r21648: Start a UNIX extensions test set. Add a test for the SMBWhoami query.

(This used to be commit ca89683dc28104a8cee23b0c1428350f22a68c99)

2 files changed, 381 insertions, 0 deletions

diff --git a/source4/torture/unix/unix.c b/source4/torture/unix/unix.c
new file mode 100644
index 00000000000..57d804ab6fa
--- /dev/null
+++ b/source4/torture/unix/unix.c
@@ -0,0 +1,39 @@
+/*
+   UNIX Extensions test registration.
+
+   Copyright (C) 2006 James Peach
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "torture/torture.h"
+#include "torture/unix/proto.h"
+
+NTSTATUS torture_unix_init(void)
+{
+        struct torture_suite *suite =
+                torture_suite_create(talloc_autofree_context(), "UNIX");
+
+        suite->description =
+                talloc_strdup(suite, "CIFS UNIX extensions tests");
+
+	torture_suite_add_simple_test(suite,
+                        "WHOAMI", apple_torture_unix_whoami);
+
+        return (torture_register_suite(suite)) ? NT_STATUS_OK
+                                        : NT_STATUS_UNSUCCESSFUL;
+
+}
diff --git a/source4/torture/unix/whoami.c b/source4/torture/unix/whoami.c
new file mode 100644
index 00000000000..7adb344eac0
--- /dev/null
+++ b/source4/torture/unix/whoami.c
@@ -0,0 +1,342 @@
+/*
+   Test the SMB_WHOAMI Unix extension.
+
+   Copyright (C) 2007 James Peach
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "torture/torture.h"
+#include "torture/basic/proto.h"
+#include "libcli/libcli.h"
+#include "libcli/raw/interfaces.h"
+#include "lib/cmdline/popt_common.h"
+#include "auth/credentials/credentials.h"
+
+#define SMB_QUERY_POSIX_WHOAMI     0x202
+
+/* Size (in bytes) of the required fields in the SMBwhoami response. */
+#define WHOAMI_REQUIRED_SIZE	40
+
+enum smb_whoami_flags {
+    SMB_WHOAMI_GUEST = 0x1 /* Logged in as (or squashed to) guest */
+};
+
+/*
+   SMBWhoami - Query the user mapping performed by the server for the
+   connected tree. This is a subcommand of the TRANS2_QFSINFO.
+
+   Returns:
+       4 bytes unsigned -      mapping flags (smb_whoami_flags)
+       4 bytes unsigned -      flags mask
+
+       8 bytes unsigned -      primary UID
+       8 bytes unsigned -      primary GID
+       4 bytes unsigned -      number of supplementary GIDs
+       4 bytes unsigned -      number of SIDs
+       4 bytes unsigned -      SID list byte count
+       4 bytes -               pad / reserved (must be zero)
+
+       8 bytes unsigned[] -    list of GIDs (may be empty)
+       DOM_SID[] -             list of SIDs (may be empty)
+*/
+
+struct smb_whoami
+{
+	uint32_t	mapping_flags;
+	uint32_t	mapping_mask;
+	uint64_t	server_uid;
+	uint64_t	server_gid;
+	uint32_t	num_gids;
+	uint32_t	num_sids;
+	uint32_t	num_sid_bytes;
+	uint32_t	reserved; /* Must be zero */
+	uint64_t *	gid_list;
+	struct dom_sid ** sid_list;
+};
+
+static struct smbcli_state *connect_to_server(void *mem_ctx)
+{
+	NTSTATUS status;
+	struct smbcli_state *cli;
+
+	const char *host = lp_parm_string(-1, "torture", "host");
+	const char *share = lp_parm_string(-1, "torture", "share");
+
+	status = smbcli_full_connection(mem_ctx, &cli,
+					host, share, NULL,
+					cmdline_credentials, NULL);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		printf("failed to connect to //%s/%s: %s\n",
+			host, share, nt_errstr(status));
+		return NULL;
+	}
+
+	return cli;
+}
+
+static BOOL sid_parse(void *mem_ctx,
+		struct torture_context *torture,
+		DATA_BLOB *data, size_t *offset,
+		struct dom_sid **psid)
+{
+	size_t remain = data->length - *offset;
+	int i;
+
+	*psid = talloc_zero(mem_ctx, struct dom_sid);
+	torture_assert(torture, *psid != NULL, "out of memory");
+
+	torture_assert(torture, remain >= 8,
+			"invalid SID format");
+
+        (*psid)->sid_rev_num = CVAL(data->data, *offset);
+        (*psid)->num_auths = CVAL(data->data, *offset + 1);
+        memcpy((*psid)->id_auth, data->data + *offset + 2, 6);
+
+	(*offset) += 8;
+	remain = data->length - *offset;
+
+	torture_assert(torture, remain >= ((*psid)->num_auths * 4),
+			"invalid sub_auth byte count");
+	torture_assert(torture, (*psid)->num_auths >= 0,
+			"invalid sub_auth value");
+	torture_assert(torture, (*psid)->num_auths <= 15,
+			"invalid sub_auth value");
+
+	(*psid)->sub_auths = talloc_array(mem_ctx, uint32_t,
+			(*psid)->num_auths);
+	torture_assert(torture, (*psid)->sub_auths != NULL,
+			"out of memory");
+
+        for (i = 0; i < (*psid)->num_auths; i++) {
+                (*psid)->sub_auths[i] = IVAL(data->data, *offset);
+		(*offset) += 4;
+	}
+
+	return True;
+}
+
+static BOOL smb_raw_query_posix_whoami(void *mem_ctx,
+				struct torture_context *torture,
+				struct smbcli_state *cli,
+				struct smb_whoami *whoami,
+				unsigned max_data)
+{
+	struct smb_trans2 tp;
+	NTSTATUS status;
+	size_t offset;
+	int i;
+
+	uint16_t setup = TRANSACT2_QFSINFO;
+	uint16_t info_level;
+
+	ZERO_STRUCTP(whoami);
+
+	tp.in.max_setup = 0;
+	tp.in.flags = 0;
+	tp.in.timeout = 0;
+	tp.in.setup_count = 1;
+	tp.in.max_param = 10;
+	tp.in.max_data = (uint16_t)max_data;
+	tp.in.setup = &setup;
+	tp.in.trans_name = NULL;
+	SSVAL(&info_level, 0, SMB_QUERY_POSIX_WHOAMI);
+	tp.in.params = data_blob_talloc(mem_ctx, &info_level, 2);
+	tp.in.data = data_blob_talloc(mem_ctx, NULL, 0);
+
+	status = smb_raw_trans2(cli->tree, mem_ctx, &tp);
+	torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK,
+			"doing SMB_QUERY_POSIX_WHOAMI");
+
+	/* Make sure we got back all the required fields. */
+	torture_assert(torture, tp.out.params.length == 0,
+			"trans2 params should be empty");
+	torture_assert(torture, tp.out.data.length >= WHOAMI_REQUIRED_SIZE,
+			"checking for required response fields");
+
+	whoami->mapping_flags = IVAL(tp.out.data.data, 0);
+	whoami->mapping_mask = IVAL(tp.out.data.data, 4);
+	whoami->server_uid = BVAL(tp.out.data.data, 8);
+	whoami->server_gid = BVAL(tp.out.data.data, 16);
+	whoami->num_gids = IVAL(tp.out.data.data, 24);
+	whoami->num_sids = IVAL(tp.out.data.data, 28);
+	whoami->num_sid_bytes = IVAL(tp.out.data.data, 32);
+	whoami->reserved = IVAL(tp.out.data.data, 36);
+
+	/* The GID list and SID list are optional, depending on the count
+	 * and length fields.
+	 */
+	if (whoami->num_sids != 0) {
+		torture_assert(torture, whoami->num_sid_bytes != 0,
+				"SID count does not match byte count");
+	}
+
+	printf("\tmapping_flags=0x%08x mapping_mask=0x%08x\n",
+			whoami->mapping_flags, whoami->mapping_mask);
+	printf("\tserver UID=%lld GID=%lld\n",
+			whoami->server_uid, whoami->server_gid);
+	printf("\t%u GIDs, %u SIDs, %u SID bytes\n",
+			whoami->num_gids, whoami->num_sids,
+			whoami->num_sid_bytes);
+
+	offset = WHOAMI_REQUIRED_SIZE;
+
+	torture_assert_int_equal(torture, whoami->reserved, 0,
+			"invalid reserved field");
+
+	if (tp.out.data.length == offset) {
+		/* No SIDs or GIDs returned */
+		torture_assert_int_equal(torture, whoami->num_gids, 0,
+				"invalid GID count");
+		torture_assert_int_equal(torture, whoami->num_sids, 0,
+				"invalid SID count");
+		torture_assert_int_equal(torture, whoami->num_sid_bytes, 0,
+				"invalid SID byte count");
+		return True;
+	}
+
+	if (whoami->num_gids != 0) {
+		int remain = tp.out.data.length - offset;
+		int gid_bytes = whoami->num_gids * 8;
+
+		if (whoami->num_sids == 0) {
+			torture_assert_int_equal(torture, remain, gid_bytes,
+					"GID count does not match data length");
+		} else {
+			torture_assert(torture, remain > gid_bytes,
+						"invalid GID count");
+		}
+
+		whoami->gid_list = talloc_array(mem_ctx, uint64_t, whoami->num_gids);
+		torture_assert(torture, whoami->gid_list != NULL, "out of memory");
+
+		for (i = 0; i < whoami->num_gids; ++i) {
+			whoami->gid_list[i] = BVAL(tp.out.data.data, offset);
+			offset += 8;
+		}
+	}
+
+	/* Check if there should be data left for the SID list. */
+	if (tp.out.data.length == offset) {
+		torture_assert_int_equal(torture, whoami->num_sids, 0,
+				"invalid SID count");
+		return True;
+	}
+
+	/* All the remaining bytes must be the SID list. */
+	torture_assert_int_equal(torture,
+		whoami->num_sid_bytes, (tp.out.data.length - offset),
+		"invalid SID byte count");
+
+	if (whoami->num_sids != 0) {
+
+		whoami->sid_list = talloc_array(mem_ctx, struct dom_sid *,
+				whoami->num_sids);
+		torture_assert(torture, whoami->sid_list != NULL,
+				"out of memory");
+
+		for (i = 0; i < whoami->num_sids; ++i) {
+			if (!sid_parse(mem_ctx, torture,
+					&tp.out.data, &offset,
+					&whoami->sid_list[i])) {
+				return False;
+			}
+
+		}
+	}
+
+	/* We should be at the end of the response now. */
+	torture_assert_int_equal(torture, tp.out.data.length, offset,
+			"trailing garbage bytes");
+
+	return True;
+}
+
+BOOL apple_torture_unix_whoami(struct torture_context *torture)
+{
+	struct smbcli_state *cli;
+	struct smb_whoami whoami;
+	void *mem_ctx;
+
+	mem_ctx = talloc_init("smb_query_posix_whoami");
+	torture_assert(torture, mem_ctx != NULL, "malloc failed");
+
+	if (!(cli = connect_to_server(mem_ctx))) {
+		goto fail;
+	}
+
+	/* Test basic authenticated mapping. */
+	printf("calling SMB_QUERY_POSIX_WHOAMI on an authenticated connection\n");
+	if (!smb_raw_query_posix_whoami(mem_ctx, torture,
+				cli, &whoami, 0xFFFF)) {
+		smbcli_tdis(cli);
+		goto fail;
+	}
+
+	/* Test that the server drops the UID and GID list. */
+	printf("calling SMB_QUERY_POSIX_WHOAMI with a small buffer\n");
+	if (!smb_raw_query_posix_whoami(mem_ctx, torture,
+				cli, &whoami, 0x40)) {
+		smbcli_tdis(cli);
+		goto fail;
+	}
+
+	torture_assert_int_equal(torture, whoami.num_gids, 0,
+			"invalid GID count");
+	torture_assert_int_equal(torture, whoami.num_sids, 0,
+			"invalid SID count");
+	torture_assert_int_equal(torture, whoami.num_sid_bytes, 0,
+			"invalid SID bytes count");
+
+	smbcli_tdis(cli);
+	cli_credentials_set_anonymous(cmdline_credentials);
+
+	if (!(cli = connect_to_server(mem_ctx))) {
+		goto fail;
+	}
+
+	printf("calling SMB_QUERY_POSIX_WHOAMI on an anonymous connection\n");
+	if (!smb_raw_query_posix_whoami(mem_ctx, torture,
+				cli, &whoami, 0xFFFF)) {
+		smbcli_tdis(cli);
+		goto fail;
+	}
+
+	smbcli_tdis(cli);
+
+	/* Check that our anonymous login mapped us to guest on the server, but
+	 * only if the server supports this.
+	 */
+	if (whoami.mapping_mask & SMB_WHOAMI_GUEST) {
+		printf("checking whether we were logged in as guest... %s\n",
+			whoami.mapping_flags & SMB_WHOAMI_GUEST ? "YES" : "NO");
+		torture_assert(torture, whoami.mapping_flags & SMB_WHOAMI_GUEST,
+				"anonymous login did not map to guest");
+	} else {
+		printf("server does not support SMB_WHOAMI_GUEST flag\n");
+	}
+
+	talloc_free(mem_ctx);
+	return True;
+
+fail:
+	talloc_free(mem_ctx);
+	return False;
+
+}
+
+/* vim: set sts=8 sw=8 : */