Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 :
4 : find security related memory leaks
5 :
6 : Copyright (C) Andrew Tridgell 2004
7 : Copyright (C) David Mulder 2020
8 :
9 : This program is free software; you can redistribute it and/or modify
10 : it under the terms of the GNU General Public License as published by
11 : the Free Software Foundation; either version 3 of the License, or
12 : (at your option) any later version.
13 :
14 : This program is distributed in the hope that it will be useful,
15 : but WITHOUT ANY WARRANTY; without even the implied warranty of
16 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 : GNU General Public License for more details.
18 :
19 : You should have received a copy of the GNU General Public License
20 : along with this program. If not, see <http://www.gnu.org/licenses/>.
21 : */
22 :
23 : #include "includes.h"
24 : #include "libcli/raw/libcliraw.h"
25 : #include "libcli/raw/raw_proto.h"
26 : #include "libcli/libcli.h"
27 : #include "torture/util.h"
28 : #include "system/time.h"
29 : #include "libcli/smb_composite/smb_composite.h"
30 : #include "auth/credentials/credentials.h"
31 : #include "param/param.h"
32 : #include "libcli/smb2/smb2.h"
33 : #include "libcli/smb2/smb2_calls.h"
34 : #include "torture/smb2/proto.h"
35 : #include "../libcli/smb/smbXcli_base.h"
36 :
37 99 : static bool try_failed_login(struct torture_context *tctx, struct smb2_tree *tree)
38 : {
39 : NTSTATUS status;
40 99 : struct cli_credentials *credentials = NULL;
41 99 : uint32_t sessid = 0;
42 99 : struct smb2_session *session = NULL;
43 99 : bool result = true;
44 :
45 99 : session = smb2_session_init(tree->session->transport,
46 : lpcfg_gensec_settings(tctx, tctx->lp_ctx),
47 : tctx);
48 99 : torture_assert(tctx, session, "Session initialization failed");
49 :
50 99 : sessid = smb2cli_session_current_id(tree->session->smbXcli);
51 99 : credentials = cli_credentials_init(session);
52 99 : torture_assert_goto(tctx, credentials, result, done,
53 : "Credential allocation failed");
54 :
55 99 : cli_credentials_set_conf(credentials, tctx->lp_ctx);
56 99 : cli_credentials_set_domain(credentials, "INVALID-DOMAIN", CRED_SPECIFIED);
57 99 : cli_credentials_set_username(credentials, "INVALID-USERNAME", CRED_SPECIFIED);
58 99 : cli_credentials_set_password(credentials, "INVALID-PASSWORD", CRED_SPECIFIED);
59 :
60 99 : status = smb2_session_setup_spnego(session, credentials, sessid);
61 99 : torture_assert_ntstatus_equal_goto(tctx, status,
62 : NT_STATUS_LOGON_FAILURE, result, done,
63 : "Allowed session setup with invalid credentials?!\n");
64 :
65 99 : done:
66 : /* smb2_session_init() steals the transport, and if we don't steal it
67 : * back before freeing session, then we segfault on the next iteration
68 : * because the transport pointer in the tree is now invalid.
69 : */
70 99 : tree->session->transport = talloc_steal(tree->session, session->transport);
71 99 : talloc_free(session);
72 :
73 99 : return result;
74 : }
75 :
76 1 : bool torture_smb2_sec_leak(struct torture_context *tctx, struct smb2_tree *tree)
77 : {
78 1 : time_t t1 = time_mono(NULL);
79 1 : int timelimit = torture_setting_int(tctx, "timelimit", 20);
80 : bool result;
81 :
82 101 : while (time_mono(NULL) < t1+timelimit) {
83 99 : result = try_failed_login(tctx, tree);
84 99 : torture_assert(tctx, result,
85 : "Invalid credentials should have failed");
86 :
87 99 : talloc_report(NULL, stdout);
88 : }
89 :
90 1 : return true;
91 : }
|
