2003-11-03 09:22:45 +03:00
/*
Unix SMB / CIFS implementation .
test suite for lsa rpc operations
2003-11-04 12:10:31 +03:00
2003-11-03 09:22:45 +03:00
Copyright ( C ) Andrew Tridgell 2003
2005-01-11 17:04:58 +03:00
Copyright ( C ) Andrew Bartlett < abartlet @ samba . org > 2004 - 2005
2003-11-03 09:22:45 +03:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-10 06:07:03 +04:00
the Free Software Foundation ; either version 3 of the License , or
2003-11-03 09:22:45 +03:00
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
2007-07-10 06:07:03 +04:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
2003-11-03 09:22:45 +03:00
*/
# include "includes.h"
2006-01-03 16:41:17 +03:00
# include "torture/torture.h"
2006-03-15 02:35:30 +03:00
# include "librpc/gen_ndr/ndr_lsa_c.h"
2007-06-08 14:43:42 +04:00
# include "librpc/gen_ndr/netlogon.h"
2008-09-04 10:06:38 +04:00
# include "librpc/gen_ndr/ndr_drsblobs.h"
2005-11-02 08:34:17 +03:00
# include "lib/events/events.h"
2006-04-02 16:02:01 +04:00
# include "libcli/security/security.h"
2006-03-14 18:02:05 +03:00
# include "libcli/auth/libcli_auth.h"
# include "torture/rpc/rpc.h"
2007-09-08 16:42:09 +04:00
# include "param/param.h"
2008-09-24 17:30:23 +04:00
# include "../lib/crypto/crypto.h"
2007-12-10 03:45:04 +03:00
# define TEST_MACHINENAME "lsatestmach"
2004-11-22 14:59:59 +03:00
static void init_lsa_String ( struct lsa_String * name , const char * s )
2003-11-19 06:20:32 +03:00
{
2004-11-22 14:59:59 +03:00
name - > string = s ;
2003-11-19 06:20:32 +03:00
}
2007-10-07 02:28:14 +04:00
static bool test_OpenPolicy ( struct dcerpc_pipe * p , TALLOC_CTX * mem_ctx )
2003-11-03 09:22:45 +03:00
{
2003-11-04 12:10:31 +03:00
struct lsa_ObjectAttribute attr ;
struct policy_handle handle ;
struct lsa_QosInfo qos ;
2003-11-09 07:40:50 +03:00
struct lsa_OpenPolicy r ;
2003-11-04 12:10:31 +03:00
NTSTATUS status ;
2004-05-25 21:24:24 +04:00
uint16_t system_name = ' \\ ' ;
2003-11-03 09:22:45 +03:00
2003-11-04 14:16:07 +03:00
printf ( " \n testing OpenPolicy \n " ) ;
2003-11-04 12:48:33 +03:00
2003-11-15 00:39:13 +03:00
qos . len = 0 ;
2003-11-04 12:10:31 +03:00
qos . impersonation_level = 2 ;
qos . context_mode = 1 ;
qos . effective_only = 0 ;
2003-11-03 09:22:45 +03:00
2003-11-15 00:39:13 +03:00
attr . len = 0 ;
2003-11-04 12:10:31 +03:00
attr . root_dir = NULL ;
attr . object_name = NULL ;
attr . attributes = 0 ;
attr . sec_desc = NULL ;
attr . sec_qos = & qos ;
2003-11-03 09:22:45 +03:00
2003-11-09 07:40:50 +03:00
r . in . system_name = & system_name ;
r . in . attr = & attr ;
2004-12-02 07:37:36 +03:00
r . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
2003-11-09 07:40:50 +03:00
r . out . handle = & handle ;
status = dcerpc_lsa_OpenPolicy ( p , mem_ctx , & r ) ;
2003-11-04 12:10:31 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2005-10-25 16:14:08 +04:00
if ( NT_STATUS_EQUAL ( status , NT_STATUS_ACCESS_DENIED ) | |
NT_STATUS_EQUAL ( status , NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED ) ) {
printf ( " not considering %s to be an error \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return true ;
2005-10-25 16:14:08 +04:00
}
2003-11-04 12:10:31 +03:00
printf ( " OpenPolicy failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2003-11-03 09:22:45 +03:00
}
2007-10-07 02:28:14 +04:00
return true ;
2003-11-03 09:22:45 +03:00
}
2003-11-04 12:48:33 +03:00
2007-10-07 02:28:14 +04:00
bool test_lsa_OpenPolicy2 ( struct dcerpc_pipe * p , TALLOC_CTX * mem_ctx ,
2005-10-25 16:14:08 +04:00
struct policy_handle * * handle )
2003-11-04 12:48:33 +03:00
{
struct lsa_ObjectAttribute attr ;
struct lsa_QosInfo qos ;
2003-11-09 07:40:50 +03:00
struct lsa_OpenPolicy2 r ;
2003-11-04 12:48:33 +03:00
NTSTATUS status ;
2003-11-04 14:16:07 +03:00
printf ( " \n testing OpenPolicy2 \n " ) ;
2003-11-04 12:48:33 +03:00
2005-10-25 16:14:08 +04:00
* handle = talloc ( mem_ctx , struct policy_handle ) ;
if ( ! * handle ) {
2007-10-07 02:28:14 +04:00
return false ;
2005-10-25 16:14:08 +04:00
}
2003-11-15 00:39:13 +03:00
qos . len = 0 ;
2003-11-04 12:48:33 +03:00
qos . impersonation_level = 2 ;
qos . context_mode = 1 ;
qos . effective_only = 0 ;
2003-11-15 00:39:13 +03:00
attr . len = 0 ;
2003-11-04 12:48:33 +03:00
attr . root_dir = NULL ;
attr . object_name = NULL ;
attr . attributes = 0 ;
attr . sec_desc = NULL ;
attr . sec_qos = & qos ;
2003-11-09 07:40:50 +03:00
r . in . system_name = " \\ " ;
r . in . attr = & attr ;
2004-12-02 07:37:36 +03:00
r . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
2005-10-25 16:14:08 +04:00
r . out . handle = * handle ;
2003-11-09 07:40:50 +03:00
status = dcerpc_lsa_OpenPolicy2 ( p , mem_ctx , & r ) ;
2003-11-04 12:48:33 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2005-10-25 16:14:08 +04:00
if ( NT_STATUS_EQUAL ( status , NT_STATUS_ACCESS_DENIED ) | |
NT_STATUS_EQUAL ( status , NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED ) ) {
printf ( " not considering %s to be an error \n " , nt_errstr ( status ) ) ;
talloc_free ( * handle ) ;
* handle = NULL ;
2007-10-07 02:28:14 +04:00
return true ;
2005-10-25 16:14:08 +04:00
}
2003-11-04 12:48:33 +03:00
printf ( " OpenPolicy2 failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2003-11-04 12:48:33 +03:00
}
2007-10-07 02:28:14 +04:00
return true ;
2003-11-04 12:48:33 +03:00
}
2007-12-10 03:45:04 +03:00
static const char * sid_type_lookup ( enum lsa_SidType r )
{
switch ( r ) {
case SID_NAME_USE_NONE : return " SID_NAME_USE_NONE " ; break ;
case SID_NAME_USER : return " SID_NAME_USER " ; break ;
case SID_NAME_DOM_GRP : return " SID_NAME_DOM_GRP " ; break ;
case SID_NAME_DOMAIN : return " SID_NAME_DOMAIN " ; break ;
case SID_NAME_ALIAS : return " SID_NAME_ALIAS " ; break ;
case SID_NAME_WKN_GRP : return " SID_NAME_WKN_GRP " ; break ;
case SID_NAME_DELETED : return " SID_NAME_DELETED " ; break ;
case SID_NAME_INVALID : return " SID_NAME_INVALID " ; break ;
case SID_NAME_UNKNOWN : return " SID_NAME_UNKNOWN " ; break ;
case SID_NAME_COMPUTER : return " SID_NAME_COMPUTER " ; break ;
}
return " Invalid sid type \n " ;
}
2007-10-07 02:28:14 +04:00
static bool test_LookupNames ( struct dcerpc_pipe * p ,
2007-12-10 03:45:04 +03:00
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle ,
2007-09-17 09:31:49 +04:00
struct lsa_TransNameArray * tnames )
2003-11-09 05:21:24 +03:00
{
struct lsa_LookupNames r ;
struct lsa_TransSidArray sids ;
2004-11-22 14:59:59 +03:00
struct lsa_String * names ;
2004-05-25 20:24:13 +04:00
uint32_t count = 0 ;
2003-11-09 05:21:24 +03:00
NTSTATUS status ;
int i ;
2004-08-03 16:30:17 +04:00
printf ( " \n Testing LookupNames with %d names \n " , tnames - > count ) ;
2003-11-09 05:21:24 +03:00
sids . count = 0 ;
sids . sids = NULL ;
2005-01-27 10:08:20 +03:00
names = talloc_array ( mem_ctx , struct lsa_String , tnames - > count ) ;
2003-11-09 05:21:24 +03:00
for ( i = 0 ; i < tnames - > count ; i + + ) {
2004-11-22 14:59:59 +03:00
init_lsa_String ( & names [ i ] , tnames - > names [ i ] . name . string ) ;
2003-11-09 05:21:24 +03:00
}
r . in . handle = handle ;
r . in . num_names = tnames - > count ;
r . in . names = names ;
r . in . sids = & sids ;
r . in . level = 1 ;
r . in . count = & count ;
r . out . count = & count ;
r . out . sids = & sids ;
status = dcerpc_lsa_LookupNames ( p , mem_ctx , & r ) ;
2007-12-10 03:45:04 +03:00
if ( NT_STATUS_EQUAL ( status , STATUS_SOME_UNMAPPED ) | |
NT_STATUS_EQUAL ( status , NT_STATUS_NONE_MAPPED ) ) {
for ( i = 0 ; i < tnames - > count ; i + + ) {
if ( i < count & & sids . sids [ i ] . sid_type = = SID_NAME_UNKNOWN ) {
printf ( " LookupName of %s was unmapped \n " ,
tnames - > names [ i ] . name . string ) ;
} else if ( i > = count ) {
printf ( " LookupName of %s failed to return a result \n " ,
tnames - > names [ i ] . name . string ) ;
}
}
printf ( " LookupNames failed - %s \n " , nt_errstr ( status ) ) ;
return false ;
} else if ( ! NT_STATUS_IS_OK ( status ) ) {
2007-09-17 09:31:49 +04:00
printf ( " LookupNames failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2007-09-17 09:31:49 +04:00
}
2007-12-10 03:45:04 +03:00
for ( i = 0 ; i < tnames - > count ; i + + ) {
if ( i < count & & sids . sids [ i ] . sid_type ! = tnames - > names [ i ] . sid_type ) {
printf ( " LookupName of %s got unexpected name type: %s \n " ,
tnames - > names [ i ] . name . string , sid_type_lookup ( sids . sids [ i ] . sid_type ) ) ;
} else if ( i > = count ) {
printf ( " LookupName of %s failed to return a result \n " ,
tnames - > names [ i ] . name . string ) ;
}
}
2007-09-17 09:31:49 +04:00
printf ( " \n " ) ;
2007-10-07 02:28:14 +04:00
return true ;
2007-09-17 09:31:49 +04:00
}
2007-10-07 02:28:14 +04:00
static bool test_LookupNames_bogus ( struct dcerpc_pipe * p ,
2007-09-17 09:31:49 +04:00
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle )
{
struct lsa_LookupNames r ;
struct lsa_TransSidArray sids ;
struct lsa_String * names ;
uint32_t count = 0 ;
NTSTATUS status ;
int i ;
2008-10-01 01:03:01 +04:00
struct lsa_TranslatedName name [ 2 ] ;
2007-09-17 09:31:49 +04:00
struct lsa_TransNameArray tnames ;
2008-10-01 01:03:01 +04:00
tnames . names = name ;
tnames . count = 2 ;
name [ 0 ] . name . string = " NT AUTHORITY \\ BOGUS " ;
name [ 1 ] . name . string = NULL ;
2007-09-17 09:31:49 +04:00
printf ( " \n Testing LookupNames with bogus names \n " ) ;
sids . count = 0 ;
sids . sids = NULL ;
names = talloc_array ( mem_ctx , struct lsa_String , tnames . count ) ;
for ( i = 0 ; i < tnames . count ; i + + ) {
init_lsa_String ( & names [ i ] , tnames . names [ i ] . name . string ) ;
}
r . in . handle = handle ;
r . in . num_names = tnames . count ;
r . in . names = names ;
r . in . sids = & sids ;
r . in . level = 1 ;
r . in . count = & count ;
r . out . count = & count ;
r . out . sids = & sids ;
status = dcerpc_lsa_LookupNames ( p , mem_ctx , & r ) ;
if ( ! NT_STATUS_EQUAL ( status , NT_STATUS_NONE_MAPPED ) ) {
2003-11-09 05:21:24 +03:00
printf ( " LookupNames failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2003-11-09 05:21:24 +03:00
}
printf ( " \n " ) ;
2007-10-07 02:28:14 +04:00
return true ;
2003-11-09 05:21:24 +03:00
}
2007-10-07 02:28:14 +04:00
static bool test_LookupNames_wellknown ( struct dcerpc_pipe * p ,
2007-09-17 09:31:49 +04:00
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle )
{
struct lsa_TranslatedName name ;
struct lsa_TransNameArray tnames ;
bool ret = true ;
printf ( " Testing LookupNames with well known names \n " ) ;
tnames . names = & name ;
tnames . count = 1 ;
name . name . string = " NT AUTHORITY \\ SYSTEM " ;
2007-12-10 03:45:04 +03:00
name . sid_type = SID_NAME_WKN_GRP ;
2007-09-17 09:31:49 +04:00
ret & = test_LookupNames ( p , mem_ctx , handle , & tnames ) ;
name . name . string = " NT AUTHORITY \\ ANONYMOUS LOGON " ;
2007-12-10 03:45:04 +03:00
name . sid_type = SID_NAME_WKN_GRP ;
2007-09-17 09:31:49 +04:00
ret & = test_LookupNames ( p , mem_ctx , handle , & tnames ) ;
name . name . string = " NT AUTHORITY \\ Authenticated Users " ;
2007-12-10 03:45:04 +03:00
name . sid_type = SID_NAME_WKN_GRP ;
2007-09-17 09:31:49 +04:00
ret & = test_LookupNames ( p , mem_ctx , handle , & tnames ) ;
2007-12-10 03:45:04 +03:00
#if 0
2007-09-17 09:31:49 +04:00
name . name . string = " NT AUTHORITY " ;
ret & = test_LookupNames ( p , mem_ctx , handle , & tnames ) ;
name . name . string = " NT AUTHORITY \\ " ;
ret & = test_LookupNames ( p , mem_ctx , handle , & tnames ) ;
2007-12-10 03:45:04 +03:00
# endif
2007-09-17 09:31:49 +04:00
name . name . string = " BUILTIN \\ " ;
2007-12-10 03:45:04 +03:00
name . sid_type = SID_NAME_DOMAIN ;
2007-09-17 09:31:49 +04:00
ret & = test_LookupNames ( p , mem_ctx , handle , & tnames ) ;
name . name . string = " BUILTIN \\ Administrators " ;
2007-12-10 03:45:04 +03:00
name . sid_type = SID_NAME_ALIAS ;
2008-03-14 02:11:03 +03:00
ret & = test_LookupNames ( p , mem_ctx , handle , & tnames ) ;
2007-09-17 09:31:49 +04:00
name . name . string = " SYSTEM " ;
2007-12-10 03:45:04 +03:00
name . sid_type = SID_NAME_WKN_GRP ;
2007-09-17 09:31:49 +04:00
ret & = test_LookupNames ( p , mem_ctx , handle , & tnames ) ;
name . name . string = " Everyone " ;
2007-12-10 03:45:04 +03:00
name . sid_type = SID_NAME_WKN_GRP ;
2007-09-17 09:31:49 +04:00
ret & = test_LookupNames ( p , mem_ctx , handle , & tnames ) ;
return ret ;
}
2007-10-07 02:28:14 +04:00
static bool test_LookupNames2 ( struct dcerpc_pipe * p ,
2004-11-26 09:33:38 +03:00
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle ,
struct lsa_TransNameArray2 * tnames )
{
struct lsa_LookupNames2 r ;
struct lsa_TransSidArray2 sids ;
struct lsa_String * names ;
uint32_t count = 0 ;
NTSTATUS status ;
int i ;
printf ( " \n Testing LookupNames2 with %d names \n " , tnames - > count ) ;
sids . count = 0 ;
sids . sids = NULL ;
2005-01-27 10:08:20 +03:00
names = talloc_array ( mem_ctx , struct lsa_String , tnames - > count ) ;
2004-11-26 09:33:38 +03:00
for ( i = 0 ; i < tnames - > count ; i + + ) {
init_lsa_String ( & names [ i ] , tnames - > names [ i ] . name . string ) ;
}
r . in . handle = handle ;
r . in . num_names = tnames - > count ;
r . in . names = names ;
r . in . sids = & sids ;
r . in . level = 1 ;
r . in . count = & count ;
r . in . unknown1 = 0 ;
r . in . unknown2 = 0 ;
r . out . count = & count ;
r . out . sids = & sids ;
status = dcerpc_lsa_LookupNames2 ( p , mem_ctx , & r ) ;
2007-09-17 09:31:49 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2004-11-26 09:33:38 +03:00
printf ( " LookupNames2 failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2004-11-26 09:33:38 +03:00
}
printf ( " \n " ) ;
2007-10-07 02:28:14 +04:00
return true ;
2004-11-26 09:33:38 +03:00
}
2003-11-04 14:16:07 +03:00
2007-10-07 02:28:14 +04:00
static bool test_LookupNames3 ( struct dcerpc_pipe * p ,
2004-12-31 10:26:26 +03:00
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle ,
struct lsa_TransNameArray2 * tnames )
{
struct lsa_LookupNames3 r ;
struct lsa_TransSidArray3 sids ;
struct lsa_String * names ;
uint32_t count = 0 ;
NTSTATUS status ;
int i ;
printf ( " \n Testing LookupNames3 with %d names \n " , tnames - > count ) ;
sids . count = 0 ;
sids . sids = NULL ;
2005-01-27 10:08:20 +03:00
names = talloc_array ( mem_ctx , struct lsa_String , tnames - > count ) ;
2004-12-31 10:26:26 +03:00
for ( i = 0 ; i < tnames - > count ; i + + ) {
init_lsa_String ( & names [ i ] , tnames - > names [ i ] . name . string ) ;
}
r . in . handle = handle ;
r . in . num_names = tnames - > count ;
r . in . names = names ;
r . in . sids = & sids ;
r . in . level = 1 ;
r . in . count = & count ;
r . in . unknown1 = 0 ;
r . in . unknown2 = 0 ;
r . out . count = & count ;
r . out . sids = & sids ;
status = dcerpc_lsa_LookupNames3 ( p , mem_ctx , & r ) ;
2007-09-17 09:31:49 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2004-12-31 10:26:26 +03:00
printf ( " LookupNames3 failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2004-12-31 10:26:26 +03:00
}
printf ( " \n " ) ;
2007-10-07 02:28:14 +04:00
return true ;
2004-12-31 10:26:26 +03:00
}
2007-10-07 02:28:14 +04:00
static bool test_LookupNames4 ( struct dcerpc_pipe * p ,
2005-10-25 16:14:08 +04:00
TALLOC_CTX * mem_ctx ,
struct lsa_TransNameArray2 * tnames )
{
struct lsa_LookupNames4 r ;
struct lsa_TransSidArray3 sids ;
struct lsa_String * names ;
uint32_t count = 0 ;
NTSTATUS status ;
int i ;
printf ( " \n Testing LookupNames4 with %d names \n " , tnames - > count ) ;
sids . count = 0 ;
sids . sids = NULL ;
names = talloc_array ( mem_ctx , struct lsa_String , tnames - > count ) ;
for ( i = 0 ; i < tnames - > count ; i + + ) {
init_lsa_String ( & names [ i ] , tnames - > names [ i ] . name . string ) ;
}
r . in . num_names = tnames - > count ;
r . in . names = names ;
r . in . sids = & sids ;
r . in . level = 1 ;
r . in . count = & count ;
r . in . unknown1 = 0 ;
r . in . unknown2 = 0 ;
r . out . count = & count ;
r . out . sids = & sids ;
status = dcerpc_lsa_LookupNames4 ( p , mem_ctx , & r ) ;
2007-09-17 09:31:49 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2005-10-25 16:14:08 +04:00
printf ( " LookupNames4 failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2005-10-25 16:14:08 +04:00
}
printf ( " \n " ) ;
2007-10-07 02:28:14 +04:00
return true ;
2005-10-25 16:14:08 +04:00
}
2004-12-31 10:26:26 +03:00
2007-10-07 02:28:14 +04:00
static bool test_LookupSids ( struct dcerpc_pipe * p ,
2003-11-09 03:58:40 +03:00
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle ,
struct lsa_SidArray * sids )
{
struct lsa_LookupSids r ;
struct lsa_TransNameArray names ;
2004-05-25 20:24:13 +04:00
uint32_t count = sids - > num_sids ;
2003-11-09 03:58:40 +03:00
NTSTATUS status ;
printf ( " \n Testing LookupSids \n " ) ;
names . count = 0 ;
names . names = NULL ;
r . in . handle = handle ;
r . in . sids = sids ;
r . in . names = & names ;
r . in . level = 1 ;
r . in . count = & count ;
r . out . count = & count ;
r . out . names = & names ;
status = dcerpc_lsa_LookupSids ( p , mem_ctx , & r ) ;
2007-09-17 09:31:49 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2003-11-09 03:58:40 +03:00
printf ( " LookupSids failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2003-11-09 03:58:40 +03:00
}
printf ( " \n " ) ;
2003-11-09 05:21:24 +03:00
if ( ! test_LookupNames ( p , mem_ctx , handle , & names ) ) {
2007-10-07 02:28:14 +04:00
return false ;
2003-11-09 05:21:24 +03:00
}
2007-10-07 02:28:14 +04:00
return true ;
2003-11-09 03:58:40 +03:00
}
2004-11-26 09:33:38 +03:00
2007-10-07 02:28:14 +04:00
static bool test_LookupSids2 ( struct dcerpc_pipe * p ,
2004-11-26 09:33:38 +03:00
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle ,
struct lsa_SidArray * sids )
{
struct lsa_LookupSids2 r ;
struct lsa_TransNameArray2 names ;
uint32_t count = sids - > num_sids ;
NTSTATUS status ;
printf ( " \n Testing LookupSids2 \n " ) ;
names . count = 0 ;
names . names = NULL ;
r . in . handle = handle ;
r . in . sids = sids ;
r . in . names = & names ;
r . in . level = 1 ;
r . in . count = & count ;
r . in . unknown1 = 0 ;
r . in . unknown2 = 0 ;
r . out . count = & count ;
r . out . names = & names ;
status = dcerpc_lsa_LookupSids2 ( p , mem_ctx , & r ) ;
2007-09-17 09:31:49 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2004-11-26 09:33:38 +03:00
printf ( " LookupSids2 failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2004-11-26 09:33:38 +03:00
}
printf ( " \n " ) ;
if ( ! test_LookupNames2 ( p , mem_ctx , handle , & names ) ) {
2007-10-07 02:28:14 +04:00
return false ;
2004-11-26 09:33:38 +03:00
}
2004-12-31 10:53:42 +03:00
if ( ! test_LookupNames3 ( p , mem_ctx , handle , & names ) ) {
2007-10-07 02:28:14 +04:00
return false ;
2004-12-31 10:53:42 +03:00
}
2007-10-07 02:28:14 +04:00
return true ;
2004-11-26 09:33:38 +03:00
}
2007-10-07 02:28:14 +04:00
static bool test_LookupSids3 ( struct dcerpc_pipe * p ,
2004-12-31 10:26:26 +03:00
TALLOC_CTX * mem_ctx ,
struct lsa_SidArray * sids )
{
struct lsa_LookupSids3 r ;
struct lsa_TransNameArray2 names ;
uint32_t count = sids - > num_sids ;
NTSTATUS status ;
printf ( " \n Testing LookupSids3 \n " ) ;
names . count = 0 ;
names . names = NULL ;
r . in . sids = sids ;
r . in . names = & names ;
r . in . level = 1 ;
r . in . count = & count ;
r . in . unknown1 = 0 ;
r . in . unknown2 = 0 ;
r . out . count = & count ;
r . out . names = & names ;
status = dcerpc_lsa_LookupSids3 ( p , mem_ctx , & r ) ;
2007-09-17 09:31:49 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2005-01-07 06:11:18 +03:00
if ( NT_STATUS_EQUAL ( status , NT_STATUS_ACCESS_DENIED ) | |
NT_STATUS_EQUAL ( status , NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED ) ) {
printf ( " not considering %s to be an error \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return true ;
2005-01-07 06:11:18 +03:00
}
printf ( " LookupSids3 failed - %s - not considered an error \n " ,
nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2004-12-31 10:26:26 +03:00
}
printf ( " \n " ) ;
2005-10-25 16:14:08 +04:00
if ( ! test_LookupNames4 ( p , mem_ctx , & names ) ) {
2007-10-07 02:28:14 +04:00
return false ;
2004-12-31 10:26:26 +03:00
}
2007-10-07 02:28:14 +04:00
return true ;
2004-12-31 10:26:26 +03:00
}
2007-10-07 02:28:14 +04:00
bool test_many_LookupSids ( struct dcerpc_pipe * p ,
2005-10-25 16:14:08 +04:00
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle )
2004-07-06 00:33:17 +04:00
{
uint32_t count ;
NTSTATUS status ;
struct lsa_SidArray sids ;
int i ;
printf ( " \n Testing LookupSids with lots of SIDs \n " ) ;
2004-12-14 08:32:51 +03:00
sids . num_sids = 100 ;
2004-07-06 00:33:17 +04:00
2005-01-27 10:08:20 +03:00
sids . sids = talloc_array ( mem_ctx , struct lsa_SidPtr , sids . num_sids ) ;
2004-07-06 00:33:17 +04:00
for ( i = 0 ; i < sids . num_sids ; i + + ) {
const char * sidstr = " S-1-5-32-545 " ;
sids . sids [ i ] . sid = dom_sid_parse_talloc ( mem_ctx , sidstr ) ;
}
count = sids . num_sids ;
2005-10-25 16:14:08 +04:00
if ( handle ) {
struct lsa_LookupSids r ;
struct lsa_TransNameArray names ;
names . count = 0 ;
names . names = NULL ;
2004-07-06 00:33:17 +04:00
2005-10-25 16:14:08 +04:00
r . in . handle = handle ;
r . in . sids = & sids ;
r . in . names = & names ;
r . in . level = 1 ;
r . in . count = & names . count ;
r . out . count = & count ;
r . out . names = & names ;
status = dcerpc_lsa_LookupSids ( p , mem_ctx , & r ) ;
2007-09-17 09:31:49 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2005-10-25 16:14:08 +04:00
printf ( " LookupSids failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2005-10-25 16:14:08 +04:00
}
printf ( " \n " ) ;
if ( ! test_LookupNames ( p , mem_ctx , handle , & names ) ) {
2007-10-07 02:28:14 +04:00
return false ;
2005-10-25 16:14:08 +04:00
}
2008-08-26 03:49:54 +04:00
} else if ( p - > conn - > security_state . auth_info - > auth_type = = DCERPC_AUTH_TYPE_SCHANNEL & &
p - > conn - > security_state . auth_info - > auth_level > = DCERPC_AUTH_LEVEL_INTEGRITY ) {
2005-10-25 16:14:08 +04:00
struct lsa_LookupSids3 r ;
struct lsa_TransNameArray2 names ;
names . count = 0 ;
names . names = NULL ;
printf ( " \n Testing LookupSids3 \n " ) ;
r . in . sids = & sids ;
r . in . names = & names ;
r . in . level = 1 ;
r . in . count = & count ;
r . in . unknown1 = 0 ;
r . in . unknown2 = 0 ;
r . out . count = & count ;
r . out . names = & names ;
status = dcerpc_lsa_LookupSids3 ( p , mem_ctx , & r ) ;
2007-09-17 09:31:49 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2005-10-25 16:14:08 +04:00
if ( NT_STATUS_EQUAL ( status , NT_STATUS_ACCESS_DENIED ) | |
NT_STATUS_EQUAL ( status , NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED ) ) {
printf ( " not considering %s to be an error \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return true ;
2005-10-25 16:14:08 +04:00
}
printf ( " LookupSids3 failed - %s \n " ,
nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2005-10-25 16:14:08 +04:00
}
if ( ! test_LookupNames4 ( p , mem_ctx , & names ) ) {
2007-10-07 02:28:14 +04:00
return false ;
2005-10-25 16:14:08 +04:00
}
2004-07-06 00:33:17 +04:00
}
printf ( " \n " ) ;
2005-10-25 16:14:08 +04:00
2004-07-06 00:33:17 +04:00
2007-10-07 02:28:14 +04:00
return true ;
2004-07-06 00:33:17 +04:00
}
2005-11-02 08:34:17 +03:00
static void lookupsids_cb ( struct rpc_request * req )
{
2007-05-16 18:52:54 +04:00
int * replies = ( int * ) req - > async . private_data ;
2005-11-02 08:34:17 +03:00
NTSTATUS status ;
status = dcerpc_ndr_request_recv ( req ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2006-09-12 04:40:45 +04:00
printf ( " lookupsids returned %s \n " , nt_errstr ( status ) ) ;
2005-11-02 08:34:17 +03:00
* replies = - 1 ;
}
2006-09-11 08:28:34 +04:00
if ( * replies > = 0 ) {
* replies + = 1 ;
}
2005-11-02 08:34:17 +03:00
}
2007-10-07 02:28:14 +04:00
static bool test_LookupSids_async ( struct dcerpc_pipe * p ,
2005-11-02 08:34:17 +03:00
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle )
{
struct lsa_SidArray sids ;
struct lsa_SidPtr sidptr ;
2006-09-11 06:58:45 +04:00
uint32_t * count ;
struct lsa_TransNameArray * names ;
struct lsa_LookupSids * r ;
2005-11-02 08:34:17 +03:00
struct rpc_request * * req ;
int i , replies ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2006-09-11 06:58:45 +04:00
const int num_async_requests = 50 ;
count = talloc_array ( mem_ctx , uint32_t , num_async_requests ) ;
names = talloc_array ( mem_ctx , struct lsa_TransNameArray , num_async_requests ) ;
r = talloc_array ( mem_ctx , struct lsa_LookupSids , num_async_requests ) ;
2005-11-02 08:34:17 +03:00
2006-09-11 06:58:45 +04:00
printf ( " \n Testing %d async lookupsids request \n " , num_async_requests ) ;
2005-11-02 08:34:17 +03:00
2006-09-11 06:58:45 +04:00
req = talloc_array ( mem_ctx , struct rpc_request * , num_async_requests ) ;
2005-11-02 08:34:17 +03:00
sids . num_sids = 1 ;
sids . sids = & sidptr ;
sidptr . sid = dom_sid_parse_talloc ( mem_ctx , " S-1-5-32-545 " ) ;
replies = 0 ;
2006-09-11 06:58:45 +04:00
for ( i = 0 ; i < num_async_requests ; i + + ) {
2005-11-02 08:34:17 +03:00
count [ i ] = 0 ;
names [ i ] . count = 0 ;
names [ i ] . names = NULL ;
r [ i ] . in . handle = handle ;
r [ i ] . in . sids = & sids ;
r [ i ] . in . names = & names [ i ] ;
r [ i ] . in . level = 1 ;
r [ i ] . in . count = & names [ i ] . count ;
r [ i ] . out . count = & count [ i ] ;
r [ i ] . out . names = & names [ i ] ;
req [ i ] = dcerpc_lsa_LookupSids_send ( p , req , & r [ i ] ) ;
if ( req [ i ] = = NULL ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2005-11-02 08:34:17 +03:00
break ;
}
req [ i ] - > async . callback = lookupsids_cb ;
2007-05-16 18:52:54 +04:00
req [ i ] - > async . private_data = & replies ;
2005-11-02 08:34:17 +03:00
}
2006-09-11 08:28:34 +04:00
while ( replies > = 0 & & replies < num_async_requests ) {
2005-11-02 08:34:17 +03:00
event_loop_once ( p - > conn - > event_ctx ) ;
}
talloc_free ( req ) ;
2006-09-11 08:28:34 +04:00
if ( replies < 0 ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2006-09-11 08:28:34 +04:00
}
2005-11-02 08:34:17 +03:00
return ret ;
}
2007-10-07 02:28:14 +04:00
static bool test_LookupPrivValue ( struct dcerpc_pipe * p ,
2004-12-14 08:32:51 +03:00
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle ,
struct lsa_String * name )
{
NTSTATUS status ;
struct lsa_LookupPrivValue r ;
2004-12-21 12:33:12 +03:00
struct lsa_LUID luid ;
2004-12-14 08:32:51 +03:00
r . in . handle = handle ;
r . in . name = name ;
2004-12-21 12:33:12 +03:00
r . out . luid = & luid ;
2004-12-14 08:32:51 +03:00
status = dcerpc_lsa_LookupPrivValue ( p , mem_ctx , & r ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " \n LookupPrivValue failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2004-12-14 08:32:51 +03:00
}
2007-10-07 02:28:14 +04:00
return true ;
2004-12-14 08:32:51 +03:00
}
2007-10-07 02:28:14 +04:00
static bool test_LookupPrivName ( struct dcerpc_pipe * p ,
2003-11-10 15:42:45 +03:00
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle ,
struct lsa_LUID * luid )
{
NTSTATUS status ;
struct lsa_LookupPrivName r ;
r . in . handle = handle ;
2003-11-14 10:56:43 +03:00
r . in . luid = luid ;
2003-11-10 15:42:45 +03:00
status = dcerpc_lsa_LookupPrivName ( p , mem_ctx , & r ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " \n LookupPrivName failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2003-11-10 15:42:45 +03:00
}
2007-10-07 02:28:14 +04:00
return true ;
2003-11-10 15:42:45 +03:00
}
2007-10-07 02:28:14 +04:00
static bool test_RemovePrivilegesFromAccount ( struct dcerpc_pipe * p ,
2004-12-19 10:20:55 +03:00
TALLOC_CTX * mem_ctx ,
2008-08-26 06:18:26 +04:00
struct policy_handle * handle ,
2004-12-19 10:20:55 +03:00
struct policy_handle * acct_handle ,
struct lsa_LUID * luid )
{
NTSTATUS status ;
struct lsa_RemovePrivilegesFromAccount r ;
struct lsa_PrivilegeSet privs ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2004-12-19 10:20:55 +03:00
printf ( " Testing RemovePrivilegesFromAccount \n " ) ;
r . in . handle = acct_handle ;
r . in . remove_all = 0 ;
r . in . privs = & privs ;
privs . count = 1 ;
privs . unknown = 0 ;
2005-01-27 10:08:20 +03:00
privs . set = talloc_array ( mem_ctx , struct lsa_LUIDAttribute , 1 ) ;
2004-12-19 10:20:55 +03:00
privs . set [ 0 ] . luid = * luid ;
privs . set [ 0 ] . attribute = 0 ;
status = dcerpc_lsa_RemovePrivilegesFromAccount ( p , mem_ctx , & r ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2008-08-26 06:18:26 +04:00
struct lsa_LookupPrivName r_name ;
r_name . in . handle = handle ;
r_name . in . luid = luid ;
status = dcerpc_lsa_LookupPrivName ( p , mem_ctx , & r_name ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " \n LookupPrivName failed - %s \n " , nt_errstr ( status ) ) ;
return false ;
}
/* Windows 2008 does not allow this to be removed */
if ( strcmp ( " SeAuditPrivilege " , r_name . out . name - > string ) = = 0 ) {
return ret ;
}
printf ( " RemovePrivilegesFromAccount failed to remove %s - %s \n " ,
r_name . out . name - > string ,
nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2004-12-19 10:20:55 +03:00
}
return ret ;
}
2007-10-07 02:28:14 +04:00
static bool test_AddPrivilegesToAccount ( struct dcerpc_pipe * p ,
2004-12-19 10:20:55 +03:00
TALLOC_CTX * mem_ctx ,
struct policy_handle * acct_handle ,
struct lsa_LUID * luid )
{
NTSTATUS status ;
struct lsa_AddPrivilegesToAccount r ;
struct lsa_PrivilegeSet privs ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2004-12-19 10:20:55 +03:00
printf ( " Testing AddPrivilegesToAccount \n " ) ;
r . in . handle = acct_handle ;
r . in . privs = & privs ;
privs . count = 1 ;
privs . unknown = 0 ;
2005-01-27 10:08:20 +03:00
privs . set = talloc_array ( mem_ctx , struct lsa_LUIDAttribute , 1 ) ;
2004-12-19 10:20:55 +03:00
privs . set [ 0 ] . luid = * luid ;
privs . set [ 0 ] . attribute = 0 ;
status = dcerpc_lsa_AddPrivilegesToAccount ( p , mem_ctx , & r ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " AddPrivilegesToAccount failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2004-12-19 10:20:55 +03:00
}
return ret ;
}
2007-10-07 02:28:14 +04:00
static bool test_EnumPrivsAccount ( struct dcerpc_pipe * p ,
2003-11-10 15:42:45 +03:00
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle ,
2003-11-10 14:37:19 +03:00
struct policy_handle * acct_handle )
{
NTSTATUS status ;
struct lsa_EnumPrivsAccount r ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2003-11-10 14:37:19 +03:00
printf ( " Testing EnumPrivsAccount \n " ) ;
r . in . handle = acct_handle ;
status = dcerpc_lsa_EnumPrivsAccount ( p , mem_ctx , & r ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " EnumPrivsAccount failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2003-11-10 14:37:19 +03:00
}
2004-12-19 10:20:55 +03:00
if ( r . out . privs & & r . out . privs - > count > 0 ) {
2003-11-10 14:37:19 +03:00
int i ;
2003-11-11 07:04:36 +03:00
for ( i = 0 ; i < r . out . privs - > count ; i + + ) {
2003-11-10 15:42:45 +03:00
test_LookupPrivName ( p , mem_ctx , handle ,
2003-11-11 07:04:36 +03:00
& r . out . privs - > set [ i ] . luid ) ;
2003-11-10 14:37:19 +03:00
}
2004-12-19 10:20:55 +03:00
2008-08-26 06:18:26 +04:00
ret & = test_RemovePrivilegesFromAccount ( p , mem_ctx , handle , acct_handle ,
2004-12-19 10:20:55 +03:00
& r . out . privs - > set [ 0 ] . luid ) ;
ret & = test_AddPrivilegesToAccount ( p , mem_ctx , acct_handle ,
& r . out . privs - > set [ 0 ] . luid ) ;
2003-11-10 14:37:19 +03:00
}
2004-12-19 10:20:55 +03:00
return ret ;
2003-11-10 14:37:19 +03:00
}
2007-10-07 02:28:14 +04:00
static bool test_Delete ( struct dcerpc_pipe * p ,
2004-03-31 16:52:21 +04:00
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle )
{
NTSTATUS status ;
struct lsa_Delete r ;
2005-01-12 10:57:33 +03:00
printf ( " testing Delete \n " ) ;
2004-03-31 16:52:21 +04:00
r . in . handle = handle ;
status = dcerpc_lsa_Delete ( p , mem_ctx , & r ) ;
2008-08-26 03:49:54 +04:00
if ( ! NT_STATUS_EQUAL ( status , NT_STATUS_NOT_SUPPORTED ) ) {
printf ( " Delete should have failed NT_STATUS_NOT_SUPPORTED - %s \n " , nt_errstr ( status ) ) ;
return false ;
}
return true ;
}
static bool test_DeleteObject ( struct dcerpc_pipe * p ,
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle )
{
NTSTATUS status ;
struct lsa_DeleteObject r ;
printf ( " testing DeleteObject \n " ) ;
r . in . handle = handle ;
r . out . handle = handle ;
status = dcerpc_lsa_DeleteObject ( p , mem_ctx , & r ) ;
2004-03-31 16:52:21 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " Delete failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2004-03-31 16:52:21 +04:00
}
2007-10-07 02:28:14 +04:00
return true ;
2004-03-31 16:52:21 +04:00
}
2007-10-07 02:28:14 +04:00
static bool test_CreateAccount ( struct dcerpc_pipe * p ,
2004-03-31 16:52:21 +04:00
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle )
{
NTSTATUS status ;
struct lsa_CreateAccount r ;
2004-04-07 11:20:53 +04:00
struct dom_sid2 * newsid ;
2004-03-31 16:52:21 +04:00
struct policy_handle acct_handle ;
2004-04-07 11:20:53 +04:00
newsid = dom_sid_parse_talloc ( mem_ctx , " S-1-5-12349876-4321-2854 " ) ;
2004-03-31 16:52:21 +04:00
printf ( " Testing CreateAccount \n " ) ;
r . in . handle = handle ;
r . in . sid = newsid ;
2004-12-02 07:37:36 +03:00
r . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
2004-03-31 16:52:21 +04:00
r . out . acct_handle = & acct_handle ;
status = dcerpc_lsa_CreateAccount ( p , mem_ctx , & r ) ;
2008-08-26 03:49:54 +04:00
if ( NT_STATUS_EQUAL ( status , NT_STATUS_OBJECT_NAME_COLLISION ) ) {
struct lsa_OpenAccount r_o ;
r_o . in . handle = handle ;
r_o . in . sid = newsid ;
r_o . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
r_o . out . acct_handle = & acct_handle ;
status = dcerpc_lsa_OpenAccount ( p , mem_ctx , & r_o ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " OpenAccount failed - %s \n " , nt_errstr ( status ) ) ;
return false ;
}
} else if ( ! NT_STATUS_IS_OK ( status ) ) {
2004-03-31 16:52:21 +04:00
printf ( " CreateAccount failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2004-03-31 16:52:21 +04:00
}
if ( ! test_Delete ( p , mem_ctx , & acct_handle ) ) {
2007-10-07 02:28:14 +04:00
return false ;
2004-03-31 16:52:21 +04:00
}
2008-08-26 03:49:54 +04:00
if ( ! test_DeleteObject ( p , mem_ctx , & acct_handle ) ) {
return false ;
}
2007-10-07 02:28:14 +04:00
return true ;
2004-03-31 16:52:21 +04:00
}
2007-10-07 02:28:14 +04:00
static bool test_DeleteTrustedDomain ( struct dcerpc_pipe * p ,
2005-01-07 06:11:18 +03:00
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle ,
2005-12-31 08:33:50 +03:00
struct lsa_StringLarge name )
2005-01-07 06:11:18 +03:00
{
NTSTATUS status ;
struct lsa_OpenTrustedDomainByName r ;
struct policy_handle trustdom_handle ;
r . in . handle = handle ;
2005-12-31 08:33:50 +03:00
r . in . name . string = name . string ;
2005-01-07 06:11:18 +03:00
r . in . access_mask = SEC_STD_DELETE ;
r . out . trustdom_handle = & trustdom_handle ;
status = dcerpc_lsa_OpenTrustedDomainByName ( p , mem_ctx , & r ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " lsa_OpenTrustedDomainByName failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2005-01-07 06:11:18 +03:00
}
if ( ! test_Delete ( p , mem_ctx , & trustdom_handle ) ) {
2007-10-07 02:28:14 +04:00
return false ;
2005-01-07 06:11:18 +03:00
}
2008-08-26 03:49:54 +04:00
if ( ! test_DeleteObject ( p , mem_ctx , & trustdom_handle ) ) {
return false ;
}
2007-10-07 02:28:14 +04:00
return true ;
2005-01-07 06:11:18 +03:00
}
2007-10-07 02:28:14 +04:00
static bool test_DeleteTrustedDomainBySid ( struct dcerpc_pipe * p ,
2006-08-31 12:22:13 +04:00
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle ,
struct dom_sid * sid )
{
NTSTATUS status ;
struct lsa_DeleteTrustedDomain r ;
r . in . handle = handle ;
r . in . dom_sid = sid ;
status = dcerpc_lsa_DeleteTrustedDomain ( p , mem_ctx , & r ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " lsa_DeleteTrustedDomain failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2006-08-31 12:22:13 +04:00
}
2007-10-07 02:28:14 +04:00
return true ;
2006-08-31 12:22:13 +04:00
}
2004-04-03 20:44:39 +04:00
2007-10-07 02:28:14 +04:00
static bool test_CreateSecret ( struct dcerpc_pipe * p ,
2004-04-03 21:15:32 +04:00
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle )
{
NTSTATUS status ;
struct lsa_CreateSecret r ;
2004-04-03 21:21:26 +04:00
struct lsa_OpenSecret r2 ;
2004-04-07 11:20:53 +04:00
struct lsa_SetSecret r3 ;
struct lsa_QuerySecret r4 ;
2005-01-11 06:49:29 +03:00
struct lsa_SetSecret r5 ;
struct lsa_QuerySecret r6 ;
2005-01-11 09:04:44 +03:00
struct lsa_SetSecret r7 ;
struct lsa_QuerySecret r8 ;
2005-01-11 17:04:58 +03:00
struct policy_handle sec_handle , sec_handle2 , sec_handle3 ;
2008-08-26 03:49:54 +04:00
struct lsa_DeleteObject d_o ;
2004-04-07 11:20:53 +04:00
struct lsa_DATA_BUF buf1 ;
struct lsa_DATA_BUF_PTR bufp1 ;
2005-01-11 08:16:43 +03:00
struct lsa_DATA_BUF_PTR bufp2 ;
2004-04-07 11:20:53 +04:00
DATA_BLOB enc_key ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2004-05-09 17:07:23 +04:00
DATA_BLOB session_key ;
2004-04-07 11:20:53 +04:00
NTTIME old_mtime , new_mtime ;
DATA_BLOB blob1 , blob2 ;
const char * secret1 = " abcdef12345699qwerty " ;
char * secret2 ;
2005-01-11 06:49:29 +03:00
const char * secret3 = " ABCDEF12345699QWERTY " ;
char * secret4 ;
2005-01-11 09:04:44 +03:00
const char * secret5 = " NEW-SAMBA4-SECRET " ;
char * secret6 ;
2005-01-08 05:00:28 +03:00
char * secname [ 2 ] ;
int i ;
2005-01-11 09:04:44 +03:00
const int LOCAL = 0 ;
const int GLOBAL = 1 ;
2004-04-07 11:20:53 +04:00
2005-01-11 09:04:44 +03:00
secname [ LOCAL ] = talloc_asprintf ( mem_ctx , " torturesecret-%u " , ( uint_t ) random ( ) ) ;
secname [ GLOBAL ] = talloc_asprintf ( mem_ctx , " G$torturesecret-%u " , ( uint_t ) random ( ) ) ;
2005-01-08 05:00:28 +03:00
for ( i = 0 ; i < 2 ; i + + ) {
printf ( " Testing CreateSecret of %s \n " , secname [ i ] ) ;
init_lsa_String ( & r . in . name , secname [ i ] ) ;
r . in . handle = handle ;
r . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
r . out . sec_handle = & sec_handle ;
status = dcerpc_lsa_CreateSecret ( p , mem_ctx , & r ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " CreateSecret failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2005-01-08 05:00:28 +03:00
}
2005-01-11 17:04:58 +03:00
r . in . handle = handle ;
r . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
r . out . sec_handle = & sec_handle3 ;
status = dcerpc_lsa_CreateSecret ( p , mem_ctx , & r ) ;
if ( ! NT_STATUS_EQUAL ( status , NT_STATUS_OBJECT_NAME_COLLISION ) ) {
printf ( " CreateSecret should have failed OBJECT_NAME_COLLISION - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2005-01-11 17:04:58 +03:00
}
2005-01-08 05:00:28 +03:00
r2 . in . handle = handle ;
r2 . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
r2 . in . name = r . in . name ;
r2 . out . sec_handle = & sec_handle2 ;
printf ( " Testing OpenSecret \n " ) ;
status = dcerpc_lsa_OpenSecret ( p , mem_ctx , & r2 ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " OpenSecret failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2005-01-08 05:00:28 +03:00
}
status = dcerpc_fetch_session_key ( p , & session_key ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " dcerpc_fetch_session_key failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2005-01-08 05:00:28 +03:00
}
enc_key = sess_encrypt_string ( secret1 , & session_key ) ;
2005-01-11 17:04:58 +03:00
r3 . in . sec_handle = & sec_handle ;
2005-01-08 05:00:28 +03:00
r3 . in . new_val = & buf1 ;
r3 . in . old_val = NULL ;
r3 . in . new_val - > data = enc_key . data ;
r3 . in . new_val - > length = enc_key . length ;
r3 . in . new_val - > size = enc_key . length ;
printf ( " Testing SetSecret \n " ) ;
status = dcerpc_lsa_SetSecret ( p , mem_ctx , & r3 ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " SetSecret failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2005-01-08 05:00:28 +03:00
}
2005-01-11 17:04:58 +03:00
r3 . in . sec_handle = & sec_handle ;
r3 . in . new_val = & buf1 ;
r3 . in . old_val = NULL ;
r3 . in . new_val - > data = enc_key . data ;
r3 . in . new_val - > length = enc_key . length ;
r3 . in . new_val - > size = enc_key . length ;
/* break the encrypted data */
enc_key . data [ 0 ] + + ;
printf ( " Testing SetSecret with broken key \n " ) ;
status = dcerpc_lsa_SetSecret ( p , mem_ctx , & r3 ) ;
if ( ! NT_STATUS_EQUAL ( status , NT_STATUS_UNKNOWN_REVISION ) ) {
printf ( " SetSecret should have failed UNKNOWN_REVISION - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2005-01-11 17:04:58 +03:00
}
2005-01-08 05:00:28 +03:00
data_blob_free ( & enc_key ) ;
ZERO_STRUCT ( new_mtime ) ;
ZERO_STRUCT ( old_mtime ) ;
/* fetch the secret back again */
2005-01-11 17:04:58 +03:00
r4 . in . sec_handle = & sec_handle ;
2005-01-08 05:00:28 +03:00
r4 . in . new_val = & bufp1 ;
r4 . in . new_mtime = & new_mtime ;
r4 . in . old_val = NULL ;
r4 . in . old_mtime = NULL ;
bufp1 . buf = NULL ;
2005-01-11 17:04:58 +03:00
printf ( " Testing QuerySecret \n " ) ;
2005-01-08 05:00:28 +03:00
status = dcerpc_lsa_QuerySecret ( p , mem_ctx , & r4 ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " QuerySecret failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2005-01-08 05:00:28 +03:00
} else {
2005-01-11 17:04:58 +03:00
if ( r4 . out . new_val = = NULL | | r4 . out . new_val - > buf = = NULL ) {
2005-01-11 08:16:43 +03:00
printf ( " No secret buffer returned \n " ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2005-01-11 08:16:43 +03:00
} else {
blob1 . data = r4 . out . new_val - > buf - > data ;
2005-01-11 17:04:58 +03:00
blob1 . length = r4 . out . new_val - > buf - > size ;
2005-01-11 08:16:43 +03:00
blob2 = data_blob_talloc ( mem_ctx , NULL , blob1 . length ) ;
2006-09-28 10:44:47 +04:00
secret2 = sess_decrypt_string ( mem_ctx ,
& blob1 , & session_key ) ;
2005-01-11 08:16:43 +03:00
if ( strcmp ( secret1 , secret2 ) ! = 0 ) {
2008-08-26 04:56:16 +04:00
printf ( " Returned secret (r4) '%s' doesn't match '%s' \n " ,
2005-01-11 09:04:44 +03:00
secret2 , secret1 ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2005-01-11 08:16:43 +03:00
}
2005-01-08 05:00:28 +03:00
}
}
2005-01-11 06:49:29 +03:00
enc_key = sess_encrypt_string ( secret3 , & session_key ) ;
2005-01-11 17:04:58 +03:00
r5 . in . sec_handle = & sec_handle ;
2005-01-11 06:49:29 +03:00
r5 . in . new_val = & buf1 ;
r5 . in . old_val = NULL ;
r5 . in . new_val - > data = enc_key . data ;
r5 . in . new_val - > length = enc_key . length ;
r5 . in . new_val - > size = enc_key . length ;
2008-08-26 04:56:16 +04:00
msleep ( 200 ) ;
2005-01-11 09:04:44 +03:00
printf ( " Testing SetSecret (existing value should move to old) \n " ) ;
2005-01-11 06:49:29 +03:00
status = dcerpc_lsa_SetSecret ( p , mem_ctx , & r5 ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " SetSecret failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2005-01-11 06:49:29 +03:00
}
data_blob_free ( & enc_key ) ;
ZERO_STRUCT ( new_mtime ) ;
ZERO_STRUCT ( old_mtime ) ;
/* fetch the secret back again */
2005-01-11 17:04:58 +03:00
r6 . in . sec_handle = & sec_handle ;
2005-01-11 06:49:29 +03:00
r6 . in . new_val = & bufp1 ;
r6 . in . new_mtime = & new_mtime ;
2005-01-11 08:16:43 +03:00
r6 . in . old_val = & bufp2 ;
r6 . in . old_mtime = & old_mtime ;
2005-01-11 06:49:29 +03:00
bufp1 . buf = NULL ;
2005-01-11 08:16:43 +03:00
bufp2 . buf = NULL ;
2005-01-11 06:49:29 +03:00
status = dcerpc_lsa_QuerySecret ( p , mem_ctx , & r6 ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " QuerySecret failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2005-10-31 05:58:29 +03:00
secret4 = NULL ;
2005-01-11 06:49:29 +03:00
} else {
2005-01-11 08:16:43 +03:00
if ( r6 . out . new_val - > buf = = NULL | | r6 . out . old_val - > buf = = NULL
| | r6 . out . new_mtime = = NULL | | r6 . out . old_mtime = = NULL ) {
printf ( " Both secret buffers and both times not returned \n " ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2005-10-31 05:58:29 +03:00
secret4 = NULL ;
2005-01-11 08:16:43 +03:00
} else {
blob1 . data = r6 . out . new_val - > buf - > data ;
2005-01-11 17:04:58 +03:00
blob1 . length = r6 . out . new_val - > buf - > size ;
2005-01-11 08:16:43 +03:00
blob2 = data_blob_talloc ( mem_ctx , NULL , blob1 . length ) ;
2006-09-28 10:44:47 +04:00
secret4 = sess_decrypt_string ( mem_ctx ,
& blob1 , & session_key ) ;
2005-01-11 08:16:43 +03:00
if ( strcmp ( secret3 , secret4 ) ! = 0 ) {
printf ( " Returned NEW secret %s doesn't match %s \n " , secret4 , secret3 ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2005-01-11 08:16:43 +03:00
}
2005-01-11 09:04:44 +03:00
blob1 . data = r6 . out . old_val - > buf - > data ;
blob1 . length = r6 . out . old_val - > buf - > length ;
2005-01-11 08:16:43 +03:00
blob2 = data_blob_talloc ( mem_ctx , NULL , blob1 . length ) ;
2006-09-28 10:44:47 +04:00
secret2 = sess_decrypt_string ( mem_ctx ,
& blob1 , & session_key ) ;
2005-01-11 08:16:43 +03:00
2005-01-11 09:04:44 +03:00
if ( strcmp ( secret1 , secret2 ) ! = 0 ) {
printf ( " Returned OLD secret %s doesn't match %s \n " , secret2 , secret1 ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2005-01-11 08:16:43 +03:00
}
if ( * r6 . out . new_mtime = = * r6 . out . old_mtime ) {
2008-08-26 04:56:16 +04:00
printf ( " Returned secret (r6-%d) %s must not have same mtime for both secrets: %s != %s \n " ,
i ,
2005-01-11 08:16:43 +03:00
secname [ i ] ,
2008-08-26 04:56:16 +04:00
nt_time_string ( mem_ctx , * r6 . out . old_mtime ) ,
2005-01-11 08:16:43 +03:00
nt_time_string ( mem_ctx , * r6 . out . new_mtime ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2005-01-11 08:16:43 +03:00
}
2005-01-11 06:49:29 +03:00
}
}
2005-01-11 08:16:43 +03:00
2005-01-11 09:04:44 +03:00
enc_key = sess_encrypt_string ( secret5 , & session_key ) ;
2005-01-11 17:04:58 +03:00
r7 . in . sec_handle = & sec_handle ;
2005-01-11 09:04:44 +03:00
r7 . in . old_val = & buf1 ;
r7 . in . old_val - > data = enc_key . data ;
r7 . in . old_val - > length = enc_key . length ;
r7 . in . old_val - > size = enc_key . length ;
r7 . in . new_val = NULL ;
printf ( " Testing SetSecret of old Secret only \n " ) ;
status = dcerpc_lsa_SetSecret ( p , mem_ctx , & r7 ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " SetSecret failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2005-01-11 09:04:44 +03:00
}
data_blob_free ( & enc_key ) ;
/* fetch the secret back again */
2005-01-11 17:04:58 +03:00
r8 . in . sec_handle = & sec_handle ;
2005-01-11 09:04:44 +03:00
r8 . in . new_val = & bufp1 ;
r8 . in . new_mtime = & new_mtime ;
r8 . in . old_val = & bufp2 ;
r8 . in . old_mtime = & old_mtime ;
bufp1 . buf = NULL ;
bufp2 . buf = NULL ;
status = dcerpc_lsa_QuerySecret ( p , mem_ctx , & r8 ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " QuerySecret failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2005-01-11 09:04:44 +03:00
} else {
2005-01-12 01:16:14 +03:00
if ( ! r8 . out . new_val | | ! r8 . out . old_val ) {
printf ( " in/out pointers not returned, despite being set on in for QuerySecret \n " ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2008-08-26 03:49:54 +04:00
} else if ( r8 . out . new_val - > buf ! = NULL ) {
printf ( " NEW secret buffer must not be returned after OLD set \n " ) ;
ret = false ;
2005-01-11 09:04:44 +03:00
} else if ( r8 . out . old_val - > buf = = NULL ) {
2008-08-26 03:49:54 +04:00
printf ( " OLD secret buffer was not returned after OLD set \n " ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2005-01-11 09:04:44 +03:00
} else if ( r8 . out . new_mtime = = NULL | | r8 . out . old_mtime = = NULL ) {
printf ( " Both times not returned after OLD set \n " ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2005-01-11 09:04:44 +03:00
} else {
blob1 . data = r8 . out . old_val - > buf - > data ;
2005-01-11 17:04:58 +03:00
blob1 . length = r8 . out . old_val - > buf - > size ;
2005-01-11 09:04:44 +03:00
blob2 = data_blob_talloc ( mem_ctx , NULL , blob1 . length ) ;
2006-09-28 10:44:47 +04:00
secret6 = sess_decrypt_string ( mem_ctx ,
& blob1 , & session_key ) ;
2005-01-11 09:04:44 +03:00
if ( strcmp ( secret5 , secret6 ) ! = 0 ) {
printf ( " Returned OLD secret %s doesn't match %s \n " , secret5 , secret6 ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2005-01-11 09:04:44 +03:00
}
2008-08-26 03:49:54 +04:00
if ( * r8 . out . new_mtime ! = * r8 . out . old_mtime ) {
2008-08-26 04:56:16 +04:00
printf ( " Returned secret (r8) %s did not had same mtime for both secrets: %s != %s \n " ,
2005-01-11 09:04:44 +03:00
secname [ i ] ,
nt_time_string ( mem_ctx , * r8 . out . old_mtime ) ,
nt_time_string ( mem_ctx , * r8 . out . new_mtime ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2005-01-11 09:04:44 +03:00
}
}
}
2005-01-08 05:00:28 +03:00
if ( ! test_Delete ( p , mem_ctx , & sec_handle ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2005-01-08 05:00:28 +03:00
}
2008-08-26 03:49:54 +04:00
if ( ! test_DeleteObject ( p , mem_ctx , & sec_handle ) ) {
return false ;
}
d_o . in . handle = & sec_handle2 ;
d_o . out . handle = & sec_handle2 ;
status = dcerpc_lsa_DeleteObject ( p , mem_ctx , & d_o ) ;
2005-01-08 05:00:28 +03:00
if ( ! NT_STATUS_EQUAL ( status , NT_STATUS_INVALID_HANDLE ) ) {
printf ( " Second delete expected INVALID_HANDLE - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2005-01-11 17:04:58 +03:00
} else {
2005-01-11 04:36:26 +03:00
2005-01-11 17:04:58 +03:00
printf ( " Testing OpenSecret of just-deleted secret \n " ) ;
status = dcerpc_lsa_OpenSecret ( p , mem_ctx , & r2 ) ;
if ( ! NT_STATUS_EQUAL ( status , NT_STATUS_OBJECT_NAME_NOT_FOUND ) ) {
printf ( " OpenSecret expected OBJECT_NAME_NOT_FOUND - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2005-01-11 17:04:58 +03:00
}
2005-01-11 04:36:26 +03:00
}
2004-04-03 21:21:26 +04:00
}
2004-04-07 11:20:53 +04:00
return ret ;
2004-04-03 21:15:32 +04:00
}
2004-09-03 12:28:24 +04:00
2007-10-07 02:28:14 +04:00
static bool test_EnumAccountRights ( struct dcerpc_pipe * p ,
2003-11-10 15:12:22 +03:00
TALLOC_CTX * mem_ctx ,
struct policy_handle * acct_handle ,
struct dom_sid * sid )
{
NTSTATUS status ;
struct lsa_EnumAccountRights r ;
struct lsa_RightSet rights ;
printf ( " Testing EnumAccountRights \n " ) ;
r . in . handle = acct_handle ;
r . in . sid = sid ;
r . out . rights = & rights ;
status = dcerpc_lsa_EnumAccountRights ( p , mem_ctx , & r ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2006-07-06 09:23:29 +04:00
printf ( " EnumAccountRights of %s failed - %s \n " ,
dom_sid_string ( mem_ctx , sid ) , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2003-11-10 15:12:22 +03:00
}
2007-10-07 02:28:14 +04:00
return true ;
2003-11-10 15:12:22 +03:00
}
2003-11-15 07:42:48 +03:00
2007-10-07 02:28:14 +04:00
static bool test_QuerySecurity ( struct dcerpc_pipe * p ,
2007-12-03 17:53:17 +03:00
struct torture_context * tctx ,
2003-11-15 09:00:21 +03:00
struct policy_handle * handle ,
struct policy_handle * acct_handle )
2003-11-15 07:42:48 +03:00
{
NTSTATUS status ;
2004-11-22 11:47:47 +03:00
struct lsa_QuerySecurity r ;
2003-11-15 07:42:48 +03:00
2007-12-03 17:53:17 +03:00
if ( torture_setting_bool ( tctx , " samba4 " , false ) ) {
2006-07-06 09:23:29 +04:00
printf ( " skipping QuerySecurity test against Samba4 \n " ) ;
2007-10-07 02:28:14 +04:00
return true ;
2006-07-06 09:23:29 +04:00
}
2004-12-19 10:20:55 +03:00
printf ( " Testing QuerySecurity \n " ) ;
2003-11-15 07:42:48 +03:00
r . in . handle = acct_handle ;
r . in . sec_info = 7 ;
2007-12-03 17:53:17 +03:00
status = dcerpc_lsa_QuerySecurity ( p , tctx , & r ) ;
2003-11-15 07:42:48 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2004-11-22 11:47:47 +03:00
printf ( " QuerySecurity failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2003-11-15 07:42:48 +03:00
}
2007-10-07 02:28:14 +04:00
return true ;
2003-11-15 07:42:48 +03:00
}
2007-10-07 02:28:14 +04:00
static bool test_OpenAccount ( struct dcerpc_pipe * p ,
2003-11-09 14:01:39 +03:00
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle ,
struct dom_sid * sid )
{
NTSTATUS status ;
struct lsa_OpenAccount r ;
struct policy_handle acct_handle ;
2003-11-15 09:00:21 +03:00
printf ( " Testing OpenAccount \n " ) ;
2003-11-09 14:01:39 +03:00
r . in . handle = handle ;
r . in . sid = sid ;
2004-12-02 07:37:36 +03:00
r . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
2003-11-09 14:01:39 +03:00
r . out . acct_handle = & acct_handle ;
status = dcerpc_lsa_OpenAccount ( p , mem_ctx , & r ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " OpenAccount failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2003-11-09 14:01:39 +03:00
}
2003-11-10 15:42:45 +03:00
if ( ! test_EnumPrivsAccount ( p , mem_ctx , handle , & acct_handle ) ) {
2007-10-07 02:28:14 +04:00
return false ;
2003-11-10 14:37:19 +03:00
}
2004-11-22 11:47:47 +03:00
if ( ! test_QuerySecurity ( p , mem_ctx , handle , & acct_handle ) ) {
2007-10-07 02:28:14 +04:00
return false ;
2003-11-15 07:42:48 +03:00
}
2007-10-07 02:28:14 +04:00
return true ;
2003-11-09 14:01:39 +03:00
}
2007-10-07 02:28:14 +04:00
static bool test_EnumAccounts ( struct dcerpc_pipe * p ,
2003-11-04 14:16:07 +03:00
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle )
{
NTSTATUS status ;
2003-11-09 11:30:29 +03:00
struct lsa_EnumAccounts r ;
2003-11-08 14:21:57 +03:00
struct lsa_SidArray sids1 , sids2 ;
2004-05-25 20:24:13 +04:00
uint32_t resume_handle = 0 ;
2003-11-04 14:16:07 +03:00
int i ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2003-11-04 14:16:07 +03:00
2003-11-09 11:30:29 +03:00
printf ( " \n testing EnumAccounts \n " ) ;
2003-11-04 14:16:07 +03:00
2003-11-09 07:40:50 +03:00
r . in . handle = handle ;
r . in . resume_handle = & resume_handle ;
r . in . num_entries = 100 ;
r . out . resume_handle = & resume_handle ;
r . out . sids = & sids1 ;
2003-11-08 14:21:57 +03:00
resume_handle = 0 ;
2007-10-07 02:28:14 +04:00
while ( true ) {
2004-12-19 08:53:13 +03:00
status = dcerpc_lsa_EnumAccounts ( p , mem_ctx , & r ) ;
if ( NT_STATUS_EQUAL ( status , NT_STATUS_NO_MORE_ENTRIES ) ) {
break ;
}
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " EnumAccounts failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2004-12-19 08:53:13 +03:00
}
2003-11-04 14:16:07 +03:00
2004-12-19 08:53:13 +03:00
if ( ! test_LookupSids ( p , mem_ctx , handle , & sids1 ) ) {
2007-10-07 02:28:14 +04:00
return false ;
2004-12-19 08:53:13 +03:00
}
2003-11-09 14:01:39 +03:00
2004-12-19 08:53:13 +03:00
if ( ! test_LookupSids2 ( p , mem_ctx , handle , & sids1 ) ) {
2007-10-07 02:28:14 +04:00
return false ;
2004-12-19 08:53:13 +03:00
}
2004-11-26 09:33:38 +03:00
2008-08-26 03:49:54 +04:00
/* Can't test lookupSids3 here, as clearly we must not
* be on schannel , or we would not be able to do the
* rest */
2004-12-31 10:26:26 +03:00
2004-12-19 08:53:13 +03:00
printf ( " testing all accounts \n " ) ;
for ( i = 0 ; i < sids1 . num_sids ; i + + ) {
2006-07-06 09:23:29 +04:00
ret & = test_OpenAccount ( p , mem_ctx , handle , sids1 . sids [ i ] . sid ) ;
ret & = test_EnumAccountRights ( p , mem_ctx , handle , sids1 . sids [ i ] . sid ) ;
2004-12-19 08:53:13 +03:00
}
printf ( " \n " ) ;
2003-11-09 14:01:39 +03:00
}
2003-11-10 15:12:22 +03:00
2003-11-08 14:21:57 +03:00
if ( sids1 . num_sids < 3 ) {
2006-07-06 09:23:29 +04:00
return ret ;
2003-11-04 14:16:07 +03:00
}
2003-11-09 11:30:29 +03:00
printf ( " trying EnumAccounts partial listing (asking for 1 at 2) \n " ) ;
2003-11-08 14:21:57 +03:00
resume_handle = 2 ;
2003-11-09 07:40:50 +03:00
r . in . num_entries = 1 ;
r . out . sids = & sids2 ;
2003-11-09 11:30:29 +03:00
status = dcerpc_lsa_EnumAccounts ( p , mem_ctx , & r ) ;
2003-11-08 14:21:57 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2003-11-09 11:30:29 +03:00
printf ( " EnumAccounts failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2003-11-08 14:21:57 +03:00
}
if ( sids2 . num_sids ! = 1 ) {
printf ( " Returned wrong number of entries (%d) \n " , sids2 . num_sids ) ;
2007-10-07 02:28:14 +04:00
return false ;
2003-11-08 14:21:57 +03:00
}
2003-11-04 14:16:07 +03:00
2007-10-07 02:28:14 +04:00
return true ;
2003-11-04 14:16:07 +03:00
}
2007-10-07 02:28:14 +04:00
static bool test_LookupPrivDisplayName ( struct dcerpc_pipe * p ,
2004-09-02 03:36:22 +04:00
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle ,
2004-11-22 14:59:59 +03:00
struct lsa_String * priv_name )
2004-09-02 03:36:22 +04:00
{
struct lsa_LookupPrivDisplayName r ;
NTSTATUS status ;
2004-09-03 09:16:25 +04:00
/* produce a reasonable range of language output without screwing up
terminals */
2005-02-10 08:09:35 +03:00
uint16_t language_id = ( random ( ) % 4 ) + 0x409 ;
2004-09-02 03:36:22 +04:00
2004-11-22 14:59:59 +03:00
printf ( " testing LookupPrivDisplayName(%s) \n " , priv_name - > string ) ;
2004-09-02 03:36:22 +04:00
r . in . handle = handle ;
r . in . name = priv_name ;
2004-09-03 09:16:25 +04:00
r . in . language_id = & language_id ;
r . out . language_id = & language_id ;
2004-09-02 03:36:22 +04:00
r . in . unknown = 0 ;
status = dcerpc_lsa_LookupPrivDisplayName ( p , mem_ctx , & r ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " LookupPrivDisplayName failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2004-09-02 03:36:22 +04:00
}
2004-09-03 09:16:25 +04:00
printf ( " %s -> \" %s \" (language 0x%x/0x%x) \n " ,
2004-11-22 14:59:59 +03:00
priv_name - > string , r . out . disp_name - > string ,
2004-09-03 09:16:25 +04:00
* r . in . language_id , * r . out . language_id ) ;
2004-09-02 03:36:22 +04:00
2007-10-07 02:28:14 +04:00
return true ;
2004-09-02 03:36:22 +04:00
}
2007-10-07 02:28:14 +04:00
static bool test_EnumAccountsWithUserRight ( struct dcerpc_pipe * p ,
2004-09-02 03:36:22 +04:00
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle ,
2004-11-22 14:59:59 +03:00
struct lsa_String * priv_name )
2004-09-02 03:36:22 +04:00
{
struct lsa_EnumAccountsWithUserRight r ;
struct lsa_SidArray sids ;
NTSTATUS status ;
ZERO_STRUCT ( sids ) ;
2004-11-22 14:59:59 +03:00
printf ( " testing EnumAccountsWithUserRight(%s) \n " , priv_name - > string ) ;
2004-09-02 03:36:22 +04:00
r . in . handle = handle ;
r . in . name = priv_name ;
r . out . sids = & sids ;
status = dcerpc_lsa_EnumAccountsWithUserRight ( p , mem_ctx , & r ) ;
/* NT_STATUS_NO_MORE_ENTRIES means noone has this privilege */
if ( NT_STATUS_EQUAL ( status , NT_STATUS_NO_MORE_ENTRIES ) ) {
2007-10-07 02:28:14 +04:00
return true ;
2004-09-02 03:36:22 +04:00
}
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " EnumAccountsWithUserRight failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2004-09-02 03:36:22 +04:00
}
2007-10-07 02:28:14 +04:00
return true ;
2004-09-02 03:36:22 +04:00
}
2003-11-09 12:04:28 +03:00
2007-10-07 02:28:14 +04:00
static bool test_EnumPrivs ( struct dcerpc_pipe * p ,
2003-11-09 12:44:06 +03:00
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle )
{
NTSTATUS status ;
struct lsa_EnumPrivs r ;
struct lsa_PrivArray privs1 ;
2004-05-25 20:24:13 +04:00
uint32_t resume_handle = 0 ;
2004-09-02 03:36:22 +04:00
int i ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2003-11-09 12:44:06 +03:00
printf ( " \n testing EnumPrivs \n " ) ;
r . in . handle = handle ;
r . in . resume_handle = & resume_handle ;
2004-12-14 08:32:51 +03:00
r . in . max_count = 100 ;
2003-11-09 12:44:06 +03:00
r . out . resume_handle = & resume_handle ;
r . out . privs = & privs1 ;
resume_handle = 0 ;
status = dcerpc_lsa_EnumPrivs ( p , mem_ctx , & r ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " EnumPrivs failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2003-11-09 12:44:06 +03:00
}
2004-09-02 03:36:22 +04:00
for ( i = 0 ; i < privs1 . count ; i + + ) {
2006-01-18 19:20:33 +03:00
test_LookupPrivDisplayName ( p , mem_ctx , handle , ( struct lsa_String * ) & privs1 . privs [ i ] . name ) ;
test_LookupPrivValue ( p , mem_ctx , handle , ( struct lsa_String * ) & privs1 . privs [ i ] . name ) ;
if ( ! test_EnumAccountsWithUserRight ( p , mem_ctx , handle , ( struct lsa_String * ) & privs1 . privs [ i ] . name ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2004-09-02 03:36:22 +04:00
}
}
return ret ;
2003-11-09 12:44:06 +03:00
}
2007-10-07 02:28:14 +04:00
static bool test_QueryForestTrustInformation ( struct dcerpc_pipe * p ,
2007-12-03 17:53:17 +03:00
struct torture_context * tctx ,
2007-06-08 14:43:42 +04:00
struct policy_handle * handle ,
const char * trusted_domain_name )
{
2007-10-07 02:28:14 +04:00
bool ret = true ;
2007-06-08 14:43:42 +04:00
struct lsa_lsaRQueryForestTrustInformation r ;
NTSTATUS status ;
struct lsa_String string ;
struct lsa_ForestTrustInformation info , * info_ptr ;
printf ( " \n Testing lsaRQueryForestTrustInformation \n " ) ;
2007-12-03 17:53:17 +03:00
if ( torture_setting_bool ( tctx , " samba4 " , false ) ) {
2007-06-08 14:43:42 +04:00
printf ( " skipping QueryForestTrustInformation against Samba4 \n " ) ;
2007-10-07 02:28:14 +04:00
return true ;
2007-06-08 14:43:42 +04:00
}
ZERO_STRUCT ( string ) ;
if ( trusted_domain_name ) {
init_lsa_String ( & string , trusted_domain_name ) ;
}
info_ptr = & info ;
r . in . handle = handle ;
r . in . trusted_domain_name = & string ;
r . in . unknown = 0 ;
r . out . forest_trust_info = & info_ptr ;
2007-12-03 17:53:17 +03:00
status = dcerpc_lsa_lsaRQueryForestTrustInformation ( p , tctx , & r ) ;
2007-06-08 14:43:42 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " lsaRQueryForestTrustInformation failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2007-06-08 14:43:42 +04:00
}
return ret ;
}
2007-10-07 02:28:14 +04:00
static bool test_query_each_TrustDomEx ( struct dcerpc_pipe * p ,
2007-06-08 14:43:42 +04:00
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle ,
struct lsa_DomainListEx * domains )
{
2007-08-28 16:54:27 +04:00
int i ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2007-06-08 14:43:42 +04:00
for ( i = 0 ; i < domains - > count ; i + + ) {
if ( domains - > domains [ i ] . trust_attributes & NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE ) {
ret & = test_QueryForestTrustInformation ( p , mem_ctx , handle ,
domains - > domains [ i ] . domain_name . string ) ;
}
}
return ret ;
}
2007-10-07 02:28:14 +04:00
static bool test_query_each_TrustDom ( struct dcerpc_pipe * p ,
2005-01-12 10:57:33 +03:00
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle ,
struct lsa_DomainList * domains )
2003-11-09 13:01:24 +03:00
{
NTSTATUS status ;
2004-11-22 14:59:59 +03:00
int i , j ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2005-01-12 10:57:33 +03:00
2004-11-23 03:31:00 +03:00
printf ( " \n Testing OpenTrustedDomain, OpenTrustedDomainByName and QueryInfoTrustedDomain \n " ) ;
2005-01-12 10:57:33 +03:00
for ( i = 0 ; i < domains - > count ; i + + ) {
2004-11-22 11:47:47 +03:00
struct lsa_OpenTrustedDomain trust ;
struct lsa_OpenTrustedDomainByName trust_by_name ;
2004-11-23 03:31:00 +03:00
struct policy_handle trustdom_handle ;
2004-11-22 11:47:47 +03:00
struct policy_handle handle2 ;
struct lsa_Close c ;
2006-08-31 12:22:13 +04:00
struct lsa_CloseTrustedDomainEx c_trust ;
2008-08-26 03:49:54 +04:00
int levels [ ] = { 1 , 2 , 3 , 4 , 5 , 6 , 7 , 8 , 9 , 10 , 11 , 12 , 13 } ;
int ok [ ] = { 1 , 0 , 1 , 0 , 0 , 1 , 0 , 1 , 0 , 0 , 0 , 1 , 1 } ;
2006-08-31 12:22:13 +04:00
2005-01-12 10:57:33 +03:00
if ( domains - > domains [ i ] . sid ) {
trust . in . handle = handle ;
trust . in . sid = domains - > domains [ i ] . sid ;
trust . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
trust . out . trustdom_handle = & trustdom_handle ;
status = dcerpc_lsa_OpenTrustedDomain ( p , mem_ctx , & trust ) ;
2004-11-22 14:59:59 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2005-01-12 10:57:33 +03:00
printf ( " OpenTrustedDomain failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2005-01-12 10:57:33 +03:00
}
c . in . handle = & trustdom_handle ;
c . out . handle = & handle2 ;
2006-08-31 12:22:13 +04:00
c_trust . in . handle = & trustdom_handle ;
c_trust . out . handle = & handle2 ;
2005-01-12 10:57:33 +03:00
for ( j = 0 ; j < ARRAY_SIZE ( levels ) ; j + + ) {
struct lsa_QueryTrustedDomainInfo q ;
union lsa_TrustedDomainInfo info ;
q . in . trustdom_handle = & trustdom_handle ;
q . in . level = levels [ j ] ;
q . out . info = & info ;
status = dcerpc_lsa_QueryTrustedDomainInfo ( p , mem_ctx , & q ) ;
2006-08-31 12:22:13 +04:00
if ( ! NT_STATUS_IS_OK ( status ) & & ok [ j ] ) {
2005-01-12 10:57:33 +03:00
printf ( " QueryTrustedDomainInfo level %d failed - %s \n " ,
levels [ j ] , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2006-08-31 12:22:13 +04:00
} else if ( NT_STATUS_IS_OK ( status ) & & ! ok [ j ] ) {
printf ( " QueryTrustedDomainInfo level %d unexpectedly succeeded - %s \n " ,
levels [ j ] , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2005-01-12 10:57:33 +03:00
}
}
2006-08-31 12:22:13 +04:00
status = dcerpc_lsa_CloseTrustedDomainEx ( p , mem_ctx , & c_trust ) ;
if ( ! NT_STATUS_EQUAL ( status , NT_STATUS_NOT_IMPLEMENTED ) ) {
printf ( " Expected CloseTrustedDomainEx to return NT_STATUS_NOT_IMPLEMENTED, instead - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2006-08-31 12:22:13 +04:00
}
c . in . handle = & trustdom_handle ;
c . out . handle = & handle2 ;
2005-01-12 10:57:33 +03:00
status = dcerpc_lsa_Close ( p , mem_ctx , & c ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " Close of trusted domain failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2004-11-22 14:59:59 +03:00
}
2006-08-31 12:22:13 +04:00
2007-04-07 04:57:26 +04:00
for ( j = 0 ; j < ARRAY_SIZE ( levels ) ; j + + ) {
struct lsa_QueryTrustedDomainInfoBySid q ;
union lsa_TrustedDomainInfo info ;
if ( ! domains - > domains [ i ] . sid ) {
continue ;
}
q . in . handle = handle ;
q . in . dom_sid = domains - > domains [ i ] . sid ;
q . in . level = levels [ j ] ;
q . out . info = & info ;
status = dcerpc_lsa_QueryTrustedDomainInfoBySid ( p , mem_ctx , & q ) ;
if ( ! NT_STATUS_IS_OK ( status ) & & ok [ j ] ) {
printf ( " QueryTrustedDomainInfoBySid level %d failed - %s \n " ,
levels [ j ] , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2007-04-07 04:57:26 +04:00
} else if ( NT_STATUS_IS_OK ( status ) & & ! ok [ j ] ) {
printf ( " QueryTrustedDomainInfoBySid level %d unexpectedly succeeded - %s \n " ,
levels [ j ] , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2007-04-07 04:57:26 +04:00
}
}
2004-11-22 11:47:47 +03:00
}
trust_by_name . in . handle = handle ;
2005-12-31 08:33:50 +03:00
trust_by_name . in . name . string = domains - > domains [ i ] . name . string ;
2004-12-02 07:37:36 +03:00
trust_by_name . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
2004-11-23 03:31:00 +03:00
trust_by_name . out . trustdom_handle = & trustdom_handle ;
2005-01-12 10:57:33 +03:00
2004-11-22 11:47:47 +03:00
status = dcerpc_lsa_OpenTrustedDomainByName ( p , mem_ctx , & trust_by_name ) ;
2005-01-12 10:57:33 +03:00
2004-11-22 11:47:47 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " OpenTrustedDomainByName failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2004-11-22 11:47:47 +03:00
}
2004-11-23 03:31:00 +03:00
for ( j = 0 ; j < ARRAY_SIZE ( levels ) ; j + + ) {
struct lsa_QueryTrustedDomainInfo q ;
union lsa_TrustedDomainInfo info ;
q . in . trustdom_handle = & trustdom_handle ;
q . in . level = levels [ j ] ;
q . out . info = & info ;
status = dcerpc_lsa_QueryTrustedDomainInfo ( p , mem_ctx , & q ) ;
2006-08-31 12:22:13 +04:00
if ( ! NT_STATUS_IS_OK ( status ) & & ok [ j ] ) {
2004-11-23 03:31:00 +03:00
printf ( " QueryTrustedDomainInfo level %d failed - %s \n " ,
levels [ j ] , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2006-08-31 12:22:13 +04:00
} else if ( NT_STATUS_IS_OK ( status ) & & ! ok [ j ] ) {
printf ( " QueryTrustedDomainInfo level %d unexpectedly succeeded - %s \n " ,
levels [ j ] , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2004-11-23 03:31:00 +03:00
}
}
c . in . handle = & trustdom_handle ;
2004-11-22 11:47:47 +03:00
c . out . handle = & handle2 ;
2004-11-22 14:59:59 +03:00
2004-11-22 11:47:47 +03:00
status = dcerpc_lsa_Close ( p , mem_ctx , & c ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2004-11-23 03:31:00 +03:00
printf ( " Close of trusted domain failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2004-11-22 11:47:47 +03:00
}
2004-11-23 03:31:00 +03:00
for ( j = 0 ; j < ARRAY_SIZE ( levels ) ; j + + ) {
struct lsa_QueryTrustedDomainInfoByName q ;
union lsa_TrustedDomainInfo info ;
q . in . handle = handle ;
2005-12-31 08:33:50 +03:00
q . in . trusted_domain . string = domains - > domains [ i ] . name . string ;
2004-11-23 03:31:00 +03:00
q . in . level = levels [ j ] ;
q . out . info = & info ;
status = dcerpc_lsa_QueryTrustedDomainInfoByName ( p , mem_ctx , & q ) ;
2006-08-31 12:22:13 +04:00
if ( ! NT_STATUS_IS_OK ( status ) & & ok [ j ] ) {
2004-11-23 03:31:00 +03:00
printf ( " QueryTrustedDomainInfoByName level %d failed - %s \n " ,
levels [ j ] , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2006-08-31 12:22:13 +04:00
} else if ( NT_STATUS_IS_OK ( status ) & & ! ok [ j ] ) {
printf ( " QueryTrustedDomainInfoByName level %d unexpectedly succeeded - %s \n " ,
levels [ j ] , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2004-11-23 03:31:00 +03:00
}
}
2005-01-12 10:57:33 +03:00
}
return ret ;
}
2007-10-07 02:28:14 +04:00
static bool test_EnumTrustDom ( struct dcerpc_pipe * p ,
2005-01-12 10:57:33 +03:00
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle )
{
struct lsa_EnumTrustDom r ;
2006-08-31 12:22:13 +04:00
struct lsa_EnumTrustedDomainsEx r_ex ;
2005-01-12 10:57:33 +03:00
NTSTATUS enum_status ;
uint32_t resume_handle = 0 ;
struct lsa_DomainList domains ;
2006-08-31 12:22:13 +04:00
struct lsa_DomainListEx domains_ex ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2005-01-12 10:57:33 +03:00
printf ( " \n Testing EnumTrustDom \n " ) ;
2008-07-21 06:05:53 +04:00
r . in . handle = handle ;
r . in . resume_handle = & resume_handle ;
r . in . max_size = 0 ;
r . out . domains = & domains ;
r . out . resume_handle = & resume_handle ;
enum_status = dcerpc_lsa_EnumTrustDom ( p , mem_ctx , & r ) ;
2008-07-31 03:07:57 +04:00
if ( NT_STATUS_IS_OK ( enum_status ) ) {
if ( domains . count = = 0 ) {
printf ( " EnumTrustDom failed - should have returned 'NT_STATUS_NO_MORE_ENTRIES' for 0 trusted domains \n " ) ;
return false ;
}
} else if ( ! ( NT_STATUS_EQUAL ( enum_status , STATUS_MORE_ENTRIES ) | | NT_STATUS_EQUAL ( enum_status , NT_STATUS_NO_MORE_ENTRIES ) ) ) {
2008-07-21 06:05:53 +04:00
printf ( " EnumTrustDom of zero size failed - %s \n " , nt_errstr ( enum_status ) ) ;
return false ;
}
2008-09-04 10:06:38 +04:00
/* Start from the bottom again */
resume_handle = 0 ;
2005-01-12 10:57:33 +03:00
do {
r . in . handle = handle ;
r . in . resume_handle = & resume_handle ;
r . in . max_size = LSA_ENUM_TRUST_DOMAIN_MULTIPLIER * 3 ;
r . out . domains = & domains ;
r . out . resume_handle = & resume_handle ;
enum_status = dcerpc_lsa_EnumTrustDom ( p , mem_ctx , & r ) ;
2004-11-23 03:31:00 +03:00
2005-01-12 10:57:33 +03:00
/* NO_MORE_ENTRIES is allowed */
if ( NT_STATUS_EQUAL ( enum_status , NT_STATUS_NO_MORE_ENTRIES ) ) {
2007-10-07 02:28:14 +04:00
return true ;
2005-01-12 10:57:33 +03:00
} else if ( NT_STATUS_EQUAL ( enum_status , STATUS_MORE_ENTRIES ) ) {
/* Windows 2003 gets this off by one on the first run */
if ( r . out . domains - > count < 3 | | r . out . domains - > count > 4 ) {
printf ( " EnumTrustDom didn't fill the buffer we "
" asked it to (got %d, expected %d / %d == %d entries) \n " ,
r . out . domains - > count , LSA_ENUM_TRUST_DOMAIN_MULTIPLIER * 3 ,
LSA_ENUM_TRUST_DOMAIN_MULTIPLIER , r . in . max_size ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2005-01-12 10:57:33 +03:00
}
} else if ( ! NT_STATUS_IS_OK ( enum_status ) ) {
printf ( " EnumTrustDom failed - %s \n " , nt_errstr ( enum_status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2005-01-12 10:57:33 +03:00
}
2004-11-23 03:31:00 +03:00
2008-07-21 06:05:53 +04:00
if ( domains . count = = 0 ) {
printf ( " EnumTrustDom failed - should have returned 'NT_STATUS_NO_MORE_ENTRIES' for 0 trusted domains \n " ) ;
return false ;
}
2006-08-31 12:22:13 +04:00
ret & = test_query_each_TrustDom ( p , mem_ctx , handle , & domains ) ;
} while ( ( NT_STATUS_EQUAL ( enum_status , STATUS_MORE_ENTRIES ) ) ) ;
printf ( " \n Testing EnumTrustedDomainsEx \n " ) ;
2008-07-21 06:05:53 +04:00
r_ex . in . handle = handle ;
r_ex . in . resume_handle = & resume_handle ;
r_ex . in . max_size = LSA_ENUM_TRUST_DOMAIN_EX_MULTIPLIER * 3 ;
r_ex . out . domains = & domains_ex ;
r_ex . out . resume_handle = & resume_handle ;
enum_status = dcerpc_lsa_EnumTrustedDomainsEx ( p , mem_ctx , & r_ex ) ;
if ( ! ( NT_STATUS_EQUAL ( enum_status , STATUS_MORE_ENTRIES ) | | NT_STATUS_EQUAL ( enum_status , NT_STATUS_NO_MORE_ENTRIES ) ) ) {
printf ( " EnumTrustedDomainEx of zero size failed - %s \n " , nt_errstr ( enum_status ) ) ;
return false ;
}
2006-08-31 12:22:13 +04:00
resume_handle = 0 ;
do {
r_ex . in . handle = handle ;
r_ex . in . resume_handle = & resume_handle ;
r_ex . in . max_size = LSA_ENUM_TRUST_DOMAIN_EX_MULTIPLIER * 3 ;
r_ex . out . domains = & domains_ex ;
r_ex . out . resume_handle = & resume_handle ;
2006-07-06 09:23:29 +04:00
2006-08-31 12:22:13 +04:00
enum_status = dcerpc_lsa_EnumTrustedDomainsEx ( p , mem_ctx , & r_ex ) ;
/* NO_MORE_ENTRIES is allowed */
if ( NT_STATUS_EQUAL ( enum_status , NT_STATUS_NO_MORE_ENTRIES ) ) {
2007-10-07 02:28:14 +04:00
return true ;
2006-08-31 12:22:13 +04:00
} else if ( NT_STATUS_EQUAL ( enum_status , STATUS_MORE_ENTRIES ) ) {
/* Windows 2003 gets this off by one on the first run */
if ( r_ex . out . domains - > count < 3 | | r_ex . out . domains - > count > 4 ) {
printf ( " EnumTrustDom didn't fill the buffer we "
" asked it to (got %d, expected %d / %d == %d entries) \n " ,
r_ex . out . domains - > count ,
r_ex . in . max_size ,
LSA_ENUM_TRUST_DOMAIN_EX_MULTIPLIER ,
r_ex . in . max_size / LSA_ENUM_TRUST_DOMAIN_EX_MULTIPLIER ) ;
}
} else if ( ! NT_STATUS_IS_OK ( enum_status ) ) {
printf ( " EnumTrustedDomainEx failed - %s \n " , nt_errstr ( enum_status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2006-08-31 12:22:13 +04:00
}
2007-06-08 14:43:42 +04:00
2008-07-21 06:05:53 +04:00
if ( domains_ex . count = = 0 ) {
printf ( " EnumTrustDomainEx failed - should have returned 'NT_STATUS_NO_MORE_ENTRIES' for 0 trusted domains \n " ) ;
return false ;
}
2007-06-08 14:43:42 +04:00
ret & = test_query_each_TrustDomEx ( p , mem_ctx , handle , & domains_ex ) ;
2005-01-12 10:57:33 +03:00
} while ( ( NT_STATUS_EQUAL ( enum_status , STATUS_MORE_ENTRIES ) ) ) ;
2004-11-22 11:47:47 +03:00
return ret ;
2003-11-09 13:01:24 +03:00
}
2007-10-07 02:28:14 +04:00
static bool test_CreateTrustedDomain ( struct dcerpc_pipe * p ,
2005-01-12 06:19:48 +03:00
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle )
{
NTSTATUS status ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2005-01-12 06:19:48 +03:00
struct lsa_CreateTrustedDomain r ;
2006-08-31 12:22:13 +04:00
struct lsa_DomainInfo trustinfo ;
2005-01-12 10:57:33 +03:00
struct dom_sid * domsid [ 12 ] ;
struct policy_handle trustdom_handle [ 12 ] ;
2005-01-12 06:19:48 +03:00
struct lsa_QueryTrustedDomainInfo q ;
2005-01-12 10:57:33 +03:00
int i ;
2005-01-12 06:19:48 +03:00
2005-01-12 10:57:33 +03:00
printf ( " Testing CreateTrustedDomain for 12 domains \n " ) ;
2005-01-12 06:19:48 +03:00
2008-07-21 06:05:53 +04:00
if ( ! test_EnumTrustDom ( p , mem_ctx , handle ) ) {
ret = false ;
}
2005-01-12 10:57:33 +03:00
for ( i = 0 ; i < 12 ; i + + ) {
char * trust_name = talloc_asprintf ( mem_ctx , " torturedom%02d " , i ) ;
char * trust_sid = talloc_asprintf ( mem_ctx , " S-1-5-21-97398-379795-100%02d " , i ) ;
domsid [ i ] = dom_sid_parse_talloc ( mem_ctx , trust_sid ) ;
2005-01-12 06:19:48 +03:00
2005-01-12 10:57:33 +03:00
trustinfo . sid = domsid [ i ] ;
2006-01-18 19:20:33 +03:00
init_lsa_String ( ( struct lsa_String * ) & trustinfo . name , trust_name ) ;
2005-01-12 06:19:48 +03:00
2008-09-08 04:55:34 +04:00
r . in . policy_handle = handle ;
2005-01-12 10:57:33 +03:00
r . in . info = & trustinfo ;
r . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
r . out . trustdom_handle = & trustdom_handle [ i ] ;
2005-01-12 06:19:48 +03:00
status = dcerpc_lsa_CreateTrustedDomain ( p , mem_ctx , & r ) ;
2005-01-12 10:57:33 +03:00
if ( NT_STATUS_EQUAL ( status , NT_STATUS_OBJECT_NAME_COLLISION ) ) {
test_DeleteTrustedDomain ( p , mem_ctx , handle , trustinfo . name ) ;
status = dcerpc_lsa_CreateTrustedDomain ( p , mem_ctx , & r ) ;
}
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " CreateTrustedDomain failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2005-01-12 10:57:33 +03:00
} else {
q . in . trustdom_handle = & trustdom_handle [ i ] ;
2008-09-01 08:43:00 +04:00
q . in . level = LSA_TRUSTED_DOMAIN_INFO_INFO_EX ;
2005-01-12 10:57:33 +03:00
status = dcerpc_lsa_QueryTrustedDomainInfo ( p , mem_ctx , & q ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " QueryTrustedDomainInfo level 1 failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2005-01-12 10:57:33 +03:00
} else if ( ! q . out . info ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2005-01-12 10:57:33 +03:00
} else {
2008-09-01 08:43:00 +04:00
if ( strcmp ( q . out . info - > info_ex . netbios_name . string , trustinfo . name . string ) ! = 0 ) {
2005-01-12 10:57:33 +03:00
printf ( " QueryTrustedDomainInfo returned inconsistant short name: %s != %s \n " ,
2008-09-01 08:43:00 +04:00
q . out . info - > info_ex . netbios_name . string , trustinfo . name . string ) ;
ret = false ;
}
if ( q . out . info - > info_ex . trust_type ! = LSA_TRUST_TYPE_DOWNLEVEL ) {
printf ( " QueryTrustedDomainInfo of %s returned incorrect trust type %d != %d \n " ,
trust_name , q . out . info - > info_ex . trust_type , LSA_TRUST_TYPE_DOWNLEVEL ) ;
ret = false ;
}
if ( q . out . info - > info_ex . trust_attributes ! = 0 ) {
printf ( " QueryTrustedDomainInfo of %s returned incorrect trust attributes %d != %d \n " ,
trust_name , q . out . info - > info_ex . trust_attributes , 0 ) ;
ret = false ;
}
if ( q . out . info - > info_ex . trust_direction ! = LSA_TRUST_DIRECTION_OUTBOUND ) {
printf ( " QueryTrustedDomainInfo of %s returned incorrect trust direction %d != %d \n " ,
trust_name , q . out . info - > info_ex . trust_direction , LSA_TRUST_DIRECTION_OUTBOUND ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2005-01-12 10:57:33 +03:00
}
}
2005-01-12 06:19:48 +03:00
}
}
/* now that we have some domains to look over, we can test the enum calls */
if ( ! test_EnumTrustDom ( p , mem_ctx , handle ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2005-01-12 06:19:48 +03:00
}
2005-01-12 10:57:33 +03:00
for ( i = 0 ; i < 12 ; i + + ) {
2006-08-31 12:22:13 +04:00
if ( ! test_DeleteTrustedDomainBySid ( p , mem_ctx , handle , domsid [ i ] ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2005-01-12 10:57:33 +03:00
}
2005-01-12 06:19:48 +03:00
}
return ret ;
}
2008-09-02 05:31:46 +04:00
static bool test_CreateTrustedDomainEx2 ( struct dcerpc_pipe * p ,
2008-09-04 10:06:38 +04:00
struct torture_context * tctx ,
2008-09-02 05:31:46 +04:00
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle )
{
NTSTATUS status ;
bool ret = true ;
struct lsa_CreateTrustedDomainEx2 r ;
struct lsa_TrustDomainInfoInfoEx trustinfo ;
2008-09-04 10:06:38 +04:00
struct lsa_TrustDomainInfoAuthInfoInternal authinfo ;
2008-09-30 08:36:21 +04:00
struct trustDomainPasswords auth_struct ;
2008-09-04 10:06:38 +04:00
DATA_BLOB auth_blob ;
2008-09-02 05:31:46 +04:00
struct dom_sid * domsid [ 12 ] ;
struct policy_handle trustdom_handle [ 12 ] ;
struct lsa_QueryTrustedDomainInfo q ;
2008-09-04 10:06:38 +04:00
DATA_BLOB session_key ;
enum ndr_err_code ndr_err ;
2008-09-02 05:31:46 +04:00
int i ;
printf ( " Testing CreateTrustedDomainEx2 for 12 domains \n " ) ;
2008-09-04 10:06:38 +04:00
status = dcerpc_fetch_session_key ( p , & session_key ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " dcerpc_fetch_session_key failed - %s \n " , nt_errstr ( status ) ) ;
return false ;
}
2008-09-02 05:31:46 +04:00
for ( i = 0 ; i < 12 ; i + + ) {
char * trust_name = talloc_asprintf ( mem_ctx , " torturedom%02d " , i ) ;
char * trust_name_dns = talloc_asprintf ( mem_ctx , " torturedom%02d.samba.example.com " , i ) ;
char * trust_sid = talloc_asprintf ( mem_ctx , " S-1-5-21-97398-379795-100%02d " , i ) ;
domsid [ i ] = dom_sid_parse_talloc ( mem_ctx , trust_sid ) ;
trustinfo . sid = domsid [ i ] ;
trustinfo . netbios_name . string = trust_name ;
trustinfo . domain_name . string = trust_name_dns ;
/* Create inbound, some outbound, and some
* bi - directional trusts in a repeating pattern based
* on i */
/* 1 == inbound, 2 == outbound, 3 == both */
trustinfo . trust_direction = ( i % 3 ) + 1 ;
/* Try different trust types too */
/* 1 == downleven (NT4), 2 == uplevel (ADS), 3 == MIT (kerberos but not AD) */
trustinfo . trust_type = ( ( ( i / 3 ) + 1 ) % 3 ) + 1 ;
trustinfo . trust_attributes = LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION ;
2008-09-04 10:06:38 +04:00
generate_random_buffer ( auth_struct . confounder , sizeof ( auth_struct . confounder ) ) ;
auth_struct . outgoing . count = 0 ;
auth_struct . incoming . count = 0 ;
ndr_err = ndr_push_struct_blob ( & auth_blob , mem_ctx , lp_iconv_convenience ( tctx - > lp_ctx ) , & auth_struct ,
2008-09-30 08:36:21 +04:00
( ndr_push_flags_fn_t ) ndr_push_trustDomainPasswords ) ;
2008-09-04 10:06:38 +04:00
if ( ! NDR_ERR_CODE_IS_SUCCESS ( ndr_err ) ) {
2008-09-30 08:36:21 +04:00
printf ( " ndr_push_struct_blob of trustDomainPasswords structure failed " ) ;
2008-09-04 10:06:38 +04:00
ret = false ;
}
arcfour_crypt_blob ( auth_blob . data , auth_blob . length , & session_key ) ;
authinfo . auth_blob . size = auth_blob . length ;
authinfo . auth_blob . data = auth_blob . data ;
2008-09-02 05:31:46 +04:00
r . in . policy_handle = handle ;
r . in . info = & trustinfo ;
2008-09-04 10:06:38 +04:00
r . in . auth_info = & authinfo ;
2008-09-02 05:31:46 +04:00
r . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
r . out . trustdom_handle = & trustdom_handle [ i ] ;
status = dcerpc_lsa_CreateTrustedDomainEx2 ( p , mem_ctx , & r ) ;
if ( NT_STATUS_EQUAL ( status , NT_STATUS_OBJECT_NAME_COLLISION ) ) {
test_DeleteTrustedDomain ( p , mem_ctx , handle , trustinfo . netbios_name ) ;
status = dcerpc_lsa_CreateTrustedDomainEx2 ( p , mem_ctx , & r ) ;
}
if ( ! NT_STATUS_IS_OK ( status ) ) {
2008-09-04 10:06:38 +04:00
printf ( " CreateTrustedDomainEx failed2 - %s \n " , nt_errstr ( status ) ) ;
2008-09-02 05:31:46 +04:00
ret = false ;
} else {
q . in . trustdom_handle = & trustdom_handle [ i ] ;
q . in . level = LSA_TRUSTED_DOMAIN_INFO_INFO_EX ;
status = dcerpc_lsa_QueryTrustedDomainInfo ( p , mem_ctx , & q ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " QueryTrustedDomainInfo level 1 failed - %s \n " , nt_errstr ( status ) ) ;
ret = false ;
} else if ( ! q . out . info ) {
ret = false ;
} else {
if ( strcmp ( q . out . info - > info_ex . netbios_name . string , trustinfo . netbios_name . string ) ! = 0 ) {
printf ( " QueryTrustedDomainInfo returned inconsistant short name: %s != %s \n " ,
q . out . info - > info_ex . netbios_name . string , trustinfo . netbios_name . string ) ;
ret = false ;
}
if ( q . out . info - > info_ex . trust_type ! = trustinfo . trust_type ) {
printf ( " QueryTrustedDomainInfo of %s returned incorrect trust type %d != %d \n " ,
trust_name , q . out . info - > info_ex . trust_type , trustinfo . trust_type ) ;
ret = false ;
}
if ( q . out . info - > info_ex . trust_attributes ! = LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION ) {
printf ( " QueryTrustedDomainInfo of %s returned incorrect trust attributes %d != %d \n " ,
trust_name , q . out . info - > info_ex . trust_attributes , LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION ) ;
ret = false ;
}
if ( q . out . info - > info_ex . trust_direction ! = trustinfo . trust_direction ) {
printf ( " QueryTrustedDomainInfo of %s returned incorrect trust direction %d != %d \n " ,
trust_name , q . out . info - > info_ex . trust_direction , trustinfo . trust_direction ) ;
ret = false ;
}
}
}
}
/* now that we have some domains to look over, we can test the enum calls */
if ( ! test_EnumTrustDom ( p , mem_ctx , handle ) ) {
ret = false ;
}
for ( i = 0 ; i < 12 ; i + + ) {
if ( ! test_DeleteTrustedDomainBySid ( p , mem_ctx , handle , domsid [ i ] ) ) {
ret = false ;
}
}
return ret ;
}
2007-10-07 02:28:14 +04:00
static bool test_QueryDomainInfoPolicy ( struct dcerpc_pipe * p ,
2007-12-03 17:53:17 +03:00
struct torture_context * tctx ,
2005-09-01 14:36:48 +04:00
struct policy_handle * handle )
{
struct lsa_QueryDomainInformationPolicy r ;
NTSTATUS status ;
int i ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2006-07-06 09:23:29 +04:00
2005-09-01 14:36:48 +04:00
printf ( " \n Testing QueryDomainInformationPolicy \n " ) ;
for ( i = 2 ; i < 4 ; i + + ) {
r . in . handle = handle ;
r . in . level = i ;
printf ( " \n trying QueryDomainInformationPolicy level %d \n " , i ) ;
2007-12-03 17:53:17 +03:00
status = dcerpc_lsa_QueryDomainInformationPolicy ( p , tctx , & r ) ;
2005-09-01 14:36:48 +04:00
2008-08-26 06:18:26 +04:00
/* If the server does not support EFS, then this is the correct return */
if ( i = = LSA_DOMAIN_INFO_POLICY_EFS & & NT_STATUS_EQUAL ( status , NT_STATUS_OBJECT_NAME_NOT_FOUND ) ) {
continue ;
} else if ( ! NT_STATUS_IS_OK ( status ) ) {
2005-09-01 14:36:48 +04:00
printf ( " QueryDomainInformationPolicy failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2005-09-01 14:36:48 +04:00
continue ;
}
}
return ret ;
}
2007-10-07 02:28:14 +04:00
static bool test_QueryInfoPolicy ( struct dcerpc_pipe * p ,
2007-12-03 17:53:17 +03:00
struct torture_context * tctx ,
2003-11-11 05:02:29 +03:00
struct policy_handle * handle )
{
struct lsa_QueryInfoPolicy r ;
NTSTATUS status ;
2003-11-11 09:22:58 +03:00
int i ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2003-11-11 05:02:29 +03:00
printf ( " \n Testing QueryInfoPolicy \n " ) ;
2003-11-11 09:22:58 +03:00
for ( i = 1 ; i < 13 ; i + + ) {
r . in . handle = handle ;
r . in . level = i ;
2003-11-11 05:02:29 +03:00
2003-11-11 09:54:54 +03:00
printf ( " \n trying QueryInfoPolicy level %d \n " , i ) ;
2007-12-03 17:53:17 +03:00
status = dcerpc_lsa_QueryInfoPolicy ( p , tctx , & r ) ;
2003-11-20 04:02:09 +03:00
2007-09-17 09:31:49 +04:00
switch ( i ) {
case LSA_POLICY_INFO_DB :
case LSA_POLICY_INFO_AUDIT_FULL_SET :
case LSA_POLICY_INFO_AUDIT_FULL_QUERY :
if ( ! NT_STATUS_EQUAL ( status , NT_STATUS_INVALID_PARAMETER ) ) {
printf ( " server should have failed level %u: %s \n " , i , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2007-09-17 09:31:49 +04:00
}
break ;
case LSA_POLICY_INFO_DOMAIN :
case LSA_POLICY_INFO_ACCOUNT_DOMAIN :
case LSA_POLICY_INFO_DNS :
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " QueryInfoPolicy failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2007-09-17 09:31:49 +04:00
}
break ;
default :
2007-12-03 17:53:17 +03:00
if ( torture_setting_bool ( tctx , " samba4 " , false ) ) {
2007-09-17 09:31:49 +04:00
/* Other levels not implemented yet */
if ( ! NT_STATUS_EQUAL ( status , NT_STATUS_INVALID_INFO_CLASS ) ) {
printf ( " QueryInfoPolicy failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2007-09-17 09:31:49 +04:00
}
} else if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " QueryInfoPolicy failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2007-09-17 09:31:49 +04:00
}
break ;
2003-11-20 04:02:09 +03:00
}
2007-09-17 09:31:49 +04:00
if ( NT_STATUS_IS_OK ( status ) & & i = = LSA_POLICY_INFO_DNS ) {
/* Let's look up some of these names */
struct lsa_TransNameArray tnames ;
2007-12-10 03:45:04 +03:00
tnames . count = 14 ;
tnames . names = talloc_zero_array ( tctx , struct lsa_TranslatedName , tnames . count ) ;
2007-09-17 09:31:49 +04:00
tnames . names [ 0 ] . name . string = r . out . info - > dns . name . string ;
2007-12-10 03:45:04 +03:00
tnames . names [ 0 ] . sid_type = SID_NAME_DOMAIN ;
2007-09-17 09:31:49 +04:00
tnames . names [ 1 ] . name . string = r . out . info - > dns . dns_domain . string ;
2007-12-10 03:45:04 +03:00
tnames . names [ 1 ] . sid_type = SID_NAME_DOMAIN ;
2007-12-03 17:53:17 +03:00
tnames . names [ 2 ] . name . string = talloc_asprintf ( tctx , " %s \\ " , r . out . info - > dns . name . string ) ;
2007-12-10 03:45:04 +03:00
tnames . names [ 2 ] . sid_type = SID_NAME_DOMAIN ;
2007-12-03 17:53:17 +03:00
tnames . names [ 3 ] . name . string = talloc_asprintf ( tctx , " %s \\ " , r . out . info - > dns . dns_domain . string ) ;
2007-12-10 03:45:04 +03:00
tnames . names [ 3 ] . sid_type = SID_NAME_DOMAIN ;
2007-12-03 17:53:17 +03:00
tnames . names [ 4 ] . name . string = talloc_asprintf ( tctx , " %s \\ guest " , r . out . info - > dns . name . string ) ;
2007-12-10 03:45:04 +03:00
tnames . names [ 4 ] . sid_type = SID_NAME_USER ;
2007-12-03 17:53:17 +03:00
tnames . names [ 5 ] . name . string = talloc_asprintf ( tctx , " %s \\ krbtgt " , r . out . info - > dns . name . string ) ;
2007-12-10 03:45:04 +03:00
tnames . names [ 5 ] . sid_type = SID_NAME_USER ;
2007-12-03 17:53:17 +03:00
tnames . names [ 6 ] . name . string = talloc_asprintf ( tctx , " %s \\ guest " , r . out . info - > dns . dns_domain . string ) ;
2007-12-10 03:45:04 +03:00
tnames . names [ 6 ] . sid_type = SID_NAME_USER ;
2007-12-03 17:53:17 +03:00
tnames . names [ 7 ] . name . string = talloc_asprintf ( tctx , " %s \\ krbtgt " , r . out . info - > dns . dns_domain . string ) ;
2007-12-10 03:45:04 +03:00
tnames . names [ 7 ] . sid_type = SID_NAME_USER ;
2007-12-03 17:53:17 +03:00
tnames . names [ 8 ] . name . string = talloc_asprintf ( tctx , " krbtgt@%s " , r . out . info - > dns . name . string ) ;
2007-12-10 03:45:04 +03:00
tnames . names [ 8 ] . sid_type = SID_NAME_USER ;
2007-12-03 17:53:17 +03:00
tnames . names [ 9 ] . name . string = talloc_asprintf ( tctx , " krbtgt@%s " , r . out . info - > dns . dns_domain . string ) ;
2007-12-10 03:45:04 +03:00
tnames . names [ 9 ] . sid_type = SID_NAME_USER ;
tnames . names [ 10 ] . name . string = talloc_asprintf ( tctx , " %s \\ " TEST_MACHINENAME " $ " , r . out . info - > dns . name . string ) ;
tnames . names [ 10 ] . sid_type = SID_NAME_USER ;
tnames . names [ 11 ] . name . string = talloc_asprintf ( tctx , " %s \\ " TEST_MACHINENAME " $ " , r . out . info - > dns . dns_domain . string ) ;
tnames . names [ 11 ] . sid_type = SID_NAME_USER ;
tnames . names [ 12 ] . name . string = talloc_asprintf ( tctx , TEST_MACHINENAME " $@%s " , r . out . info - > dns . name . string ) ;
tnames . names [ 12 ] . sid_type = SID_NAME_USER ;
tnames . names [ 13 ] . name . string = talloc_asprintf ( tctx , TEST_MACHINENAME " $@%s " , r . out . info - > dns . dns_domain . string ) ;
tnames . names [ 13 ] . sid_type = SID_NAME_USER ;
2007-12-03 17:53:17 +03:00
ret & = test_LookupNames ( p , tctx , handle , & tnames ) ;
2007-12-10 03:45:04 +03:00
2003-11-11 09:22:58 +03:00
}
}
2003-11-11 05:02:29 +03:00
2003-11-11 09:22:58 +03:00
return ret ;
2003-11-11 05:02:29 +03:00
}
2007-10-07 02:28:14 +04:00
static bool test_QueryInfoPolicy2 ( struct dcerpc_pipe * p ,
2007-12-03 17:53:17 +03:00
struct torture_context * tctx ,
2004-05-27 10:27:21 +04:00
struct policy_handle * handle )
{
struct lsa_QueryInfoPolicy2 r ;
NTSTATUS status ;
int i ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2004-05-27 10:27:21 +04:00
printf ( " \n Testing QueryInfoPolicy2 \n " ) ;
for ( i = 1 ; i < 13 ; i + + ) {
r . in . handle = handle ;
r . in . level = i ;
printf ( " \n trying QueryInfoPolicy2 level %d \n " , i ) ;
2007-12-03 17:53:17 +03:00
status = dcerpc_lsa_QueryInfoPolicy2 ( p , tctx , & r ) ;
2007-09-17 09:31:49 +04:00
switch ( i ) {
case LSA_POLICY_INFO_DB :
case LSA_POLICY_INFO_AUDIT_FULL_SET :
case LSA_POLICY_INFO_AUDIT_FULL_QUERY :
if ( ! NT_STATUS_EQUAL ( status , NT_STATUS_INVALID_PARAMETER ) ) {
printf ( " server should have failed level %u: %s \n " , i , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2007-09-17 09:31:49 +04:00
}
break ;
case LSA_POLICY_INFO_DOMAIN :
case LSA_POLICY_INFO_ACCOUNT_DOMAIN :
case LSA_POLICY_INFO_DNS :
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " QueryInfoPolicy2 failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2007-09-17 09:31:49 +04:00
}
break ;
default :
2007-12-03 17:53:17 +03:00
if ( torture_setting_bool ( tctx , " samba4 " , false ) ) {
2007-09-17 09:31:49 +04:00
/* Other levels not implemented yet */
if ( ! NT_STATUS_EQUAL ( status , NT_STATUS_INVALID_INFO_CLASS ) ) {
printf ( " QueryInfoPolicy2 failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2007-09-17 09:31:49 +04:00
}
} else if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " QueryInfoPolicy2 failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2007-09-17 09:31:49 +04:00
}
break ;
2004-05-27 10:27:21 +04:00
}
}
return ret ;
}
2007-10-07 02:28:14 +04:00
static bool test_GetUserName ( struct dcerpc_pipe * p , TALLOC_CTX * mem_ctx )
2004-12-21 12:41:21 +03:00
{
struct lsa_GetUserName r ;
NTSTATUS status ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2004-12-21 15:00:30 +03:00
struct lsa_StringPointer authority_name_p ;
2004-12-21 13:05:02 +03:00
2004-12-21 12:41:21 +03:00
printf ( " \n Testing GetUserName \n " ) ;
2006-07-01 18:41:01 +04:00
r . in . system_name = " \\ " ;
r . in . account_name = NULL ;
2004-12-21 15:00:30 +03:00
r . in . authority_name = & authority_name_p ;
authority_name_p . string = NULL ;
2004-12-21 12:41:21 +03:00
status = dcerpc_lsa_GetUserName ( p , mem_ctx , & r ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " GetUserName failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
ret = false ;
2004-12-21 12:41:21 +03:00
}
return ret ;
}
2007-10-07 02:28:14 +04:00
bool test_lsa_Close ( struct dcerpc_pipe * p ,
2005-01-09 12:38:16 +03:00
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle )
2003-11-09 12:04:28 +03:00
{
NTSTATUS status ;
struct lsa_Close r ;
2003-11-09 14:01:39 +03:00
struct policy_handle handle2 ;
2003-11-09 12:04:28 +03:00
printf ( " \n testing Close \n " ) ;
r . in . handle = handle ;
2003-11-09 14:01:39 +03:00
r . out . handle = & handle2 ;
2003-11-09 12:04:28 +03:00
status = dcerpc_lsa_Close ( p , mem_ctx , & r ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " Close failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2003-11-09 12:04:28 +03:00
}
2003-11-09 12:44:06 +03:00
status = dcerpc_lsa_Close ( p , mem_ctx , & r ) ;
/* its really a fault - we need a status code for rpc fault */
2003-11-15 09:00:21 +03:00
if ( ! NT_STATUS_EQUAL ( status , NT_STATUS_NET_WRITE_FAULT ) ) {
2003-11-09 12:44:06 +03:00
printf ( " Close failed - %s \n " , nt_errstr ( status ) ) ;
2007-10-07 02:28:14 +04:00
return false ;
2003-11-09 12:44:06 +03:00
}
2003-11-09 12:04:28 +03:00
printf ( " \n " ) ;
2007-10-07 02:28:14 +04:00
return true ;
2003-11-09 12:04:28 +03:00
}
2007-12-03 17:53:17 +03:00
bool torture_rpc_lsa ( struct torture_context * tctx )
2003-11-03 09:22:45 +03:00
{
NTSTATUS status ;
struct dcerpc_pipe * p ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2005-10-25 16:14:08 +04:00
struct policy_handle * handle ;
2007-12-10 03:45:04 +03:00
struct test_join * join = NULL ;
struct cli_credentials * machine_creds ;
2003-11-03 09:22:45 +03:00
2007-12-03 17:53:17 +03:00
status = torture_rpc_connection ( tctx , & p , & ndr_table_lsarpc ) ;
2003-11-03 09:22:45 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2007-10-07 02:28:14 +04:00
return false ;
2003-11-03 09:22:45 +03:00
}
2003-11-18 04:18:24 +03:00
2007-12-03 17:53:17 +03:00
if ( ! test_OpenPolicy ( p , tctx ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2003-11-04 12:48:33 +03:00
}
2007-12-03 17:53:17 +03:00
if ( ! test_lsa_OpenPolicy2 ( p , tctx , & handle ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2003-11-04 12:48:33 +03:00
}
2003-11-03 09:22:45 +03:00
2005-10-25 16:14:08 +04:00
if ( handle ) {
2007-12-10 03:45:04 +03:00
join = torture_join_domain ( tctx , TEST_MACHINENAME , ACB_WSTRUST , & machine_creds ) ;
if ( ! join ) {
ret = false ;
}
2007-12-03 17:53:17 +03:00
if ( ! test_LookupNames_wellknown ( p , tctx , handle ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2007-09-17 09:31:49 +04:00
}
2007-12-03 17:53:17 +03:00
if ( ! test_LookupNames_bogus ( p , tctx , handle ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2007-09-17 09:31:49 +04:00
}
2007-12-03 17:53:17 +03:00
if ( ! test_LookupSids_async ( p , tctx , handle ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2005-11-02 08:34:17 +03:00
}
2007-12-03 17:53:17 +03:00
if ( ! test_QueryDomainInfoPolicy ( p , tctx , handle ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2005-10-25 16:14:08 +04:00
}
2007-12-03 17:53:17 +03:00
if ( ! test_CreateAccount ( p , tctx , handle ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2005-10-25 16:14:08 +04:00
}
2007-12-03 17:53:17 +03:00
if ( ! test_CreateSecret ( p , tctx , handle ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2005-10-25 16:14:08 +04:00
}
2007-12-03 17:53:17 +03:00
if ( ! test_CreateTrustedDomain ( p , tctx , handle ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2005-10-25 16:14:08 +04:00
}
2008-09-02 05:31:46 +04:00
2008-09-04 10:06:38 +04:00
if ( ! test_CreateTrustedDomainEx2 ( p , tctx , tctx , handle ) ) {
2008-09-02 05:31:46 +04:00
ret = false ;
}
2007-12-03 17:53:17 +03:00
if ( ! test_EnumAccounts ( p , tctx , handle ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2005-10-25 16:14:08 +04:00
}
2007-12-03 17:53:17 +03:00
if ( ! test_EnumPrivs ( p , tctx , handle ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2005-10-25 16:14:08 +04:00
}
2007-12-03 17:53:17 +03:00
if ( ! test_QueryInfoPolicy ( p , tctx , handle ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2005-10-25 16:14:08 +04:00
}
2007-12-03 17:53:17 +03:00
if ( ! test_QueryInfoPolicy2 ( p , tctx , handle ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2005-10-25 16:14:08 +04:00
}
2007-12-03 17:53:17 +03:00
if ( ! test_Delete ( p , tctx , handle ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2005-10-25 16:14:08 +04:00
}
2007-12-03 17:53:17 +03:00
if ( ! test_many_LookupSids ( p , tctx , handle ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2005-10-25 16:14:08 +04:00
}
2007-12-03 17:53:17 +03:00
if ( ! test_lsa_Close ( p , tctx , handle ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2005-10-25 16:14:08 +04:00
}
2007-12-10 03:45:04 +03:00
2008-06-14 19:24:17 +04:00
torture_leave_domain ( tctx , join ) ;
2007-12-10 03:45:04 +03:00
2005-10-25 16:14:08 +04:00
} else {
2007-12-03 17:53:17 +03:00
if ( ! test_many_LookupSids ( p , tctx , handle ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2005-10-25 16:14:08 +04:00
}
2003-11-09 12:44:06 +03:00
}
2006-07-01 18:41:01 +04:00
2007-12-03 17:53:17 +03:00
if ( ! test_GetUserName ( p , tctx ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2006-07-01 18:41:01 +04:00
}
return ret ;
}
2007-10-07 02:28:14 +04:00
bool torture_rpc_lsa_get_user ( struct torture_context * torture )
2006-07-01 18:41:01 +04:00
{
NTSTATUS status ;
struct dcerpc_pipe * p ;
TALLOC_CTX * mem_ctx ;
2007-10-07 02:28:14 +04:00
bool ret = true ;
2006-07-01 18:41:01 +04:00
mem_ctx = talloc_init ( " torture_rpc_lsa_get_user " ) ;
2007-08-28 16:54:27 +04:00
status = torture_rpc_connection ( torture , & p , & ndr_table_lsarpc ) ;
2006-07-01 18:41:01 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
talloc_free ( mem_ctx ) ;
2007-10-07 02:28:14 +04:00
return false ;
2006-07-01 18:41:01 +04:00
}
if ( ! test_GetUserName ( p , mem_ctx ) ) {
2007-10-07 02:28:14 +04:00
ret = false ;
2006-07-01 18:41:01 +04:00
}
2005-10-25 16:14:08 +04:00
2005-01-27 10:08:20 +03:00
talloc_free ( mem_ctx ) ;
2003-11-22 11:11:32 +03:00
2003-11-04 12:48:33 +03:00
return ret ;
2003-11-03 09:22:45 +03:00
}