Line data    Source code

       1             : /*
       2             :    Unix SMB/CIFS implementation.
       3             : 
       4             :    find security related memory leaks
       5             : 
       6             :    Copyright (C) Andrew Tridgell 2004
       7             :    Copyright (C) David Mulder 2020
       8             : 
       9             :    This program is free software; you can redistribute it and/or modify
      10             :    it under the terms of the GNU General Public License as published by
      11             :    the Free Software Foundation; either version 3 of the License, or
      12             :    (at your option) any later version.
      13             : 
      14             :    This program is distributed in the hope that it will be useful,
      15             :    but WITHOUT ANY WARRANTY; without even the implied warranty of
      16             :    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      17             :    GNU General Public License for more details.
      18             : 
      19             :    You should have received a copy of the GNU General Public License
      20             :    along with this program.  If not, see <http://www.gnu.org/licenses/>.
      21             : */
      22             : 
      23             : #include "includes.h"
      24             : #include "libcli/raw/libcliraw.h"
      25             : #include "libcli/raw/raw_proto.h"
      26             : #include "libcli/libcli.h"
      27             : #include "torture/util.h"
      28             : #include "system/time.h"
      29             : #include "libcli/smb_composite/smb_composite.h"
      30             : #include "auth/credentials/credentials.h"
      31             : #include "param/param.h"
      32             : #include "libcli/smb2/smb2.h"
      33             : #include "libcli/smb2/smb2_calls.h"
      34             : #include "torture/smb2/proto.h"
      35             : #include "../libcli/smb/smbXcli_base.h"
      36             : 
      37        1995 : static bool try_failed_login(struct torture_context *tctx, struct smb2_tree *tree)
      38             : {
      39           0 :         NTSTATUS status;
      40        1995 :         struct cli_credentials *credentials = NULL;
      41        1995 :         uint32_t sessid = 0;
      42        1995 :         struct smb2_session *session = NULL;
      43        1995 :         bool result = true;
      44             : 
      45        1995 :         session = smb2_session_init(tree->session->transport,
      46             :                                     lpcfg_gensec_settings(tctx, tctx->lp_ctx),
      47             :                                     tctx);
      48        1995 :         torture_assert(tctx, session, "Session initialization failed");
      49             : 
      50        1995 :         sessid = smb2cli_session_current_id(tree->session->smbXcli);
      51        1995 :         credentials = cli_credentials_init(session);
      52        1995 :         torture_assert_goto(tctx, credentials, result, done,
      53             :                             "Credential allocation failed");
      54             : 
      55        1995 :         cli_credentials_set_conf(credentials, tctx->lp_ctx);
      56        1995 :         cli_credentials_set_domain(credentials, "INVALID-DOMAIN", CRED_SPECIFIED);
      57        1995 :         cli_credentials_set_username(credentials, "INVALID-USERNAME", CRED_SPECIFIED);
      58        1995 :         cli_credentials_set_password(credentials, "INVALID-PASSWORD", CRED_SPECIFIED);
      59             : 
      60        1995 :         status = smb2_session_setup_spnego(session, credentials, sessid);
      61        1995 :         torture_assert_ntstatus_equal_goto(tctx, status,
      62             :                 NT_STATUS_LOGON_FAILURE, result, done,
      63             :                 "Allowed session setup with invalid credentials?!\n");
      64             : 
      65        1995 : done:
      66             :         /* smb2_session_init() steals the transport, and if we don't steal it
      67             :          * back before freeing session, then we segfault on the next iteration
      68             :          * because the transport pointer in the tree is now invalid.
      69             :          */
      70        1995 :         tree->session->transport = talloc_steal(tree->session, session->transport);
      71        1995 :         talloc_free(session);
      72             : 
      73        1995 :         return result;
      74             : }
      75             : 
      76           5 : bool torture_smb2_sec_leak(struct torture_context *tctx, struct smb2_tree *tree)
      77             : {
      78           5 :         time_t t1 = time_mono(NULL);
      79           5 :         int timelimit = torture_setting_int(tctx, "timelimit", 20);
      80           0 :         bool result;
      81             : 
      82        2000 :         while (time_mono(NULL) < t1+timelimit) {
      83        1995 :                 result = try_failed_login(tctx, tree);
      84        1995 :                 torture_assert(tctx, result,
      85             :                                "Invalid credentials should have failed");
      86             : 
      87        1995 :                 talloc_report(NULL, stdout);
      88             :         }
      89             : 
      90           5 :         return true;
      91             : }