* param, param_num, max_param */ + NULL, 0, 64, /* data, data_len, max_data */ + NULL, /* recv_flags2 */ + NULL, 0, NULL, /* rsetup, min_rsetup, num_rsetup */ + ¶m_data, 0, &rparam_size, /* rparam, min_rparam, num_rparam */ + &object_data, 0, &rdata_size); /* rdata, ... */ + if (!NT_STATUS_IS_OK(status)) { + d_fprintf(stderr, "cli_trans of FSCTL_CREATE_OR_GET_OBJECT_ID returned %s instead of NT_STATUS_OK\n", + nt_errstr(status)); + goto fail; + } + + TALLOC_FREE(object_data); + TALLOC_FREE(param_data); + + printf("FSCTL_CREATE_OR_GET_OBJECT_ID returned correct status \n"); + + /* Fill in for FSCTL_GET_REPARSE_POINT and call cli_trans ... */ + SIVAL(setup, 0, FSCTL_GET_REPARSE_POINT); /* returns NOT A REPARSE POINT */ + SSVAL(setup, 4, fnum); + SCVAL(setup, 6, 0x1); /* It is an fsctl */ + SCVAL(setup, 7, 0x0); + + status = cli_trans(talloc_tos(), cli, SMBnttrans, + NULL, fnum, + NT_TRANSACT_IOCTL, 0, + setup, 4, 4, + NULL, 0, 0, /* param, param_num, max_param */ + NULL, 0, 0, /* data, data_len, max_data */ + NULL, /* recv_flags2 */ + NULL, 0, NULL, /* rsetup, min_rsetup, num_rsetup */ + NULL, 0, NULL, /* rparam, min_rparam, num_rparam */ + NULL, 0, NULL); /* rdata, ... */ + if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_A_REPARSE_POINT)) { + d_fprintf(stderr, "cli_trans of FSCTL_GET_REPARSE_POINT returned %s instead of NT_STATUS_NOT_A_REPARSE_POINT\n", + nt_errstr(status)); + goto fail; + } + + printf("FSCTL_GET_REPARSE_POINT returned correct status \n"); + + /* Fill in for FSCTL_SET_REPARSE_POINT and call cli_trans ... */ + SIVAL(setup, 0, FSCTL_SET_REPARSE_POINT); /* returns NOT A REPARSE POINT */ + SSVAL(setup, 4, fnum); + SCVAL(setup, 6, 0x1); /* It is an fsctl */ + SCVAL(setup, 7, 0x0); + + status = cli_trans(talloc_tos(), cli, SMBnttrans, + NULL, fnum, + NT_TRANSACT_IOCTL, 0, + setup, 4, 4, + NULL, 0, 0, /* param, param_num, max_param */ + NULL, 0, 0, /* data, data_len, max_data */ + NULL, /* recv_flags2 */ + NULL, 0, NULL, /* rsetup, min_rsetup, num_rsetup */ + NULL, 0, NULL, /* rparam, min_rparam, num_rparam */ + NULL, 0, NULL); /* rdata, ... */ + if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_A_REPARSE_POINT)) { + d_fprintf(stderr, "cli_trans of FSCTL_SET_REPARSE_POINT returned %s instead of NT_STATUS_NOT_A_REPARSE_POINT\n", + nt_errstr(status)); + goto fail; + } + + printf("FSCTL_SET_REPARSE_POINT returned correct status \n"); + + /* + * Fill in for FSCTL_GET_SHADOW_COPY_DATA and call cli_trans ... what + * we do is send an invalid data length to provoke an INVALID PARAMETER + * response. + */ + SIVAL(setup, 0, FSCTL_GET_SHADOW_COPY_DATA); /* Should return IVN VAL */ + SSVAL(setup, 4, fnum); + SCVAL(setup, 6, 0x1); /* It is an fsctl */ + SCVAL(setup, 7, 0x0); + + memset(range_data, 0, sizeof(range_data)); /* 0 and 0 */ + + status = cli_trans(talloc_tos(), cli, SMBnttrans, + NULL, fnum, + NT_TRANSACT_IOCTL, 0, + setup, 4, 4, + NULL, 0, 0, /* param, param_num, max_param */ + NULL, 0, 8, /* data, data_len, max_data */ + NULL, /* recv_flags2 */ + NULL, 0, NULL, /* rsetup, min_rsetup, num_rsetup */ + NULL, 0, NULL, /* rparam, min_rparam, num_rparam */ + &ranges, 0, &rdata_size); /* rdata, ... */ + if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) { + d_fprintf(stderr, "cli_trans of FSCTL_QUERY_ALLOCATED_RANGES returned %s instead of NT_STATUS_INVALID_PARAMETER\n", + nt_errstr(status)); + goto fail; + } + + TALLOC_FREE(ranges); + + printf("FSCTL_GET_SHADOW_COPY_DATA returned correct status \n"); + /* + * Fill in for FSCTL_FIND_FILES_BY and call cli_trans ... here we are + * only probing for its existence by provoking an INVALID PARAM + * response with a short and invalid SID in range_data + */ + SIVAL(setup, 0, FSCTL_FIND_FILES_BY_SID); /* Should return 16 bytes */ + SSVAL(setup, 4, fnum); + SCVAL(setup, 6, 0x1); /* It is an fsctl */ + SCVAL(setup, 7, 0x0); + + memset(range_data, 0, sizeof(range_data)); /* 0 and 0 */ + + status = cli_trans(talloc_tos(), cli, SMBnttrans, + NULL, fnum, + NT_TRANSACT_IOCTL, 0, + setup, 4, 4, + NULL, 0, 0, /* param, param_num, max_param */ + range_data, 4, 16, /* data, data_len, max_data */ + NULL, /* recv_flags2 */ + NULL, 0, NULL, /* rsetup, min_rsetup, num_rsetup */ + NULL, 0, NULL, /* rparam, min_rparam, num_rparam */ + &ranges, 0, &rdata_size); /* rdata, ... */ + if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) { + d_fprintf(stderr, "cli_trans of FSCTL_QUERY_ALLOCATED_RANGES returned %s instead of NT_STATUS_INVALID_PARAMETER\n", + nt_errstr(status)); + goto fail; + } + + printf("FSCTL_FIND_FILES_BY_SID returned correct status \n"); + + /* Fill in for FSCTL_QUERY_ALLOCATED_RANGES and call cli_trans ... */ + SIVAL(setup, 0, FSCTL_QUERY_ALLOCATED_RANGES); /* Should return 16 bytes */ + SSVAL(setup, 4, fnum); + SCVAL(setup, 6, 0x1); /* It is an fsctl */ + SCVAL(setup, 7, 0x0); + + memset(range_data, 0, sizeof(range_data)); /* 0 and 0 */ + + status = cli_trans(talloc_tos(), cli, SMBnttrans, + NULL, fnum, + NT_TRANSACT_IOCTL, 0, + setup, 4, 4, + NULL, 0, 0, /* param, param_num, max_param */ + range_data, 16, 16, /* data, data_len, max_data */ + NULL, /* recv_flags2 */ + NULL, 0, NULL, /* rsetup, min_rsetup, num_rsetup */ + NULL, 0, NULL, /* rparam, min_rparam, num_rparam */ + &ranges, 0, &rdata_size); /* rdata, ... */ + if (!NT_STATUS_IS_OK(status)) { + d_fprintf(stderr, "cli_trans of FSCTL_QUERY_ALLOCATED_RANGES returned %s instead of NT_STATUS_OK\n", + nt_errstr(status)); + goto fail; + } + + TALLOC_FREE(ranges); + + printf("FSCTL_QUERY_ALLOCATED_RANGES returned correct status \n"); + + /* Fill in for FSCTL_IS_VOLUME_DIRTY and call cli_trans ... */ + SIVAL(setup, 0, FSCTL_IS_VOLUME_DIRTY); /* Should return INVAL PARAM */ + SSVAL(setup, 4, fnum); + SCVAL(setup, 6, 0x1); /* It is an fsctl */ + SCVAL(setup, 7, 0x0); + + status = cli_trans(talloc_tos(), cli, SMBnttrans, + NULL, fnum, + NT_TRANSACT_IOCTL, 0, + setup, 4, 4, + NULL, 0, 0, /* param, param_num, max_param */ + NULL, 0, 0, /* data, data_len, max_data */ + NULL, /* recv_flags2 */ + NULL, 0, NULL, /* rsetup, min_rsetup, num_rsetup */ + NULL, 0, NULL, /* rparam, min_rparam, num_rparam */ + NULL, 0, NULL); /* rdata, ... */ + if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) { + d_fprintf(stderr, "cli_trans of FSCTL_IS_VOLUME_DIRTY returned %s instead of NT_STATUS_INVALID_PARAMETER\n", + nt_errstr(status)); + goto fail; + } + + printf("FSCTL_IS_VOLUME_DIRTY returned correct status \n"); + + ret = true; +fail: + if (cli != NULL) { + torture_close_connection(cli); + } + return ret; +} diff --git a/source3/torture/torture.c b/source3/torture/torture.c index 3eb6fec..dacfa19 100644 --- a/source3/torture/torture.c +++ b/source3/torture/torture.c @@ -8832,6 +8832,7 @@ static struct { { "CHAIN2", run_chain2, 0}, { "WINDOWS-WRITE", run_windows_write, 0}, { "NTTRANS-CREATE", run_nttrans_create, 0}, + { "NTTRANS-FSCTL", run_nttrans_fsctl, 0}, { "CLI_ECHO", run_cli_echo, 0}, { "GETADDRINFO", run_getaddrinfo_send, 0}, { "TLDAP", run_tldap }, -- 1.7.4.4