Line data Source code
1 : /* 2 : Unix SMB/CIFS implementation. 3 : 4 : find security related memory leaks 5 : 6 : Copyright (C) Andrew Tridgell 2004 7 : Copyright (C) David Mulder 2020 8 : 9 : This program is free software; you can redistribute it and/or modify 10 : it under the terms of the GNU General Public License as published by 11 : the Free Software Foundation; either version 3 of the License, or 12 : (at your option) any later version. 13 : 14 : This program is distributed in the hope that it will be useful, 15 : but WITHOUT ANY WARRANTY; without even the implied warranty of 16 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 : GNU General Public License for more details. 18 : 19 : You should have received a copy of the GNU General Public License 20 : along with this program. If not, see <http://www.gnu.org/licenses/>. 21 : */ 22 : 23 : #include "includes.h" 24 : #include "libcli/raw/libcliraw.h" 25 : #include "libcli/raw/raw_proto.h" 26 : #include "libcli/libcli.h" 27 : #include "torture/util.h" 28 : #include "system/time.h" 29 : #include "libcli/smb_composite/smb_composite.h" 30 : #include "auth/credentials/credentials.h" 31 : #include "param/param.h" 32 : #include "libcli/smb2/smb2.h" 33 : #include "libcli/smb2/smb2_calls.h" 34 : #include "torture/smb2/proto.h" 35 : #include "../libcli/smb/smbXcli_base.h" 36 : 37 2408 : static bool try_failed_login(struct torture_context *tctx, struct smb2_tree *tree) 38 : { 39 0 : NTSTATUS status; 40 2408 : struct cli_credentials *credentials = NULL; 41 2408 : uint32_t sessid = 0; 42 2408 : struct smb2_session *session = NULL; 43 2408 : bool result = true; 44 : 45 2408 : session = smb2_session_init(tree->session->transport, 46 : lpcfg_gensec_settings(tctx, tctx->lp_ctx), 47 : tctx); 48 2408 : torture_assert(tctx, session, "Session initialization failed"); 49 : 50 2408 : sessid = smb2cli_session_current_id(tree->session->smbXcli); 51 2408 : credentials = cli_credentials_init(session); 52 2408 : torture_assert_goto(tctx, credentials, result, done, 53 : "Credential allocation failed"); 54 : 55 2408 : cli_credentials_set_conf(credentials, tctx->lp_ctx); 56 2408 : cli_credentials_set_domain(credentials, "INVALID-DOMAIN", CRED_SPECIFIED); 57 2408 : cli_credentials_set_username(credentials, "INVALID-USERNAME", CRED_SPECIFIED); 58 2408 : cli_credentials_set_password(credentials, "INVALID-PASSWORD", CRED_SPECIFIED); 59 : 60 2408 : status = smb2_session_setup_spnego(session, credentials, sessid); 61 2408 : torture_assert_ntstatus_equal_goto(tctx, status, 62 : NT_STATUS_LOGON_FAILURE, result, done, 63 : "Allowed session setup with invalid credentials?!\n"); 64 : 65 2408 : done: 66 : /* smb2_session_init() steals the transport, and if we don't steal it 67 : * back before freeing session, then we segfault on the next iteration 68 : * because the transport pointer in the tree is now invalid. 69 : */ 70 2408 : tree->session->transport = talloc_steal(tree->session, session->transport); 71 2408 : talloc_free(session); 72 : 73 2408 : return result; 74 : } 75 : 76 5 : bool torture_smb2_sec_leak(struct torture_context *tctx, struct smb2_tree *tree) 77 : { 78 5 : time_t t1 = time_mono(NULL); 79 5 : int timelimit = torture_setting_int(tctx, "timelimit", 20); 80 0 : bool result; 81 : 82 2413 : while (time_mono(NULL) < t1+timelimit) { 83 2408 : result = try_failed_login(tctx, tree); 84 2408 : torture_assert(tctx, result, 85 : "Invalid credentials should have failed"); 86 : 87 2408 : talloc_report(NULL, stdout); 88 : } 89 : 90 5 : return true; 91 : }