PageRenderTime 70ms CodeModel.GetById 31ms RepoModel.GetById 0ms app.codeStats 0ms

/source3/torture/scanner.c

https://bitbucket.org/mikedep333/rdssamba4
C | 514 lines | 436 code | 45 blank | 33 comment | 42 complexity | 9198eaee7960bbeb14c676912f5a4861 MD5 | raw file
Possible License(s): Apache-2.0, BSD-3-Clause, GPL-3.0, LGPL-2.1, LGPL-3.0 
    

  1. /* 
    2. 

  2.    Unix SMB/CIFS implementation.
    3. 

  3.    SMB torture tester - scanning functions
    4. 

  4.    Copyright (C) Andrew Tridgell 2001
    5. 

    6. 

  6.    This program is free software; you can redistribute it and/or modify
    7. 

  7.    it under the terms of the GNU General Public License as published by
    8. 

  8.    the Free Software Foundation; either version 3 of the License, or
    9. 

  9.    (at your option) any later version.
    10. 

    11. 

  11.    This program is distributed in the hope that it will be useful,
    12. 

  12.    but WITHOUT ANY WARRANTY; without even the implied warranty of
    13. 

  13.    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    14. 

  14.    GNU General Public License for more details.
    15. 

    16. 

  16.    You should have received a copy of the GNU General Public License
    17. 

  17.    along with this program.  If not, see <http://www.gnu.org/licenses/>.
    18. 

  18. */
    19. 

  19. 

  20. #include "includes.h"
    21. 

  21. #include "system/filesys.h"
    22. 

  22. #include "torture/proto.h"
    23. 

  23. #include "libsmb/libsmb.h"
    24. 

  24. 

  25. #define VERBOSE 0
    26. 

  26. #define OP_MIN 0
    27. 

  27. #define OP_MAX 20
    28. 

  28. 

  29. #define DATA_SIZE 1024
    30. 

  30. #define PARAM_SIZE 1024
    31. 

  31. 

  32. /****************************************************************************
    33. 

  33. look for a partial hit
    34. 

  34. ****************************************************************************/
    35. 

  35. static void trans2_check_hit(const char *format, int op, int level, NTSTATUS status)
    36. 

  36. {
    37. 

  37. 	if (NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_INVALID_LEVEL) ||
    38. 

  38. 	    NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_NOT_IMPLEMENTED) ||
    39. 

  39. 	    NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_NOT_SUPPORTED) ||
    40. 

  40. 	    NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_UNSUCCESSFUL) ||
    41. 

  41. 	    NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_INVALID_INFO_CLASS)) {
    42. 

  42. 		return;
    43. 

  43. 	}
    44. 

  44. #if VERBOSE
    45. 

  45. 	printf("possible %s hit op=%3d level=%5d status=%s\n",
    46. 

  46. 	       format, op, level, nt_errstr(status));
    47. 

  47. #endif
    48. 

  48. }
    49. 

  49. 

  50. /****************************************************************************
    51. 

  51. check for existance of a trans2 call
    52. 

  52. ****************************************************************************/
    53. 

  53. static NTSTATUS try_trans2(struct cli_state *cli, 
    54. 

  54. 			 int op,
    55. 

  55. 			 uint8_t *param, uint8_t *data,
    56. 

  56. 			 uint32_t param_len, uint32_t data_len,
    57. 

  57. 			 uint32_t *rparam_len, uint32_t *rdata_len)
    58. 

  58. {
    59. 

  59. 	uint16_t setup[1];
    60. 

  60. 	uint8_t *rparam=NULL, *rdata=NULL;
    61. 

  61. 	NTSTATUS status;
    62. 

  62. 

  63. 	SSVAL(setup+0, 0, op);
    64. 

  64. 

  65. 	status = cli_trans(talloc_tos(), cli, SMBtrans2,
    66. 

  66. 			   NULL, -1, /* name, fid */
    67. 

  67. 			   op, 0,
    68. 

  68. 			   NULL, 0, 0, /* setup */
    69. 

  69. 			   param, param_len, 2,
    70. 

  70. 			   data, data_len, CLI_BUFFER_SIZE,
    71. 

  71. 			   NULL,		/* recv_flags2 */
    72. 

  72. 			   NULL, 0, NULL,	/* rsetup */
    73. 

  73. 			   &rparam, 0, rparam_len,
    74. 

  74. 			   &rdata, 0, rdata_len);
    75. 

  75. 

  76. 	TALLOC_FREE(rdata);
    77. 

  77. 	TALLOC_FREE(rparam);
    78. 

  78. 

  79. 	return status;
    80. 

  80. }
    81. 

  81. 

  82. 

  83. static NTSTATUS try_trans2_len(struct cli_state *cli, 
    84. 

  84. 			     const char *format,
    85. 

  85. 			     int op, int level,
    86. 

  86. 			     uint8_t *param, uint8_t *data,
    87. 

  87. 			     uint32_t param_len, uint32_t *data_len,
    88. 

  88. 			     uint32_t *rparam_len, uint32_t *rdata_len)
    89. 

  89. {
    90. 

  90. 	NTSTATUS ret=NT_STATUS_OK;
    91. 

  91. 

  92. 	ret = try_trans2(cli, op, param, data, param_len,
    93. 

  93. 			 DATA_SIZE, rparam_len, rdata_len);
    94. 

  94. #if VERBOSE 
    95. 

  95. 	printf("op=%d level=%d ret=%s\n", op, level, nt_errstr(ret));
    96. 

  96. #endif
    97. 

  97. 	if (!NT_STATUS_IS_OK(ret)) return ret;
    98. 

  98. 

  99. 	*data_len = 0;
    100. 

  100. 	while (*data_len < DATA_SIZE) {
    101. 

  101. 		ret = try_trans2(cli, op, param, data, param_len,
    102. 

  102. 				 *data_len, rparam_len, rdata_len);
    103. 

  103. 		if (NT_STATUS_IS_OK(ret)) break;
    104. 

  104. 		*data_len += 2;
    105. 

  105. 	}
    106. 

  106. 	if (NT_STATUS_IS_OK(ret)) {
    107. 

  107. 		printf("found %s level=%d data_len=%d rparam_len=%d rdata_len=%d\n",
    108. 

  108. 		       format, level, *data_len, *rparam_len, *rdata_len);
    109. 

  109. 	} else {
    110. 

  110. 		trans2_check_hit(format, op, level, ret);
    111. 

  111. 	}
    112. 

  112. 	return ret;
    113. 

  113. }
    114. 

  114. 

  115. /****************************************************************************
    116. 

  116. check for existance of a trans2 call
    117. 

  117. ****************************************************************************/
    118. 

  118. static bool scan_trans2(struct cli_state *cli, int op, int level, 
    119. 

  119. 			int fnum, int dnum, const char *fname)
    120. 

  120. {
    121. 

  121. 	uint32_t data_len = 0;
    122. 

  122. 	uint32_t param_len = 0;
    123. 

  123. 	uint32_t rparam_len, rdata_len;
    124. 

  124. 	uint8_t *param = NULL;
    125. 

  125. 	uint8_t data[DATA_SIZE];
    126. 

  126. 	const char *newfname;
    127. 

  127. 	const char *dname;
    128. 

  128. 	NTSTATUS status;
    129. 

  129. 

  130. 	memset(data, 0, sizeof(data));
    131. 

  131. 	data_len = 4;
    132. 

  132. 

  133. 	/* try with a info level only */
    134. 

  134. 	TALLOC_FREE(param);
    135. 

  135. 	param = talloc_array(talloc_tos(), uint8_t, 2);
    136. 

  136. 	if (param == NULL) return True;
    137. 

  137. 

  138. 	SSVAL(param, 0, level);
    139. 

  139. 

  140. 	param_len = talloc_get_size(param);
    141. 

  141. 	status = try_trans2_len(cli, "void", op, level, param, data, param_len, &data_len, 
    142. 

  142. 			    &rparam_len, &rdata_len);
    143. 

  143. 	if (NT_STATUS_IS_OK(status)) return True;
    144. 

  144. 

  145. 	/* try with a file descriptor */
    146. 

  146. 	TALLOC_FREE(param);
    147. 

  147. 	param = talloc_array(talloc_tos(), uint8_t, 6);
    148. 

  148. 	if (param == NULL) return True;
    149. 

  149. 

  150. 	SSVAL(param, 0, fnum);
    151. 

  151. 	SSVAL(param, 2, level);
    152. 

  152. 	SSVAL(param, 4, 0);
    153. 

  153. 

  154. 	param_len = talloc_get_size(param);
    155. 

  155. 	status = try_trans2_len(cli, "fnum", op, level, param, data, param_len, &data_len, 
    156. 

  156. 				&rparam_len, &rdata_len);
    157. 

  157. 	if (NT_STATUS_IS_OK(status)) return True;
    158. 

  158. 

  159. 

  160. 	/* try with a notify style */
    161. 

  161. 	TALLOC_FREE(param);
    162. 

  162. 	param = talloc_array(talloc_tos(), uint8_t, 6);
    163. 

  163. 	if (param == NULL) return True;
    164. 

  164. 

  165. 	SSVAL(param, 0, dnum);
    166. 

  166. 	SSVAL(param, 2, dnum);
    167. 

  167. 	SSVAL(param, 4, level);
    168. 

  168. 

  169. 	param_len = talloc_get_size(param);
    170. 

  170. 	status = try_trans2_len(cli, "notify", op, level, param, data, param_len, &data_len, 
    171. 

  171. 				&rparam_len, &rdata_len);
    172. 

  172. 	if (NT_STATUS_IS_OK(status)) return True;
    173. 

  173. 

  174. 	/* try with a file name */
    175. 

  175. 	TALLOC_FREE(param);
    176. 

  176. 	param = talloc_array(talloc_tos(), uint8_t, 6);
    177. 

  177. 	if (param == NULL) return True;
    178. 

  178. 

  179. 	SSVAL(param, 0, level);
    180. 

  180. 	SSVAL(param, 2, 0);
    181. 

  181. 	SSVAL(param, 4, 0);
    182. 

  182. 	param = trans2_bytes_push_str(param, cli_ucs2(cli),
    183. 

  183. 				      fname, strlen(fname)+1, NULL);
    184. 

  184. 	if (param == NULL) return True;
    185. 

  185. 

  186. 	param_len = talloc_get_size(param);
    187. 

  187. 	status = try_trans2_len(cli, "fname", op, level, param, data, param_len, &data_len, 
    188. 

  188. 				&rparam_len, &rdata_len);
    189. 

  189. 	if (NT_STATUS_IS_OK(status)) return True;
    190. 

  190. 

  191. 	/* try with a new file name */
    192. 

  192. 	newfname = "\\newfile.dat";
    193. 

  193. 	TALLOC_FREE(param);
    194. 

  194. 	param = talloc_array(talloc_tos(), uint8_t, 6);
    195. 

  195. 	if (param == NULL) return True;
    196. 

  196. 

  197. 	SSVAL(param, 0, level);
    198. 

  198. 	SSVAL(param, 2, 0);
    199. 

  199. 	SSVAL(param, 4, 0);
    200. 

  200. 	param = trans2_bytes_push_str(param, cli_ucs2(cli),
    201. 

  201. 				      newfname, strlen(newfname)+1, NULL);
    202. 

  202. 	if (param == NULL) return True;
    203. 

  203. 

  204. 	param_len = talloc_get_size(param);
    205. 

  205. 	status = try_trans2_len(cli, "newfile", op, level, param, data, param_len, &data_len, 
    206. 

  206. 				&rparam_len, &rdata_len);
    207. 

  207. 	cli_unlink(cli, newfname, FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN);
    208. 

  208. 	cli_rmdir(cli, newfname);
    209. 

  209. 	if (NT_STATUS_IS_OK(status)) return True;
    210. 

  210. 

  211. 	/* try dfs style  */
    212. 

  212. 	dname = "\\testdir";
    213. 

  213. 	cli_mkdir(cli, dname);
    214. 

  214. 	TALLOC_FREE(param);
    215. 

  215. 	param = talloc_array(talloc_tos(), uint8_t, 2);
    216. 

  216. 	if (param == NULL) return True;
    217. 

  217. 

  218. 	SSVAL(param, 0, level);
    219. 

  219. 	param = trans2_bytes_push_str(param, cli_ucs2(cli),
    220. 

  220. 				      dname, strlen(dname)+1, NULL);
    221. 

  221. 	if (param == NULL) return True;
    222. 

  222. 

  223. 	param_len = talloc_get_size(param);
    224. 

  224. 	status = try_trans2_len(cli, "dfs", op, level, param, data, param_len, &data_len, 
    225. 

  225. 				&rparam_len, &rdata_len);
    226. 

  226. 	cli_rmdir(cli, dname);
    227. 

  227. 	if (NT_STATUS_IS_OK(status)) return True;
    228. 

  228. 

  229. 	return False;
    230. 

  230. }
    231. 

  231. 

  232. 

  233. bool torture_trans2_scan(int dummy)
    234. 

  234. {
    235. 

  235. 	static struct cli_state *cli;
    236. 

  236. 	int op, level;
    237. 

  237. 	const char *fname = "\\scanner.dat";
    238. 

  238. 	uint16_t fnum, dnum;
    239. 

  239. 

  240. 	printf("starting trans2 scan test\n");
    241. 

  241. 

  242. 	if (!torture_open_connection(&cli, 0)) {
    243. 

  243. 		return False;
    244. 

  244. 	}
    245. 

  245. 

  246. 	if (!NT_STATUS_IS_OK(cli_open(cli, fname, O_RDWR | O_CREAT | O_TRUNC, 
    247. 

  247. 			 DENY_NONE, &fnum))) {
    248. 

  248. 		printf("open of %s failed\n", fname);
    249. 

  249. 		return false;
    250. 

  250. 	}
    251. 

  251. 	if (!NT_STATUS_IS_OK(cli_open(cli, "\\", O_RDONLY, DENY_NONE, &dnum))) {
    252. 

  252. 		printf("open of \\ failed\n");
    253. 

  253. 		return false;
    254. 

  254. 	}
    255. 

  255. 

  256. 	for (op=OP_MIN; op<=OP_MAX; op++) {
    257. 

  257. 		printf("Scanning op=%d\n", op);
    258. 

  258. 		for (level = 0; level <= 50; level++) {
    259. 

  259. 			scan_trans2(cli, op, level, fnum, dnum, fname);
    260. 

  260. 		}
    261. 

  261. 

  262. 		for (level = 0x100; level <= 0x130; level++) {
    263. 

  263. 			scan_trans2(cli, op, level, fnum, dnum, fname);
    264. 

  264. 		}
    265. 

  265. 

  266. 		for (level = 1000; level < 1050; level++) {
    267. 

  267. 			scan_trans2(cli, op, level, fnum, dnum, fname);
    268. 

  268. 		}
    269. 

  269. 	}
    270. 

  270. 

  271. 	torture_close_connection(cli);
    272. 

  272. 

  273. 	printf("trans2 scan finished\n");
    274. 

  274. 	return True;
    275. 

  275. }
    276. 

  276. 

  277. 

  278. 

  279. 

  280. /****************************************************************************
    281. 

  281. look for a partial hit
    282. 

  282. ****************************************************************************/
    283. 

  283. static void nttrans_check_hit(const char *format, int op, int level, NTSTATUS status)
    284. 

  284. {
    285. 

  285. 	if (NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_INVALID_LEVEL) ||
    286. 

  286. 	    NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_NOT_IMPLEMENTED) ||
    287. 

  287. 	    NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_NOT_SUPPORTED) ||
    288. 

  288. 	    NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_UNSUCCESSFUL) ||
    289. 

  289. 	    NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_INVALID_INFO_CLASS)) {
    290. 

  290. 		return;
    291. 

  291. 	}
    292. 

  292. #if VERBOSE
    293. 

  293. 		printf("possible %s hit op=%3d level=%5d status=%s\n",
    294. 

  294. 		       format, op, level, nt_errstr(status));
    295. 

  295. #endif
    296. 

  296. }
    297. 

  297. 

  298. /****************************************************************************
    299. 

  299. check for existance of a nttrans call
    300. 

  300. ****************************************************************************/
    301. 

  301. static NTSTATUS try_nttrans(struct cli_state *cli, 
    302. 

  302. 			    int op,
    303. 

  303. 			    uint8_t *param, uint8_t *data,
    304. 

  304. 			    int32_t param_len, uint32_t data_len,
    305. 

  305. 			    uint32_t *rparam_len,
    306. 

  306. 			    uint32_t *rdata_len)
    307. 

  307. {
    308. 

  308. 	uint8_t *rparam=NULL, *rdata=NULL;
    309. 

  309. 	NTSTATUS status;
    310. 

  310. 

  311. 	status = cli_trans(talloc_tos(), cli, SMBnttrans,
    312. 

  312. 			   NULL, -1, /* name, fid */
    313. 

  313. 			   op, 0,
    314. 

  314. 			   NULL, 0, 0, /* setup */
    315. 

  315. 			   param, param_len, 2,
    316. 

  316. 			   data, data_len, CLI_BUFFER_SIZE,
    317. 

  317. 			   NULL,		/* recv_flags2 */
    318. 

  318. 			   NULL, 0, NULL,	/* rsetup */
    319. 

  319. 			   &rparam, 0, rparam_len,
    320. 

  320. 			   &rdata, 0, rdata_len);
    321. 

  321. 	SAFE_FREE(rdata);
    322. 

  322. 	SAFE_FREE(rparam);
    323. 

  323. 

  324. 	return status;
    325. 

  325. }
    326. 

  326. 

  327. 

  328. static NTSTATUS try_nttrans_len(struct cli_state *cli, 
    329. 

  329. 			     const char *format,
    330. 

  330. 			     int op, int level,
    331. 

  331. 			     uint8_t *param, uint8_t *data,
    332. 

  332. 			     int param_len, uint32_t *data_len,
    333. 

  333. 			     uint32_t *rparam_len, uint32_t *rdata_len)
    334. 

  334. {
    335. 

  335. 	NTSTATUS ret=NT_STATUS_OK;
    336. 

  336. 

  337. 	ret = try_nttrans(cli, op, param, data, param_len,
    338. 

  338. 			 DATA_SIZE, rparam_len, rdata_len);
    339. 

  339. #if VERBOSE 
    340. 

  340. 	printf("op=%d level=%d ret=%s\n", op, level, nt_errstr(ret));
    341. 

  341. #endif
    342. 

  342. 	if (!NT_STATUS_IS_OK(ret)) return ret;
    343. 

  343. 

  344. 	*data_len = 0;
    345. 

  345. 	while (*data_len < DATA_SIZE) {
    346. 

  346. 		ret = try_nttrans(cli, op, param, data, param_len,
    347. 

  347. 				 *data_len, rparam_len, rdata_len);
    348. 

  348. 		if (NT_STATUS_IS_OK(ret)) break;
    349. 

  349. 		*data_len += 2;
    350. 

  350. 	}
    351. 

  351. 	if (NT_STATUS_IS_OK(ret)) {
    352. 

  352. 		printf("found %s level=%d data_len=%d rparam_len=%d rdata_len=%d\n",
    353. 

  353. 		       format, level, *data_len, *rparam_len, *rdata_len);
    354. 

  354. 	} else {
    355. 

  355. 		nttrans_check_hit(format, op, level, ret);
    356. 

  356. 	}
    357. 

  357. 	return ret;
    358. 

  358. }
    359. 

  359. 

  360. /****************************************************************************
    361. 

  361. check for existance of a nttrans call
    362. 

  362. ****************************************************************************/
    363. 

  363. static bool scan_nttrans(struct cli_state *cli, int op, int level, 
    364. 

  364. 			int fnum, int dnum, const char *fname)
    365. 

  365. {
    366. 

  366. 	uint32_t data_len = 0;
    367. 

  367. 	uint32_t param_len = 0;
    368. 

  368. 	uint32_t rparam_len, rdata_len;
    369. 

  369. 	uint8_t *param = NULL;
    370. 

  370. 	uint8_t data[DATA_SIZE];
    371. 

  371. 	NTSTATUS status;
    372. 

  372. 	const char *newfname;
    373. 

  373. 	const char *dname;
    374. 

  374. 

  375. 	memset(data, 0, sizeof(data));
    376. 

  376. 	data_len = 4;
    377. 

  377. 

  378. 	/* try with a info level only */
    379. 

  379. 	TALLOC_FREE(param);
    380. 

  380. 	param = talloc_array(talloc_tos(), uint8_t, 2);
    381. 

  381. 	if (param == NULL) return True;
    382. 

  382. 

  383. 	SSVAL(param, 0, level);
    384. 

  384. 

  385. 	param_len = talloc_get_size(param);
    386. 

  386. 	status = try_nttrans_len(cli, "void", op, level, param, data, param_len, &data_len, 
    387. 

  387. 			    &rparam_len, &rdata_len);
    388. 

  388. 	if (NT_STATUS_IS_OK(status)) return True;
    389. 

  389. 

  390. 	/* try with a file descriptor */
    391. 

  391. 	TALLOC_FREE(param);
    392. 

  392. 	param = talloc_array(talloc_tos(), uint8_t, 6);
    393. 

  393. 	if (param == NULL) return True;
    394. 

  394. 

  395. 	SSVAL(param, 0, fnum);
    396. 

  396. 	SSVAL(param, 2, level);
    397. 

  397. 	SSVAL(param, 4, 0);
    398. 

  398. 

  399. 	param_len = talloc_get_size(param);
    400. 

  400. 	status = try_nttrans_len(cli, "fnum", op, level, param, data, param_len, &data_len, 
    401. 

  401. 				&rparam_len, &rdata_len);
    402. 

  402. 	if (NT_STATUS_IS_OK(status)) return True;
    403. 

  403. 

  404. 

  405. 	/* try with a notify style */
    406. 

  406. 	TALLOC_FREE(param);
    407. 

  407. 	param = talloc_array(talloc_tos(), uint8_t, 6);
    408. 

  408. 	if (param == NULL) return True;
    409. 

  409. 

  410. 	SSVAL(param, 0, dnum);
    411. 

  411. 	SSVAL(param, 2, dnum);
    412. 

  412. 	SSVAL(param, 4, level);
    413. 

  413. 

  414. 	param_len = talloc_get_size(param);
    415. 

  415. 	status = try_nttrans_len(cli, "notify", op, level, param, data, param_len, &data_len, 
    416. 

  416. 				&rparam_len, &rdata_len);
    417. 

  417. 	if (NT_STATUS_IS_OK(status)) return True;
    418. 

  418. 

  419. 	/* try with a file name */
    420. 

  420. 	TALLOC_FREE(param);
    421. 

  421. 	param = talloc_array(talloc_tos(), uint8_t, 6);
    422. 

  422. 	if (param == NULL) return True;
    423. 

  423. 

  424. 	SSVAL(param, 0, level);
    425. 

  425. 	SSVAL(param, 2, 0);
    426. 

  426. 	SSVAL(param, 4, 0);
    427. 

  427. 	param = trans2_bytes_push_str(param, cli_ucs2(cli),
    428. 

  428. 				      fname, strlen(fname)+1, NULL);
    429. 

  429. 	if (param == NULL) return True;
    430. 

  430. 

  431. 	param_len = talloc_get_size(param);
    432. 

  432. 	status = try_nttrans_len(cli, "fname", op, level, param, data, param_len, &data_len, 
    433. 

  433. 				&rparam_len, &rdata_len);
    434. 

  434. 	if (NT_STATUS_IS_OK(status)) return True;
    435. 

  435. 

  436. 	/* try with a new file name */
    437. 

  437. 	newfname = "\\newfile.dat";
    438. 

  438. 	TALLOC_FREE(param);
    439. 

  439. 	param = talloc_array(talloc_tos(), uint8_t, 6);
    440. 

  440. 	if (param == NULL) return True;
    441. 

  441. 

  442. 	SSVAL(param, 0, level);
    443. 

  443. 	SSVAL(param, 2, 0);
    444. 

  444. 	SSVAL(param, 4, 0);
    445. 

  445. 	param = trans2_bytes_push_str(param, cli_ucs2(cli),
    446. 

  446. 				      newfname, strlen(newfname)+1, NULL);
    447. 

  447. 	if (param == NULL) return True;
    448. 

  448. 

  449. 	param_len = talloc_get_size(param);
    450. 

  450. 	status = try_nttrans_len(cli, "newfile", op, level, param, data, param_len, &data_len, 
    451. 

  451. 				&rparam_len, &rdata_len);
    452. 

  452. 	cli_unlink(cli, newfname, FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN);
    453. 

  453. 	cli_rmdir(cli, newfname);
    454. 

  454. 	if (NT_STATUS_IS_OK(status)) return True;
    455. 

  455. 

  456. 	/* try dfs style  */
    457. 

  457. 	dname = "\\testdir";
    458. 

  458. 	cli_mkdir(cli, dname);
    459. 

  459. 	TALLOC_FREE(param);
    460. 

  460. 	param = talloc_array(talloc_tos(), uint8_t, 2);
    461. 

  461. 	if (param == NULL) return True;
    462. 

  462. 

  463. 	SSVAL(param, 0, level);
    464. 

  464. 	param = trans2_bytes_push_str(param, cli_ucs2(cli),
    465. 

  465. 				      dname, strlen(dname)+1, NULL);
    466. 

  466. 	if (param == NULL) return True;
    467. 

  467. 

  468. 	param_len = talloc_get_size(param);
    469. 

  469. 	status = try_nttrans_len(cli, "dfs", op, level, param, data, param_len, &data_len, 
    470. 

  470. 				&rparam_len, &rdata_len);
    471. 

  471. 	cli_rmdir(cli, dname);
    472. 

  472. 	if (NT_STATUS_IS_OK(status)) return True;
    473. 

  473. 

  474. 	return False;
    475. 

  475. }
    476. 

  476. 

  477. 

  478. bool torture_nttrans_scan(int dummy)
    479. 

  479. {
    480. 

  480. 	static struct cli_state *cli;
    481. 

  481. 	int op, level;
    482. 

  482. 	const char *fname = "\\scanner.dat";
    483. 

  483. 	uint16_t fnum, dnum;
    484. 

  484. 

  485. 	printf("starting nttrans scan test\n");
    486. 

  486. 

  487. 	if (!torture_open_connection(&cli, 0)) {
    488. 

  488. 		return False;
    489. 

  489. 	}
    490. 

  490. 

  491. 	cli_open(cli, fname, O_RDWR | O_CREAT | O_TRUNC, 
    492. 

  492. 			 DENY_NONE, &fnum);
    493. 

  493. 	cli_open(cli, "\\", O_RDONLY, DENY_NONE, &dnum);
    494. 

  494. 

  495. 	for (op=OP_MIN; op<=OP_MAX; op++) {
    496. 

  496. 		printf("Scanning op=%d\n", op);
    497. 

  497. 		for (level = 0; level <= 50; level++) {
    498. 

  498. 			scan_nttrans(cli, op, level, fnum, dnum, fname);
    499. 

  499. 		}
    500. 

  500. 

  501. 		for (level = 0x100; level <= 0x130; level++) {
    502. 

  502. 			scan_nttrans(cli, op, level, fnum, dnum, fname);
    503. 

  503. 		}
    504. 

  504. 

  505. 		for (level = 1000; level < 1050; level++) {
    506. 

  506. 			scan_nttrans(cli, op, level, fnum, dnum, fname);
    507. 

  507. 		}
    508. 

  508. 	}
    509. 

  509. 

  510. 	torture_close_connection(cli);
    511. 

  511. 

  512. 	printf("nttrans scan finished\n");
    513. 

  513. 	return True;
    514. 

  514. }
    515. 

  515.