2003-11-03 09:22:45 +03:00
/*
Unix SMB / CIFS implementation .
test suite for lsa rpc operations
2003-11-04 12:10:31 +03:00
2003-11-03 09:22:45 +03:00
Copyright ( C ) Andrew Tridgell 2003
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 2 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program ; if not , write to the Free Software
Foundation , Inc . , 675 Mass Ave , Cambridge , MA 0213 9 , USA .
*/
# include "includes.h"
2003-11-04 14:16:07 +03:00
/*
2003-11-08 14:21:57 +03:00
these really shouldn ' t be here . . . .
2003-11-04 14:16:07 +03:00
*/
static char * lsa_sid_string_talloc ( TALLOC_CTX * mem_ctx , struct dom_sid * sid )
{
int i , ofs , maxlen ;
uint32 ia ;
char * ret ;
if ( ! sid ) {
return talloc_asprintf ( mem_ctx , " (NULL SID) " ) ;
}
maxlen = sid - > num_auths * 11 + 25 ;
ret = talloc ( mem_ctx , maxlen ) ;
if ( ! ret ) return NULL ;
ia = ( sid - > id_auth [ 5 ] ) +
( sid - > id_auth [ 4 ] < < 8 ) +
( sid - > id_auth [ 3 ] < < 16 ) +
( sid - > id_auth [ 2 ] < < 24 ) ;
ofs = snprintf ( ret , maxlen , " S-%u-%lu " ,
( unsigned int ) sid - > sid_rev_num , ( unsigned long ) ia ) ;
for ( i = 0 ; i < sid - > num_auths ; i + + ) {
ofs + = snprintf ( ret + ofs , maxlen - ofs , " -%lu " , ( unsigned long ) sid - > sub_auths [ i ] ) ;
}
return ret ;
}
2003-11-08 14:21:57 +03:00
static int dom_sid_compare ( struct dom_sid * sid1 , struct dom_sid * sid2 )
{
int i ;
if ( sid1 = = sid2 ) return 0 ;
if ( ! sid1 ) return - 1 ;
if ( ! sid2 ) return 1 ;
/* Compare most likely different rids, first: i.e start at end */
if ( sid1 - > num_auths ! = sid2 - > num_auths )
return sid1 - > num_auths - sid2 - > num_auths ;
for ( i = sid1 - > num_auths - 1 ; i > = 0 ; - - i )
if ( sid1 - > sub_auths [ i ] ! = sid2 - > sub_auths [ i ] )
return sid1 - > sub_auths [ i ] - sid2 - > sub_auths [ i ] ;
if ( sid1 - > sid_rev_num ! = sid2 - > sid_rev_num )
return sid1 - > sid_rev_num - sid2 - > sid_rev_num ;
for ( i = 0 ; i < 6 ; i + + )
if ( sid1 - > id_auth [ i ] ! = sid2 - > id_auth [ i ] )
return sid1 - > id_auth [ i ] - sid2 - > id_auth [ i ] ;
return 0 ;
}
2003-11-04 14:16:07 +03:00
2003-11-09 07:40:50 +03:00
static BOOL test_OpenPolicy ( struct dcerpc_pipe * p , TALLOC_CTX * mem_ctx )
2003-11-03 09:22:45 +03:00
{
2003-11-04 12:10:31 +03:00
struct lsa_ObjectAttribute attr ;
struct policy_handle handle ;
struct lsa_QosInfo qos ;
2003-11-09 07:40:50 +03:00
struct lsa_OpenPolicy r ;
2003-11-04 12:10:31 +03:00
NTSTATUS status ;
2003-11-09 07:40:50 +03:00
uint16 system_name = ' \\ ' ;
2003-11-03 09:22:45 +03:00
2003-11-04 14:16:07 +03:00
printf ( " \n testing OpenPolicy \n " ) ;
2003-11-04 12:48:33 +03:00
2003-11-04 12:10:31 +03:00
qos . impersonation_level = 2 ;
qos . context_mode = 1 ;
qos . effective_only = 0 ;
2003-11-03 09:22:45 +03:00
2003-11-04 12:10:31 +03:00
attr . root_dir = NULL ;
attr . object_name = NULL ;
attr . attributes = 0 ;
attr . sec_desc = NULL ;
attr . sec_qos = & qos ;
2003-11-03 09:22:45 +03:00
2003-11-09 07:40:50 +03:00
r . in . system_name = & system_name ;
r . in . attr = & attr ;
r . in . desired_access = SEC_RIGHTS_MAXIMUM_ALLOWED ;
r . out . handle = & handle ;
status = dcerpc_lsa_OpenPolicy ( p , mem_ctx , & r ) ;
2003-11-04 12:10:31 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " OpenPolicy failed - %s \n " , nt_errstr ( status ) ) ;
return False ;
2003-11-03 09:22:45 +03:00
}
2003-11-04 12:10:31 +03:00
return True ;
2003-11-03 09:22:45 +03:00
}
2003-11-04 12:48:33 +03:00
2003-11-09 07:40:50 +03:00
static BOOL test_OpenPolicy2 ( struct dcerpc_pipe * p , TALLOC_CTX * mem_ctx ,
struct policy_handle * handle )
2003-11-04 12:48:33 +03:00
{
struct lsa_ObjectAttribute attr ;
struct lsa_QosInfo qos ;
2003-11-09 07:40:50 +03:00
struct lsa_OpenPolicy2 r ;
2003-11-04 12:48:33 +03:00
NTSTATUS status ;
2003-11-04 14:16:07 +03:00
printf ( " \n testing OpenPolicy2 \n " ) ;
2003-11-04 12:48:33 +03:00
qos . impersonation_level = 2 ;
qos . context_mode = 1 ;
qos . effective_only = 0 ;
attr . root_dir = NULL ;
attr . object_name = NULL ;
attr . attributes = 0 ;
attr . sec_desc = NULL ;
attr . sec_qos = & qos ;
2003-11-09 07:40:50 +03:00
r . in . system_name = " \\ " ;
r . in . attr = & attr ;
r . in . desired_access = SEC_RIGHTS_MAXIMUM_ALLOWED ;
r . out . handle = handle ;
status = dcerpc_lsa_OpenPolicy2 ( p , mem_ctx , & r ) ;
2003-11-04 12:48:33 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " OpenPolicy2 failed - %s \n " , nt_errstr ( status ) ) ;
return False ;
}
return True ;
}
2003-11-09 05:21:24 +03:00
static BOOL test_LookupNames ( struct dcerpc_pipe * p ,
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle ,
struct lsa_TransNameArray * tnames )
{
struct lsa_LookupNames r ;
struct lsa_TransSidArray sids ;
struct lsa_Name * names ;
uint32 count = 0 ;
NTSTATUS status ;
int i ;
printf ( " \n Testing LookupNames \n " ) ;
sids . count = 0 ;
sids . sids = NULL ;
names = talloc ( mem_ctx , tnames - > count * sizeof ( names [ 0 ] ) ) ;
for ( i = 0 ; i < tnames - > count ; i + + ) {
names [ i ] . name_len = 2 * strlen ( tnames - > names [ i ] . name . name ) ;
names [ i ] . name_size = 2 * strlen ( tnames - > names [ i ] . name . name ) ;
names [ i ] . name = tnames - > names [ i ] . name . name ;
}
r . in . handle = handle ;
r . in . num_names = tnames - > count ;
r . in . names = names ;
r . in . sids = & sids ;
r . in . level = 1 ;
r . in . count = & count ;
r . out . count = & count ;
r . out . sids = & sids ;
status = dcerpc_lsa_LookupNames ( p , mem_ctx , & r ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " LookupNames failed - %s \n " , nt_errstr ( status ) ) ;
return False ;
}
if ( r . out . domains ) {
printf ( " lookup gave %d domains (max_count=%d) \n " ,
r . out . domains - > count ,
r . out . domains - > max_count ) ;
for ( i = 0 ; i < r . out . domains - > count ; i + + ) {
printf ( " name='%s' sid=%s \n " ,
r . out . domains - > domains [ i ] . name . name ,
lsa_sid_string_talloc ( mem_ctx , r . out . domains - > domains [ i ] . sid ) ) ;
}
}
printf ( " lookup gave %d sids (sids.count=%d) \n " , count , sids . count ) ;
for ( i = 0 ; i < sids . count ; i + + ) {
printf ( " sid_type=%d rid=%d sid_index=%d \n " ,
sids . sids [ i ] . sid_type ,
sids . sids [ i ] . rid ,
sids . sids [ i ] . sid_index ) ;
}
printf ( " \n " ) ;
return True ;
}
2003-11-04 14:16:07 +03:00
2003-11-09 03:58:40 +03:00
static BOOL test_LookupSids ( struct dcerpc_pipe * p ,
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle ,
struct lsa_SidArray * sids )
{
struct lsa_LookupSids r ;
struct lsa_TransNameArray names ;
uint32 count = sids - > num_sids ;
NTSTATUS status ;
int i ;
printf ( " \n Testing LookupSids \n " ) ;
names . count = 0 ;
names . names = NULL ;
r . in . handle = handle ;
r . in . sids = sids ;
r . in . names = & names ;
r . in . level = 1 ;
r . in . count = & count ;
r . out . count = & count ;
r . out . names = & names ;
status = dcerpc_lsa_LookupSids ( p , mem_ctx , & r ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " LookupSids failed - %s \n " , nt_errstr ( status ) ) ;
return False ;
}
if ( r . out . domains ) {
printf ( " lookup gave %d domains (max_count=%d) \n " ,
r . out . domains - > count ,
r . out . domains - > max_count ) ;
for ( i = 0 ; i < r . out . domains - > count ; i + + ) {
printf ( " name='%s' sid=%s \n " ,
r . out . domains - > domains [ i ] . name . name ,
lsa_sid_string_talloc ( mem_ctx , r . out . domains - > domains [ i ] . sid ) ) ;
}
}
printf ( " lookup gave %d names (names.count=%d) \n " , count , names . count ) ;
for ( i = 0 ; i < names . count ; i + + ) {
printf ( " type=%d sid_index=%d name='%s' \n " ,
names . names [ i ] . sid_type ,
names . names [ i ] . sid_index ,
names . names [ i ] . name . name ) ;
}
printf ( " \n " ) ;
2003-11-09 05:21:24 +03:00
if ( ! test_LookupNames ( p , mem_ctx , handle , & names ) ) {
return False ;
}
2003-11-09 03:58:40 +03:00
return True ;
}
2003-11-09 11:30:29 +03:00
static BOOL test_EnumAccounts ( struct dcerpc_pipe * p ,
2003-11-04 14:16:07 +03:00
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle )
{
NTSTATUS status ;
2003-11-09 11:30:29 +03:00
struct lsa_EnumAccounts r ;
2003-11-08 14:21:57 +03:00
struct lsa_SidArray sids1 , sids2 ;
2003-11-09 07:40:50 +03:00
uint32 resume_handle = 0 ;
2003-11-04 14:16:07 +03:00
int i ;
2003-11-09 11:30:29 +03:00
printf ( " \n testing EnumAccounts \n " ) ;
2003-11-04 14:16:07 +03:00
2003-11-09 07:40:50 +03:00
r . in . handle = handle ;
r . in . resume_handle = & resume_handle ;
r . in . num_entries = 100 ;
r . out . resume_handle = & resume_handle ;
r . out . sids = & sids1 ;
2003-11-08 14:21:57 +03:00
resume_handle = 0 ;
2003-11-09 11:30:29 +03:00
status = dcerpc_lsa_EnumAccounts ( p , mem_ctx , & r ) ;
2003-11-04 14:16:07 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2003-11-09 11:30:29 +03:00
printf ( " EnumAccounts failed - %s \n " , nt_errstr ( status ) ) ;
2003-11-04 14:16:07 +03:00
return False ;
}
2003-11-08 14:21:57 +03:00
printf ( " Got %d sids resume_handle=%u \n " , sids1 . num_sids , resume_handle ) ;
2003-11-04 14:16:07 +03:00
2003-11-08 14:21:57 +03:00
for ( i = 0 ; i < sids1 . num_sids ; i + + ) {
printf ( " %s \n " , lsa_sid_string_talloc ( mem_ctx , sids1 . sids [ i ] . sid ) ) ;
}
2003-11-09 03:58:40 +03:00
if ( ! test_LookupSids ( p , mem_ctx , handle , & sids1 ) ) {
return False ;
}
2003-11-08 14:21:57 +03:00
if ( sids1 . num_sids < 3 ) {
return True ;
2003-11-04 14:16:07 +03:00
}
2003-11-09 11:30:29 +03:00
printf ( " trying EnumAccounts partial listing (asking for 1 at 2) \n " ) ;
2003-11-08 14:21:57 +03:00
resume_handle = 2 ;
2003-11-09 07:40:50 +03:00
r . in . num_entries = 1 ;
r . out . sids = & sids2 ;
2003-11-09 11:30:29 +03:00
status = dcerpc_lsa_EnumAccounts ( p , mem_ctx , & r ) ;
2003-11-08 14:21:57 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2003-11-09 11:30:29 +03:00
printf ( " EnumAccounts failed - %s \n " , nt_errstr ( status ) ) ;
2003-11-08 14:21:57 +03:00
return False ;
}
if ( sids2 . num_sids ! = 1 ) {
printf ( " Returned wrong number of entries (%d) \n " , sids2 . num_sids ) ;
return False ;
}
2003-11-04 14:16:07 +03:00
return True ;
}
2003-11-03 09:22:45 +03:00
BOOL torture_rpc_lsa ( int dummy )
{
NTSTATUS status ;
struct dcerpc_pipe * p ;
TALLOC_CTX * mem_ctx ;
2003-11-04 12:48:33 +03:00
BOOL ret = True ;
2003-11-04 14:16:07 +03:00
struct policy_handle handle ;
2003-11-03 09:22:45 +03:00
mem_ctx = talloc_init ( " torture_rpc_lsa " ) ;
status = torture_rpc_connection ( & p , " lsarpc " ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return False ;
}
2003-11-09 07:40:50 +03:00
if ( ! test_OpenPolicy ( p , mem_ctx ) ) {
2003-11-04 12:48:33 +03:00
ret = False ;
}
2003-11-09 07:40:50 +03:00
if ( ! test_OpenPolicy2 ( p , mem_ctx , & handle ) ) {
2003-11-04 12:48:33 +03:00
ret = False ;
}
2003-11-03 09:22:45 +03:00
2003-11-09 11:30:29 +03:00
if ( ! test_EnumAccounts ( p , mem_ctx , & handle ) ) {
2003-11-04 14:16:07 +03:00
ret = False ;
}
2003-11-03 09:22:45 +03:00
torture_rpc_close ( p ) ;
2003-11-04 12:48:33 +03:00
return ret ;
2003-11-03 09:22:45 +03:00
}
